Making the Case for MSB’s, February 14, 2018


For many thousands of workers in the United States, the end of the week renews a weekly ritual; payday. For those workers who are expatriates, payday renews another ritual, the trip to the local money transmitter also known as Money Service Businesses. Money Services businesses are defined by FinCEN as follows:

The term “money services business” includes any person doing business, whether on a regular basis or as an organized business concern, in one or more of the following capacities:

(1) Currency dealer or exchanger.

(2) Check casher.

(3) Issuer of traveler’s checks, money orders or stored value.

(4) Seller or redeemer of traveler’s checks, money orders or stored value.

(5) Money transmitter.

(6) U.S. Postal Service.

For many years MSB’s have served the needs of the expatriate workers who are sending money home. The remittance market is a multi-billion-dollar business serving a large population of the people who tend to be underbanked or unbanked.

Storm Clouds

In 2013 the US Department of Justice initiated Operation Chokepoint. This initiative was described in a 2013;

Operation Choke Point was a 2013 initiative of the United States Department of Justice, which would investigate banks in the United States and the business they do with firearm dealers, payday lenders, and other companies believed to be at higher risk for fraud and money laundering.[1]

The Justice Department’s decision to focus on the activities of MSB’s directly impacted their treatment by banks. Soon, MSB’s became persona non-grata; the major theme was that these organizations have potential for money laundering and therefore had to be given scrutiny.  There was a second theme that was less prominent; the better the monitoring the lower the risk.  Eventually the regulators were forced to cease the initiative. Unfortunately, a great deal of the stigma associated with MSB’s remains.

Community Banking Transitions  

Today community banks are experiencing shrinking margins in traditional business lines. Competition for C & I and CRE has become fierce, shrinking margins and making lending in these areas more expensive.  In the meantime, the main reason for community banking- serving the underserved is still an area that has a great deal of space for growth.  In 2016, the FDIC estimated that 27% of all households were unbanked or underbanked.

The Remittance Market

Remittances are a growing market that continues to grow according to the world bank statistics $138,165,000,000 in remittances was sent from United States to other countries in 2016. In 2018, the market is expected to grow more than in the previous two years for several reasons.  The average size of an individual remittance remains $200.00.  There are a number of money transfer business that have developed systems that are familiar to the customers and efficient in their delivery. The forces created by operation chokepoint and growing remittance market are creating great opportunities. Despite the huge demand and potential for fee income, many MSB’s are in search of a banking relationship.

Why Should a community bank consider an MSB relationship?   

Because of the history we have already discussed for many banks, the term MSB ends the discussion. However, for those banks that are looking for ways to improve overall profitability; there are several positives to consider

  • Fee income: Because the business model is built on small dollar transactions, there is a large volume of transaction. Each transaction has the potential to generate fees. The experience of banks that offer accounts to MSB’s has vbeen a steady reliable source of fee income.
  • Small expenditures of capital: The expenditure of capital that is necessary is largely dependent on the strength of your overall BSA compliance program. At the end of the day, the financial institution must dedicate sufficient resources to monitor the activity of the MSB.
  • Extremely Low Cost: The costs of the resources mentioned above can and often is covered by the client MSB.
  • Serving the underserved:  As we previously noted, the vast majority of the customers using MSB’s are part of the larger underbanked and unbanked population.
  • Opportunities for new markets, projects and a whole new generation of bank customers:Today’s MSB customer can easily be tomorrow’s entrepreneur who opens a large business account at your bank.

MSB’s and Risk

For many institutions the decision has been made that the regulatory risk associated with Money service Business is too great to justify offering the product. Of course, most of make this decision harken back to the strict scrutiny of Operation Chokepoint.

The fact that so many MSB’s lost their banking relationships caused the FDIC (the main “tormentor of financial institutions in this area) to issue FIL 5-2015 which was directed at the mass “de-risking” that that banks were forcing on MSB’s.

The FDIC is aware that some institutions may be hesitant to provide certain types of banking services due to concerns that they will be unable to comply with the associated requirements of the Bank Secrecy Act (BSA). The FDIC and the other federal banking agencies recognize that as a practical matter, it is not possible for a financial institution to detect and report all potentially illicit transactions that flow through an institution.  Isolated or technical violations, which are limited instances of noncompliance with the BSA that occur within an otherwise adequate system of policies, procedures, and processes, generally do not prompt serious regulatory concern or reflect negatively on management’s supervision or commitment to BSA compliance. When an institution follows existing guidance and establishes and maintains an appropriate risk based program, the institution will be well-positioned to appropriately manage customer accounts, while generally detecting and deterring illicit financial transactions.[2]

Put another way, the regulators were noting that despite the appears otherwise the principles for  managing the risks of MSB’s still applied; the better the monitoring, the lower the risk.  When considering whether to offer an MSB a bank account, your financial institutions should be able to administrate the account to keep risks low. In addition to the guidance published by the FDIC, FinCen, the FFIEC and the other banking regulatory agencies have all published guidance making it clear that there are no absolute regulatory restrictions on banking MSB’s.

The time is now for community banking institutions to consider the possibility of banking relationship with MSB’s

[1] Zibel, Alan; Kendall, Brent (August 8, 2013). “Probe Turns Up Heat on Banks”The Wall Street Journal

[2] FIL 5-2015

There are Lessons for All Financial Institutions in the Wells Fargo Case- Part Three: A Glaring Need – November 2, 2016

There are lessons for All Financial Institutions in the Wells Fargo Case

Part Three- Turning Our Eyes to a Glaring Need

We have talked about the Wells Fargo case involved violations of Unfair, Deceptive Acts or Practices Act. We noted that this is true because the practices of the bank forced extra accounts and products on customers who simply didn’t want them. In addition to unwanted accounts were significant fees and charges. In some cases, there were as many as 10 unwanted accounts for customers of Wells Fargo.

While this case continues to wind its way through various administrative hearings, news stories and the inevitable civil lawsuits, there is a strong irony in this case that can easily go unnoticed. There can be no doubt that customers of the Wells Fargo were victimized by an abusive campaign. However, while these customers can be considered OVERBANKED there are simultaneously millions of Americans are unbanked and underbanked.

A Forgotten Population

Wells and many other financial institutions continue to pursue practices that forced additional accounts on people who already had a banking relationship. In the meantime, there are millions of potential customers who have no relationship at all as the FDIC showed inn their 2015 study of Unbanked and underbanked populations.

The FDIC has defined Unbanked and underbanked as follows:

“…… many households—referred to in this report as “unbanked”—do not have an account at an insured institution. Additional households have an account, but have also obtained financial services and products from non-bank, alternative financial services (AFS) providers in the prior 12 months. These households are referred to here as “underbanked.”[1]

Per the Corporation for Enterprise Development, there are millions of unbanked and underbanked households across the country. For example, in 2010 the same organization estimated that 20% of the households in New Jersey are underbanked.[2].     The number of unbanked and underbanked people that live within the service areas of financial institutions presents both an opportunity and a level of risk. As the FDIC pointed out in there May 2016 study “Bank Efforts to serve underbanked and unbanked Communities” the whole banking community is better served when the level of trust and participation is increased[3].

Why Unbanked and Underbanked?

The FDIC asks the same sorts of questions every year the answers have been consistent. Here are some of the key observations:

  • The most commonly cited reason was “Do not have enough money to keep in an account.” An estimated 57.4 percent of unbanked households cited this as a reason and 37.8 percent cited it as the main reason.
  • Other commonly cited reasons were “Avoiding a bank gives more privacy,” “Don’t trust banks,” “Bank account fees are too high,” and “Bank account fees are unpredictable.
  • Perceptions of Banks’ Interest The 2015 survey included a new question asked of all households: “How interested are banks in serving households like yours?”
  • The survey results revealed pronounced differences across households.
  • Approximately 16 percent thought that banks were “not at all interested” in serving households like theirs, and the perceptions of the remaining 8 percent were unknown.
  • Unbanked households were substantially less likely than underbanked or fully banked households to perceive that banks were interested in serving households like theirs. More than half (55.8 percent) thought that banks were not at all interested, compared to roughly 17 percent of underbanked households and 12 percent of fully banked households.

While financial institutions are overbanking the customers they have, there are well over 50 million households in America that currently either don’t have a relationship with a bank or a minimal one.

Why serve these communities?

In many cases, misperceptions from the point of view of customers and financial institutions keep them apart. For far too long it has been an axiom that the costs of providing banking services for consumer accounts prevents an acceptable rate of return. However, through the development and use of new technologies, the costs associated with consumer accounts has significantly declined.

Without significant competition for the unbanked and underbanked households, financial needs are met by business that are predatory. The number of financial institutions offering high cost loans has proliferated and the number of unbanked and underbanked families has grown.

Advances in technology had made it possible for financial institutions to offer services to communities throughout the country and the world without needed to expand the branch system. Today’s digital wallet customer is tomorrow’s commercial loan.

Compliance as an Asset

For the financial institution that considers offering new products and services using technology, a new approach to compliance must be pursued.   Currently for most financial institutions, compliance is viewed as a necessary evil expense that is at best, the cost of doing business. However, suppose the role and function of the compliance department changed. When the compliance department becomes fully versed in the requirements for offering Fintech products, the institution can become an active participant in the burgeoning market. By putting resources into your institutions ability to assess and monitor risks, new products, partnerships and growth is possible. Start thinking of compliance as an asset- it can be the gateway to new sources of income

Towards New Markets

The fact is that there are products that are available and cost effective while the market for these products is huge; there simply must be a willing spirit. Rather than committing fraud, consider serving the unbanked and underbanked markets


[1] FDIC survey of unbanked and underbanked households

[2] See anked_Places_in_America.pdfJune 2016

[3]The FDIC recognizes that public confidence in the banking system is strengthened when banks effectively serve the broadest possible set of consumers. Accordingly, the agency is committed to helping increase the participation of unbanked and underbanked consumers in the banking system.

Proposed new ratings for compliance- Is this a Brave New World?

Part One- Change is on the Horizon

In April of 2016, the FFIEC released proposed new guidelines for rating compliance programs at financial institutions.   Once these new guidelines are adopted, not only will they represent a strong departure from the current system for rating, they also present a strong opportunity for financial institutions to greatly impact their own compliance destiny.   Although these new guidelines have been released with limited fanfare, the change in approach to supervision of financial institutions has been discussed for some time and is noteworthy.

The Current Rating System

The current system for rating compliance at financial institutions was first adopted in 1980.   Performance of an institution under the Community Reinvestment Act is evaluated separately and is therefore not considered as part of the compliance examination. Under the current system, compliance is rated on a scale of increasing concern from one to five. An institution with a rating of one has little to no compliance concerns while a five rated institutions has severe concerns and an inoperative compliance system.

Under the current system, the ratings that examiners assign are based upon transaction testing. Examiners would sample a series of transactions and if there were violations of regulations, ratings would be affected. Over the years, several problems were noted with this approach. First, this approach does not take into account the root of the problem. For example, suppose the problem was caused by a form that was not up to date. Suppose further that the problem with the form was it had the wrong address for the regulator of the institution.   Using the transaction approach each loan file that contained this disclosure would count as a regulatory violation and the institution would appear to have huge number of violations. In this case, even if the examiners determined this was a technical violation and not serious, the possibility existed the overall rating would have to be a bad one to reflect the number of violations noted.

However, what if in this case, the compliance staff was well aware of the changed address, had performed training and endeavored to change all of the required forms. Unfortunately, one branch or division of the Bank still had old forms and was still using them. It is of course not good that the old forms were still being used, but the finding certainly does not indicate a severe risk at the institution.

A second problem with the current guidelines is that they do not clearly match the risk based approach for examinations that regulators have employed for several years. Each regulator has received the mandate that examinations should be tailored using a risk based approach. The examination should focus on the size, complexity and overall risk portfolio of a financial institution. The compliance examination is supposed to evaluate the effectiveness of overall system that has been employed at an institution.   In that regard, each financial institution is unique in the products and services that they offer. For example, a community bank that makes five HMDA reportable loans a year doesn’t have the same compliance needs as an institution that makes five hundred HMDA loans in the same time.

Yet another concern with the current rating system is that it tends to be “one size fits all” and as a result, outcomes are unpredictable.   Examiners, for some time have considered compliance systems on a contextual basis. The relative size of an institution, its activity in a given area and the resources realistically available have all been factors examiners consider when assessing a compliance program. Unfortunately, under the current system there is no mechanism to clearly reflect these considerations.   In many cases, an overall rating of “two” is assigned to a financial institution followed by a litany of criticism that leaves the reader confused about how the rating was possible.

In the last two years in particular, there has been a push from regulators to encourage “self-policing”, which is the process of self-detecting and correcting compliance problems at institutions. And while there have been supervisory directives that encourage self-policing, the current rating system does not allow this behavior to be properly recognized.

New Ratings

The proposed guidance discusses the key principals of the new ratings system:

“The proposed System is based on a set of key principles. The Agencies agreed that the proposed ratings should be:

  • Risk-based
  • Transparent
  • Actionable
  • [A]n Incentive for Compliance.

Risk Based: the principal here is that not all compliance systems are the same. They will vary based upon the size, complexity and risk profile of the bank. The examiners will be asked to evaluate the compliance system as it relates to the particular institution that is being reviewed. For example, written procedures that are very general in nature may be appropriate at an institution that has stable staff and experienced little to no turnover. On the other hand, those same procedures may be inadequate at a new and growing institution.

Transparent: The scope of the review and the categories that are being considered should be clear and published. Each institution should be able to understand the rating is based on specific considerations made during the current examination. Past examinations results may or may not be considered; the description of the rating criteria should detail the factors deemed important.

Actionable: The evaluation should include recommendations that address the overall strengths of the compliance program and specific areas that should be enhanced.   The idea here is  management’s attention should be drawn to specific steps that should be taken to enhance the overall compliance program.

Incent Compliance: The examiners should consider the level to which the institution has instituted a program that self-detects and corrects problems.   In this case, remember self-detecting and correcting includes an analysis of the root of the problem and remediation testing before the matter is considered closed.

Overall Ratings

Under the new rating system, there will still be a “one” through “five”, but the ratings will be given on three distinct components of compliance;

  1. Board & management Oversight
  2. The Compliance management program
  3. Violations of law and Harm to consumers

In part two of this series we will discuss the new ratings and the opportunities this system presents.

Please feel free to contact us at WWW.VCM4you.compicture1.jpg

Using Self-Policing to Create Better Compliance Outcomes

dreamstime_m_17568770Imagine the following scenario: you are the compliance officer and while doing a routine check on disclosures, you notice a huge error that your institution has been making for the last year.  The beads of sweat form on your forehead as you realize that this mistake may impact several hundred customers.   Real panic sets in as you start to wonder what to do about the regulators.  To tell or not to tell, that is indeed the question!

There are many different theories on what to do when your internal processes discover a problem.  Although it may seem counterintuitive, the best practice, with certain caveats, is to inform the regulators of the problem.    CFBP Bulletin 2013-06 discusses what it calls “responsible business conduct” and details the grounds for getting enforcement consideration from the CFPB.  In this case, consideration is somewhat vague and it clearly depends on the nature and extent of the violation, but the message is clear.  It is far better to self-police and self-report than it is to let the examination team discover a problem!

Why Disclose a Problem if the Regulators Didn’t Discover it?  

It is easy to make the case that financial institutions should “let sleeping dogs lay”.  After all, if your internal processes have found the issue, you can correct it without the examiners knowing, and move on. Right?  In fact, nothing could be further from the truth.   The relationship between regulators and the banks they regulate was once collegial, but that is most certainly not the case any longer.   Regulators have been pushed by legislation and by public outcry to be proactive in their efforts to regulate.  Part of the process of rehabilitating the image of financial institutions is ensuring that they are being well regulated and that misbehavior in compliance is being addressed.

Self- Policing

It is not enough to discover one’s own problems and address them.  In the current environment, there is a premium placed on the idea that an institution has compliance and/or audit systems in place that are extensive enough to find problems, determine the root of the problems and make recommendations for change.  An attitude that compliance is important must permeate the organization starting from the top.  To impress the regulators that an organization is truly engaged in self-policing, there has to be evidence that senior management has taken the issue seriously and has taken steps to address whatever the concern might be.  For example, suppose during a compliance review, the compliance team discovers that commercial lenders are not consistently given a proper ECOA notification.  This finding is reported to the Compliance Committee along with a recommendation for training for commercial lending staff.   The Compliance Committee accepts the recommendation and tells the Compliance Officer to schedule Reg. B training for commercial lenders.  This may seem like a reasonable response, but it is incomplete.

This does not rise to the level of self- policing that is discussed in the CFPB memo; a further step is necessary.  What is the follow-up from senior management?   Will senior management follow up to make sure that the classes have been attended by all commercial lending staff?  Will there be consequences for those who do not attend the classes?  The answers to these questions will greatly impact the determination of whether there is self-policing that is effective.   Ultimately, the goal should be to show that the effort at self-policing for compliance is robust and taken seriously at all levels of management.  The more the regulators trust the self-policing effort, the more the risk profile decreases and the less likely enforcement action will be imposed.


At first blush self-reporting seems a lot like punching oneself in the face, but this is not the case at all!   The over-arching idea from the CFPB guidance is that the more the institution is willing to work with the regulatory agency, the more likely that there will be consideration for reduced enforcement action.  Compliance failures will eventually be discovered and the more they are self-discovered and reported, the more trust that the regulators have in the management in general and the effectiveness of the compliance program in particular.   The key here is to report at the right time.  Once the extent of the violation and the cause of it have been determined, the time to report is imminent.  While it may seem that the best time to report is when the issue is resolved, this will generally not be the case.  In point of fact, the regulators may want to be involved in the correction process.  In any event, you don’t want to wait until it seems that discovery of the problem was imminent (e.g. the regulatory examination will start next week!).

It is important to remember here that the reporting should be complete and as early as possible keeping in mind that you should know the extent and the root cause of the problem.  It is also advisable to have a strategy for remediation in place at the time of reporting.


What will the institution do to correct the problem?  Has there been research to determine the extent of the problem and how many potential customers have been affected?      How did management make sure that whatever the problem is has been stopped and won’t be repeated?  What practices, policies and procedures have been changed as a result of the discovery of the problem?  These are all questions that the regulators will consider when reviewing efforts at remediation.  So for example, if it turns out that loan staff has been improperly disclosing transfer taxes on the GFE, an example of strong mediation would include:

  • A determination if the problem was systemic or with a particular staff member
  • A “look back” on loan files that for the past 12 months
  • Reimbursement of any all customers who qualify
  • Documentation of the steps that were taken to verify the problem and the reimbursements
  • Documentation of the changed policies and procedures to ensure that there is a clear understanding of the requirements of the regulation
  • Disciplinary action (if appropriate for affected employees)
  • A plan for follow-up to ensure that the problem is not re-occurring


Despite the very best effort at self-reporting and mediation, there may still be an investigation by the regulators.  Such an instance calls for cooperation not hunkering down.  The more your institution is forthcoming with the information about its investigation, the more likely that the regulators will determine that there is nothing more for them to do.

At the end of the day, it is always better to self-detect report and remediate.  In doing so you go a long way toward controlling your destiny and reducing punishment.

Community Outreach-Why Bother?


Community Outreach- Why Bother? 

One of the many requirements of the Community Reinvestment Act (“CRA”) is that all financial institutions that are subject to it make an effort to do outreach to the community.  There are similar requirements in both state and federal fair lending laws.   We believe that the need to do community outreach goes far beyond the regulatory requirements of fair lending and the CRA.

Re-Visiting Your Approach to the CRA- Embracing the Needs of Your Community

Since its inception, the Community Reinvestment Act (“CRA”) has received a great deal of attention. From consumer’s advocacy groups, the reception of the CRA has been positive, while many in the banking community are either ambivalent or downright hostile towards this legislation. During the financial crisis of 2008, the CRA enjoyed a special, albeit unfair place of contempt from those who insisted that compliance with the CRA was somehow at the root of the financial meltdown. But wait, what if the CRA had nothing to do with the financial crisis? What if instead of being an administrative burden, compliance with the CRA resulted in greater marketing opportunities and greater opportunities for overall profitability? These opportunities exist if you embrace the concept of outreach to your community.

When the CRA was first enacted, it was designed to get financial institutions to take a second look at communities that had been historically overlooked for credit by financial institutions. Though these communities tended to be populated with low to moderate income borrowers, these borrowers represent significant opportunities for good credit. The CRA was a means to an end to get banks and financial institutions to “meet the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods, consistent with safe and sound banking operations” [1]

Over the years, even though billions of dollars of investments have been made in communities that were being overlooked[2], the reputation of the CRA has become one of the regulation that forces banks to make “bad loans”. However, the true emphasis of the regulation has been and always will be to encourage banks to assess the credit needs of the communities they serve. In other words, one of the main goals of the regulations was to get banks to find credit “diamonds in the rough” in areas that had traditionally been written off. , the reputation of the CRA has become one of the regulations that forces banks to make “bad loans”. However, the true emphasis of the regulation is to encourage banks to assess the credit needs of the communities they serve. In other words, one of the main goals of the regulations was to get banks to find credit “diamonds in the rough” in areas that had traditionally been written off.

The strategy of serving communities that have been overlooked has been successfully and very profitably employed by none other than hall of fame basketball star Earvin “Magic” Johnson. His Magic John Enterprises has partnered with all manner of fortune 500 companies to invest over $500 million in communities that had been overlooked.  Using the approach of finding the “diamonds in the rough” Johnson’s companies continue to grow and show amazing profits by investing in low to moderate income communities.  So how does he find these opportunities? “Magic Johnson Enterprises is known for successfully staying rooted in communities because they understand those communities’ unique needs and personalities”[3]  In other words, he knows the needs of his communities and provides services that meet those needs.

Why Should a Bank Market to the Entire Community?

The obvious answer to this question is that failure to market to the whole community may result in a violation of CRA or Fair Lending.  The exclusion of one or more protected groups from marketing efforts can easily be interpreted as a form of “redlining” or discouragement, both of which would be seriously regulatory compliance problems.

The less obvious answer is that by including the entire community of your field of customers, the Bank can become a significant part of the community.  Community banks are an indispensable part of any community. Though it may not seem this way, the trend is that the regulatory agencies are beginning to recognize that community banks are an indispensable part of small communities and should be treated that way. [4] [4] The more that the bank can show that it is truly serving the needs of its community, the stronger the argument becomes that it is indispensable.  An indispensable bank is one that communities will fight for in times of trouble. Moreover, regulators are more likely to give assistance to true community banks

Product Development Anyone? 

One of the best ways to determine whether your institution is offering products that people actually want is to ask.  Getting out into the community and talking to customers allows senior management to get to know what mobile phone and computer applications people are using so that when the time comes to invest in new technology, the money can be well spent.

Can you Say KYC?  

The heart and soul of a strong BSA/AML compliance program is the ability of the staff at a financial institution to know its customers and their individual business plans.  By reaching out to the community it is possible to obtain feedback on how some of your customers are doing.  Suppose it turns out that one of your biggest customers has a terrible reputation in the community; especially one for charging high fees for cashing checks.  This could be particularly upsetting if you were unaware that they were cashing checks at all.

Untapped Resources

Community outreach allows the senior management of your institution to discover potential new and diverse staff members.  There are many small private programs that are designed to train young people for business and these programs can be a strong source of future management candidates.

Just What IS Your Entire Community?

The first step in the process is to make a determination of just who is part of the entire community that that your bank serves!  When was the last time that you performed an assessment of the communities that make up your assessment area? There is a wealth of information available about the makeup of people who live in your assessment area.  For example, the US Census Bureau publishes information about the households in the tracts in your assessment area.  The information includes statistics on the median income, age and races on the people in your area.  There is also information on minority and business ownership that is available by county and MSA.  The FFIEC website has a link to the Census Bureau. [5]  Another good source of data are reports prepared by county and state Chambers of Commerce. In addition to public sources of information, there are several services that provide economic data about the economic status of counties and communities[6]. However, it should be noted that these services tend to be expensive.

A much better source of information is personal contact with community groups in your area. Not all community organizers are anti-banks! In point of fact, many are doing all they can to get their clients actively involved in the banking community and away from the clutches of ‘’payday’’ lenders.

The goal here is to develop as much information as possible about just who your community is and how they fit into your business plan.  Oftentimes, this process results in discovering new and heretofore untapped opportunities. One of the main thrusts of CRA that often goes unmentioned is the push to get banks to find lending opportunities that would go completely unnoticed if not for requirements of the regulation.   Remember, CRA specifically states that the intention is not to get banks to make bad loans, just loans that would otherwise be overlooked.[7]

Marketing to Your Entire Community

One of the key elements in the overall commercial success of a bank is its ability to market itself to its community.  It is through marketing that the bank lets their communities know that it is around and that it is open for business.   Putting a marketing plan together can sometimes be a daunting task indeed.  This is especially true in the current cost conscious environment.  As you put you marketing plans together we suggest that there are two other areas to consider-both Fair Lending and the Community Reinvestment Act.  Your banks’ overall effort at compliance in these two areas can be either greatly enhanced or harmed by the marketing that is done.   We suggest that marketing should always be directed at the client’s entire community.  Failure to include all potential customers in marketing can result in both missed opportunities and the potential for CRA and Fair Lending issues.

How to Market

Today there are so many different venues for advertising that provide for effective low cost communication with customers that the bank opportunities are limitless. Social media has become a staple of the advertising for many banks. Good old fashion newspaper advertising works for others.  The idea is to make sure that you strive for inclusion and meet people where they are.  Do people speak different foreign languages in your assessment area? Make sure that you reach out to them in publications aimed at serving these communities.

In the end, comprehensive marketing programs serve both compliance and the bottom line.

[1] Don’t Blame Subprime Mortgage Crisis or Financial Meltdown on CRA  Stable 2008

[2] See The Community Reinvestment Act: 30 Years of Wealth   Building and What We Must Do to Finish the Job John Taylor and Josh Silver National Community Reinvestment Coalition

[3] Magic Johnson Enterprises Helps Major Corporations Better Serve the Multicultural Consumer  Business Wire 2008

[4] See Oklahoma Bankers association update June 3, 20123; 2011 Speech by  Ben Bernanke to federal Reserve Board


[6] Dun& Bradstreet provides one such service

[7] The Community Reinvestment Act of 1977 instructs federal financial supervisory agencies to encourage their regulated financial institutions to help meet credit needs of the communities in which they are chartered while also conforming to “safe and sound” lending standards.


Having the “Compliance Conversation” in the Face of Changing Expectations

One of the constants in the world of compliance is change.   This has been especially true in the last few years, as not only have new regulations been issued; there is now an entirely different agency that regulates banks.  Right now, most are unsure just how the Consumer Financial Protection Bureau (“CFPB”) will affect the banks it does not primarily regulate.   However, it is a good bet that much of what is done by the CFPB will also be implemented in one form or another by the other prudential regulators.

One of the other constants in compliance has been skepticism about consumer laws in general, and the need for compliance specifically.  It is often easy to feel the recalcitrance of the senior management at financial institutions to the very idea of compliance.  Even institutions with good compliance records often tend to do only that which is required by the regulation.  In many cases, they do the minimum for the sole purpose of staying in compliance and not necessarily because they agree with the spirit of compliance.  Indeed, skepticism about the need for consumer regulations as well as the effectiveness of the regulations are conversations that can be heard at many an institution.

The combination of changes in the consumer regulations, changes at regulatory agencies and changes in the focus of these agencies presents both a challenge and an opportunity for compliance staff everywhere.  It is time to have “the talk” with senior management. What should be the point of the talk?  Enhancements in compliance can help your bank receive higher compliance ratings while improving the overall relationship with your primary regulator.

The Compliance Conversation

While there are many ways to try to frame the case for why compliance should be a primary concern at a bank, there are several points that may help to convince a skeptic.

1)      Compliance regulations have been earned by the financial industry.  A quick review of the history of the most well-known consumer regulations will show that each of these laws was enacted to address bad behaviors of financial institutions.  The Equal Credit Opportunity Act was passed to help open up credit markets to women and minorities who were being shut out of the credit market.  The Fair lending laws, HMDA and the Community Reinvestment Act were passed to assist in the task of the ECOA. In all of these cases, the impetus for the legislation was complaints from the public about the behavior of banks. The fact is that these regulations are there to prevent financial institutions from hurting the public.

2)      Compliance will not go away!  Even though there have been changes to the primary regulations, there has been no credible movement to do away with them. Banking is such an important part of our economy that it will always receive a great deal of attention from the public and therefore legislative bodies. In point of fact, the trend for all of the compliance regulations is that they continue to expand. The need for a compliance program is as basic to banking as the need for deposit insurance.  Since compliance is and will be, a fact of banking life, the prudent course is to embrace it.

3)      Compliance may not be a profit center, but a good compliance program cuts way down on the opportunity costs of regulatory enforcement actions.  Many financial institutions tend to be reactive when it comes to compliance.  We understand; there is cost benefit analysis that is done and often, the decision is made to “take our chances” and get by with a minimal amount of resources spent on compliance.   However, more often than not the cost benefit analysis does not take into account the cost of “getting caught”.  Findings from compliance examinations that require “look backs” into past transactions and reimbursement to customers who were harmed by a particular practice is an extremely expensive experience.  The costs for such actions include costs of staff time (or temporary staff), reputational costs and the costs associated with correcting the offending practice.  A strong compliance management system will help prevent these costs from being incurred and protect the institution’s reputation; which at the end of the day is its most important asset.

4)      Compliance is directly impacted by the strategic plan.  Far too often, compliance is not considered as institutions put together their plans for growth and profitability.  Plans for new marketing campaigns or new products being offered go through the approval process without the input of the compliance team.  Unfortunately, without this consideration, additional risk is added without being aware of how the additional risk can be mitigated.   When compliance is considered in the strategic plan, the proper level of resources can be dedicated to all levels of management and internal controls.

5)      There is nothing about being in compliance that will get in the way of the bank making money and being successful.  Many times the compliance officer gets portrayed as the person who keeps saying no; No!” to new products, “No!” to new marketing, and “No!” to being profitable.  But the truth is that this characterization is both unfair and untrue.  The compliance staff at your institution wants it to make all the money that it possibly can while staying in compliance with the laws that apply.  The compliance team is not the enemy.  In fact, the compliance team is there to solve problems.

Getting the Conversation to Address the Future.

Today there are changes in the expectations that regulators have about responding to examination findings and the overall maintenance of the compliance management program.   There are three fronts that may seem unrelated at first, but when out together make powerful arguments about how compliance can become a key component in your relationship with the regulators.

First, the prudential regulators have made it clear that they intend the review of the compliance management program to directly impact the overall “M” rating within the CAMEL ratings.   The thought behind evaluating the compliance management program as part of the management rating is that it is the responsibility of management to maintain and operate a strong compliance program.  The failure to do so is a direct reflection of management’s abilities.  Compliance is now a regulatory foundation issue.

Second, now more than ever, regulators are looking to banks to risk assess their own compliance and when problems are noted, to come forward with the information.  The CFPB for example, published guidance in 2013 (Bulletin 2013-06) that directly challenged banks to be corporate citizens by self-policing and self-reporting.  It is clear that doing so will enhance both the reputation and the relationship with regulators.  The idea here is that by showing that you take compliance seriously and are willing to self-police, the need for regulatory oversight can be reduced.

Finally, the regulators have reiterated their desire to see financial institutions address the root causes of findings in examinations.   There have been recent attempts by the Federal Reserve and the CFPB to make distinctions between recommendations and findings.  The reason for these clarifications is so that institutions can more fully address the highest areas of concern.  By “addressing”, the regulators are emphasizing that they mean dealing with the heart of the reason that the finding occurred.  For example, in a case where a bank was improperly getting flood insurance, the response cannot simply be to tell the loan staff to knock it off!  In addition to correcting mistakes, there is either a training issue of perhaps staff are improperly assigned.  What is the reason for the improper responses?  That is what the regulators want addressed.

The opportunity exists to enhance your relationship with your regulators through your compliance department.  By elevating the level of importance of compliance and using your compliance program as a means of communicating with your regulators, the compliance conversation can enhance the overall relationship between your institution and your regulator.

Do You Know Your Risk Appetite?

Do you Know Your Risk Appetite?

As part of the development of a comprehensive compliance management program, there are specific roles for senior management and another set of roles for the Board of Directors.  Senior management has a functional role that includes the development of written policies and procedures that are then presented to the Board for approval.   On the other hand, the Board of Director’s role includes setting limits and overall policy guidelines.  Among the most important roles of the Board is to determine the overall risk appetite of the institution.   Traditionally, the way that the Board fulfills this function is by developing a risk appetite statement with metrics for measuring adherence to the risk limits.  For Community Banks and small financial institutions, the idea of a risk appetite statement and metrics may seem like a case of overkill.  However, development of the risk appetite framework can be an invaluable tool for strategic planning and resource allocation.

In one way or another, all financial institutions are making a statement about their risk appetite.  Some choose to consider appropriate risk levels directly and many more do so indirectly.  Each product and service that is offered at an institution, vis-a-vis the resources that are dedicated to compliance create a statement of sorts.   When an institution decides to offer products and services, compliance risks attach regardless of what those products are.  The compliance culture that is developed to support products and services is, a form of a risk statement.  The less emphasis that is placed on compliance the higher the risk that the institution is willing to take.   In many cases, when institutions get into significant regulatory trouble, the root cause is an imbalance between risk appetite and risk management.  Offering a new product without the proper systems in place to monitor compliance and without staff that has the expertise to administer it, is the same as a statement that the risk appetite is high.

Principles Associated with the Risk Appetite Framework

The idea here is that the Board, with the assistance of Senior Management should develop the “rules of the road” for your institution.  If there are certain levels of risk that the institution is/isn’t willing to take, then the Board should clearly state that position.  The same is true for risk that the Board may be willing to take after consideration and approval.   For example, the Board may state that it does not want the financial institution to make auto loans at all.  However, the best customer of the institution tells a loan officer that he wants a car loan for his son.    The loan officer believes that the customer may be lost of he isn’t accommodated.   The auto loan is presented to the Board for approval and an exception may be made.

The basic principles for a risk appetite should include at least four considerations:

  1. The capital level of the institution; Since capital is ultimately what keeps the institution alive a healthy level of capital must be a consideration in the overall willingness to accept risk.
  2. Compensation of staff; The extent to which staff compensation are tied to profits is a risk management consideration. Incentives should be weighted toward the idea that profit should be achieved within the risk framework of the institution
  3. Customer Service; As mentioned above there are times when meeting the needs of the customer base that the institution is trying to maintain may require actions that are out of the ordinary. The ability of your institution to meet those needs should be considered in the risk appetite framework.   If your customer base happens to be high risk, then the products and services that you will offer are also high risk.  [1]
  4. Compliance; For each consideration of risk, there should be a consideration of the resources that will be allocated to mitigate the associated potential for regulatory violations.

The risk appetite framework should be developed to balance the interplay of the four principle areas of consideration.  For example, a higher level of capital should mean that the level of risk appetite is higher than when capital is low.  Considerations of customer service have to be tempered by capital levels; and so it goes.

Compliance as Part of the Risk Appetite    

There are many institutions that consider themselves either low risk or no risk for compliance issues because limited retail products and service are offered.   However, compliance is part of this overall process regardless of whether or not you’re in a retail institution.  There are ALWAYS compliance issues.  Regulations such as the Equal Credit Opportunity Act, Anti-money laundering regulations and Unfair Deceptive Abusive Acts or Practices regulations apply to all financial institutions.

In any financial institution, there are competing interests, and the need to achieve and maintain profitability is often the counterbalance to taking increased risk.   Banking is after all at its essence, the management of risk.   When the competing interests are out of balance, the trouble starts.  Today many financial institutions find themselves searching for sources of income that are different from the traditional positive net interest margins.   The search for nontraditional income has led to consideration of products such as short term loans, MSB’s and mobile banking.   Each of these products have a level of inherent risk as well as substantial potential for profits.  However, the compliance apparatus in place at a financial institution can either significantly raise or reduce the level of inherent risk.   Over the past several years, institutions have found themselves in regulatory trouble by offering products that they either do not fully understand or have the necessary ability to administrate.

There are many examples of institutions that have allowed the push for profits to far outstrip the compliance program.  In fact, on the websites of each of the major regulatory agencies, there are examples of enforcement actions that have been taken as the result of failure to properly maintain a compliance program.

Using the risk framework to help with prioritizing  

When a risk appetite framework is developed and implemented even by a small financial institution, the overall effect on compliance is positive.  The process for developing the framework forces a level of consideration and discipline on the Board and senior management that is useful.  The risk appetite process is conducted by comparing the products and services that that the institutions wishes to offer with its ability to safely offer those products and services.

When a new product is considered, it should receive the same level of thought and consideration.  High risk products are not in of themselves a regulatory “no-no”.   For each additional product or service, the risk appetite of the Board should be considered along with the necessary expenditure on compliance resources.

Remember the overall state of your CMP says a great deal about your risk appetite.


[1] Please note- there are no regulatory bans on high risk customer or clients- just a requirement that the high risks are properly managed.

Why is There a Diversity Section in the Dodd Frank Act?

Why is there a Diversity Section in the Dodd-Frank Act?  

The Dodd–Frank Wall Street Reform and Consumer Protection Act of 2010 was one of the most sweeping banking laws that have been enacted in many years.  Of course, the legislation was passed against the backdrop of one the largest financial crises in world history.  The legislation has many sections and several of the provisions have been heavily discussed.   However, one section of the act, Section 342, has not received much discussion or fanfare at all.  What is Section 342?  It is the section that establishes the Office of Minority and Women Inclusion.

Are you Aware that the FFIEC has released Guidance Standards for Diversity in Hiring and Procurement? 

On Oct. 25, 2013, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corp., National Credit Union Administration, Consumer Financial Protection Bureau, and Securities and Exchange Commission (SEC) which is collectively known as the FFIEC, issued a proposed interagency policy statement on diversity.   Section 342 of the Dodd-Frank Act requires these agencies to develop standards for regulated entities to assess diversity. The final rule was issued and took effect on June 10, 2015.

First Things First-What is this all about? 

One of the things that the Dodd-Frank Act addresses is the effort being made by financial institutions in the area of inclusion of women and minorities in the overall hiring and procurement processes.  The legislative discussion of Section 342 of the Dodd-Frank Act helps to describe what it is that this section of the law is designed to do.

The Agencies believe that a goal of Section 342 is to promote transparency and awareness of diversity policies and practices within the entities regulated by the Agencies. The establishment of standards will provide guidance to the regulated entities and the public for assessing the diversity policies and practices of regulated entities. In addition, by facilitating greater awareness and transparency of the diversity policies and practices of regulated entities, the standards will provide the public a greater ability to assess diversity policies and practices of regulated entities. The Agencies recognize that greater diversity and inclusion promotes stronger, more effective, and more innovative businesses, as well as opportunities to serve a wider range of customers.[1]

Put another way, the Dodd-Frank Act is trying to get financial institutions to get to know their entire assessment area not only as customers, but as potential employees and contractors.   We believe that this fits in with a larger direction to financial institutions that they should get to know the credit and financial needs of the communities they serve.   Much like the Community Reinvestment Act, there is nothing in the law or the guidance that directs institutions to lower standards or to set quotas.  Instead, the idea here is to make sure that the employment and procurement processes are inclusive.   The fact is that there are many “diamonds in the rough” that go overlooked and as a result, are unbanked or underemployed.

Will This Require a Whole new Reporting Process?

The guidance requires an annual statement on the diversity practices of the Banks and credit unions.  Based upon the standards in the rule, it is not likely that a whole new data collection regime will be required.  Instead, it will be the duty of the Board and senior management to include diversity considerations in the strategic plan and ongoing monitoring of performance.

According to the proposed guidance, the expectation will be that institutions will

  • Include diversity and inclusion considerations in the strategic plan
  • Will have a diversity and inclusion plan that is reviewed and approved by the Board
  • Will have regular reports to the Board on progress
  • Will provide training to all affected staff
  • Will designate a senior officer as the person responsible for overseeing and implementing the plan

What does Diversity Mean? 

For purposes of this definition, “minority” is defined as Black Americans, Native Americans, Hispanic Americans, and Asian Americans, which is consistent with the definition of “minority” in sSection 342(g)(3) of the Act.

The final Policy Statement also states that this definition of diversity “does not preclude an entity from using a broader definition with regard to these standards.” This language is intended to be sufficiently flexible to encompass other groups if an entity wants to define the term more broadly. For example, a broader definition may include the categories referenced by the Equal Employment Opportunity Commission (EEOC) in its Employer Information Report EEO-1 (EEO-1 Report), [2] as well as individuals with disabilities, veterans, and LGBT individuals.

While this may seem like a long list of new requirements, in our opinion that is not the case at all.  When developing a strategic plan and assessing the credit needs of the community, the idea of diversity should be part and parcel of the basic considerations and projections.  It is clear that regulators will increasingly focus on financial institutions ability to identify the financial needs of the communities they serve and to match how the banks activities meet those needs.  In addition, we believe that examiners will ask financial institutions to document the reasons why they are not able to offer certain products.  The same will be true in the area of hiring and procurement.  Financial institutions will need to be able to document diversity efforts and to have a good explanation for the lack of diversity.

It should be emphasized that we do not believe that this guidance is leading towards hiring or procurement quotas.  Instead, the requirement will be for complete and clear documentation of the efforts made to ensure that diverse candidates are being considered.

Why is this a Good Thing? 

Diversity has been, and will always be a strength.  Of course a diverse loan portfolio is one that can absorb fluctuations in various industries without much turmoil.   Diverse ideas and experiences have always lead to innovation.  In point of fact, there has been a history of exclusion of several communities of potential customers by financial intuitions for some time.  The whole point of the Community Reinvestment Act was to get financial institutions to look at all communities for potential clients.

Earvin “Magic” Johnson has developed a multi-Billion-dollar business based upon the idea that diversity is strength.  His companies have invested in neighborhoods that were traditionally under banked and lacked access to funding.  The success of this company is a good example of how strategic diversity creates opportunities in communities that often get overlooked.


One of the more controversial points of the regulation is that it appears to rely on self-assessments.  There are no examinations standards that are mentioned in the guidance.  While some commenters decried the idea that self-policing is too vague; it appears that the expectation is that financial institutions will develop a policy, monitor compliance with that policy and make the results available to the public.

Self–assessment is both an opportunity and a curse.  The opportunity exists for an institution to self-define itself.  By setting standards that are based on a comprehensive understanding of the community vis-à-vis the capabilities of the bank, an institution has the opportunity to create a strong impression with regulators.  At the end of the day this is what regulators will willingly accept and applaud.


While it is too early to tell whether the final guidance will have significant costs associated with it, it is obvious that there will be an emphasis on diversity planning and programs for financial institutions. We suggest that the approach should be part of the overall strategic planning process

[1]  Joint Standards for Assessing Diversity Policies and Practices of Regulated Entities

[2] Ibid

Why IS There a Community Reinvestment Act?

Why IS there a Community Reinvestment Act?  

As anyone in compliance can attest to, there are myriad consumer compliance regulations.  For bankers, these regulations are regarded as anything from a nuisance, to the very bane of the existence of banks.  However, in point of fact, there are no bank consumer regulations that were not earned by the misbehavior of banks in the past.  Like it or not these regulations exist to prevent bad behavior and/or to encourage certain practices.   We believe that one of the keys to strengthening a compliance program is to get your staff to understand why regulations exist and what it is the regulations are designed to accomplish.  To further this cause, we have determined that we will from time to time through the year; address these questions about various banking regulations.  We call this series “Why IS there….”


The Community Reinvestment Act (“CRA”) is probably one of the most misunderstood and unfairly maligned of all of the consumer protection regulations.  Since its enactment, the CRA has been characterized as the regulation that makes financial institutions make “bad loans”.     It is not all uncommon to hear financial institutions refer to their problems loans as “CRA loans”.  Ironically, the preamble of the regulation makes it clear that there is nothing in the regulation that encourages bad loans.

The CRA is actually a part of a series of financial institution laws and regulations that were aimed directly at lack of credit availability in low to moderate income areas.   The CRA followed similar laws passed to reduce discrimination in the credit and housing markets including the Fair Housing Act of 1968, the Equal Credit Opportunity Act of 1974 and the Home Mortgage Disclosure Act of 1975 (HMDA). The Fair Housing Act and the Equal Credit Opportunity Act prohibit discrimination on the basis of race, sex, or other personal characteristics. The Home Mortgage Disclosure Act requires that financial institutions publicly disclose mortgage lending and application data. In contrast with those acts, the CRA seeks to ensure the provision of credit to all parts of a community, regardless of the relative wealth or poverty of a neighborhood.

All of these regulations were enacted to address the ongoing concerns caused by insufficient credit in low to moderate income areas.   In 2007 Ben Bernanke, then Chairman of the Federal Reserve discussed the need for the enactment of the CRA:

Several social and economic factors help explain why credit to lower-income neighborhoods was limited at that time. First, racial discrimination in lending undoubtedly adversely affected local communities. Discriminatory lending practices have deep historical roots. The term “redlining,” which refers to the practice of designating certain lower-income or minority neighborhoods as ineligible for credit, appears to have originated in 1935, when the Federal Home Loan Bank Board asked the Home Owners’ Loan Corporation to create “residential security maps” for 239 cities that would indicate the level of security for real estate investments in each surveyed city.1 The resulting maps designated four categories of lending and investment risk, each with a letter and color designation. Type “D” areas, those considered to be the riskiest for lending and which included many neighborhoods with predominantly African-American populations, were color-coded red on the maps–hence the term “redlining” (Federal Home Loan Bank Board, 1937). Private lenders reportedly constructed similar maps that were used to determine credit availability and terms. The 1961 Report on Housing by the U.S. Commission on Civil Rights reported practices that included requiring high down payments and rapid amortization schedules for African-American borrowers as well as blanket refusals to lend in particular areas.[1]

In addition to the problems caused by redlining, one of the main concerns that the Community Reinvestment Act was designed to address was the problem created by deposits being taken and not being reinvested in the same communities.

Congress became concerned with the geographical mismatch of deposit-taking and lending activities for a variety of reasons.   Deposits serve as a primary source of borrowed funds that banks may use to facilitate their lending. Hence, there was concern that deposits collected from local neighborhoods were being used to fund out-of-state as well as various international lending activities at the expense of addressing the local area’s housing, agricultural, and small business credit needs.[2]

Part of what Congress recognized by passage of the CRA is the role that financial institutions play in the development (or lack thereof) of communities.

According to some in Congress, the granting of a public bank charter should translate into a continuing obligation for that bank to serve the credit needs of the public where it was chartered.  Consequently, the CRA was enacted to “re-affirm the obligation of federally chartered or insured financial institutions to serve the convenience and needs of their service areas” and “to help meet the credit needs of the localities in which they are chartered, consistent with the prudent operation of the institution.” [3]

Despite its reputation otherwise, the Community Reinvestment Act doesn’t require any specific type of lending.  It does ask financial institutions to identify the credit needs of the community in which it is located and to do all that is possible to meet those credit needs.

Since it was first passed there have been relatively few changes in the regulation itself.  There HAVE been changes in the way it is administrated.  The most significant of these changes are:

  • Making evaluations public- The Financial Institutions Reform, Recovery and Enforcement Act of 1989 made the results of every CRA examination available to the public for review.
  • Differentiating between small, medium and large banks – In 1995, the CRA regulations were changed so that the smaller the institution, the more streamlined the CRA examination would be.

CRA Requirements  

Despite the size of the lending institutions, there are three tests on which CRA performance is judged.   The three tests are:

  • Lending Performance– at its most basic, this is a test that considers the size and resources of the financial institution. In addition, the economic opportunities that exist in the service area of the institutional are considered.  These factors are then compared to the level and distribution of loans that the institution originated.   Special attention is paid to geographic distribution of loans.  The idea here is to make sure that certain neighborhoods are not being left out of lending.
  • Investment Performance – This reviews the level of activity of a financial institution in overall community development. Community development can be accomplished through lending or investing in funds that are aimed at community development.  The definition of what does and does not qualify as community development has been a matter of controversy for several years and may be revised soon.
  • Service – The third test for CRA performance considers the amount services that financial institutions offer in low to moderate areas. Factors considered include things such as the record of opening and closing retail bank branches, particularly those that serve LMI geographies and individuals, the availability and effectiveness of alternative systems for delivering retail banking services in LMI geographies and to LMI individuals, range of retail banking services in each geography classification, extent of community development services provided and the innovativeness and responsiveness of community development services

Small institutions that are under $304 million[4] in assets have the option of deciding whether or not they want their performance under the last two tests reviewed.     For each of these tests there are degrees of activity that can be rated on a scale that goes from “substantial noncompliance” to “outstanding”.

There is nothing in any of these tests that requires a financial institution to make bad loans or even to seek out risky investments.  Instead, the directive of the CRA is that an institution should do all it can to identify opportunities for investments and services within all the communities that it serves.  Put another way, the CRA is asking financial institutions to find the “diamond in the rough” in low to moderate income communities.

CRA in the News 

As the 2008 -2010 financial crises began to subside, and experts began to look for causes, the CRA became a favorite villain for many.  Opponents of CRA placed the blame for predatory and subprime lending on the need to meet the requirements of CRA.  The argument goes that banks and financial institutions made risky loans to unqualified borrowers because that is what is required by the CRA.  There have been many scholarly articles and journal entries that have bene written to address this topic- and the recent movie ‘The Big Short’ also includes a great deal of information.  Despite the arguments there has been little to no effort made to significantly change the regulation.

The Community Reinvestment Act was passed at a time when financial institutions refused to invest in low to moderate income areas.   The main goal of this regulation is to get financial institutions to become good neighbors and to do their best to find customer who might otherwise be overlooked.

[1] The Community Reinvestment Act: Its Evolution and New Challenges  Chairman Ben S. Bernanke

At the Community Affairs Research Conference, Washington, D.C.  March 30, 2007

[2] The Effectiveness of the Community Reinvestment Act Darryl E. Getter   Congressional Research service 2015

[3] Ibid

[4] The figure for the smallest institutions is adjusted annually based upon the Consumer Price Index.

Getting to the Root of the Problem-An Important Step Towards Strong Compliance

Getting to the Root of the Problem- An important Step to Strong Compliance

The compliance examiners are coming!  It is time to get everything together to prepare for the onslaught right?   Time to review every consumer loan that has been made and every account that has been opened in the last 12 months, right? Not necessarily; the compliance examination is really an evaluation of the effectiveness of your compliance management program (“CMP”).  By approaching your examinations and audits in the same manner, the response to the news of an upcoming review becomes (almost) welcome.

The Elements of the CMP

There is really no “one size fits all” way to set up a strong compliance program.  There are, however, basic components that all compliance management systems need.  These components are often called the pillars of the CMP.  The pillars are:

  • Board Oversight
  • Policies and procedures
  • Management Information systems including risk monitoring
  • Internal Controls

The relative importance of each of these pillars depends on the risk levels at individual banks.  The compliance examination is a test of how well the bank has identified these risks and deployed resources.   For example, in a bank that has highly experienced and trained staff coupled with low turnover, the need for fully detailed procedures may be minimal.  On the other hand, at a bank where new products are being offered regularly, the need for training can be critical.   The central question is whether or not the institution has identified the risks of a compliance finding and having done so, taken steps to mitigate risks.

Making the CMP fit Your Institution  
Making sure that your CMP is right-sized starts with an evaluation of the products that are being offered and the inherent risk in that activity.  For example, consumer lending comes with a level of risk.  Missed deadlines, improper disclosures or misinterpretations of the requirements of the regulations are risks that are inherent in a consumer portfolio.   In addition to the risks inherent in the portfolio are the risks associated with the manner in which the institution conducts it consumer business.   Are risk assessments conducted when a product is going to be added or terminated?  In many cases, either decisions can create risks.  For example, the decision to cease HELOC’s may create a fair lending issue; while the decision to start making HELOC’s has to be made in light of the knowledge and abilities of the staff that will be making the loans and the staff that will be reviewing for compliance.

As a best practice, compliance has to be a part of the overall business and strategic plan of a financial institution.  The CMP has to be flexible enough to absorb changes at the bank while remaining effective and strong.
The True Test of the CMP

Probably the most efficient way to determine the strengths and weakness of the CMP is by reviewing the findings of internal audits and examinations.  When reviewing these findings what is most important is getting to the root of the problem.  Moreover, not only the findings, but the recommendations  for improvement that can be found in examination and audit reports  can be used to help “tell the story”  of the effectiveness of the CMP.  It is very important to determine the root cause the finding.  Generally, the answer will be extremely helpful in addressing the problem.  There are times when the finding is the result of a staff member having a bad day.  On those bad days, even the secondary review may not quite catch the problem.  For the most part, these are the types of findings that should not keep you up at night.
The findings that cause concerns are the ones that result from lack of knowledge or lack of information about the requirements of a regulation.  These findings are systemic and tend to raise the antenna of auditors and examiners.  Unfortunately, too often the tendency is to respond to this kind of finding by agreeing with it and promising to take immediate steps to address it.  Without knowing the root cause of the problem, the fix becomes the banking version of sticking one’s finger in the dyke to avoid a flood.

Addressing Findings  

We suggest a five step process to truly address findings and strengthen the CMP.

  1. Make sure that the compliance staff truly understands the nature of the finding.  This may sound obvious, but far too many times there is a great deal loss in translation between the readout and the final report.  If staff feels like what was discussed at the exit doesn’t match the final report, here is a communication concern.  We recommend fighting the urge to dismiss the auditor/examiner as a crank!  Call the agency making the report and get clarification to make sure that the concern that is being express is understood by staff.
  2. Develop an understanding of the root cause of the finding.  Does this finding represent a problem with our training?  Perhaps we have not deployed our personnel in the most effective manner.  It is critical that management and the compliance team develop an understanding or why this finding occurred to most effectively address it.
  3. Assign a personal responsible along with an action plan and benchmark due dates.   Developing the plan of action and setting dates develops an accountability for ensuring that the matter is addressed.
  4. Assign an individual to monitor progress in addressing findings.  We also recommend that this person should report directly to the Audit Committee of the Board of Directors.  This builds further accountability into the system.
  5. Validate the response.   Before an item can be removed from the tracking list, there should be an independent validation of the response.  For example, if training was the issue; the response should not be simply that all staff have now taken the training.  The process should include a review of the training materials to ensure that they are sufficient, feedback from staff members taking the training, and finally a quality control check of the area affected.

Not only does determining the root cause of a problem make the response more effective, but in doing so, the CMP will be strengthened.  For example, It may be easy to see a problem with disclosing right of recession disclosures.  It may be harder to see that the problem is not the people at all, but that the training they received is confusing and ineffective.  Only by diving into the root cause of the problem can the CMP be fully effective.

Your Partner in Balancing Compliance