One of the constants in the world of compliance is change. This has been especially true in the last few years, as not only have new regulations been issued; there is now an entirely different agency that regulates banks. Right now, most are unsure just how the Consumer Financial Protection Bureau (“CFPB”) will affect the banks it does not primarily regulate. However, it is a good bet that much of what is done by the CFPB will also be implemented in one form or another by the other prudential regulators.
One of the other constants in compliance has been skepticism about consumer laws in general, and the need for compliance specifically. It is often easy to feel the recalcitrance of the senior management at financial institutions to the very idea of compliance. Even institutions with good compliance records often tend to do only that which is required by the regulation. In many cases, they do the minimum for the sole purpose of staying in compliance and not necessarily because they agree with the spirit of compliance. Indeed, skepticism about the need for consumer regulations as well as the effectiveness of the regulations are conversations that can be heard at many an institution.
The combination of changes in the consumer regulations, changes at regulatory agencies and changes in the focus of these agencies presents both a challenge and an opportunity for compliance staff everywhere. It is time to have “the talk” with senior management. What should be the point of the talk? Enhancements in compliance can help your bank receive higher compliance ratings while improving the overall relationship with your primary regulator.
The Compliance Conversation
While there are many ways to try to frame the case for why compliance should be a primary concern at a bank, there are several points that may help to convince a skeptic.
1) Compliance regulations have been earned by the financial industry. A quick review of the history of the most well-known consumer regulations will show that each of these laws was enacted to address bad behaviors of financial institutions. The Equal Credit Opportunity Act was passed to help open up credit markets to women and minorities who were being shut out of the credit market. The Fair lending laws, HMDA and the Community Reinvestment Act were passed to assist in the task of the ECOA. In all of these cases, the impetus for the legislation was complaints from the public about the behavior of banks. The fact is that these regulations are there to prevent financial institutions from hurting the public.
2) Compliance will not go away! Even though there have been changes to the primary regulations, there has been no credible movement to do away with them. Banking is such an important part of our economy that it will always receive a great deal of attention from the public and therefore legislative bodies. In point of fact, the trend for all of the compliance regulations is that they continue to expand. The need for a compliance program is as basic to banking as the need for deposit insurance. Since compliance is and will be, a fact of banking life, the prudent course is to embrace it.
3) Compliance may not be a profit center, but a good compliance program cuts way down on the opportunity costs of regulatory enforcement actions. Many financial institutions tend to be reactive when it comes to compliance. We understand; there is cost benefit analysis that is done and often, the decision is made to “take our chances” and get by with a minimal amount of resources spent on compliance. However, more often than not the cost benefit analysis does not take into account the cost of “getting caught”. Findings from compliance examinations that require “look backs” into past transactions and reimbursement to customers who were harmed by a particular practice is an extremely expensive experience. The costs for such actions include costs of staff time (or temporary staff), reputational costs and the costs associated with correcting the offending practice. A strong compliance management system will help prevent these costs from being incurred and protect the institution’s reputation; which at the end of the day is its most important asset.
4) Compliance is directly impacted by the strategic plan. Far too often, compliance is not considered as institutions put together their plans for growth and profitability. Plans for new marketing campaigns or new products being offered go through the approval process without the input of the compliance team. Unfortunately, without this consideration, additional risk is added without being aware of how the additional risk can be mitigated. When compliance is considered in the strategic plan, the proper level of resources can be dedicated to all levels of management and internal controls.
5) There is nothing about being in compliance that will get in the way of the bank making money and being successful. Many times the compliance officer gets portrayed as the person who keeps saying no; No!” to new products, “No!” to new marketing, and “No!” to being profitable. But the truth is that this characterization is both unfair and untrue. The compliance staff at your institution wants it to make all the money that it possibly can while staying in compliance with the laws that apply. The compliance team is not the enemy. In fact, the compliance team is there to solve problems.
Getting the Conversation to Address the Future.
Today there are changes in the expectations that regulators have about responding to examination findings and the overall maintenance of the compliance management program. There are three fronts that may seem unrelated at first, but when out together make powerful arguments about how compliance can become a key component in your relationship with the regulators.
First, the prudential regulators have made it clear that they intend the review of the compliance management program to directly impact the overall “M” rating within the CAMEL ratings. The thought behind evaluating the compliance management program as part of the management rating is that it is the responsibility of management to maintain and operate a strong compliance program. The failure to do so is a direct reflection of management’s abilities. Compliance is now a regulatory foundation issue.
Second, now more than ever, regulators are looking to banks to risk assess their own compliance and when problems are noted, to come forward with the information. The CFPB for example, published guidance in 2013 (Bulletin 2013-06) that directly challenged banks to be corporate citizens by self-policing and self-reporting. It is clear that doing so will enhance both the reputation and the relationship with regulators. The idea here is that by showing that you take compliance seriously and are willing to self-police, the need for regulatory oversight can be reduced.
Finally, the regulators have reiterated their desire to see financial institutions address the root causes of findings in examinations. There have been recent attempts by the Federal Reserve and the CFPB to make distinctions between recommendations and findings. The reason for these clarifications is so that institutions can more fully address the highest areas of concern. By “addressing”, the regulators are emphasizing that they mean dealing with the heart of the reason that the finding occurred. For example, in a case where a bank was improperly getting flood insurance, the response cannot simply be to tell the loan staff to knock it off! In addition to correcting mistakes, there is either a training issue of perhaps staff are improperly assigned. What is the reason for the improper responses? That is what the regulators want addressed.
The opportunity exists to enhance your relationship with your regulators through your compliance department. By elevating the level of importance of compliance and using your compliance program as a means of communicating with your regulators, the compliance conversation can enhance the overall relationship between your institution and your regulator.