Having the “Compliance Conversation” in the Face of Changing Expectations.
One of the constants in the world of compliance is change. This will be true again in 2016 when several new significant changes to regulations will be implemented. For smaller institutions the regulatory changes won’t be as significant as for larger ones. However, in addition to changes in regulations, there will also be changes in the areas of emphasis for the regulators. For example, regulators will be looking at the financial intuitions usage of models as a tool and will expect that the governance around the usage of models will be well documented. In addition, Bank Secrecy Act/Anti Money Laundering compliance programs will be scrutinized. Changes such as these can significantly impact the outcome of examinations and audits.
One of the other constants in compliance has been skepticism about consumer laws in general and the need for compliance regulations specifically. It is often easy to feel the recalcitrance of the senior management at financial institutions to the very idea of compliance. Even institutions with a good compliance record often tend to do exactly that which is required by the regulation for the sole purpose of staying in compliance with the letter and not the spirit of compliance. Indeed, skepticism about the need for consumer regulations as well as the effectiveness of the regulations are conversations that can be heard at many an institution.
The combination of changes in the consumer regulations and changes in the focus of these agencies presents both a challenge and an opportunity for compliance staff everywhere. It is time to have “the talk” with senior management. The point of the talk? Enhancements in compliance can help your bank receive higher compliance ratings while improving the overall relationship with your primary regulator.
The Compliance Conversation
While there are many ways to try to frame the case for why compliance should be a primary concern at a bank, there are several points that we have found that help convince a skeptic.
Compliance regulations have been earned by the financial industry. A quick review of the history of the most well-known consumer regulations will show that each of these laws was enacted to address bad behaviors of financial institutions. For example, the Equal Credit Opportunity Act (ECOA) was passed to help open up credit markets to women and minorities who were being shut out of the credit market. Moreover, the Fair lending laws, HMDA and the Community Reinvestment Act were all passed to assist in the task of enforcement of the ECOA. In all of these cases, the impetus for the legislation was complaints from the public about the behavior of banks. The fact is that these regulations were implemented to prevent financial institutions from hurting the public.
Compliance will not go away. Even though there have been changes to the primary regulations, there has been no credible movement towards doing away with them. Banking is such an important part of our economy that it will always receive a great deal of attention from the public and therefore, legislative bodies. The trend for all of the compliance regulations is that they continue to expand. The need for a compliance program is as basic to banking as the need for deposit insurance. In addition, since compliance is and will be, a fact of banking life, the prudent course is to embrace it.
Compliance may not be a profit center, but a good compliance program reduces the opportunity costs of regulatory enforcement actions. Many financial institutions tend to be reactive when it comes to compliance. We understand that there is a cost benefit analysis that is done and often, the decision is made to “take our chances” and get by with a minimal amount of resources spent on compliance. However, more often than not the cost benefit analysis does not take into account the cost of “getting caught”. Findings from compliance examinations may require “look backs” into past transactions and reimbursement to customers who were harmed by a particular practice. The costs for such action include costs of staff time (or temporary staff), reputational costs and the costs associated with correcting the offending practice. A strong compliance management system will prevent these costs from being incurred from the outset and protect the Bank’s reputation; which at the end of the day is its most important asset.
Compliance is directly impacted by the strategic plan. Far too often, compliance is not considered as banks put together their plans for growth and profitability. Plans for new marketing campaigns or new products being offered go through the approval process without the input of the compliance team. Unfortunately, without this consideration, banks add additional risk without being aware of how the additional risk can be mitigated. When compliance is considered in the strategic plan, we find that the proper level of resources can be dedicated to all levels of management and internal controls.
There is nothing about being in compliance that will get in the way of the bank making money and being successful. Many times the compliance officer gets portrayed as the person who keeps saying no- No!” to new products, “No!” to new marketing” and “No!” to being profitable. But the truth is that this characterization is both unfair and untrue. The compliance staff at your banks wants the bank to make all the money that it possibly can while staying in compliance with the laws that apply. The compliance team is not the enemy. In fact, the compliance team is there to solve problems.
Getting the Conversation to Address the Future.
Today, we are seeing changes in the expectations that regulators have about responding to examination findings and the overall maintenance of the compliance management program. There are three fronts that may seem unrelated at first, but when put together, they make powerful arguments about how compliance can become a key component in your relationship with the regulators.
First, the regulators have determined that the overall effectiveness of the compliance programs should be a consideration of the CAMEL ratings. The Comptroller of the Currency has published remarks that make it clear that he intends to evaluate the review of the compliance management program to directly impact the overall “M” rating within the CAMEL ratings. The other prudent regulators are soon to follow. The thought behind evaluating the compliance management program is that it is in fact the responsibility of management to maintain and operate a strong compliance program. The failure to do so is a direct reflection of management’s abilities. Compliance is now a regulatory foundation issue.
Second, now more than ever, regulators are looking to financial institutions to risk assess their own compliance and when problems are noted, to come forward with the information. The CFPB for example, published guidance in 2013 (Bulletin 2013-06) that directly challenged banks to be corporate citizens by self-policing and self-reporting. It is clear that doing so will enhance both the reputation and the relationship with regulators. The idea here is that by showing that you take compliance seriously and are willing to self-police, the need for regulatory oversight can be reduced.
Finally, the regulators have reiterated their desire to see financial institutions address the root causes of findings in examinations. There have been recent attempts by the Federal Reserve and the CFPB to make distinctions between recommendations and findings. The reason for these clarifications are so that banks can more fully address the highest areas of concern. The regulators are emphasizing that they expect a financial institutions to address the heart of the reason that the finding occurred. For example, in a case where a bank was improperly completing Good Faith Estimates in violation of RESPA, the response cannot simply be to tell the loan staff to knock it off! In addition to correcting mistakes, there is either a training issue or perhaps staff are improperly assigned. What is the reason for the improper disclosures? That is what the regulators want addressed.
The opportunity exists to enhance your relationship with your regulators through your compliance department. By elevating the level of importance of compliance at your institution and using it as a topic, a relationship of trust and communication can be developed with your regulators.