Wipfli LLP - CPAs and Consultants
Affiliates Contact Us Careers Events About Wipfli
 
subscribe
Rate Content

 
View all Financial Institutions articles

Compliance: Moving From Reactive to Proactive
August 01, 2006

First in a three-part series on developing a comprehensive compliance program.

Compliance is a high priority for both financial institutions and regulators. Some requirements are well established and thus easier to manage. Others continue to evolve and present new challenges with each new wrinkle.

If an effective and comprehensive compliance program is one that limits risk and meets regulators’ expectations without burdening an institution’s business or growth, how does an organization begin to target its resources?

An institution that succeeds at compliance is one that makes risk management part of its overall business process. Indeed, the complexity and far-reaching implications of compliance demand that an organization take a cohesive approach to developing a program that deals with issues as efficiently as possible.

Therefore, conducting a risk analysis that encompasses all areas of the institution is the single most important driving factor in establishing a comprehensive compliance foundation.

Taking stock: the basis for decisions

A risk analysis gives an institution a thorough understanding of the potential risks it faces. The risk assessment includes a prudent examination of all services, operations, staffing, and even product mix and delivery.

With post-analysis information, an organization can identify its risk tolerance to find the right balance of conservatism and enterprise to suit its compliance comfort level. It can then focus its efforts to better manage its exposure, putting control mechanisms in place to mitigate risk.

While there is no single standard for effective compliance programs, overall compliance should focus on the areas of greatest risk. Generally, loans are higher risk areas, as are new products, complex transactions, and branch offices.

Creating a compliance culture

Writing a compliance policy is one thing; implementing it is another. The key to effectiveness is to foster a compliance culture that permeates the entire organization, and that culture starts at the top.

Management and the board of directors are charged with protecting their institution’s reputation. They must clearly set the tone regarding the importance of compliance and constantly communicate expectations, both in word and deed. They should ensure that compliance is viewed as a long-term responsibility everyone must share in.

Because people and procedures go hand in hand, staff training is also a crucial element of cultivating a compliance culture. Day-to-day procedures are often an institution’s strongest defense against risk.

Whether you enhance procedures, communication, or training, any of the elements necessary can be further guided by risk analysis results. The analysis provides valuable insights for targeting specific efforts that can improve and enrich the cultural environment.

A well-conceived initiative

The responsibilities of updating systems, creating procedures, and adding controls can seem overwhelming. While developing a comprehensive compliance program can be challenging, particularly when given limited resources, a risk analysis will give institutions the necessary information—and welcome confidence—to use those resources most effectively.