Mastering Compliance | By Stephen R. King
There’s no question that the financial services industry is besieged by regulations right now. The Dodd-Frank Act alone has already created a number of new regulations, and over the next few years, several more will roll out that will keep financial institutions busy. This is on top of other regulations and laws targeted at financial institutions that are scheduled to come online in the near future.
Approaching this flurry of regulations by ramping up and creating individual plans to prepare for each new regulation unnecessarily exhausts resources, time and staff. There is a better, more efficient way to prepare your financial institution: Create one master plan to prepare for compliance that can be adapted and applied to any and all regulations, laws, and major changes to your financial institution.
By bringing together all of the elements that follow, you can create a solid master plan that will serve as a steady and consistent guide to meet the challenges of coming into compliance with any new regulation.
Identify Your Requirements
It’s important that your financial institution fully understand its obligations under each new regulation. Your master plan should have a clear process for identifying your requirements at the broader level of the financial institution overall as well as with new products and services. The plan should include clear steps to capture the analysis and reasoning behind your findings. This part of the plan should include:
The process and people needed to decide whether or not a new regulation or specific requirements applies to your financial institution overall as well as new products and services.
A system to analyze and document the reasoning and decisions as to why a regulation or any particular requirement does not apply.
This documentation will be extremely useful if your institution is audited by regulators and you can show sound and solid reason for believing the regulation does not apply.
A routine periodic re-evaluation of whether or not the regulation applies to your institution.
A process to include the C-suite management team in the analysis of the applicability of new regulations to allow them to be up to date on the regulatory burden and risk management issues as they make decisions on new products and services.
Communicate the Responsibilities
One of the most important elements of your master plan is how it communicates responsibilities to management, employees and vendors. These responsibilities include defining who is responsible for writing the policies and procedures; who is responsible for creating the process and controls; and who is responsible for software and systems.
It’s incumbent on the financial institution to make sure that vendors are also making the necessary changes to ensure that they, and the services they provide on your financial institution’s behalf, are in compliance. Your master plan should assign responsibilities to oversee areas such as:
The software-as-service vendors to make sure they are updating the software and integrating the necessary changes for compliance.
The vendors producing paper and electronic communications with customers or members to make sure things like the necessary disclosures are being included in all communications.
The third-party company that is servicing the loan that originated in your financial institution.
The closing attorneys who work on mortgages issued by your financial institution.
Detailing the Action Steps
To ensure that your financial institution adapts to new regulations as efficiently and effectively as possible, it’s important to assign leadership roles, create timetables and assess resources. By doing this, you are creating an action plan within your master plan for compliance. Some of the things to be considered in your action plan are:
Assigning a project manager to oversee the process of moving into compliance, assigning roles to staff, and coordinating the activities that will occur.
Creating timetables and deadlines that make the process of coming into compliance orderly and efficient.
Anticipating and accounting for the resources it will take to implement the changes needed for the regulation and how this allocation of resources will work across business lines.
To make this action plan effective, you must assign responsibility for the tasks; determine that resources needed to move into compliance are available; and create a task force to implement the plan.
Communication is Key
Clear lines of communication are critical to effectively implement the master plan and successfully adapt it to a new regulation, law, or any significant changes to the institution. This means communicating up and down the management hierarchy, across business lines, and with the entire institution. There are a number of areas to consider when developing the communications section of your master plan.
Communicating with the appropriate staff and managers about their responsibilities and roles is important, but it’s equally important to communicate upwards to senior management to keep them informed, involved and on track.
They must know about the options related to the latest regulations so they can be part of the decision-making team on how to comply, or whether or not to pursue a business opportunity in relation to their risk appetite. They must be educated on the compliance process in order for you to secure their buy-in on the plan and steps. They should be made aware of the resources needed to execute the steps toward compliance to make them more willing to provide them to you and your team.
Encouraging and facilitating communications across business lines is very important to eliminate silos and promote cooperation across the institution. For instance, the lending department should be communicating next steps to the IT department for systems needs, as well as with the audit department for testing needs. Retail (if the branch staff have lending responsibilities) should be communicating with HR about training.
It’s essential to work with representatives across all business lines to periodically get their input to update the master plan and keep it current and relevant to each department.
Communication also comes in the form of training in the new protocols to ensure that the steps to remaining in compliance are executed properly and become a matter of habit. Your team will need to be trained in new regulatory requirements, new processes and controls, and new software or relevant software updates.
Testing for Efficiency
Creating and implementing a program for testing your compliance protocols is one of the most important elements to build into your master plan. There are some important steps you should follow to ensure your testing is a productive as possible.
Before the date that the new regulation takes effect, it’s highly recommended that you test the new protocols resulting from changes and decisions related to the new compliance procedures to make sure that they work before the deadline.
After the regulation is in place, and your new protocols and changes are active, you must test again. There may be effects that the new protocols have on certain parts of the institution that may not have been anticipated that will come to light only after going live.
After testing, you will need to make adjustments to fine tune your protocols so they work as effectively as possible. Some of the areas you will most likely need to make adjustments are audit programs, monitoring programs and risk assessment – new risks may be created that will change the risk rating of an area.
Mastering Your Future
Once created and refined, your master plan will see your institution through the many regulations coming your way and allow for more time, resources and people power to be dedicated to business goals and growing the bottom line. ■
Stephen R. King, JD, AMLP, is the director of the regulatory compliance group at Wolf & Company, where he guides clients through federal and state banking statutes from both an operational and legal perspective.