You thought your bank had compliance under control--until yesterday's final meeting with your compliance examiners. In that meeting, they told you that--although they did not find any really serious violations--they are giving you a poor rating.
Why? They say it's because you don't have written compliance policies and procedures. Worse yet, you don't have a compliance "program."
You ask them what, exactly, they mean by "written policies and procedures." They explain that they want to see policies and procedures for "every regulation."
You protest. There are more regulations than you have employees. The examiners aren't impressed.
So you change tacks and ask, isn't your part-time compliance manager, who also heads up Community Reinvestment Act compliance and loan review, doing a good enough job? Yet with every question you ask, the examiners become more critical. Your survival instinct tells you to stop asking questions.
Accent on paper
Now, with the examiners gone, you must figure out what to do. What is a compliance program? When did written policies and procedures become a requirement? And how are you going to get them developed by the deadline the examiners gave you--while you also operate your bank?
And most of all, why is all this formality important if, based on the examiners' own findings, compliance seems to be working fairly well in your bank?
The regulatory agencies themselves cite two reasons.
First, your written policies and procedures make the examiner's job easier. The documents give the examiner the yardstick by which to measure your bank's performance.
Second, your regulator reasons that, without committing your compliance program, policies, and procedures to writing, your system may become inconsistent.
After all, what happens when your person responsible for compliance and loan review retires? How will you be certain that all of the responsibilities and knowledge needed for the job have been picked up by someone else?
Thus, the most important reason for having written policies and procedures is to ensure that the effort invested in learning and managing compliance is institutionalized.
Start by informing and involving your board. This is essential to the compliance program's success because it makes clear to everyone in the bank that the commitment to compliance is a corporate priority.
Depending on your bank's circumstances, designate a board member who will take the lead in compliance oversight. Better yet, create a board-level compliance committee. Establish a schedule for board discussions of compliance issues. Start by scheduling review and discussion of your new compliance policies.
Next, formalize your compliance effort. Establish a clear definition of the compliance responsibilities of all bank officers and employees, rather than simply compliance staff. The key to success is an understanding throughout the bank that everyone is responsible--and accountable--for some aspect of the bank's compliance.
Ingredients of success
Your program should contain a number of essential elements:
(1) Select a clearinghouse. Determine who will receive all regulatory transmittals and forward them to the appropriate staff within the bank. If you do not have a compliance department--or even if you do--consider splitting this burden up by assigning lead responsibility for each regulation or regulatory requirement.
(2) Plan for training. Remember that training need not always be conducted in formal classes. On many occasions, a staff meeting will serve the purpose. In any event, guidelines must be set for how your bank will meet its compliance training needs.
(3) Build in self-policing. Consider using a system of ongoing compliance controls such as checklists. These should identify each important compliance requirement related to the particular transaction, and indicate the date the requirement was completed and who completed it. …