Compliance regulations have become the center of a number of discussions in the financial services industry. Starting with the financial meltdown of 2008 the numbers of regulations that directly impact the relationship between consumers and banks have grown exponentially. Of course, the costs associated with compliance have also grown and become a significant part of the strategic planning processes and budget for financial institutions. Quite often, compliance regulations are derided as unnecessary and burdensome while the regulatory agencies that are charged with enforcing them are considered unreasonable or unfair. Unfortunately, it is often the case that the reasons compliance regulations exist and the goals of compliance examiners are misunderstood. This misunderstanding can lead to less than effective compliance management programs, mistrust of regulatory agencies and overall inefficiencies in the compliance regulation process. Understanding the “why’s” and “what’s” of compliance can go a long way towards a stronger compliance program.
Compliance a Brief History
Although there are several theories about why banking is such a heavily regulated industry, some common themes develop when considering this topic. Chief among the reasons that are advanced as an argument for bank regulation is the idea that banks and financial institutions must maintain stability, and the regulatory structure helps to create stability. For example, deposit insurance helps to eliminate the fear that financial institutions will run out of money for their customers. Another argument for regulation is the role that financial institutions play in the payment system. This is an area that requires stability. The ability of funds to flow freely through the financial system is one of the hallmarks of the stability of the US financial system. A third area that is often cited is the need to promote efficiency and competition among financial institutions.
In the aftermath of the stock market crash of 1929, the banking system experienced one of its greatest crises of confidence. Significant “runs “on banks caused liquidity concerns and brought the whole US financial system to a crashing stop. The result of these events was to usher in the modern age of bank regulation. From that time on, there have been a series of regulations and regulatory agencies that have been developed that have all been designed to promote stability and efficiency in the financial system. Generally, financial institution rules that promote the overall stability of the financial institutions are considered “safety and soundness” rules. Safety and soundness rules deal with the overall levels of risks that are inherent at individual banks. Levels of capital, limits on the loans to one borrower and the ability to identify and manage the risks presented by individual customers are all examples of safety and soundness rules.
While safety and soundness rules can generally trace their lineage back to the Great Depression, consumer regulations don’t enjoy the same clear history. For the most part, compliance regulations have been implemented following a much more indirect path. The pattern for development of consumer protection regulations is a familiar one.
1. A practice or product of a financial institution impacts a group of consumers in a negative way (e.g. women or minorities do not have equal access to credit).
2. The offending practice receives widespread attention of the public
3. The public outcry receives the attention of government
4. Legislation is passed to directly change the practice or product.
This has been the pattern time and time again in the development of all of the notable consumer protection regulations that have been enacted in the financial services industries. For example, Regulation Z (the Truth in Lending Act) was passed after public outcry about the lack of complete information detailing the costs of borrowing from banks. From the flood insurance rules, the SAFE Act to the Servicemen’s Civil Relief Act, each of the significant consumer protection regulations has followed this same pattern and path. While it can be passionately argued that regulation is not always the most efficient means to prevent bad practices, waiting for market discipline to self-regulate has historically caused more harm than good.
It is important to remember that consumer compliance regulations, regardless of the design or requirements, have similar goals in common; to prevent policies or practices that have caused real people harm in the past. Moreover, it is also the case that financial institution practices that hurt people have not been prevented by consumer regulations. In fact, the reason that the Consumer Financial Protection Bureau was created was to further strengthen the protections for consumers.
“…CFPB will be the single, consumer-focused regulating authority, consolidating the existing authorities scattered throughout the Federal government under one roof. And, the Bureau’s oversight includes the large banks and credit unions that had historically been regulated by the Federal government, as well as independent and privately owned “non-bank financial institutions” that had never been regulated before.
This means that for the first time, the Federal government will be able to regulate the activities of independent payday lenders, private mortgage lenders and servicers, debt collectors, credit reporting agencies, and private student loan companies.” 
A Peek Inside Consumer Regulations
In addition to their similar origins, consumer regulations also share similar approaches to addressing problems. The institutions to which these regulations apply are required to either disclose information to customers or collect information about customers. Regardless of the actions that are required of the financial institution, the overall goal of consumer compliance regulations is to provide as much information as possible to the general public. Data that is collected is used to study the impact of financial institution practices. For example, the data from the HMDA LAR (Loan Application Register) is used to study trends in housing and the experience of women and minorities at institutions that originate mortgages. Regulatory disclosures, such as the Truth in Lending disclosures are meant to give the customer the ability to easily compare the costs of a loan from one institution to the next. The finance charges and fees are all supposed to be listed in a uniform manner to allow a customer to lay offers for a loan side by side.
Ultimately, consumer regulations are supposed to level the playing field between financial institutions who have significant resources and unsophisticated borrowers who have limited resources.
When examiners conduct a compliance examination, the ultimate goal is to determine the strength and effectiveness of the compliance management program (‘CMP”). The CMP is comprised of the policies and procedures that cover compliance, the internal controls that have been established, independent reviews and training of staff. The examination team will take a step-by-step approach.
First, there will be analysis to determine that each of the critical components of the CMP have been established. Policies and procedures are reviewed to make sure that they are comprehensive and up to date. Do these documents give staff information on the expectations of the Board and senior management? Further, in the case of procedures, do they direct staff on the proper steps to take to conduct transactions? The compliance examiners will also review training programs and analyze whether they are keeping staff appropriately informed of applicable regulations. Finally, this portion of the examination will analyze independent review (audits) to make sure that the scope is appropriate.
Next the examiners make a determination about the overall effectiveness of the CMP. For example, the most complete written policies and procedures in the world have no impact if the results of independent reviews are ignored. The CMP must have the ability to determine the roots of noncompliance and a plan for corrective action.
As a third step, the compliance examination reviews the ability of the senior management at the financial institution to identify risks and to take action to mitigate risks. Many times, when there are regulatory concerns at financial institutions, the root cause is the inability of staff to recognize why an activity is risky or the extent of the risk. For example, an institution that serves a large number of high risks clients, must have the ability to determine what makes them high risk and precisely how to monitor activities to look for suspicious behavior. Before a bank takes on an MSB (“Money Service Business”) as a client, there should be sufficient staff knowledge of MSB’s. The institution should also have the software ability to closely monitor transactions of MSB’s.
Finally, the compliance examination staff will review the skill sets and knowledge of the staff who are charged with keeping the institution incompliance. A highly experienced and knowledgeable staff can serve as a strong counterbalance to limited policies and procedures, for example. On the other hand, staff who are unfamiliar with compliance regulations will be expected to have significant resources to use.
The compliance rating is based upon the overall effectiveness of the CMP at a financial institution.
Compliance regulations are the direct result of bad behaviors of financial institutions. Most of the regulation are designed to give the consuming public maximum information. Compliance will be a part of banking on an ongoing basis. Embrace your inner compliance officer.