The game has changed. For a quarter century, "consumer compliance" for banks has been about passing the next exam. Since the 1970s, regulators expected banks to appoint compliance officers, maintain compliance management machinery, and follow the rules with accuracy. Meeting regulators' expectations and achieving a "clean exam" have been 90% of the focus of compliance.
Now, this is changing. Exams account for a shrinking share of the risks banks face in connection with consumer laws and regulations. Litigation from government players other than the primary regulator, which harms reputation and brand name value, presents a growing threat.
This shift is especially obvious for large banks, but is hitting community institutions, as well. The nearby box, "Torpedoes hit bank wallets," summarizes recent developments. These are only a few of innumerable cases of litigation, legislation, and adverse publicity that have damaged banks and other lenders.
Two crucial changes characterize such cases:
1. The source of risk increasingly comes from outside the regulatory/examination arena -- often from courts, and sometimes from other federal and state agencies, activist news reporters, Internet traffic, and the like.
2. The triggering practice or action is increasingly something that was not explicitly probihited. In other words, compliance staffs can assure that their banks dot every "i" required and still face exposure to huge harm.
Why the change?
Several factors converged to bring about this state of affairs. One is simply the increased litigiousness of American society. Unhappy customers are much more likely to turn to a lawyer than they used to. Meanwhile the plaintiff's bar actively seeks new themes and issues.
Industry consolidation and convergence raises additional risks by creating weaker personal bonds between customers and their banks -- and more confusion about bank practices, products, and services.
However, technology surfaces as perhaps the greatest driver of risk -- as well as opportunity. Technology revolutionizes every aspect of banking, from products and marketing to processing, pricing, and delivery.
The pace of change, quite simply, leaves many customers confused. Some of these confused customers will make poor choices for themselves, and will feel abused. Some customers actually will be abused by unscrupulous players. This growth in perceived and real abuse is going to lead, inevitably, to a political and legal response as consumers turn to lawyers, elected representatives, and regulators, for redress. They will also turn to other players that influence those entities, such as consumer and community groups and the media. And they will air their views in forums on the Internet.
This process will generate new and growing legislative, regulatory, and litigation pressure on banks for years to come. This is inevitable, regardless of which political party occupies the White House or holds a majority in Congress.
What the change implies
If I am correct, then the industry's traditional focus on the compliance exam appears to be myopic and risky. Examiners do not even look for many of the issues that will generate problems. And even if they look for these issues in theory, they may not do so every time.
A key point is that the scope of the compliance examination is often quite limited. Under current procedures, examiners set the exam scope based on agency priorities, an assessment of the bank's risk profile, and, frankly, available time. A "clean bill" means nothing of the sort if examiners did not happen to look, this time, at the functions where the bank was accumulating dangerous, potentially expensive errors.
So, bankers must stop relying on the examiner. They must take responsibility for monitoring and managing. If so, a look at the greatest risks is in order. …