How’s Your Compliance Management System?

As published in the Pennsylvania Association of Community Bankers’ April 2018 issue of Transactions

For many community banks, compliance is most likely not on the top of the list of concerns, correct?  If you answered yes, then your compliance department is probably overstaffed, overqualified, and focused on compliance every second of the day.  Unfortunately, as we all know, this scenario is doubtful.

So, should community banks be concerned about compliance?  The answer is yes.  Despite the hope that regulations will ease in the next few years, they will never completely be abandoned.  Ignoring the compliance function can result in monetary penalties, litigation, and enforcement actions. Therefore, let’s take a quick look at some concerns community bankers should consider regarding the compliance management system.

Are there policies and/or procedures?

Well, let’s hope so. Policies and procedures serve as the foundation to ensuring all bank employees understand and are aware of how their job can be impacted by compliance.  Policies and procedures approved by the Board of Directors demonstrate the bank’s clear expectations regarding compliance. Of course, policies and procedures should and will vary from institution to institution to fit the complexities of the organization.

Who’s in charge of compliance?

Let’s face it, many employees wouldn’t volunteer to work in the compliance department. Additionally, banks probably don’t have any college graduates on staff with a college degree in bank compliance.  So, let’s ask these questions.  Is the person in charge of compliance qualified to do so?  Do you choose any person, depending on the day, to perform compliance duties?  Ideally, the Board of Directors has appointed a Compliance Officer who possess adequate knowledge not only in all compliance-related areas, but with knowledge of all operations in the bank in order to determine how compliance could affect them. The Compliance Officer should have the authority to adequately carry out the policies and procedures set forth by the Board of Directors.

Is the area adequately staffed? 

This answer may vary depending on who you ask.  If you ask management, the answer is likely “yes.” If you ask the compliance department, the answer is likely “no.”  Does your compliance department staff spend time during the day doing noncompliance-related tasks?   Should they be doing these other tasks?  Do employees in other departments assist with compliance?  When an employee is absent, does the entire department shut down?  Believe it or not, a successful compliance function can and may take more than one person to operate effectively. Staffing should be determined based on considerations such as asset size, geographic locations, building locations, number of employees, product types, compliance risks, etc. Also, compliance is the responsibility of every employee of the bank as it relates to their job functions.

Do the results of the compliance function work matter to anyone?

Compliance is ultimately the responsibility of the Board of Directors.  All bank employees should take compliance seriously as well. Banks should conduct periodic reviews of compliance, and a reporting mechanism should be created to ensure the highest levels of management and the Board of Directors are aware of any issues identified during a compliance review.   Any compliance weaknesses identified during compliance reviews should be remediated.  Also, employees should be held accountable for issues related to compliance in their area.

Does everyone need to be trained in compliance?

Periodic education for the Board of Directors, management, and all employees is essential for an effective compliance function.  Management and employees should be trained specifically on how certain regulations affect their duties.   The Board of Directors’ training may need to be offered at a higher level in order to ensure members understand issues that may be presented in periodic reviews and audits or the periodic approval of bank policies. This training can be performed in house or by a third party, and the bank should seriously consider evaluating participants on the material at its conclusion.

What if there are compliance-related complaints?

A mechanism should be in place to ensure all complaints are monitored and properly handled.   Complaints should be reviewed by the compliance department and any other member of management the bank deems necessary.  A pattern of complaints in a certain area could indicate compliance weaknesses.

Should there be a compliance audit?

An independent compliance audit is necessary and should cover compliance with consumer protection laws as well as adherence to internal policies and procedures.  The independent audit is in addition to the bank’s internal monitoring system.   The good news is if the internal monitoring system is effective, it should not uncover issues that are unknown to the bank.  Also remember, the Board of Directors or Audit Committee should determine and approve the scope and frequency of the work performed.

Lastly, you may believe there are questions not addressed in this article.  Well, that’s a good thing!  That means you have been well trained and are well versed in compliance.  Perhaps you should join the compliance department!

So, how’s your compliance management system?

Share:

Facebook
Twitter
Pinterest
LinkedIn
Get The Latest Updates

Subscribe To Our Newsletter

Name

Most Popular

Related Posts

IT Update Cybersecurity Assessment Tool (CAT)

IT Update – Cybersecurity Assessment Tool (CAT)

If you were an information technology worker within the financial institution sector in June of 2015 when the Federal Financial Institutions Examination Council (FFIEC) released their “optional” cybersecurity assessment tool (CAT), you remember looking at the daunting task of answering the near 500 question survey that then rated your cybersecurity posture.