By: Bill Elliott, CRCM, Director of Compliance Education
The world of regulatory compliance is in turmoil. Rules are announced, approved, “kind of” enforced, and then the regulators back away and say, “just kidding.” Perhaps the most recent example of this is the OCC’s decision to back away from their interpretation of the Community Reinvestment Act. They have suspended their version of CRA (issued in mid-2020) and decided to join with the Federal Reserve and the FDIC in a rulemaking to update the regulation. Clearly, this is what should have happened initially, but it did not. While this situation only impacted national banks, federal savings associations, and federal branches of foreign banks, it is an example of the ongoing turmoil that takes place in Washington D.C.
This makes the process of compliance much more difficult, as financial institutions do not know necessarily which set of rules will apply and for how long. The result is great difficulty in navigating the world of compliance and deciding what areas should be addressed in any compliance audit/review. When the regulations are in flux as they are now, uncertainty increases the risks of noncompliance.
Focus on Risk
When deciding on compliance audit/review topics, whether they are accomplished internally or externally, financial institutions must assure they focus on their largest risk items. Back in the early 2000s, the Federal Reserve posted a list of regulations by the most important to the least important. If you look at that list today, it would be clear that the world of compliance has changed dramatically, and financial institutions need to prepare and adjust. It sometimes seems as if this happens continuously.
For loans, Regulations Z and flood are probably at the top of the review list. On the deposit side, Regulation E seems to be the most important regulation, due to the tremendous volume of electronic transactions in financial institutions. We should note that Regulation E is far removed from our current electronic reality, making the process even more difficult.
Whether management is working with an internal auditor, external auditors or consultants, it is important to assure that attention is focused on those areas that are most critical and determine what resources should be expended on other compliance subjects.
The regulator that walks in your door to do an exam is in the same turmoil you are, and it is not their fault. Nonetheless, they must do the best they can to examine your institution based on the current regulatory environment. The more complete your internal or external compliance reviews/audits are, the easier their job will be. And regulators always appreciate an assist, as they are experiencing limited resource issues as well.
So, when preparing for reviews in 2022 and beyond, you need to assure that any compliance reviews that are completed focus on the subjects discussed earlier, as well as the following:
- New products
- New services
- Regulatory issues that you have had in the past, to assure that they are properly addressed prior to the exam
Only after these items are addressed should financial institutions include other regulations. That does not mean that financial institutions should ignore any regulation. For instance, Regulation DD (Truth in Savings) has not materially changed in over 20 years. However, it has been number two based on number of violations (behind Regulation Z) on the FDIC violation list for the past two years. So, management should never equate “no change” with “no risk.”
Not focusing appropriately results in potential difficulties. First, financial institutions can experience a colossal waste of time and money by continually reviewing insignificant items that are low risk. Secondly, the decision to cover a wide variety of compliance topics may mean less time and effort on those areas that need the most attention – and of course these are the most critical for your institution.
Our Approach
At Young & Associates, we always try to work with financial institutions to assure coverage that gives the institution the maximum protection for the dollar amount spent. This approach should be used whether you are using an external firm or internal auditors. Doing something merely because “we have always done it” is often not the best approach.
If we can be of any assistance in planning and executing your compliance reviews, please contact Dave Reno, Director – Lending and Business Development. He can be reached at 330.422.3455 and dreno@younginc.com.
