One of the constants in the world of compliance is change. This has been especially true in the last few years, as not only have new regulations been issued, there is a new and different agency that regulates banks. Right now, most are unsure just how much the CFPB will affect the banks it does not primarily regulate. However, it is a good bet that much of what is done by the CFPB will also be implemented in one form or another by the other prudential regulators.
One of the other constants in compliance has been skepticism about consumer laws in general and the need for compliance specifically. It is often easy to feel the recalcitrance of the senior management at banks to the very idea of compliance. Even many banks with a good compliance record often tend to do exactly that which is required by the regulation for the sole purpose of staying in compliance and not necessarily that they agree with the spirit of compliance. Indeed, skepticism about the need for consumer regulations as well as the effectiveness of the regulations are conversations that can be heard at many a bank.
The combination of changes in the consumer regulations, changes at regulatory agencies and changes in the focus of these agencies presents both a challenge and an opportunity for compliance staff everywhere. It is time to have “the talk” with senior management. The point of the talk? Enhancements in compliance can help your bank receive higher compliance ratings while improving the overall relationship with your primary regulator.
The Compliance Conversation
While there are many ways to try to frame the case for why compliance should be a primary concern at a bank, there are several points that we have found that help convince a skeptic.
- Compliance regulations have been earned by the financial industry. A quick review of the history of the most well-known consumer regulations will show that each of these laws was enacted to address bad behaviors of financial institutions. The Equal Credit Opportunity Act was passed to help open up credit markets to women and minorities who were being shut out of the credit market. The Fair lending laws, HMDA and the Community Reinvestment Act were passed to assist in the task of the ECOA. In all of these cases, the impetus for the legislation was complaints from the public about the behavior of banks. The fact is that these regulations are there to prevent financial institutions form hurting the public.
- Compliance will not go away! Even though there have been changes to the primary regulations, there has been credible movement to do away with them. The fact of the matter is that banking is such an important part of our economy, it will always receive a great deal of attention from the public and therefore legislative bodies. In point of fact, the trend for all of the compliance regulations is that they continue to expand. The need for a compliance program is as basic to baking as the need for deposit insurance. In addition, since compliance is and will be, a fact of baking life, the prudent course is to embrace it.
- Compliance may not be a profit center, but a good compliance program cuts way down on the opportunity costs of regulatory enforcement actions. Many financial institutions tend to be reactive when it comes to compliance. We understand; there is cost benefit analysis that is done and often, the decision is made to “take our chances” and get by with a minimal amount of resources spent on compliance. However, more often than not the cost benefit analysis does not take into account the cost of “getting caught”. Findings form compliance examinations that require “look backs” into past transactions and reimbursement to customers who were harmed by a particular practice is expensive. The costs for such action include costs of staff time (or temporary staff), reputational costs and the costs associated with correcting the offending practice. A strong compliance management system will prevent these costs from being incurred and protect the Bank’s reputation; which at the end of the day is its most important asset.
- Compliance is directly impacted by the strategic plan. Far too often, compliance is not considered as banks put together their plans for growth and profitability. Plans for new marketing campaigns or new products being offered go through the approval process without the input of the compliance team. Unfortunately, without this consideration, banks add additional risk without being aware of how the additional risk can be mitigated. When compliance is considered in the strategic plan, we find that the proper level of resources can be dedicated to all levels of management and internal controls.
- There is nothing about being in compliance that will get in the way of the bank making money and being successful. Many times the compliance officer gets portrayed as the person who keeps saying no; “No!” to new products, “No!” to new marketing” and “No!” to being profitable. But the truth is that this characterization is both unfair and untrue. The compliance staff at your bank wants the bank to make all the money that it possibly can while staying in compliance with the laws that apply. The compliance team is not the enemy. In fact, the compliance team is there to solve problems.
Getting the Conversation to Address the Future
Today, we are seeing changes in the expectations that regulators have about responding to examination findings and the overall maintenance of the compliance management program. There are three fronts that may seem unrelated at first, but when out together make a powerful argument about how compliance can become a key component in your relationship with the regulators.
First, the Comptroller of the Currency has made it clear that he intends to evaluate the review of the compliance management program to directly impact the overall “M” rating within the CAMEL ratings. The other prudential regulators are soon to follow. The thought behind evaluating the compliance management program is that it is in fact the responsibility of management to maintain and operate a strong compliance program. The failure to do so is a direct reflection of management’s abilities. Compliance is now a regulatory foundation issue.
Second, now more than ever, regulators are looking to banks to risk assess their own compliance and when problems are noted, to come forward with the information. The CFPB for example, published guidance in 2013 (Bulletin 2013-06) that directly challenged banks to be corporate citizens by self-policing and self-reporting. It is clear that doing so will enhance both the reputation and the relationship with regulators. The idea here is that by showing that you take compliance seriously and are willing to self-police, the need for regulatory oversight can be reduced.
Finally, the regulators have reiterated their desire to see financial institutions address the root causes of findings in examinations. There have been recent attempts by the Federal Reserve and the CFPB to make distinctions between recommendations and findings . The reason for these clarifications are so that banks can more fully address the highest areas of concern. By address, the regulators are emphasizing that they mean dealing with the heart of the reason that the finding occurred. For example, in a case where a bank was improperly completing Good Faith estimates in violation of RESPA, the response cannot simply be to tell the loan staff to knock it off! In addition to correcting mistakes, there is either a training issue of perhaps staff are improperly assigned. What is the reason for the improper disclosures? That is what the regulators want addressed.
The opportunity exists to enhance your relationship with your regulators through your compliance department. By elevating the level of importance of compliance and using your compliance program as a means of communicating with your regulators.
Bank Systems & Technology Article: How To Be A Better Bank: Self-Policing Your Bank’s Compliance Program