Financial institutions have enjoyed a fairly easygoing regulatory environment in recent years. Combined with strong economic performance, that’s meant a certain amount of coasting when it comes to enhancing their compliance management systems. But the time for relaxation is over, and as Capco’s Pamela Buckley explains, institutions need to take a hard look at all levels of their compliance programs.
Recognizing that many financial institutions maintain a robust compliance management system (CMS), they have also benefited from a somewhat relaxed regulatory environment and strong economic performance in recent years. However, the regulatory and economic tides have shifted. Faced with increased regulatory scrutiny, new and amended laws and regulations and escalating compliance costs, financial institutions should take a close look at their CMS to ensure it is operating effectively and efficiently. History has shown that an ineffective program may lead to substantial fines and penalties; an inefficient program simply costs too much.
Consider what’s changed/evolved
- New administration
- Consumer Financial Protection Bureau (CFPB) enforcement
- New or amended laws and regulations
- Increased interest rates
- Reduction in fee income
- Fintech partnerships and competition
- Staffing shortages and work-from-home expectations
The cost of compliance has continued to increase annually due to new and amended laws and regulations, as well as increased regulatory scrutiny. With the recent finalization of the rule implementing Dodd-Frank Act Section 1071, requiring increased small-business lending data collection and reporting, and the soon-to-be-finalized Community Reinvestment Act (CRA) modernization rule, the cost of compliance will continue to rise in 2023 and beyond.
Further exacerbating these challenges are the staffing shortages that have impacted countless industries, including financial services, creating inevitable knowledge and resource gaps.
Since the onset of the global pandemic in early 2020, there has been a substantial shift to a remote and hybrid work environment. This shift necessitated increased use of technology and equipment, balanced with maintaining a high degree of collaboration and productivity. Documentation and data governance remain paramount, as does working independently and efficiently.
Culture: Are You Curious Enough?
As a keystone provides integrity to an arch structure, culture infuses the shared values and attitudes that frame how an organization thinks and behaves. Culture gives each organization its particular character.Read more
Explore cost-effective alternatives
To proactively identify knowledge and resource gaps, consider conducting detailed staffing analyses in a particular business unit or area of compliance (i.e., anti-money laundering or fraud prevention). Start by documenting all required/routine tasks that your institution/staff must complete on a regular basis, and include your best estimation of the time it takes to complete each task.
Factor in other duties for which personnel are responsible and then determine where you may fall short, both from a resource and knowledge or expertise perspective. Then explore your options, whether that means adding permanent staff or engaging third-party service providers.
In cases where compliance expertise is lacking or highly competitive, some community and regional banks have opted to manage compliance by committee, engaging external consultants for scalability and subject matter expertise.
Renew your focus on the three lines of defense
Too often, we find that one or more of the three lines of defense (LOD) are lacking, inexperienced or derailed for one reason or another. In my experience, partnering with hundreds of financial institutions nationwide, I have observed that scheduled compliance monitoring reviews and audits were either postponed or canceled altogether due to the pandemic or other priorities. Now is the time to review and refresh your compliance monitoring program and audit plan to make sure that you have identified and documented inherent and residual risks associated with key business lines and compliance themes, and developed and implemented a risk-based compliance monitoring program (your first and second LOD) and audit plan. Coordinating across the three lines of defense to get caught up can also lead to potential cost savings.
Take training to a new level
With the ongoing shift to remote and hybrid work, recognize that your colleagues may crave human interaction, office visits and interactive training. Speak to your training department about this year’s curriculum and its overall effectiveness and give special attention to laws and regulations with which your institution has struggled — or continues to struggle. Navigate your options in terms of providing in-person, classroom-style training or interactive workshops to bring people together and gauge their knowledge retention through quizzes and probing questions, together with answers interspersed throughout the training.
Encourage your board and management to establish and instill a culture of compliance, which, when actively enforced, will be readily apparent to regulatory examiners and auditors alike. Resume training your board and executive management team in person, covering key laws and regulations as well as regulatory hot topics and emerging issues. Solicit questions and provide periodic compliance updates to keep them engaged and inquisitive.