By: Adam Witmer, CRCM, Compliance Consultant
As football season is now in full swing, many die-hard fans find themselves viewing the player roster of their favorite teams. They do this because they are curious, not about the obvious starters, but about those who are there to back up the starters. Football fans are often interested in the depth of skill their team has retained.
Just like an NFL team has a depth chart of skilled back-up players, it is important to have compliance “depth” within our financial institutions. This is especially true today as examiners have been shifting their expectations of compliance from a one-person dictatorship approach to a fully functioning “compliance management system” (CMS).
With so many new rule changes coming out by the Consumer Financial Protection Bureau, financial institutions can no longer depend on a single individual to be the sole person knowledgeable of compliance regulations. Having a depth of compliance knowledge ̶ both in quantity (number of employees) and quality (individual knowledge) ̶ is more important today than ever before. Therefore, financial institution leaders should consider building greater depth of compliance within their teams.
The following are five ways that every financial institution can build depth into the compliance function of their organizations.
A Formal Compliance Management System (CMS) Model
One of the best ways to infuse compliance depth into a financial institution is to develop a formal compliance management system (CMS) model which ultimately steers the institution’s compliance activities. While most financial institutions have some sort of compliance management system in place – a risk assessment, training, audit and/or monitoring, designating a compliance officer, and managing complaints – we have found that many of these programs are often informal in nature and don’t always establish depth in the overall program.
A formal CMS model is an intentionally designed program that goes above and beyond the core elements of a compliance management system – the model acts as the infrastructure for a compliance program. Generally, a CMS model will produce certain results:
- Continuity of compliance, regardless of change
- Pro-active compliance management
- Clear communication of the CMS to examiners, directors, and additional parties
- Integration of compliance into applicable job functions of the organization
- Early detection of compliance issues
- Strong regulatory change management
The idea is that a formal CMS model helps to ensure that systems, controls, and procedures are effectively implemented and maintained, which helps to naturally build depth into the compliance structure of an organization.
Another way any financial institution can create compliance depth is to proactively integrate compliance into applicable job functions of the organization. Years ago, compliance could often be approached as an add-on or after-thought to the main task at hand. For example, prior to the late 1960’s and 1970’s, creditors didn’t really have to worry about lending fairly among minorities, protected classes, or even different income levels. Over the years, however, fair lending has evolved so much that organizations that don’t have effective systems, procedures, and controls to ensure fair lending compliance can easily place themselves in a high-risk position for fair lending violations.
Integration can occur in a number of ways. First, policies and procedures can be enhanced to include compliance components. Secondly, controls and testing can include applicable compliance elements. Finally, compliance can become an essential part of employee expectations, such as the requirement of training and even consideration in performance evaluations.
When a financial institution integrates compliance into each applicable job function, a depth of compliance is naturally infused into the organization. This is exactly why many financial institutions are adopting a formal CMS model under which they operate.
For well over a decade now, we at Young and Associates, Inc. have been advocating for the creation of a Compliance Council in many of our client financial institutions. A compliance council is a group of employees, often middle to senior management, who come together on a regular basis to provide oversite of the compliance function of the organization. While only a few financial institutions operate with just a compliance council (rather than having a designated compliance officer), many of those that do have a designated compliance officer also operate with a compliance council.
There are several reasons why a financial institution will operate with a compliance council in addition to having a designated compliance officer. First, the compliance council helps to provide support for the compliance officer. In today’s regulatory environment, it is often unreasonable for any financial institution to place all responsibility of regulatory compliance on the shoulders of one compliance officer. Therefore, a compliance council can help to distribute the compliance burden and help support the compliance officer.
In addition to providing support, a compliance council also helps to enhance communication in relation to compliance activities. While different departments within a financial institution often operate somewhat independently, a compliance council can help to bring various department managers together while focusing on a uniform goal of compliance.
A compliance council can be an integral component for building compliance depth and this is why many CMS models have a compliance council at the center of their model.
Just as every NFL team has a depth chart that outlines who is ready to play a certain position, financial institutions can create compliance depth by establishing and maintaining a formal
succession plan for each applicable compliance function. While a compliance succession plan doesn’t need to be complex or even robust, having a clearly designated back-up person for each major compliance function helps to establish greater depth.
To establish depth, a succession plan should designate a back-up person for each significant area of compliance and outline who would assume responsibility in the event that the primary employee responsible for that area is unable to perform their duties. When a back-up person is formally designated and appropriately cross-trained, a CMS model will effectively continue without any major breaches in continuity, meaning that a greater depth of compliance is established.
The final and probably most obvious way to create compliance depth is to conduct enhanced compliance training. Compliance depth can be added through training in two main ways: organizational training and individual training.
First, organizational training can be expanded to integrate compliance into the training rather than treating compliance as an afterthought. Therefore, compliance components should be included in new employee orientations, annual training initiatives, and even sales and other employee specific training sessions.
Secondly, training can increase compliance depth when employees, other than just the compliance team, receive in-depth training on compliance regulations that affect their job functions. For example, a loan processor manager may be able to greatly benefit from in-depth training on Regulation Z, while a lender may benefit on training specific to Regulation O.
Regardless of the type, training is a tool that helps to build compliance depth within an organization.
Creating compliance depth is going to become an even more important strategy for financial institutions as regulatory expectations continue to expand and evolve. In creating compliance depth, organizations will enhance their overall compliance posture by ensuring compliance continuity when employee positions change, providing better communication regarding the compliance function, infusing necessary components of compliance into each job function, and providing better communication to affected parties regarding the organizations compliance program.
Just as every sports team works to ensure that they have a depth of skilled players, financial institutions who establish compliance depth – through steps like establishing a formal CMS model – are going to fair much better in the long run than those who do not.