It's Time to Trade in Your Compliance Program
Barefoot, Jo Ann S., ABA Banking Journal
Most banks' compliance programs were invented in the 1970s in response to a buildup of consumer laws and regulations. They were designed largely by consumer-regulation examiners who took the lead as regulators began to get serious about compliance.
The old model, which has worked well for a long time, is simple. Every bank has a compliance officer, and if the institution is large enough, a compliance unit. Many have a separate Community Reinvestment Act officer and/or unit. Every bank has a process for monitoring regulatory change, for establishing policy and procedure, for training staff, for compliance monitoring. Most have someone charged with collecting, reporting, and maybe analyzing Home Mortgage Disclosure Act and other lending data. The structure varies in that compliance may be located in the legal department, the lending department, the loan review area, the audit area, or as a freestanding function.
While changes to this model have been made, banks are generally still handling compliance much as they did two decades ago. Meanwhile, banking has changed dramatically, but there has been little thinking about whether it is time for a new management model for compliance. Perhaps the reason is that compliance is not interesting to senior managers. As a result, unless a crisis erupts, they tend to delegate it as much as possible and to think about it as little as possible. In most banks, they have delegated it to good people who do the job well.
However, most compliance officers do not think about compliance strategically. They are trying to do what they do better, but are not reevaluating whether they are doing the right things in the first place. The strategic vision and drive for change comes from the top.
Daybreak of the revolution
The external environment is changing quickly in many areas, but especially with regulatory reform and technology. There is potential for enormous upside opportunity to make things better--for deregulation, technology, and new management methods to make compliance easier, cheaper, and less risky. There are also huge risks that banks will come out worse--with badly crafted deregulation, eventual re-regulation, and poorly designed, high-cost compliance programs.
Senior managers seeking to make their banks more strategically competitive (and compliance officers trying to do more with less) should be thinking big--strategically, from the ground up--about what their real compliance goals are and how best to reach them.
The ingredients of the new compliance model will include these steps:
* Make deregulation a reason to change. Today, there is a real chance that regulatory burden may go down instead of up. It would be a mistake to think it will disappear and to eliminate compliance systems. But a reversal of the growth curve provides the opportunity to rethink how compliance is done. Banks should seize it and make the most of it.
* Use--and prepare for--technology. Technology is going to transform every aspect of compliance. Forms, manuals, training classrooms, and paper reports are going to be replaced by electronic data. Computer systems will also perform many types of knowledge work--for instance, large parts of targeting markets, loan underwriting, loan processing, product pricing, training, and auditing. All these functions involve compliance issues.
Tellers, customer service staffs, and loan officers will not go through training and receive a compliance manual for reference. Instead, the training function will merge with the information resources function in electronic form. They will turn to the bank's information base for practical answers to real issues when they arise. In keeping with the new emphasis on accountability, they will pass standard computer tests to show they have mastered the needed material.
This compliance information will be integrated into the broader knowledge base the same staff need--product information, central information file data, bank policy on various situations that may confront the employee--all there for ready access, giving the same answers to every employee. …