Chief Investment Officer
BirdsEye Viewcompliance: the wind beneath my wings
This beautiful title comes from Gloria Banks, Chief Compliance Officer for Citizens Republic Bank, during our inaugural Compliance Forum which took place in May. As I listened to the participants discuss various compliance issues, I found this title very apt for the role that Compliance can and should play in the banking world. Sadly, it does so in too few institutions.
The purpose of the Compliance is two-fold:
During the meeting a wide range of best practices emerged. A partial list of these ideas is outlined below.
· Compliance has to mirror the organization. A fully centralized compliance function in a highly decentralized organization might not work very effectively, even though consistency is the first step toward compliance. Working within the organization with the understanding of shared priorities and responsibilities for compliance will make the function more effective regardless to the bank’s specific organizational structure.
· Culture of openness. Effective organizations have a culture of openness and candor. Telling the truth is expected, welcomed and rewarded, and messengers don’t get shot. This is particularly true for compliance which is heavily dependent on shared responsibility throughout the company and the willingness of team members to call attention to bad news. It’s easier to foster such a culture with much recognition for candid communicators and penalties for those who elect to turn a blind eye to compliance (as well as credit quality and other business issues).
· Integrate compliance into the lines of business through risk partners and regulation ownership. Compliance should be everyone’s responsibility. Otherwise, the function becomes “the enemy”. One way to avoid adversity is by clearly identifying the specific regulations for which every line of business is responsible. Compliance should become their partner and work together to facilitate effective and streamlined communication as well as monitoring and joint accountability. This means leaner compliance departments but better collaboration with the lines of business on compliance matters.
· Accept responsibility for compliance at every level. Everybody “owns” compliance. The message here is similar to the previous bullet’s content. No one wants a Compliance Department with countless headcount. The price for this is that everyone must pitch in and wear their compliance hat daily to be the eyes and ears of the compliance department and ensure that the bank does business according to the regulators’ current expectations (no small feat, I know). While this might be burdensome and terribly “un-fun”, it’s still a better solution than the alternative.
· Separate compliance from audit; report to different executives. This is a regulatory expectation and it does make sense to ensure complete independence between the two areas.
· Be ahead of the regulators. The question is often asked, “Is it wise to anticipate the regulators and be take steps they have not asked for thus far? Wouldn’t this merely cause them to find fault in “the next thing”?” I believe that waiting for regulatory action is not a winning strategy. A great example of my point is loan classifications. Waiting for the regulators to downgrade your loans ensures they see you as dragging your feet to recognize impairment and loss, which, in turn, makes you a more risky organization. In the compliance area doing all that’s expected, including scrubbing HMDA data and other painful preparations, is worth the effort. The price for non-compliance is far more dear than the upfront investment.
· Foster good relationship of mutual respect with the regulators. Regulators are people too, and some of them even add value to our banks if we let them. Treat them with respect and kindness, seek their counsel and give them nice offices with windows and coffee.
· Prepare as much of the exam materials for the examiners as possible. Be prepared. The better prepared you are, the less concern the regulators will have regarding your compliance efforts. Preparedness shows diligence and attention, which is ultimately what the examiners are looking for.
· Keep inventory of regulatory active items, who’s responsible, meeting time and attendance. We all know that the number of regulations and procedures is astronomical. Having strong project management skills and software will help you stay ahead of the game and ensure that all items are taken care of within the timeframe you committed. Keep track of the regulatory debriefings you have, who attended and when they took place as well. It’s a good tool to enhance accountability.
· Assign risk ratings to compliance issues and adjust self-monitoring and training accordingly. Not all compliance issues are created equal. Their perceived importance and relevance by the regulators change often. While it is important to comply with all regulations, some are more critical than others. For example, Fair Lending is now the new BSA (not that BSA is off the map either…). Making sure that your organization understand the current priorities and training your employees accordingly will enhance your compliance effectiveness.
· No repeat findings. Nothing is more annoying to regulators than to see their comments being ignored. It’s not only a slap in their face, but often also a sign of lack of internal controls. If you do nothing else, make sure you have no repeat findings.
· Hot buttons for the regulators: Fair Lending (the new BSA); BSA, incentive compensation; data integrity. Fair lending is foremost on the regulators’ minds in recent examinations. Be prepared: have data clean and at the ready, nice binders to make the examiners’ work easy and demonstrate your mastery of the subject. Further, incentive compensation reviews to ensure they have a risk mitigation strategy embedded in them are part of the regular exam these days.
· Responsible lending – a response to an angry public. The public is angry, and the public doesn’t distinguish between community banks’ large banks and the investment banks. Recognize that and make sure your lending practices will be perceived as responsible lending by the public at large.
· Focus on complaints: categories, frequency, intensity, corrective action. Complaints are another regulatory hot button. They are also a fine tool to better understand the customer base’s pain points. Focus on the complaints, make sure you response to each and every one, and respond to patterns that emerge.
· Clearly identify and explain reasons for fees. This is good for you and good for your customers. Both your people and the public need to understand the logic behind fees. In reality, fees often have a solid operating or risk assumption reasons behind them. All your constituencies are entitled to understand those considerations.
· Change and new product introduction are risky activities. Consider establishing a new product committee to include compliance, IT, Risk, operations etc. All product innovation which is expected to generate revenues in excess of $X should come before the committee to review compliance risk, prudent marketing etc. This isn’t about blocking progress and innovation. This is about doing it right.
· Financial literacy. Do good and do well at the same time. Teach your customers how to become more responsible financial consumers.
The first step to effective compliance management is the understanding of the dual role of compliance: 1. Meeting regulatory requirements such that the institution can continue to operate. 2. Serving business purposes the right way such that all three major bank constituencies – shareholders, customers and employees – benefit. An example: establish consistent criteria for waiving NSF and service fees to ensure that (a) waivers are limited and (b) waivers are applied consistently to avoid future possible discrimination allegations.
Managing the compliance function as a company watchdog with the motto “Dr. No” isn’t constructive. At the same time, managing the bank without deep regard for compliance and its role in business decisions is a grave mistake. A healthy balance can be struck between compliance requirements and business imperatives. Always bear in mind that a bank without profits is not a sustainable entity, but so is a bank without a license…