I’m sure the title of this article is not gaining a fan base; however, sometimes things that are necessary are not popular.
Regulatory compliance is a requirement of your financial institution across all departments and position levels, from the check hold placed at the teller line to the wire transfer request performed in the back office to the collection call made to the loan request denied to the request for an address change.
These areas and many others require employees to follow procedures and compliance measures. The easy response to the title’s question would be, “Of course, we have procedures in place to ensure compliance.” Hopefully, when you finish reading this, you will want to look beyond the procedures to see if there are enhancement opportunities for your institution.
What does a compliance culture look like?
A common question asked by auditors or examiners when provided with an institution’s tracking of exceptions, reports, or monitoring efforts for compliance is, “What do you do with these reports?” Responses can vary from silence to explanations that they are kept for review when the third-party requests them or they get emailed out with no follow-up or confirmation that they were even received or reviewed. Using these reports and monitoring efforts is one example of how your financial institution can create compliance awareness and understanding throughout the institution.
If an employee with a 26% error rate when opening new accounts is not aware of the deficiencies or does not understand why something is an error, the odds of the error rate decreasing is minimal.
Subsequently, when the board of directors reads the report identifying deficiencies in training and procedures for new accounts, it will lead to questions about operational controls within the institution. Building a culture of compliance is crucial to ensure awareness and understanding at all levels within the financial institution.
A culture of compliance should include, but is not limited to:
- A robust compliance management system (CMS) that incorporates controls and accountability from the receptionist to the chairman of the board.
- Ongoing compliance risk assessments to identify changing risk areas and updated audit schedules to reflect those risks.
- Internal controls to identify new and continuing risks.
- An institution-wide training program that incorporates new, updated, and ongoing compliance training targeted to the roles of the employees.
- Open lines of communication across all levels to discuss any deficiencies, opportunities for improvement, or corrective action measures.
Where do we start to build a compliance culture?
Management — management of your financial institution needs to be on board with the concept and efforts it takes to implement a compliance culture.
Once your team is assembled for building a compliance culture, building policies and procedures to reflect your strategy and approach can vary. A compliance culture is not a one size fits all approach. The complexity of products, volume of transactions, employee turnover, current controls, and existing compliance deficiencies will vary from one organization to the next.
The following may be areas of consideration within a compliance program that will help build your culture:
- Hold regular compliance committee, enterprise risk management, and/or board meetings to discuss new, updated, or continuing compliance risks. This would be taking it a step above simply providing a report in a packet or an email.
- Track and trend exceptions from an audit or exam to a specific employee, department, or product, followed by corrective action to address the issue and ensure understanding.
- Provide additional training when deficiencies are identified in a specific department, product, or employee. A monthly team meeting or individualized training may be necessary to address the root issue.
- Assign new employees to a mentor who historically does not appear on monitoring or exception reports in their department.
- Determine whether all software is operating effectively and efficiently to ensure compliance. Opportunities may exist to enable capabilities you were not aware of to mitigate the risk of human error.
What if compliance is not part of our culture?
We have all heard the horror stories of a financial institution choosing to be noncompliant with a regulation or trying but repeatedly having gaps in their program. Repeated noncompliance can result in the following:
- Civil money penalties, criminal fines, or administrative sanctions.
- Memorandums of Understandings Cease and Desist Orders, or other regulatory enforcement actions.
- Reputation risk to the financial institution from complaints, service issues, or class action lawsuits.
- Transaction risk that may result in reimbursement to the consumer and affect the institution’s bottom line.
- Credit risk of increased delinquency or collection efforts as a result of continued nonadherence to policy and procedures.
You may be wondering what you can do to shift the culture if reading this is raising red flags for you. You can take steps toward enhancing or building an effective compliance culture within your financial institution by starting with a simple conversation and slowly progressing to where you envision the culture should be. Not taking any steps is not a viable alternative option given the regulatory expectations of a compliance program.
If you are at a complete loss of where to begin, Wipfli offers regulatory compliance services. We can conduct a compliance risk assessment or build off your existing risk assessment, along with providing compliance outsourcing opportunities to assist in building your compliance program and culture.