examiner attention on areas within financial institutions that may pose the most significant risks, including compliance. The agencies work to promote a sound risk-management process at each regulated financial institution, one centered on the evaluation and management of risks. The agencies try to help financial institutions implement compliance programs that focus on anticipating, evaluating, managing and communicating about key compliance risks. “Compliance risk” is defined as that risk to earnings or capital that arises from violations of or nonconformance with laws, rules, regulations, prescribed practices or ethical standards. The agencies’ examination procedures provide that compliance risk can damage an institution through any or all of the following consequences: • Regulatory or judicial fines and penalties • Payments of damages to aggrieved parties • Voiding of contracts • Diminished reputation • Reduced franchise value (due to monetary and reputation losses or penalties) • Diminished business opportunities • Lessened expansion potential (e.g., when fair lending or Community Reinvestment Act problems delay or disallow corporate changes, mergers or acquisitions) The supervisory agencies recognize that an important element in avoiding these risks and their resultant costs is an effective accountability system, in which institution staff feel they own their roles in the overall program. Establishing Accountability An effective accountability system has to be built around a solid design. A few key elements are needed to make it succeed: management commitment; appropriate training of and communication to all staff; regular, independent testing of performance; and consistent enforcement of responsibility. Management Commitment Solid support from both the board of directors and senior management is vital to the success of any compliance (or other) management function. It should also be seen as in their best interests since the risks and penalties for noncompliance are tremendous, and the board and management are ultimately responsible for the institution’s compliance (and other) performance. Management and the board need to understand the true importance of compliance — it is not a job to be relegated to one person, or a small group, and ignored by everyone else. “Everyone else” includes those who drive the institution’s compliance performance, and they must be given the tools to succeed and held accountable for their results. Training and Communication Training is the foundation for effective compliance and accountability, since employees cannot be expected to comply Establishing and enforcing accountability can produce the lowest-cost compliance — compliance that is embedded in the institution’s normal operations rather than added on, with everyone working to get it right the first time. with the plethora of laws and regulations that govern banking today if they have not been given appropriate instruction on what is required of them. In structuring a compliance training program, the first step is a needs assessment — the types of products and services offered, current level of staff knowledge, problems identified in audits and examinations, and so forth. The goal of the compliance training is to provide line officers and other staff with the information they need to produce positive compliance results in their particular area or job. It is not to be an exercise in information overload. Therefore, the person in charge of training (whether classroom, online, etc.) needs to scope out the relevant laws and regulations to be covered, determine how to tie the rules into the institution’s functions, decide which media and tools to use, and so forth. Regular communication of compliance information is an important complement to regular training. It helps keep staff aware of changes in the compliance rules and expectations, as well as keeping compliance issues on their “radar screens.” Testing A robust internal compliance review program, including both periodic audits and ongoing monitoring, can serve several purposes. These include giving early warning of problems, providing a defense against litigation, meeting regulatory expectations, and furnishing measurements of department/area or individual performance. Enforcement Without consistent enforcement of accountability for compliance performance, all the other elements are pretty much for naught. If individual line managers and other personnel are “let off the hook” for poor compliance performance because, for example, of high loan production volume, the system is likely to fail. Making It Work Human nature being what it is, there needs to be incentives for good compliance performance and, perhaps more importantly, disincentives for poor results. In addition, if all staff are not held to the same standards, then any exhortations for good results and performance will ring hollow to everyone. Those that the 13 In Touch
RkJQdWJsaXNoZXIy MTg3NDExNQ==