4 Ways Compliance Can Protect Your Institution's Resources
We’re launching an ongoing series about how you can turn compliance from a cost center to a cost saver. With the right tools, you can improve compliance efficiency and support your institution’s growth goals.
As a compliance officer, how many times have you heard that compliance is a drain on resources? That it doesn't make money? That it's not a revenue-building department? We've all been there and heard it.
However, we all know the truth: while compliance doesn't generate revenue, it can save resources!
Compliance can save the financial institution both time and money, and preserve the reputation if it's managed appropriately. The compliance department is an important part of the team.
The "spin doctors" may have the right idea by trying to manage the way a story is told in order to influence what people think about it. As Compliance Officers, we may need to "spin" the way the organization views the compliance department by contributing to the conversation. We need to change that old mindset from "compliance is a cost center" into "compliance is a cost saver."
We need to show our teams how having strong compliance policies, procedures, and controls can save resources. Here are four ways that strong compliance departments can protect your institution's resources:
- Improve the safety and soundness of the institution’s activities;
- Mitigate costly enforcement actions, which include civil, criminal and/or personal money penalties;
- Save time by avoiding long regulatory investigations and negotiations; and
- Preserve the institution’s reputation, which can be damaged by compliance enforcement actions.
With this series, we'll share real-world examples of situations in which a stronger compliance risk management could have turned the compliance department from a cost center to a cost saver.
How Management Teams Can Use Regulatory Compliance Strategies to Mitigate Civil Money Penalties
Last October, the FDIC levied substantial civil money penalties (CMP) against an individual affiliated with a financial institution, as well as the institution itself.
These CMPs against the individual totaled nearly $730,000, $105,000 of which was unappealable. The reason cited was “unsafe and unsound banking practices, both individually and as an institution-affiliated party of the bank,” which were associated with underwriting.
One of the key compliance issues highlighted in this case is third-party risk. As part of a strong compliance program, financial institutions have a responsibility to perform due diligence on any third-party that is associated and working with the financial institution. It is imperative that third-parties are proven to be trustworthy. If not, the institution itself can be held responsible for any misconduct.
As a Compliance Officer, do you have a third-party risk management policy (vendor management)? Have you recently reviewed it? At a minimum, does your policy cover:
- Due diligence of the third-party based on risk and complexity of the relationship;
- Ongoing and consistent monitoring of their activities and performance throughout the lifecycle of the relationship;
- Documentation and reporting expectations; and
- Specific responsibilities for compliance with federal and state regulations, and your financial institutions policies and procedures?
This FDIC example is just one CMP that has been leveraged against financial institutions in recent months for lack of oversight in the third-party management process.
Third-Party Risk Management Best Practices
The CFPB, OCC and Fannie Mae have issued guidance to help Compliance Officers and financial institutions to aid the creation and implementation of third-party risk management programs, and the management of these types of relationships.
Compliance Officers play a key role in bringing this type of guidance to your management teams, to help them create processes that mitigate risk.
Here are some quick third-party risk management best practices to help turn compliance from a cost center to a cost-saver:
- Conduct a review of critical vendors to look for gaps or red flags
- Review the Third-Party Risk/Vendor Management Policy to see if it meets the regulators’ expectations
- Review Contracts and/or Service Level Agreements; looking for red flags or gaps in compliance requirements
- Include third-party testing in your compliance testing schedule
Over the past few years, compliance costs have risen dramatically – and are projected to continue to increase. It’s essential for financial institutions to make sure that they’re spending their compliance budgets as wisely as possible. You can’t afford to spend more than necessary – but you really can’t afford to spend less. At TRUPOINT, we keep our clients' growth plans and profitabilty in mind.
- OCC Guidance on Third Party Relationships, October 30, 2013: http://occ.gov/news-issuances/bulletins/2013/bulletin-2013-29.html
- CFPB Bulletin 2012-03, April 13, 2012: http://files.consumerfinance.gov/f/201204_cfpb_bulletin_service-providers.pdf
- Fannie Mae's Appraiser Quality Monitoring Program: https://www.fanniemae.com/singlefamily/appraiser-quality-monitoring