VCM BLOG

Making the Case for MSB’s, February 14, 2018

Feb14

For many thousands of workers in the United States, the end of the week renews a weekly ritual; payday. For those workers who are expatriates, payday renews another ritual, the trip to the local money transmitter also known as Money Service Businesses. Money Services businesses are defined by FinCEN as follows:

The term “money services business” includes any person doing business, whether on a regular basis or as an organized business concern, in one or more of the following capacities:

(1) Currency dealer or exchanger.

(2) Check casher.

(3) Issuer of traveler’s checks, money orders or stored value.

(4) Seller or redeemer of traveler’s checks, money orders or stored value.

(5) Money transmitter.

(6) U.S. Postal Service.

For many years MSB’s have served the needs of the expatriate workers who are sending money home. The remittance market is a multi-billion-dollar business serving a large population of the people who tend to be underbanked or unbanked.

Storm Clouds

In 2013 the US Department of Justice initiated Operation Chokepoint. This initiative was described in a 2013;

Operation Choke Point was a 2013 initiative of the United States Department of Justice, which would investigate banks in the United States and the business they do with firearm dealers, payday lenders, and other companies believed to be at higher risk for fraud and money laundering.[1]

The Justice Department’s decision to focus on the activities of MSB’s directly impacted their treatment by banks. Soon, MSB’s became persona non-grata; the major theme was that these organizations have potential for money laundering and therefore had to be given scrutiny.  There was a second theme that was less prominent; the better the monitoring the lower the risk.  Eventually the regulators were forced to cease the initiative. Unfortunately, a great deal of the stigma associated with MSB’s remains.

Community Banking Transitions  

Today community banks are experiencing shrinking margins in traditional business lines. Competition for C & I and CRE has become fierce, shrinking margins and making lending in these areas more expensive.  In the meantime, the main reason for community banking- serving the underserved is still an area that has a great deal of space for growth.  In 2016, the FDIC estimated that 27% of all households were unbanked or underbanked.

The Remittance Market

Remittances are a growing market that continues to grow according to the world bank statistics $138,165,000,000 in remittances was sent from United States to other countries in 2016. In 2018, the market is expected to grow more than in the previous two years for several reasons.  The average size of an individual remittance remains $200.00.  There are a number of money transfer business that have developed systems that are familiar to the customers and efficient in their delivery. The forces created by operation chokepoint and growing remittance market are creating great opportunities. Despite the huge demand and potential for fee income, many MSB’s are in search of a banking relationship.

Why Should a community bank consider an MSB relationship?   

Because of the history we have already discussed for many banks, the term MSB ends the discussion. However, for those banks that are looking for ways to improve overall profitability; there are several positives to consider

  • Fee income: Because the business model is built on small dollar transactions, there is a large volume of transaction. Each transaction has the potential to generate fees. The experience of banks that offer accounts to MSB’s has vbeen a steady reliable source of fee income.
  • Small expenditures of capital: The expenditure of capital that is necessary is largely dependent on the strength of your overall BSA compliance program. At the end of the day, the financial institution must dedicate sufficient resources to monitor the activity of the MSB.
  • Extremely Low Cost: The costs of the resources mentioned above can and often is covered by the client MSB.
  • Serving the underserved:  As we previously noted, the vast majority of the customers using MSB’s are part of the larger underbanked and unbanked population.
  • Opportunities for new markets, projects and a whole new generation of bank customers:Today’s MSB customer can easily be tomorrow’s entrepreneur who opens a large business account at your bank.

MSB’s and Risk

For many institutions the decision has been made that the regulatory risk associated with Money service Business is too great to justify offering the product. Of course, most of make this decision harken back to the strict scrutiny of Operation Chokepoint.

The fact that so many MSB’s lost their banking relationships caused the FDIC (the main “tormentor of financial institutions in this area) to issue FIL 5-2015 which was directed at the mass “de-risking” that that banks were forcing on MSB’s.

The FDIC is aware that some institutions may be hesitant to provide certain types of banking services due to concerns that they will be unable to comply with the associated requirements of the Bank Secrecy Act (BSA). The FDIC and the other federal banking agencies recognize that as a practical matter, it is not possible for a financial institution to detect and report all potentially illicit transactions that flow through an institution.  Isolated or technical violations, which are limited instances of noncompliance with the BSA that occur within an otherwise adequate system of policies, procedures, and processes, generally do not prompt serious regulatory concern or reflect negatively on management’s supervision or commitment to BSA compliance. When an institution follows existing guidance and establishes and maintains an appropriate risk based program, the institution will be well-positioned to appropriately manage customer accounts, while generally detecting and deterring illicit financial transactions.[2]

Put another way, the regulators were noting that despite the appears otherwise the principles for  managing the risks of MSB’s still applied; the better the monitoring, the lower the risk.  When considering whether to offer an MSB a bank account, your financial institutions should be able to administrate the account to keep risks low. In addition to the guidance published by the FDIC, FinCen, the FFIEC and the other banking regulatory agencies have all published guidance making it clear that there are no absolute regulatory restrictions on banking MSB’s.

The time is now for community banking institutions to consider the possibility of banking relationship with MSB’s

[1] Zibel, Alan; Kendall, Brent (August 8, 2013). “Probe Turns Up Heat on Banks”The Wall Street Journal

[2] FIL 5-2015

Rethinking The Business Model For Community Banking, February 5, 2018

FebBlog

Community banks and credit unions have been a key part of the American economy since its beginning. These are the lending institutions that make loans to small sole proprietors, first time home buyers and dreamers of all kinds. Over the years, the business model for these institutions hardly varied.  A review of the loan portfolios of community banks across the country will include three similar components:

·        CRE– Commercial real estate loans have been one of the mainstays of the community banking business. These loans provide a viable, recognizable and reliable (usually) source of income. The return on investment for these loans have been the source of a large portion of the earnings for community banks for many years.  The drawback for this type of lending is that it ties up a large portion of the capital of a bank and the return on investment takes a significant amount of time develop. A loss from one of these loans has the potential to threaten the existence of a small financial institution

·        CNI – Commercial and Industrial loans have been the beating heart for community banks for many years. Very much like CRE loans, the income from these loans is recognizable and except for a few notable exceptions, reliable. Not only do these loans have the same concerns as CRE, the competition for these loans is fierce and smaller institutions often finds themselves left with the borrowers who present the highest level of risk.

·        Consumer products – In the past 15 years, consumer loans have also proven to be a good source of earnings. Interest rates for consumer products have remained well above the prime rate and for a financial institution that is properly equipped, consumer products can provide a strong stream of income.  Consumer products also tend to be for smaller amounts, have higher rates of losses and are heavily regulated.

This three-pronged approach to earning income has been a steady, tried and true method for earnings at small financial institutions. However, there are several factors that are coming together that have threatened this business model.

·        Fintech – Financial technology (“Fintech”) companies are those companies that use software to deliver financial products. Today one of the most recognizable fintech companies is PayPal. Using just a smart phone, PayPal gives its users the ability to make payments, pay bills, deliver gift cards and conduct financial transactions with people throughout the country.  For community banks, the knowledge of the existence of PayPal is interesting, but what is more critical is the reason that PayPal was developed. PayPal, and its fintech brethren exist to fill a specific need that Banks were not meeting.

·        NBFI – The Operation Chokepoint program was a program spearheaded by the Justice Department that was aimed directly at Non-Bank Financial Institutions, aka Money Service Businesses. At the time the program was started, a decision was made that money service businesses represented an unacceptable money laundering risk.  Ultimately, Operation Chokepoint fell into disrepute and was ended. Although Operation Chokepoint has ended, its legacy is still prevalent. MSB’s still have significant problems getting bank accounts.   Despite this fact, the amount of money moved through remittances continues to grow.  MSB’s continue to serve this market for a huge population of people who are unbanked and underbanked.

·        Underbanked and Unbanked– The number of unbanked and underbanked families continues to grow. Unbanked families are those without a bank account and underbanked families are those that use minimal banking services.  The number of people in these families totaled  approximately 90 million in 2016[1].  Equally as important as the sheer size of the unbanked and underbanked population is the reason that many of these potential customers remain that way. High fees, poor customer service and bad public image have all been contributing factors for the large population of unbanked and underbanked customers.

 

Customer Bases in the Future 

The combination of these forces will greatly impact the future of the business model for community banks. Customers will continue to change their expectations for their financial institutions.  The traditional balance has changed, instead of being forced to choose the products that financial institutions offer, customers have come to demand products from their companies.

The financial needs of customers have also changed. Electronic banking, online account opening, remote deposit capture and iPhone applications are now almost necessities.  Younger customers, who make up a significant number of the unbanked and underbanked population rarely use traditional forms of community banking such as branch visits. Fast information, fast movement of money, low costs transactions and accessibility are most desirable to the potential clients of today’s financial institutions.

Implications for the Small Bank Business Model  

Fintech companies, NBFI’s and the need for new and different services presented by the unbanked and underbanked population will all continue to put pressure on community bankers to begin to make a change. Change may be hard, but it is also inevitable and necessary. For community banks and credit unions now is a good time to consider NBFI’s as viable and important customers. They are a vehicle for consumers to meet their ongoing needs and they need bank accounts.

Fintech companies reason for existing is to fill the unmet needs of unbanked and underbanked.  These companies have developed applications that allow everything from alternate means of credit scoring to international transfer of funds using applications. A community bank or credit union that creates a partnership with the right fintech company can offer products and services that will greatly distinguish them in the market and allow for continued growth and alternate means of income.  2018 is a great time to start thinking about a new business model.

[1] In our most recent survey, published in October 2016, the FDIC reported that 7 percent of households were unbanked, lacking any account relationship at an insured institution. The survey also showed that an additional one-in-five (or 19.9 percent of) households were underbanked, defined as households in which a member had a bank account, but nevertheless turned to alternative financial services providers during the year to address one or more needs for transactional services such as check cashing or credit. Altogether, the survey reported that some 90 million Americans, or nearly 27 percent of households, are unbanked or underbanked.

Section 1071 of the Dodd-Frank Act- A New Look at Fair Lending – Part One- Towards a LAR for Commercial Loans, July 25, 2017

July 24blog

As the dust settled from the financial meltdown of 2008 there were a large number of new significant regulations to consider. The qualified mortgage rules, mortgage servicing rules and appraisal valuations all garnered a great deal of attention and focus. Of course, due to the impact of these rules, this attention was well deserved. However, as the dust settled from getting compliance programs in place, it is time to give attention to future regulatory requirements.

One of the most significant of the future regulations is section 1071 of the Dodd Frank Act. This section amends the Equal Credit Opportunity Act (AKA as Reg. B) to require banks to gather information about applicants for commercial loans. The information that will be gathered is very similar to information that is currently required by the Home Mortgage Disclosure Act (HMDA). Many believe that the future of this regulation is in doubt due to the general hostility of the current presidential administration to the Dodd Frank Act. Regardless of whether this regulation becomes fully implemented, the information that it requires is well worth considering.

Specifics

For the time being, this section of the Dodd Frank Act has been put on hold until the implementing regulations have been written. There are many who believe the future of the CFPB is in doubt, but merely hoping things change is not a successful strategy. Earlier in 2017, the CFPB started taking comments on the regulation with an eye toward developing a final rule early next year. It is likely the regulation will be implemented in some form early in 2018.

What is the type of information that is required? So far, the list of information required is as follows:

‘‘(1) IN GENERAL. —Each financial institution shall compile and maintain, in accordance with regulations of the Bureau, a record of the information provided by any loan applicant pursuant to a request under subsection (b).

‘‘(2) ITEMIZATION.—Information compiled and maintained under paragraph (1) shall be itemized in order to clearly and conspicuously disclose— ‘‘(A) the number of the application and the date on which the application was received; ‘‘(B) the type and purpose of the loan or other credit being applied for; ‘‘(C) the amount of the credit or credit limit applied for, and the amount of the credit transaction or the credit limit approved for such applicant; ‘‘(D) the type of action taken with respect to such application, and the date of such action; ‘‘(E) the census tract in which is located the principal place of business of the women-owned, minority-owned, or small business loan applicant; ‘‘(F) the gross annual revenue of the business in the last fiscal year of the women-owned, minority-owned, or small business loan applicant preceding the date of the application; ‘‘(G) the race, sex, and ethnicity of the principal owners of the business; and ‘‘(H) any additional data that the Bureau determines would aid in fulfilling the purposes of this section.

‘‘(3) NO PERSONALLY IDENTIFIABLE INFORMATION.—In compiling and maintaining any record of information under this section, a financial institution may not include in such record the name, specific address (other than the census tract required under paragraph (1)(E)), telephone number, electronic mail address, or any other personally identifiable information concerning any individual who is, or is connected with, the women owned, minority-owned, or small business loan applicant.

When the regulation is enacted, what will be required? Why are the regulators doing this to us? In reverse order, the reason given for this change to the ECOA is as follows:

“The purpose of this section is to facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority owned, and small businesses” [1]

Put another way, the purpose of the collection of this information will be to allow banks, economists and regulators to more completely and accurately determine the types of loans that are being requested by minority and women owned business. Presumably, the collected data will be used to provide regulators with tools to craft legislation to help expand fair lending laws and rules to the commercial lending area. The merits of whether these regulations should be expanded to the commercial lending will be discussed in part two of this blog.

There are some unique features to the requirements of this law. For example, the lending staff member who is doing the underwriting is NOT ALLOWED to ask the questions required by the law;

Where feasible, no loan underwriter or other officer or employee of a financial institution, or any affiliate of a financial institution, involved in making any determination concerning an application for credit shall have access to any information provided by the applicant pursuant to a request under subsection (b) in connection with such application.[2]

The idea here is this information must not be part of any credit decision, and the bank is under an obligation to present evidence that this information has been segregated from the credit decision. Therefore, even in cases where there are too few staff members to totally segregate the collection of the information from the loan staff, a protective wall still must be created.

If a financial institution determines that a loan underwriter or other officer or employee of a financial institution, or any affiliate of a financial institution, involved in making any determination concerning an application for credit should have access to any information provided by the applicant pursuant to a request under subsection (b), the financial institution shall provide notice to the applicant of the access of the underwriter to such information, along with notice that the financial institution may not discriminate on the basis of such information[3]

The time is coming when this information must be collected and the Bank must make sure that once it is collected, that the information has no impact on the credit decision.

Implications for the Future

What does this regulation mean for the future? It is of course, difficult to predict the future with any real accuracy. However, it is clear that the trend for regulations is that the scope and influence of fair lending and equal credit opportunity laws will increase in influence over the next decade. It will be increasingly important for banks to determine with detail the credit needs of the communities they serve. Moreover, there will be increased emphasis on banks’ ability to show how the credit products being offered meet the credit needs of that same community.

Why not start now?

The obvious question to ask is with all of the regulations that are coming into effect at this point and the resulting requirements, why start dealing with a regulation that has not come into existence? Why not cross that bridge when we come to it? In fact, there is a chance that this law may never get an implementing regulation.

Delay will result in higher costs and increase the risk of noncompliance. Whether or not Section 1071 is implemented within the next year or the next few years, information about the borrowers you serve and the products that you offer to serve them should be part of your strategic plan, fair lending plan and CRA plan. This information will be a critical component of showing your regulators that you are a vital part of the local economy and community. Moreover, this information should be a critical part of your institutions’ drive to reach out to the new customers who are currently among the large number of unbanked and underbanked. This pool of potential customers is one of the keys to successful banking in the future. In fact, whether or not the regulation is ever implemented, developing information on women and minority owned businesses will be a key strategic advantage for the financial institutions that realize the vast potential that these business owners present.

In Part two of this blog, we will make the case for collection of information on loans to women and minority owned.

Self-Policing- An Excellent Way to Control Your own Destiny,June 26, 2017

 

 

June

 

Note: The following is an update of a blog that we originally posted in November of 2015. In light of recent implementation of the new Uniform Interagency Consumer Compliance rating system, we felt that this blog is once again timely.

Self-Policing- An excellent way to control your own destiny.

So, you are the compliance officer and while doing a routine check on disclosures, you notice a huge error that the Bank has been making for the last year. The beads of sweat form on your forehead as you realize that this mistake may impact several hundred customers.  Real panic sets in as you start to wonder what to do about the regulators. To tell or not to tell, that is indeed the question.

Many of our clients struggle with the question of what to do when your internal processes discover a problem. We have always believed that the best policy is to inform the regulators of the problem.    CFBP Bulletin 2013-06 discusses what it calls “responsible business conduct” and details the grounds for receiving consideration for getting enforcement relief from the CFPB. In this case, “consideration is somewhat vague and it depends on the nature and extent of the violation, but the message is clear. It is far better to self-police and self-report than it is to let the examination team discover a problem.

Why Disclose a Problem if the Regulators Didn’t Discover it?  

It is easy to make the case that financial institutions should “let sleeping dogs lay”. After all, if your internal processes have found the issue, the thing is that you can correct it without the examiners ever knowing, move on and everybody is happy.  Right? In fact, nothing could be further from the truth.  There was a time when the relationship between regulators and the banks they regulate was collegial, but that is most certainly not the case any longer.

Self- Policing

It is not enough that a bank discovers its own problems and addresses them. In the current environment, there is a premium placed on the idea that a bank has compliance and/or audit systems in place that are extensive enough to find problems, determine the root of the problems and make recommendations for change. An attitude that compliance is important must permeate the organization starting from the top. To impress the regulators that an organization is truly engaged in self-policing, there has to be evidence that senior management has taken the issue seriously and has taken steps to address whatever the concern might be. For example, suppose during a compliance review, the compliance team discovers that commercial lenders are not consistently given a proper ECOA notification. This finding is reported to the Compliance Committee along with a recommendation for training for commercial lending staff.  The Compliance Committee accepts the recommendation and tells the Compliance Officer to schedule Reg. B training for commercial lenders. This seems like a reasonable response, right?

This does not rise to the level of self- policing that is discussed in the CFPB memo; a further step is necessary. What is the follow-up from senior management?  Will senior management follow up to make sure that the classes have been attended by all commercial lending staff? Will there be consequences for those who do not attend the classes? The answers to these questions will greatly impact the determination of whether there is self-policing that is effective.  Ultimately, the goal of a Bank should be to show that the effort at self-policing for compliance is robust and taken seriously at all levels of management. The more the regulators trust the self-policing effort, the more the risk profile of bank decreases and the less likely enforcement action will be imposed.

Self-Reporting

While at first blush self-reporting seems a lot like punching oneself in the face, this is not the case at all.   The over-arching idea from the CFPB guidance is that the more the institution is willing to work with the regulatory agency, the more likely it is that there will be consideration for reduced enforcement action. Compliance failures will eventually be discovered and the more they are self-discovered and reported, the more trust the regulators have in the management of the bank in general and the effectiveness of the compliance program in particular.  The key here is to report at the right time. Once the extent of the violation and the cause of it have been determined, the time to report is imminent. While it may seem that the best time to report is when the issue is resolved, this will generally not be the case. In point of fact, the regulators may want to be involved in the correction process. In any event, it is a bad idea to wait too long to report a problem. For example, don’t wait  until discovery of the problem is imminent (e.g. the regulatory examination will start next week!).

When it is time to report a problem to the regulators, it is important to remember that you should give complete information, keeping in mind that you should know the extent and the root cause of the problem. It is also advisable to have a strategy for remediation in place at the time of reporting.

Remediation

What will your bank do to correct the problem? Has there been research to determine the extent of the problem and how many potential customers have been affected?     How did the Bank make sure that whatever the problem is has been stopped and won’t be repeated? What practices, policies and procedures have been changed as a result of the discovery of the problem? These are all questions that the regulators will consider when reviewing efforts at remediation. For instance, if it turns out that the problem has been improperly disclosing transfer taxes, an example of strong mediation would include:

  • A determination if the problem was systemic or with a particular staff member
  •  A “look back” on loan files for the past 12 months
  • Reimbursement of all customers who qualify
  • Documentation of the steps that were taken to verify the problem and the reimbursements
  • Documentation of the changed policies and procedures to ensure that there is a clear understanding of the requirements of the regulation.
  • Disciplinary action (if appropriate for affected employees)

A plan for follow-up to ensure that the problem is not re-occurring

Cooperation

Despite the very best effort at self-reporting and mediation, there may still be an investigation by the regulators. If the regulators start to investigate an area that you have already disclosed, such an instance calls for cooperation not hunkering down. The more the bank is forthcoming with the information about its investigation, the more likely that the regulators will determine that there is nothing more for them to do.

 

The new regulatory ratings systems actually puts a premium on the ability of financial institutions to “self-police”.   We will discuss the ways to get the most benefit from self-reporting in future blogs.

Reimagining Compliance – Part Three May 16, 2017

May16

In the first two parts of this series we talked about the reason we have so many far-reaching regulations in compliance. The pattern these regulations follow is the same. Bad behavior by a number of financial institutions leads to a large public outcry which eventually results in regulations directed to addressing the bad behavior. The Truth in Lending Act, The Equal Credit Opportunity Act, and HMDA, all were implemented this way. Despite ongoing complaints from bankers about how burdensome these regulations might be, they are here to stay and are a part of doing business in financial services. However, by taking an optimist’s view of consumer regulations, one can find that there are many positives. These regulations add a level of stability to the banking industry and level the playing field for banks. Not only consumers but financial institutions have come to know what to expect when offering consumer products. Federally insured financial institutions have the same set of rules applied to them. Consumer compliance regulations are going to be a fact of life for financial institutions for the foreseeable future. However, all is not lost. Today there is a unique opportunity to reimagine the purpose of the compliance department. In fact, with the right change of focus, compliance can go from a cost center to a profit center.

Changes Have Come to the Banking Industry

In part two of this series we talked about the major factors that will drive change in the financial services industry in the very near future. Major forces are not only impacting the way financial institutions will do business in the future, they are directly impacting the meaning of compliance. Consider that the number of unbanked and underbanked people in the United States is at an all-time high. According to the FDIC there are more than 30 million people that fall into one of these two categories. Not only is the number of people striking, the composition of the group should give a moment’s pause to financial institutions doing strategic planning. The people in the unbanked and underbanked group include millennials, and people who simply have decided that it is better to stay outside of the banking system for assorted reasons.

Even though the unbanked and underbanked don’t have relationships with financial institutions, they DO have banking needs. Fintech companies have recognized the banking needs of this group and are developing the means to deliver. The smart phone is a gateway to banks even for persons that don’t want to have traditional accounts. Products such as Venmo and PayPal are the first generation of these companies. But in large part, these require a banking connection; today there are many ways to transfer money without a bank account. The second generation of Fintech’s allows customers to maintain a digital wallet1. The digital wallet allows the customer to maintain value (money) and store

the value on the smart phone. In other words, the new Fintech’s are making it more and more likely that the unbanked can stay unbanked and thrive.

Yet another hidden factor is the demand for the financial services provided by money service businesses (“MSB’s). MSB’s are companies that provide financial services including foreign currency exchange, check cashing and most important remittances. The constituency of MSB’s includes large populations of the unbanked and underbanked. During the period starting in 2010 through 2013, the Department of Justice along with the FDIC instituted Operation Chokepoint, which focused strict scrutiny on the administration of MSB’s. The result was that many financial institutions decided that they would no longer offer banking services to MSB’s. The need for banking services did not go away simply because Operation Chokepoint made it more difficult for MSB’s to get bank accounts. In many respects, Operation Chokepoint has created a significant opportunity for financial institutions who “step outside the box” and consider MSB’s as a source for non-interest income.

Misaligned Compliance

For many institutions, the ability to take advantage of the opportunities presented by underbanked, financial technology and MSB’s is severely limited. While each of these businesses present a reliable source of potential income, they all come with a level of risk. Compliance departments at financial institutions must be able to properly project the levels of risk and develop systems that will allow the institution to mitigate the risk.

Today’s compliance department tends to be misaligned with the strategic planning structure of financial institutions. Because compliance is viewed as a necessary (but unwanted) cost of doing business, the approach is often to get by with the minimum to meet the regulatory requirements. In extreme cases, some institutions simply calculate the costs of noncompliance into the operating budget.

Compliance programs are most often designed to be reactive. Compliance Officers make changes only when there is change in a regulation that impacts the institutions ability to keep the same products and services. For example, when the valuation rule was implemented, many compliance officers were tasked with figuring a way to document that the customer had received a copy of the appraisal or valuation used to establish collateral value. A more proactive approach might have been to partner with a Fintech company that could produce the required documentation electronically and efficiently, which will allow for significant cost savings.

The vast majority of compliance departments have limited resources and requests for budget increases are denied. Many Compliance Officers are forced to get by on their own grit and determination (in addition to lighting candles and praying). It is also common for a Compliance Officer to have several other duties including operations, security, BSA and IT to name a few. In the end, the best that a misaligned compliance depart can do is to try to keep its head above water.

Towards a More Proactive Compliance Department

Could you imagine the compliance department at your institution as a source of fee income, new clients and ongoing growth at your institution? Though it may sound farfetched, there is a possibility that this can be the case. There is a two-step process that must occur to get to this point.

First, recognizing the opportunities that exist; too many financial institutions write off MSB’s because they fear the compliance burden. However, the regulators have made it clear that with the right compliance program, there is absolutely nothing to fear from MSB’s. Making an investment into your compliance department that allows the necessary resources to properly monitor and administrate MSB’s will yield a positive return. In addition, by being able to offer banking to MSB’s your bank can access a group of potential clients that have given up on banking

Fintech companies have been developed to specifically meet the money movement needs of their customers. For many a fintech firm, there is a limited focus on compliance. One of the main things that vexes these companies is the need to get MSB licenses in each state in which they transact business. For many of` these firms a partnership with a Bank is a solution to this problem. Once again, by investing in your compliance department, the ability to engage in these partnerships can be realized.

By reimagining the compliance department of your institution, the door can be opened to additional income, customers and sustainable growth.

Re-Imagining Compliance-Part Two-Winter is Coming, March 15, 2017

March15

 

 

In the popular HBO series “Game of Thrones” one phrase that is repeated often is “Winter is Coming”.   While the true meaning of that phrase will only be known at the time the show reaches its climax, it serves as an ominous warning that change is afoot. The same thing can be said in the banking industry; significant change is coming that will impact the business model of financial institutions.  This will be especially true for community and regional banks and credit unions. There are two forces that are bearing down on the financial services industry that are sure to bring about significant change.  These changes will dramatically impact the role of compliance.

From One Direction- A Significant Market with Needs

The first force that will impact banking is the large number of unbanked and underbanked people in the united states. There are millions of potential customers who have either a limited relationship with financial institutions or no relationship at all as the FDIC showed inn their 2015 study of Unbanked and underbanked populations.[1]

The FDIC has defined Unbanked and underbanked as follows:

“…… many households—referred to in this report as “unbanked”—do not have an account at an insured institution. Additional households have an account, but have also obtained financial services and products from non-bank, alternative financial services (AFS) providers in the prior 12 months. These households are referred to here as “underbanked.”[2]

Per the Corporation for Enterprise Development, there are millions of unbanked and underbanked households across the country.  For example, in 2010 the same organization estimated that 20% of the households in New Jersey are underbanked[3].     The number of unbanked and underbanked people that live within the service areas of financial institutions presents both an opportunity and a level of risk.  As the FDIC pointed out in there May 2016 study “Bank Efforts to serve underbanked and unbanked Communities” the whole banking community is better served when the level of trust and participation is increased[4].

 

 

Why are so Many Unbanked and Underbanked?

The FDIC asks similar of questions every year and the answers have been consistent.  Here are the key observations:

  • The most commonly cited reason was “Do not have enough money to keep in an account.” An estimated 57.4 percent of unbanked households cited this as a reason and 37.8 percent cited it as the main reason.
  • Other commonly cited reasons were “Avoiding a bank gives more privacy,” “Don’t trust banks,” “Bank account fees are too high,” and “Bank account fees are unpredictable.
  • Perceptions of Banks’ Interest The 2015 survey included a new question asked of all households: “How interested are banks in serving households like yours?”
  • The survey results revealed pronounced differences across households.
  • Approximately 16 percent thought that banks were “not at all interested” in serving households like theirs, and the perceptions of the remaining 8 percent were unknown.
  • Unbanked households were substantially less likely than underbanked or fully banked households to perceive that banks were interested in serving households like theirs. More than half (55.8 percent) thought that banks were not at all interested, compared to roughly 17 percent of underbanked households and 12 percent of fully banked households.

 

Ultimately, there are well over 50 million households in America that currently either don’t have a relationship with a bank or have only a minimal one.

In many cases, misperceptions from the point of view of customers and financial institutions keep them apart.  For far too long it has been an axiom that the costs of providing banking services for consumer accounts prevents an acceptable rate of return.  However, through the development and use of new technologies, the costs associated with consumer accounts has significantly declined.

Many of the unbanked and underbanked turn to Money Service Businesses (“MSB’s”) to transaction business. Both the check cashing and money remittance industries handle billions of dollars on an annual basis for their customers.  The fees available to financial institutions willing to provide bank accounts to MSB’s present a significant opportunity for income. Unfortunately, too many institutions still feel the sting of “operation chokepoint” a misguided attempt by regulators to drive MSB’s out of the financial services industry. Financial institutions willing to invest in the proper infrastructure to bank these customers have found the return to be worth the investment.

Without significant competition for the unbanked and underbanked households, financial needs are met by businesses that are predatory.  Financial technology (“Fintech”) companies have set out to change the landscape and to fill the need of this massive pool of potential clients. So far, these efforts have yielded products such as digital wallets, person to person networks (such as PayPal and Venmo), fundraising sites and even remote bill paying. Most recently, there are a number of fintech companies venturing in to the consumer and business loan arena.

From Another Direction- Technology

Advances in technology have made it possible for customers to enjoy many of the services of a bank without actually having a banking relationship. Using a smart phone coupled with software programs, from financial technical companies, people can have access to money at ATM’s, pay bills, receive payroll and buy things, all without having a bank account.

The fact that many of the products that are being developed by fintech companies can be delivered to smartphones should not be lost on financial institutions. The unbanked and underbanked may not have accounts at financial institutions, but almost all of them have a smartphone.   A large percentage of the people who fit into this category are millennials who have become accustomed to conducting business on their smart devices.

A growing number of institutions have recognized the potential benefits of working with fintech companies.  In late 2016, the firm Manatt, Phelps & Phillips, LLP, conducted a survey of banks that have engaged in partnerships with fintech companies and the results are enlightening. There were four key takeaways that are useful to everyone in the banking and fintech sectors when approaching the challenges that come with collaboration:

  • Banks are on board with fintech. At 81%, the overwhelming majority of regional and community banks are currently collaborating with fintechs. In addition, 86% of regional and community bank respondents said that working with fintechs is “absolutely essential” or “very important” for their institution’s success.
  • Lower costs + a better brand = a win-win. For regional and community banks, enhanced mobile capabilities and lower capital and operating costs were highlighted as the benefits of collaborating with fintechs. Fintechs named market credibility and access to customers in regional markets as the main benefits to partnering with banks.
  • Data security remains a challenge. Both banks and fintech companies are highly sensitive to the ways in which data is shared and secured. This means extra attention must be paid to cybersecurity when the two sides collaborate—especially given the cultural mismatch that can exist between them. Despite the optimism among banks for collaboration, preparedness is a large concern. Almost half of regional and community bank respondents said they are just “somewhat prepared” or even “somewhat unprepared” for this kind of partnership.
  • Regulatory concerns remain paramount. For banks and fintech firms, structuring relationships that are regulatory compliant, including, if required, prior regulatory approval, is critical to ensuring success and the opportunity to change the way financial services are ultimately delivered.[5]
  • As partnerships with Fintech firms become more commonplace, so does the need for compliance staff who are fully versed in this area. Compliance staff fully versed in both fintech and regulatory requirements have/will become key figures in an institutions’ ability to offer fintech products that are successful and compliant.

“Winter” is definitely coming- will you be ready?

[1] Estimates from the 2015 survey indicate that 7.0 percent of households in the United States were unbanked in 2015. This proportion represents approximately 9.0 million households. An additional 19.9 percent of U.S. households (24.5 million) were underbanked, meaning that the household had a checking or savings account but also obtained financial products and services outside of the banking system.

[2] FDIC survey of unbanked and underbanked households

[3]See https://cfed.org/assets/pdfs/Most_Unbanked_Places_in_America.pdf  June 2016

[4]Bank Efforts to serve underbanked and unbanked Communities

[5] Fintech comes to Regional and Community Banks- Fintech Finance 2017.

 

Re-Imagining Compliance: Part One, February 27, 2017

Feb27

 

Re-Imagining Compliance- A Three-Part series

Part One – Compliance is here to Stay

Every culture has its own languages and code words. Benign words in one culture can be offensive in another. There was a time when something that was “Phat” was really desirable and cool while there are very few people who would like being called fat! Compliance is one of those words that, depending on the culture, may illicit varying degrees of response. In the culture of financial institutions, the word compliance has some negative associations.   Compliance is often considered an unnecessary and crippling cost of doing business. Many of the rules and regulations that are part of the compliance world are confusing and elusive. For many institutions, has been the dark cloud over attempts to provide new and different services and products.

Despite the many negative connotations that surround compliance in the financial services industry, there are many forces coming together to alter the financial services landscape. These forces can greatly impact the overall view of compliance. In fact, it is increasingly possible to view expenditures in compliance as an investment rather than a simple expense.   In this three-part blog, we ask that you reimagine your approach to compliance.

Why do we have Compliance Regulations?

Many a compliance professionals can tell you about how difficult it is to keep everybody up to date on the many regulations that apply to financial institutions. However, if you ask why exactly do we even have an Equal Credit Opportunity Act or a Home Mortgage Disclosure Act (“HMDA”), it would difficult to get a consensus.   All of the compliance regulations share a very similar origin story.   There was bad or onerous behavior on the part of financial institutions, followed by a public outcry, legislative action to address the bad behavior and then eventually regulations. The history of Regulation B provides a good example:

A Little History

The consumer credit market as we now know it grew up in the time period from World War II and the 1960’s.  It was during this time that the market for mortgages grew and developed and became the accepted means for acquiring property, financing businesses, developing wealth and upward mobility.  By the late 1960’s the consumer credit market was booming.

The Equal Credit Opportunity Act (“ECOA”) and regulation B are not nearly as old as you might think. In fact, the first attempt at regulating credit access was the Consumer Credit Protection Act of 1968.  This legislation was passed to protect consumer credit rights that up to that point been largely ignored.  The 1968 regulation was passed as the result of continuing growth in consumer credit and its effects on the economy.  For example, in the year before the regulation was passed, consumers were paying fees and interest that equaled the government’s payments on the national debt!  One of the goals of the Consumer Credit Protection Act was to protect consumer rights and to preserve the consumer credit industry.

The Civil Rights Movement was occurring at the same time as the passage of the CCPA and in 1968, the Fair Housing Act was passed by Congress.  The FHA was designed to assist communities that that had been excluded from credit markets obtain access to credit.  We will discuss the Fair Housing Act in more detail next month.

One of the things that the CCPA did was to empanel a commission of Congress called the National Commission on Consumer Finance.  This commission was directed to hold hearings about the structure and operation of the consumer credit industry.

Unintended Consequences

While performing the duties they were assigned, the members of the National Commission on Consumer Finance conducted several hearings about the credit approval process for consumer loans.  The stories and anecdotes from these hearings raised a tremendous public outcry about the behavior of banks and financial institutions that were in the business of granting credit.   One of the common themes of the testimonies given was that women and minorities were being left behind when it came to the growth of the consumer credit market.  Public pressure forced additional hearings on the consumer credit market, and the evidence showed that women in particular and minorities in general were being given unfair and unequal treatment by banks.

What was Going On? 

So what were banks doing that was a cause of concern?  There were several practices that had become normal and regular for banks when the applicant for consumer credit was a woman or a member of a racial minority group.

Women had more difficulty than men in obtaining or maintaining credit, more frequently were asked embarrassing questions when applying for credit, and more frequently were required to have cosigners or extra collateral.   When a divorced or single woman applied for credit she was immediately asked questions about her life choices, sexual habits, and various other personal information that was both irrelevant to the credit decision and not asked of men.

Racial minorities had difficulty even obtaining credit applications let alone credit approvals.  In cases, where members of minority groups attempted to get a loan applicant, there were either told that the bank was not making consumer loans, or that the area that the person lived was outside of the lending area of the bank.

For applicants that receive public assistance, child support of alimony, banks would not consider these as sources of income under the theory that they were temporary and might disappear.

Despite being subjected to embarrassing or incorrect information, in the cases where women and minorities persisted and completed a credit applications, banks would drag out the process for interminable time periods and would engage in strong efforts to discourage the applicant from going forward.

In many cases, when a person lived in a neighborhood that was predominately comprised of minorities, the borrower was told that the collateral did not have enough value without further explanation.  

The ECOA

Though these stories created a great deal of interest, the CCPA was not amended until 1974 when the first Equal Credit Opportunity Act was passed.  This Act prevented discrimination in credit based on sex and marital status.

Why are there a Regulation B and the ECOA?

The development of the consumer credit market brought with it a series of bad behaviors that directly and negatively impacted the ability of women and minorities to obtain credit.   These behaviors included asking women to check with their husbands before getting a loan, denying a single woman credit, discouraging minorities from applying for credit and outright refusal to grant credit.

The law and regulation are designed to open credit to all who are worthy by limiting practices that unfairly exclude groups of people and by making sure that applicants are fairly informed of the reasons for a denial.

The regulations exist because there was bad behavior that was not being addressed by the industry alone. Many of the compliance regulations share the same origin story.

Compliance is not all Bad

Sometimes, we are caught up on focusing on the negative to the point that it is hard to see the overall impact of bank regulations.   One of the positive effects of compliance regulations is they go a long way toward “leveling the playing field” among banks.   RESPA (the Real Estate Settlement Procedures Act) provides a good example.  The focus of this regulation is to get financial institutions to disclose the costs of getting a mortgage in the same format throughout the country.   The real costs associated with a mortgage and any deals a bank has with third parties, the amount that is being charged for insurance taxes and professional reports that are being obtained all have to be listed in the same way for all potential lenders.  In this manner, the borrower is supposed to be able to line up the offers and compare costs.  This is ultimately good news for community banks.  The public gets a chance to see what exactly your lending program is and how it compares to your competitors.  The overall effect of this legislation is to make it harder for unscrupulous lending outfits to make outrageous claims about the costs of their mortgages.   This begins to level the playing field for all banks.  The public report requirements for the Community Reinvestment Act and the Home Mortgage Disclosure Act can result in positive information about your bank.    A strong record of lending within the assessment area and focusing on reinvigoration of neighborhoods is a certainly a positive for the bank’s reputation.  The overall effects of the regulations and should be viewed as a positive.

Protections not just for Customers

In some cases, consumer regulations provide protection not just for consumers but also for banks.  The most recent qualifying mortgage and ability to repay rules present a good case.  These rules are designed to require additional disclosures for borrowers that have loans with high interest rates.   In addition to the disclosure requirements, the regulations establish a safe harbor for banks that make loans within the “qualifying mortgage” limits.  This part of the regulation provides strong protection for banks.  The ability to repay rules establish that when a bank makes a loan below the established loan to value and debt to income levels, then the bank will enjoy the presumption that the loan was made in good faith.  This presumption is very valuable in that It can greatly reduce the litigation costs associated with mortgage loans.  Moreover, if a bank makes only “qualifying mortgages’ the level of regulatory scrutiny will likely be lower than in the instance of banks that make high priced loans.

Compliance regulations will no doubt be a part of doing business in the financial industry for the foreseeable future.   However, all is not Considering a strategy that embraces the regulatory structure as an overall positive will allow management to start to re-imagine compliance and consider greater investment.   In our next blog, we will discuss the forces that are converging to make the return on investment in compliance strong.

Strategic Risk- a top Consideration in 2017, February 2, 2017

Feb2

 

For many financial institutions as January ends, the implementation phase of plans begins. As you put the finishing touches on your plans and give it one last look, among the critical things to consider should be your assessment of strategic risk. For the prudential regulators (the FDIC, the Federal Reserve, the OCC and the CFPB), strategic risk has become the preeminent issue, as indicated in public statements, guidance and planned supervisory focus documents. The main issue driving strategic risk is the convergence of unbanked/underbanked people, the growth of financial technology (” fintech”) firms and shrinking demand for traditional lending. And to paraphrase the comments of Comptroller of the Currency Thomas Curry, those who fail to innovate are doomed.

Strategic risk is generally defined as:

Strategic risk is a function of business decisions, the execution of those decisions, and resources deployed against strategies. It also includes responsiveness to changes in the internal and external operating environments.[1]

The OCC’s Safety and Soundness Handbook- Corporate Guidance section discusses strategic risk as follows:

The board and senior management, collectively, are the key decision makers that drive the strategic direction of the bank and establish governance principles. The absence of appropriate governance in the bank’s decision-making process and implementation of decisions can have wide-ranging consequences. The consequences may include missed business opportunities, losses, failure to comply with laws and regulations resulting in civil money penalties (CMP), and unsafe or unsound bank operations that could lead to enforcement actions or inadequate capital.[2]

More to the point, strategic risk today is the difference between being able to “think outside the box” and being mired in tradition.   Banking as we know it is being disrupted by technology. There are many customers who have never had bank accounts and an equally large number of people who use banks on a limited basis. Many fintech firms have been founded specifically to offer products that meet the needs of these customers. Products such as online lending, stored value and bill payments are here to stay and they are changing the places customers look to fill their banking needs.

Both the FDIC and the OCC in their annual statements recognized the need to address strategic risk and will be looking at the institutions they regulate to determine the level of consideration of this risk. [3]

So, what does consideration of strategic risk look like? It means consideration of new types of products, customers and sources of income. It also means reimagining compliance.

Types of Products

Today a traditional financial institution offers a range of deposit products, consumer loans and commercial loans traditional loans. Tomorrows’ bank will offer digital wallets, stored value accounts, and financing that is tailored to the needs of customers. Loans with terms like $7,200 with a 7-month term which are not economically feasible, will be commonplace soon. Commercial loans will come with access to business management websites that offer consultation for the active entrepreneur, savings account will be attached to the digital profile of the customer. Banking will be done from the iPad or another digital device.   Your institution can be part of this updated version of banking or continue to suffer declines as your current customer base grows old and disappears.   Consider deciding which fintech companies will allow your bank to offer a full range of products that have not yet been offered. No need to reinvent the wheel, simply join forces

Types of Customers

The number of customers that are available for traditional commercial lending products is a finite pool and there is tremendous competition for these customers. However, for financial institutions that are willing to rethink the lending process there are entrepreneurs and small businesses that are seeking funding in nontraditional places. Fintech companies have developed alternative credit scoring that is highly accurate and predictive. Consider partnering with these firms to allow underwriting of nontraditional loan products.

The dreaded “MSB” word

In the early part of this decade we experienced the unfortunate effects of “operation chokepoint” a regulatory policy specifically aimed at subjecting MSB’s to strict scrutiny. Many financial institutions ceased offering accounts to these businesses. The law of unintended consequences was invoked as many of the people who used the MSB’s were left without financial services. Even today there are sizable communities of people are still hurt by the inability to get financial services. More importantly, financial institutions are missing the opportunity to develop fee income, expand their customer base and reshape the business plan.

MSB’s facilitate a huge flow of funds that flow throughout the world in one form or another and the more financial institutions are a part of that flow, the safer and more efficient it will be. MSB’s provide an extremely important service that will be filled one way or another- why not be part of it? [4]

 

Compliance as an investment

When considering overall strategic risk, an institution must balance risk levels with the systems in place to mitigate that risk. New products and different types of customers carry with them different levels and types of risk. Your system for risk management and compliance must be up to the task of administrating new challenges.   The traditional planning process considers the compliance program only after the products and customers have been determined. A proactive approach to risk would consider expanding the resources and capabilities of the compliance department to an end; adding products and services that can breathe economic life into your institution.

When the ability to monitor, and administrate new products and customers is acquired by the compliance program, your financial institution can grow and expand. Now is the time to start thinking of compliance as an investment rather than an expense.   This of course requires an investment in compliance, but the return is well worth it.

[1]Businessdirectory.com

[2] OCC Comptrollers Handbook-Safety & Soundness- Corporate Risk management

[3] OCC Report Discusses Risks Facing National Banks and Federal Savings Associations

WASHINGTON — The Office of the Comptroller of the Currency (OCC) reported strategic, credit, operational, and compliance risks remain top concerns in its Semiannual Risk Perspective for Fall 2016, released today.

 

[4] Per the world bank High-income countries are the main source of remittances. The United States is by far the largest, with an estimated $ 56.3 billion in recorded outflows in 2014. Saudi Arabia ranks as the second largest, followed by the Russia, Switzerland, Germany, United Arab Emirates, and Kuwait. The six Gulf Cooperation Council countries accounted for $98 billion in outward remittance flows in 2014.

What Is Supposed to be in my Risk Assessment? January 10, 2017

jan-10

2017 is here! Now is the time for new resolutions, renewed plans for success and… if you’re in compliance, now is the time for new compliance risk assessments. As we have discussed in previous blogs, the risk assessment is often discussed and sometimes reviled as a meaningless regulatory requirement. When attempting to prepare a risk assessment, a frequent question is presented; what are the essential items in my risk assessment? Per regulatory guidance produced by the Federal Reserve:

“Principles of sound management should apply to the entire spectrum of risks facing an institution including, but not limited to, credit, market, liquidity, operational, compliance, and legal risk.”

This guidance applies to general principals of risk assessment preparation. The compliance risk assessment is something of a different animal because questions of market risk, credit risk and liquidity risk are relatively minor concerns when considering risks in compliance. The focus instead should be on compliance, transactional, strategic, financial and reputational risks associated with compliance activity.

Think of the risk assessment as a matrix – not the type where you get to choose a red pill or a blue pill, just a square with several blocks. There is a formula that you can use to complete an effective risk assessment. The basic formula is INHERENT RISK (minus) INTERNAL CONTROLS (equals) MITIGATED RISK.

Inherent Risk

Inherent risk is the risk associated with the products, customers and overall compliance structure at your bank.

An inherent risk is a risk category that really relates broadly to the activities and operations of a company without considering necessarily the company. For example, unsecured lending is inherently more risky than secured lending. If I were auditing an institution that was primarily involved in unsecured lending, then I would have a higher assessment of inherent risk in that organization than, let’s say, secured lending. And that’s a fairly simple example, but that type of a risk assessment is done for each critical business component1

When considering the level of inherent risk at your institution, consider all the products that you offer and the worst-case scenarios lurking in the background. For example, supposed you are considering the inherent risk associated with consumer lending. The inherent risk might look something like this:

Consumer Loans- Inherent Risk/Type of Risk Comment

Compliance Risk -The risk associated with the regulatory requirements for making consumer loans, e.g. disclosures, accurate calculations, etc.

Transactional Risks- The risks associated with the systems in place that are being used to support offering the product. Can your core support the loan types being offered?

Reputation Risks-The risk that the products will result in consumer complaints, UDAAP violations or potential fair lending concerns.

Strategic Risk -Are your products really meeting the credit needs of the community you serve?

The point of this part of the exercise should be to determine the level of risks that are part of offering the products at all. This level of risk doesn’t consider anything of your compliance program.

Internal Controls

One you have identified the risks inherent in the products you offer, the customers you serve and the overall current compliance program, the next step is to review the steps your institution has taken to address them. This is where your policies, procedures, training and independent audits come in. There is really an opportunity to self-reflect and simultaneously project your aspirations during this part of the risk assessment. It is one thing to note you have policies and procedures in place. It is a far different consideration to determine how effective they are. Are the policies and procedures written and updated on an annual basis? How much of the policies and procedures are internally developed and how much have been “borrowed” from other institutions? (Note: This is not to imply that borrowing is a bad thing, if the information truly reflects the situation at your institution). The risk assessment should contain an analysis of the current state of the internal controls. What would excellent controls look like and what would it take for the compliance department to get there? These considerations should be included.

Mitigated Risk

Your overall assessment of how well the internal controls at your institution address the possibility of problems is the mitigated risk. For the risk assessment to be a most effective tool, it is necessary for this process to truly consider potential proems with internal controls. Written policies and procedures, for example, can be comprehensive and up to the minute accurate, but totally ineffective if staff don’t use them. Training is an area often taken for granted. The online training that most institutions offer is a great start for training. However, for a full in-depth understanding, additional training that includes case-studies is a best practice.

 

For the banking industry in general regulators have put strategic risk at the forefront. For example, its semiannual risk perspective for spring 2016, the OCC noted that strategic risk is a concern:

“Banks are several years into the risk accumulation phase of the economic cycle. The banking environment continues to evolve, with growing competition among banks, nonbanks, and financial technology firms. Banks are increasingly offering innovative products and services, enabling them to better meet the needs of their customers. While doing so may heighten strategic risk if banks do not use sound risk management practices that align with their overall business strategies, failure to innovate to meet evolving needs or financial services may place a bank at a competitive disadvantage.”2

As the risk assessment process is completed this year, it is important to consider whether your institution is keeping up with trends in technology and innovation. The financial industry is being disrupted in a way that will significantly impact the relationship between customers and institutions. Without the right technology and business plan, it will be easy to be left behind. Make sure that your risk assessment considers strategic risk.

James DeFrantz is the Principal of Virtual Compliance Management Services LLC. He can be reached directly at JDeFrantz@VCM4you.com

[1] William Lewis, Price Waterhouse Coopers  Comptroller of Currency Administrator of National Banks Audit Roundtable, Part 1 Risk Assessment and Internal Controls .

[2] OCC Semiannual Risk Perspective From the National Risk Committee  Spring 2016

Planning Your Compliance Year- December 13, 2016

As the year comes to close, for most people, it is time to celebrate with family and friends and to look forward to the new year with anticipation.  For risk and compliance officers at financial institutions, the new year comes with a bit of a different perspective.  For many years now, each new year brings a different set of regulations and the challenge of keeping financial institutions in compliance.   This is not necessarily a bad thing.  New challenges can present an opportunity for new and more efficient solutions.   There are some steps that you can take that can truly help you get to the goal of getting on top of compliance.

 

Step One- Information Gathering

There are several sources for regulatory changes.  It is important to consider the fact that compliance and risk expectations can be changed by more than the implementation of new regulations.   Regulatory agencies respond to world events, the political environment, resources allocations, technology and many other factors.   One valuable source of information that is often overlooked are the annual plans or statements that are issued by the prudential regulations.  All three issue a plan that addresses the areas that they will emphasize in the upcoming year.[1]  For example, the Office of the Comptrollers’ annual report points out that strategic planning will be an emphasis of the examinations teams in 2017.   In addition, there are many organizations and agencies that list the effective dates for regulations.  At VCM, we have a form that lists regulations, effective dates and whether the regulation will apply to your organization. [2] Gathering information on the new regulations and regulatory initiatives is a key first step for planning the compliance year.

Step Two – Setting the Parameters

The next step is to complete a risk assessment.  Often, we see risk assessments that are performed specifically for meeting a regulatory requirement.  In many cases, these assessments are completed and put away until it is time to do an annual update.  We believe that the risk assessment provides an excellent opportunity to set the parameters for your own compliance program.  Your risk assessment should include:

  • The areas where there have been regulatory of? internal audit findings in the past
  • The types of products the Bank offers and the risks associated with those products
  • New products contemplated
  • The management reports currently being generated by software
  • Changes in regulations that might affect the bank
  • Changes in staff that have occurred or are planned.

The risk assessment should be designed to determine the areas where your institution has the greatest risk for violations or findings.  The assessment should be brutally honest and unflinching in its assessment of the compliance needs for your institution.

The most important part of this step is to remember to USE the document that you have prepared!  The risk assessment should be the basic document that helps you make the case to senior management for additional staff and/or resources.   The risk assessment should also be used to help set the scope of the internal audits that are performed.  It is very rare that there will be time to cover every potential issue in a year so the risk assessment should help prioritize resources.    The risk assessment should also be used to set the training calendar.

Step Three- Checking Twice  

In addition to going through the regulations, it is necessary to make sure your policies and procedures match the requirements.  For example, have you developed a solid method for making sure that you comply with the “valuations rules” of regulations B and Z?  Do you know what these are and how they affect you?

It is also a very good idea to sign up for all the “Free stuff” that the regulators publish about compliance.   These can be used as useful supplemental training tools.  There is a great deal of very helpful information made available by the Federal Reserve and the CFPB. [3]

Step Four-Call for Help!

One of the benefits of completing a comprehensive compliance risk assessment is that the results can help you determine the level of support that is needed.   Far too often compliance departments get additional resources only after the staff has been overwhelmed or has experienced a poor result from an audit or examination.  However, as the saying goes, an ounce of prevention is worth a pound of cure.  Identifying the areas that are the highest risk and asking for help in those areas before they become a problem is a best practice that will enhance your compliance program and the quality of your life!

One of the best areas to get support for compliance is through the staff at your bank.   At the end of the day, compliance is a team effort that requires the input of the whole bank to be most effective.  One of the themes that we have noticed over the years is that people tend to buy in more when they understand the how’s and whys of compliance.  While online training classes are clearly efficient and relatively inexpensive, they sometimes can lack the perspective that gives the staff members the reason why the regulation exists.   For example, we have found that taking the time to explain what it is that BSA laws and rules are trying to accomplish to the staff members who are opening accounts has dramatically improved the collection of data for CIP.  The same is true for Regulation B and a host of other areas.  By helping bank staff understand that there really are good reasons why you are so insistent on complete and accurate disclosures, you can greatly reduce the error rate in these disclosures.   The more help from staff that you get, the more efficient you can be.

 

Step Five- Execute the Plan

Once you have completed the risk assessment, prioritize the risks and asked for help, it is time to execute the plan.   Make sure that the scope of the audits that you are getting will meet your needs and give you information on how things are going.   Regulators have become increasingly critical of audit scopes that are too general or that do not cover specific areas of compliance weakness at the bank.   The internal audit is an important tool that should be used to help find areas that need attention.  It is true that the auditor is your friend.  The results of audits should be taken seriously and positively as this is your opportunity to determine levels of compliance without having regulatory problems.

Like all good coaches, as a compliance officer you know the areas where your team is the weakest.  Make sure that your compliance plan is designed to address these areas from the outset.  If training has been a concern for example, then make sure that you have addressed the root of the problem.

Step Six-Remain Flexible

There is a parable that says that if you want to prove that God has a sense of humor- then try making your own plans.  There is no question that the best-laid plans can sometimes go awry.  Therefore, it is important that you build flexibility into your plan.  For example, even though you may have wanted to do flood insurance testing in the first quarter, you might find that the more urgent area of risk is compliance with HMDA.  Even though flood insurance will always be a “hot button” issue, there are times when the greater area of risk can be somewhere else.  The point is that your plan can hit all the highest areas of risk to ensure that your program is successful.

 

Planning your compliance year cannot only keep you ahead of trouble; it can help you start making different New Year’s resolutions!

 

[1] See for example, http://www.occ.gov/news-issuances/news-releases/2015/nr-occ-2015-130.html, https://www.fdic.gov/about/strategic/performance/supervision.html

 

[2] This form can be found on our website at www.vcm4you.com

[3] http://www.philadelphiafed.org/results.cfm?sort=rel&start=0&text=compliance`1

Your Partner in Balancing Compliance