On the hunt for a perfect gift for your examiner and primary regulator? Look no further! We’ve been taking notes at industry conferences and meetings all year and know exactly what the federal regulatory agencies are hoping you’ll get them this year.
On the wish list:
Run your ideas past them before implementation.
You talk to your peers before launching a major initiative. You bring together all the key business lines and departments at your institution to consider the risks. Have you thought about talking to your regulator too?
The regulatory agencies would love it if banks and credit unions would run their ideas past them. Looping your regulator into the conversation to tell them what you’re thinking about doing is a great idea. Not only can it help you with your risk assessments to see how the activity would align with safety and soundness, they can tell you about similar institutions that have entered the same activity and how it impacted their exams.
More guidance on guidance.
Examiners want bankers to think about the consequences of risk when making decisions. The agencies like to offer guidance on guidance as a sort of preemptive strike to help prevent FIs from exposing themselves to undue risk. If you have a question about guidance, ask. They want to help you succeed.
More caution with digital branches.
There’s a push and pull in the digital world between convenience and security. Customers want digital banking to be easy-to-access, but they also expect their data to be kept secure. With fraud continuing to increase, regulatory agencies want bankers to seriously weigh the risks and be wise with controls.
Reevaluate BCM in light of climate change.
As the number of natural disasters increases due to climate change, building more branches may be a smart strategy for business continuity management (BCM). For example, if an FI has two branches in flood plains that are likely to take a hit during the next flood event, it could be worthwhile to build another branch on higher ground that could stay open and serve customers during the disaster.
Manage your findings better.
Many FIs do a bad job managing their findings. Too often they are pushed to the side and forgotten. Best practices for findings management include centralizing findings data so it’s accessible to everyone who needs it, assigning responsibility, tasks, and deadlines, and setting reminders to ensure activities are followed up on.
Stronger vendor contracts to reduce risk exposure.
Don’t just look at pricing in vendor contracts. Vendor contracts are a very important control for limiting third-party risk. Make sure the vendor’s internal controls and reporting requirements are outlined in the contract, including measurable performance benchmarks. Vendor responsibilities to be defined and addressed in the contract include: dispute resolution, subcontracting, business continuity and contingency plans, confidentiality, frequency of data reports and audits, data privacy, IT security, and intellectual property ownership.
Regulators and examiners know that you feel overwhelmed by regulations, but in many cases they are just enforcing the law. Advocate for yourselves in Congress and help the agencies reduce your regulatory burden. They don’t write the laws, but they do enact and enforce them.
As you look ahead to the new year, see if you can make good on any of these regulatory stocking stuffers. It won’t just help your examiners—it will help your whole institution. These are definitely gifts that give back.