Do you remember the time when the alphabet was so easy… then you entered the world of banking and the alphabet took on a whole new meaning? A no longer stands for apple but Regulation A – Extensions of Credit by Federal Reserve Banks, B no longer stands for Boy but Regulation B – Equal Credit Opportunity Act, C no longer stands for Cat but Regulation C – Home Mortgage Disclosure Act and the list goes on and on. The numerous regulations and their requirements have some of us feeling that compliance has taken on a life of its own. But with the right tools, the right attitude and the right approach, being in compliance can strengthen your operations and increase your bottom line.
For example, the requirements of the Bank Secrecy Act and Anti-Money Laundering programs include assigning risk ratings to customers, which was thought to be an arduous task; however, by analyzing the customer base and performing customer due diligence, the bank has gained the information necessary to cross sell its products an build a strong Customer Relationship Management (CRM) program. Similarly, with the issuance of the “Guidance on Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices,” banks have now identified the risk that certain loans present and how best to manage that risk, resulting in more efficiently servicing the customer.
Like the regulations put before them, the solutions for the compliance challenges facing community banks today can be summarized and Assess, Build, and Commit.
Assessing the risk a regulation or guidance poses to your bank and incorporating it into your business plan becomes the first challenge and bank faces. Each Federal or State regulation has its own inherent risk, whether it be repetitional, financial, or operational. For instance, the impact of a violation regarding Regulation Z (Truth in Lending) or non compliance with consumer complaints could result in monetary penalties or even enforcement actions which would directly affect the bank’s reputation as well as the stakeholder’s value. A thorough assessment will identify those potential risk and how they pertain to the bank’s products and services.
Risks may be assessed using various factors, with resulting ratings of High (H), Medium (M) and Low (L) assigned to each risk. The purpose of this risk prioritization is to establish a method by which to identify the risk and measure its impact. This will assist in the planning and decision making process needed regarding operations and internal controls.
Angelica Khan, Senior Vice President Audit and Compliance of Boiling Springs Bank, During a recent phone interview, put into perspective a hurdle that we are all aware of. According to Ms. Khan, “One of the top challenges is the examiners and management’s perception of the interpretation. At times the gray areas are not clearly defined.” Subsequently the second challenge is the implementation. The implementation process requires building a bank wide compliance culture.
Building a compliance culture starts with board approved policies. Board approved policies will pave the way for how compliance issues are addressed. The policy can be as specific as staying who in your bank is going to verify 314a requests or include procedures on how your shop will handle excessive withdrawals in violation of Regulation D. The policy should define the bank’s practice and indicate the commitment by the board.
“Board-approved policies are the foundation of my compliance efforts. All of the employees understand that board-approved policies are the policies of our bank.” says Carl Zeitlinger, Vice President and Compliance Officer at Roselle Savings Bank. He then goes on to say “If the Board says we’re going to comply with a regulation all the employees understand that tit is part of their jobs to comply. All of the training I do starts out with the premise that the Board has approved a policy stating that we will comply.”
Policies are a great source for training and for the development of procedures. A good policy is one that is easy to read and facilitates the implementation process. At the Karen I. Martino Group, we believe the start of any complete program is a comprehensive board policy followed by documented operational procedures. This then becomes the base of an effective training program for all employees and board members. A helpful tool for developing policies is to follow the regulation section by section; simply stating a summary of the regulation, followed by a policy statement of your bank’s practices. These statements may be about the system of internal controls in general, or specific issues such as delegation of responsibility. The policy may read “Ms. Jones is our EVP and BSA Officer, the bank does not rely on any third party for CIP verification or the bank does not share information about our customers with any third party.” Some policies may require more spice definitions, for example the meaning of “customer”, “third party” or translation limitations” as it applies in Regulation E (Electronic Funds Transfer Act).
The successful implementation of your policy should be supported by an action plan. The action plan should encompass but not be limited to:
- Accountability (business unites and individuals)
- Development of procedures (to support training and internal controls)
- Date of implementation
- Notification method to staff and or customer
Assigning accountability by identifying the roles of the board of directors, officers, committees and staff is a necessary critical element of your action plan. At Boiling Springs Savings Bank Ms. Kahn finds that using a committee comprised of managers that are responsible for maintaining policies and procedures is a good resource. “I find that assigning compliance responsibilities to different individuals that have expertise in specialized areas has been very effective,” Ms. Kahn states.
Whether your bank has a formal compliance committee or not, compliance is a team effort and communication is key. The participation of all business unites and the recognition of their accountability is what makes it work. No one likes to have their hands tied with compliance but ownership of compliance enables all members to move forward in the right direction. From product implementation to the circulation of marketing pieces, adherence to compliance is the business of the bank. We find that an effective tool is the “Project Implementation Form” which details the process (refer to box A). Once implemented, the third and ongoing challenge is commitment to monitoring.
Commitment to compliance requires continuous monitoring of the bank’s policies, practices and procedures. As stated in the FDIC’s Compliance Handbook, an effective monitoring system includes regularly scheduled reviews of:
- Disclosures and cal coalitions for various products offerings
- Document filing and retention procedures
- Posted notices, marketing literature and advertising
- Various state usury and consumer protection laws and regulations
- Third party service providers operations
- Internal compliance communication systems that provide updates and revisions of the applicable laws and regulations to management and staff
- Monitoring review at the transaction level during the normal, daily actives of employees in every operating unit of the institution.
We see various methods that banks use for monitoring purposes. Many compliance officers monitor compliance internally to ensure the effectiveness of their programs. Some institutions rely on their internal audit staff to audit; however many banks are turning to outside firms with expertise in compliance for independent services.
Roselle Savings Bank’s Mr. Zeitlinger says, “We engage an outside firm to perform independent reviews of our compliance with all of the consumer protection regulations. The firm audits compliance with each regulation annually and provides us with a written audit report on each.” We also see that many shops complete monthly self assessments so they can identify trends or areas that may require corrective actions or additional training. These self assessments can also provide assurance that the compliance program is working effectively and bank policies are practiced.
As our business grows and regulations change our process and commitment to compliance evolves. Learning never ends. As compliance officers and bankers, education is ongoing and keeping up is yet another challenge. There are valuable resources used by bankers today, including Bankers online, the New Jersey League of Community Bankers committees, conferences and seminars, and regulatory agency subscriptions, just to name a few. New and updated regulations are issued all the time and what was adequate last year may need to be improved upon this year. As we have seen with Bank Secrecy Act and the interagency guidance issued on real estate lending, the regulation are always raising the bar and we need to be ready for the next set of challenges that are coming our way.
If we maintain the core principals of Assess, Build, and Commit there is no challenge we can not over come. Now you know your ABCs, tell me what you think of me.