Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:16 PM
Paul Schaus, CCG Catalyst Consulting Group
Paul Schaus, CCG Catalyst Consulting Group

How To Be A Better Bank: Self-Policing Your Bank's Compliance Program

Is your bank proactive or reactive in its compliance risk management practices? It could make a big difference in how regulators deal with your institution.

Regulators have always been willing to work with bankers who work with them, but now it's in writing -- they'll love you if you're proactive in your compliance risk management practices, but if you're reactive, not so much.

In light of the Federal Reserve examination guidance and the Consumers Bulletin 13-19that became effective January 1, 2014, banks that are proactive and self-police their programs will be looked upon far more favorably by their regulatory agencies.

Paul Schaus, CCG Catalyst Consulting Group
Paul Schaus, CCG Catalyst Consulting Group

That means if you discover a problem at your bank, you should attempt to fix it on your own, or at least take steps to rectify the problem -- and then let regulators know after you either devised a remedy or need help with discerning the property remedy.

Some bankers wonder why they should tell regulators about a problem that they've subsequently fixed -- no harm, nor foul, right? But giving regulators the heads up works in your favor for a number of reasons: It demonstrates your bank's strong internal controls that enable you to uncover problems, determine their causes and then fix them; it builds trust with regulators and it can increase a bank's leverage, particularly if a bank caught something that an examiner missed during the last exam. After all, examiners don't want their chain of command to get wind of their mistakes.

[Best practices have emerged that financial institutions can use to meet new regulatory standards, improve business processes and align strategies: 3 Best Practices For Regulatory Compliance]

Being proactive could also mean shorter examination periods, as examination intensity will be based on how effectively a bank identifies as well as manages consumer compliance risk. Moreover, even if your bank has a strong compliance program, regulators may still judge you on whether your bank is actually meeting the needs of your community.

During exams, regulators will first review your bank's risk profile -- the inherent risk for compliance violations at your particular institution -- by analyzing the various internal and external factors that could cause a compliance problem. Your bank should conduct this review regularly, by first assessing the type of products that you are offering.

It may not be about the actual products themselves. It could be about a product that is generally considered worthwhile to offer by regulators, but it may be that the bank doesn't have the right expertise or the right software in place to properly administer the product or account for payments, such as crediting before interest is charged. If you let regulators know that you have discovered inadequacies and attempted to rectify them, they might actually work with you to make sure whatever corrective action you've done completely addresses the problem.

You should have a procedure for reviewing policies and procedures on an annual basis, as well as regular "sound checks" to determine whether or not your staff is actually following the policies and procedures, or just rewriting them to streamline work. These checks can also serve to determine the overall level of acceptance of compliance at the bank, but remember -- a true compliance culture is set at the top, and it's critical to get buy-in from the C-Suite and the board. If you're complaining about compliance, so will your staff, but the truth is that there are no compliance regulations that have not been earned by the banking industry at some time in the past. Regulators will give great weight to bankers who are responsive to compliance findings and concerns.

Invest In Training

Many banks cut costs by reducing training to a bare minimum, but that's a mistake. Regulators will greatly frown upon a bare-bones training program that fails to adequately keep staff apprised of the latest regulatory updates.

Moreover, it's not enough to have the minimally required online training for your staff -- you need to actually have discussions with them about why your bank is complying with particular regulations, or else you won't get their buy-in. For example, you might talk about the underlying reason for complying with Reg B -- so that everyone, including women and minorities, can have a fair shot at accessing credit. Reg. B is also designed to increase the level of information that the general public has about the lending process. Perhaps your bank has had a problem with a practice that turns off potential women clients -- perhaps the pricing on a loan wasn't quite right or perhaps the minority applicant did not feel respected -- and perhaps they just walked out and went to the bank next door. Having these discussions with your staff can also help nip these types of business problems in the bud.

[Budgets and technology specifications are only part of an technology leader's responsibilities. Managing an IT workforce might be the most challenging aspect of any executive's job. Attend the Humans Aren't Computers: Effective Management Strategies for IT Leaders session at Interop 2014 in Las Vegas, March 31-April 4 to learn new management techniques.

Your regular assessments to determine your inherent risk must be comprehensive and include an analysis of the trends within the overall industry. You might not have had any problems with a particular product, but if regulators are frowning upon other banks' practices with the same product, you might actually have a problem.

Your assessment must be forward-looking not only about the regulatory landscape, but also about your changing business model as you grow -- and as your community itself changes. Finally, your assessment must be honest, as regulators will reward you for finding weaknesses on your own … before they do.

Don't conduct an assessment just because a regulator has asked you to do it -- do it to learn how you can be a better bank. Dealing with consumer compliance issues can often lead to business opportunities: Many banks take the information they've learned in assessments, turn it on its head and use it for growth.

Paul Schaus is president of CCG Catalyst, a bank consulting firm providing strategic direction and focused guidance for banks in the United States and North America. CCG Catalyst has assembled a team of industry and banking specialists to assist clients in strategic services related to all areas of banking -- lending, finance, retail, operations, mergers & acquisition, technology, enterprise risk management, compliance, marketing and, business development. He can be reached at [email protected].

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.