Compliance exams are stressful and challenging to endure, and managing the repercussions of a less-than-favorable exam are even more so. In this post, we will share 7 experience-tested tips for how to respond to a bad compliance examination.
Each recommendation is based in personal experience as a former compliance officer at a bank, and in Ncontracts collective experience as consultants, analysts, and thought leaders. In addition to guidance for how to respond to a bad exam, you'll also learn a few ideas for how to be proactive in the face of an exam, in case you're currently in that situation.
Want to learn how Ncontracts can help reduce your CRA compliance risk?
There's are a few things no compliance professional wants to hear. One is that there's a compliance exam on the horizon. Another is that an exam didn't go well. This is true across industries, regions, risk profiles and exam types.
Compliance examinations are stressful, even before they begin. Under the best of circumstances, many compliance departments are understaffed, and there never seem to be enough hours in the day. That often increases when an exam is upcoming. With the stress of the regulatory examination preparations, it's difficult to manage the daily compliance responsibilities, not to mention maintaining a good team spirit and culture.
After the exam, the repercussions of a negative outcome can be dramatic. A bad exam can result in civil money penalities, reputational damage, delayed M&A activity, reduced profit margins, and jobs may even be on the line. The department that works diligently to preserve their financial institution's reputation and profit can feel a lot of pressure, internally and externally.
So what do you do? Here are 7 best practice tips:
Even if you are working with a challenging examiner, be respectful and professional. In discussions before, during and after the exam, try to use data, documentation, and other forms of proof as much as possible so that it's an informational and cordial exchange, rather than an emotionally charged one. We'll touch more on this idea next.
Give your financial institution a little time to review the exam findings, recommendations and documentation, and use it as an opportunity. Ask yourself, "what can we learn from the regulator’s recommendations? Are there areas that could benefit from some improvements?"
After the exam, review the findings and compare them to your actual data. This should include the requested sample loan files, reports and any other data provided for the exam.
If examination findings or recommendations end up being interpretative, burdensome, or ever incorrect, use the management response to document your reasoning with strong supporting facts. This may include data analysis, or other internal documentation that didn't surface during the exam.
Most importantly, review the regulatory requirements. Findings or recommendations that require changes for your financial institution will require research of the regulatory requirements before implementation.
Use your research to create a project plan to provide to management and get their approval. Your goal is to respond to a bad exam as quickly as possible, and this project plan is a great way to ensure that happens. Being responsive to a bad exam shows the regulators and your management that you take compliance seriously, and reduces the risk of repeat findings in the future.
This project plan should be a roadmap of:
In addition, it should provide a way to track action items, issues and roadblocks as they occur and stay aware of progress.
Provide management with the relevant, fact-based information that they can understand and use to make a decision. This also goes for employees impacted by the changes; they will appreciate having the documentation they need to understand the changes. Make sure all requirements and expectations are clear to all involved parties.
It can be tempting to dismiss the regulators findings, particularly if you have a combative or aggressive examiner. However, it's important to acknowledge the examiners concerns when founded. Take them seriously, and communicate that severity internally.
Attempting to downplay the severity or validity of the findings does more harm than good. It signals to your internal team that compliance isn't that important, which may erode your institution's culture of compliance and your colleagues' commitment to making change. It may also make you or your team appear less capable in the eyes of people who do undestand the value of compliance, including regulators.
Management needs to understand the severity of a bad exam so they can be on board with future improvements. They are vital to enforcing and fostering change; employees will embrace the change more positively if management supports the needed change.
Explain what, when, where, why, and how the change will be expected to happen. Express the future goals and responsibilities to your management team, and get their sign-off so that you are empowered to move forward confidently.
Once again, communicate this executive-level approval to the rest of your team. The more employees know and understand, the more likely they are to be on board.
You may also want to enlist executive management to help create a committee and use the project plan to stay on track of due dates and who is working on each step. Provide written reports to management on the progress of deadlines so they can help push due dates and objectives. This process will help add accountability and improve the pace of progress.
Networking can be a key tool in your wheelhouse. Other compliance professionals are your allies. The good part about fellow Compliance Officers is there is no competition, and you can share ideas and insight.
Reach out to them and see what they have experienced and learned during their own exam. (Note: Keep in mind the actual exam results are confidential.) The following questions may be helpful to ask:
Online networks and groups like Bankers Online, ABA, CBANC, and ACAMS give you the opportunity to ask large groups of professionals for their opinion and experiences in a safe, friendly, and supportive environment.
Responding to a bad exam needs to be a priority for you and your team. Set a timeline, start implementation, and get those changes rolled out. As mentioned above, the longer it takes you to do that can communicate lack of compliance savvy or commitment.
From a practical perspective, it's easier to maintain momentum once you already have momentum. Try to get the ball rolling quickly so that you can maintain that energy and enthusiasm as long as possible. While renewed management and team interest in compliance may not have the positive tone you were hoping for, it's possible to leverage the attention and focus to make changes more quickly.
Ncontracts Viewpoint: If you find out your institution has an upcoming exam, there's only one good way to respond. Be proactive. The more you learn, prepare, analyze, understand, and explore, the more prepared you will be for the challenges of the exam. In addition, you'll be in a much better position to respond to the examiners questions and defend yourself, your team, and your company against allegations.
Some ways to be proactive in preparing for a compliance exam include:
Here at Ncontracts, we know how difficult these situations can be because we've been there. Some of us are former bankers who have dealt directly with the regulators, while others are compliance experts who have helped clients through the process. These tips are designed to be applicable to any compliance professional, at any institution, for any exam, be it a targeted Fair Lending assessment or a BSA/AML exam. However, if you have more specific questions, or would like help navigating an upcoming examination, please get in touch!