Strategic Planning for Compliance
In the Summer, 2015 issue of Supervisory Insights, the FDIC focuses on the idea of strategic planning for banks in a shifting earnings environment. While this article addresses the need for overall strategic planning at banks, it brings to mind the idea that the compliance program at your bank specifically should undergo strategic planning. In fact, the same principles that are outlined in the text of the article can be directly applied to the compliance program at community banks.
The financial crisis of 2009 lead to many bank failures, a greater number of regulations and overall uncertainty in the banking industry. As all of the financial pain from that upheaval began to sort itself out many banks have been left to find their way in a changing environment. The competition for good and reliable borrowers has become intense while net interest margins have been squeezed by persistent low interest rates. Alternative lending institutions that do business to business lending have also started to make inroads in the pool of potential customers for community banks.
Simultaneous to a shrinking pool of good customers is a growing list of regulations that require active participation on the part of bank management. The expectations of regulators are that banks will make a strong effort to monitor their products and activities to ensure compliance with the requirements of the regulations. In both the immediate future and the long term, it will be necessary for banks to be flexible and innovative when addressing the need to stabilize and grow profits.
The compliance program has to be part of the growth and innovation. As the products and services that a bank offers change to meet the needs of the community, so must the compliance program. New products have different compliance risks that range throughout the lifecycle of the product.
In the area of compliance, governance of the program is critical to its success. Oftentimes, at smaller financial institutions, this is an aspect of compliance that is overlooked. The Board and senior management must be a part of the overall strategic planning process for compliance. Just like every other area of bank administration, it is the role of the Board to establish the risk appetite that will be implemented in the compliance program.
As a best practice, the compliance risk assessment should be comprehensive, performed annually and should be a part of the strategic planning process. Completing a compliance risk assessment should not be simply a rote exercise. The risk compliance risk assessment should take into account current resources versus needs and be a comprehensive and honest assessment of the capabilities and effective ness of the current program.
The compliance risk assessment should be presented to the Board and senior management as part of the strategic planning process. In this manner, the Board has a clear picture of the compliance program and can more accurately establish the risk appetite of the financial institution.
Working with the Board to establish priorities for resources in a given year is a critical pat of strategic planning for compliance.
One of the problems that often confront compliance programs is lack of adequate resources. This can take the form of lack of staff, inadequate training, insufficient time to perform essential duties, missed deadlines or missed audits or reviews. Unfortunately, there is a tendency for compliance staff to try to maintain a static level of resources. Compliance is often seen and a noncontributing expense and increasing the budget can be met with withering opposition. However, despite its lack of earning potential, an ineffective compliance program can be the source of dramatic expenses. In this case, an “ounce of protection” in the form of an adequate compliance program is worth a pound of cure. An effective compliance program must have adequate resources to meet the risk appetite of the financial institutions. This does not necessary mean hiring additional staff; outsourcing is a practice that many financial institutions employ. Outsourcing allows the leveraging of resources to meet the specific needs of a financial institution.
Taking a look at the training, management information systems and audit/compliance review resources that are available based upon the current risk environment. If there are gaps, the strategic planning process is the time to make the resource requirements known. The level of earnings that are projected at your financial institution must have taken the compliance budget into account. Otherwise, an ineffective compliance program can result in enforcement actions that wipe out the entire earnings.
For a compliance program to be truly effective. It has to be part of the forecasting for a financial institution. If new products or markets are being contemplated, the compliance resources required must be considered. For example, in the event your financial institution decides that they will once again offer HELOC’s, does the compliance staff have sufficient knowledge of the disclosure, servicing and reporting requirements for these loans? If not, how difficult will it be to acquire this knowledge? Does the core system have the ability to properly account for the compliance requirements for these loans? If not, what are the costs for upgrading systems? These are costs that rightly should be considered in the strategic planning process. Even if no new products are being offered the regulatory environment can change from one year to the next. For example, in 2016 there will be entirely new flood insurance rules. These rules will apply not only to new loans, but to the existing portfolio. The training and reporting systems changes that will be necessary to comply with these new rules should be part of the strategic planning process so that sufficient resources are allocated to this change. Being a part of change at the Bank is an essential compliance function.
One of the useful habits of financial institution regulators is that they announce potential changes to regulations well in advance of the changes actually taking place. All of the regulators announce publicly the changes that they are proposing and invite comment. For example,
On May 22, 2015, the CFPB released its Spring 2015 regulatory agenda, which updates the status of the regulatory issues and rulemakings on which the CFPB is currently working:
- Completing a final rule under Regulation C to implement the Dodd-Frank Wall Street Reform and Consumer Protection Act’s (Dodd-Frank Act) amendments to the Home Mortgage Disclosure Act. The rulemaking proposal is available; the CFPB expects the final rule to be issued in August 2016.
- Completing a final rule under Regulation E to regulate prepaid financial products. The proposal is available; the CFPB expects the final rule to be issued in January 2016.
- Issuing a final rule on June 10, 2015, to supervise larger, nonbank participants in the consumer automobile financing and leasing markets, defined as nonbanks that annually originate at least 10,000 automobile loans, automobile loan refinancing’s, purchase of automobile loans, or leases. The rule became effective August 31, 2015. 
At least two of these rules will have a direct impact on the compliance demands on your bank in the very near future. This information is readily available but is often overlooked due to strained resources and lack of sufficient time. Part of the overall forecasting for compliance should include a component that allows for the forecasting of compliance needs in the immediate future.
By employing many of the same principles that are part of overall bank strategic planning to the compliance area, the compliance program can increase efficiency can maintain an appropriate view of the resources necessary to remain effective.
 For a good discussion or risk management throughout the lifecycle of a product see Consumer Compliance Outlook second quarter 2015-Federal Reserve Bank publications