Regulatory compliance is about preventing harm to the customer and other stakeholders. A solid Compliance Management System (CMS) is designed to keep this protection at the forefront of all members of your banking team.
A Systemic Breakdown in Compliance
I’ve attended several compliance seminars, trainings, performed hands-on “boots on the ground” consulting, and visited with a number of bankers over the last couple months. I’ve seen and heard about a variety of violations and exceptions. Most of these errors did not result from a misinterpretation of a complex regulation. And most interestingly, a lot of the errors being uncovered aren’t tied to “new” regulations. In fact, most of them were the result of a change in a product, service, fee, and delivery channel – a change that wasn’t managed well.
How Change Management Makes or Breaks You
The bank’s Compliance Management System is a combination of leadership, culture, policies, processes, training, internal controls, and independent or external audits; it’s designed to manage those changes and more.
It’s important to note the change management failures (and the related issues that can result):
- One-way communication about compliance from bank executives. Bank executives communicate to middle management on the importance of compliance, but fail to support those managers in their efforts to instill the importance throughout the bank.
- Employees put deadlines before quality, and deposit account fee change disclosures were not delivered in a timely manner and online disclosures were not updated.
- Policies that are too broad, not reviewed, and updated regularly.
- Privacy practices change but no new policy is distributed to customers.
- Lack of internal processes that follow the directives and philosophies laid out in the relevant policy.
- Reliance on third party software, and disclosures without internal validation prior to implementation or roll-out.
- Failure to train the why of the policy, process, or procedure. People are more inclined to forget the “what to do” if they have been trained the “why” behind those same policies, processes, or procedures.
- BSA exceptions such as CTR issues
- Lack of internal controls, processes, worksheets, or appropriate software to monitor compliance-intensive processes.
- TRID, BSA, Reg DD exceptions
- Lack of external or independent testing.
- Compliance issues created by a flawed system go undetected.
Regulators are looking for structure, policies, and processes that reinforce compliance. They are looking for evidence of two-way communication with the Board and management. Regulators are trying to insure your customers get what they are expecting, and are treated fairly. A solid CMS inures you know, remedy, and avoid any issues before banking regulators.