About a month ago, you heaved a sigh of relief. The deadline for compliance with the new mortgage rules had come, and your bank seemed ready. Now, you just have the rest of the future to worry about.
But seriously, compliance with the new mortgage rules was just one more deadline--albeit a big one. A community bank compliance officer today has to manage a successful program in the face of factors, such as:
* A shifting compliance paradigm.
* A barrage of regulatory issuances every day.
* Monitoring and auditing.
* Exam management.
* The need to support the bank's strategy and interaction with business units and marketing.
* The need to meet ongoing demands, including vendor management, employee questions, customer complaints, product development, and change management.
I have been in compliance for 25 years, and I have never seen things so challenging on so many fronts. It would be easy for community bank compliance officers, besieged on every side, to get glassy-eyed.
No formulas here. But the following collection of strategies and tips includes some favorites that have stood the test of time, and others that reflect the compliance picture that has been emerging over the past two or three years. Also underpinning much of this is the need for compliance to become an equal player in planning and prioritization. As the hard and soft costs for not complying grow, compliance must be at the table. And compliance officers must keep proving themselves to stay at that table.
1. Take a risk-based approach to everything, A simple conversation about the compliance risk presented by a product, program, or practice helps prioritize a given issue and manage resources accordingly. (The conversation can be documented at another time.)
Remember, where there are compliance risks, other risks lurk. Compliance risk can no longer be effectively managed in a silo. Have the compliance risk conversation in the context of all risks. Rate the compliance risk--and its urgency in the context of other risks the bank faces and the bank's strategy. This communicates to decision-makers that you do not simply "cry wolf," and it will get you the attention you need when you need it.
2. Continue to educate and communicate. You have to do this up, down, and sideways.
This practice includes the board of directors, senior management, and middle management. Work with your bank's trainer--if you don't also wear that hat--to integrate the compliance message as well as requirements wherever possible.
If you train frequently enough, you will not be the only one having the compliance conversation. Others will begin having it--even when you are not around.
For employees who have daily compliance tasks, I have found it helpful to enroll them in industry webinars. The webinars expose them to questions from bankers at other institutions as well as other speakers.
3. Understand and communicate the skills necessary to effectively perform compliance-related tasks. Daily tasks that include a compliance component--such as monitoring for compliance with loan documentation requirements--require employees who have confidence, analytical skills, and communication skills. They must be able to question anomalies, research them, and escalate them where appropriate.
Also, ask how effectively current job descriptions reflect compliance responsibilities and the skills necessary to perform the required tasks.
4. When training or communicating, focus on the takeaways for each constituency. Don't fall into the habit of giving your standard "spiel" on an issue for all audiences. Tailor the message to each one.
To illustrate this, let's look at your work with the bank's board. First, the takeaways for the board will be different from those for middle management. For the board, the message should be less about the specific regulations--and regulation specifics-and more about the compliance environment and risks. …