What is the future state of compliance in community banks?
Over the last year, more than 82 new regulations have taken effect! And you may have just thought that things were getting more and more intense! The fact of the matter is that compliance and risk have taken center stage of the bank regulatory universe and that will be the case for some time to come. There are many theories about what caused the financial meltdown that began in 2008, but there is no disagreement that consumers suffered heavily during the worst of it. Foreclosures, collection actions and lawsuits between banks and consumers have ballooned and have caused a public outcry. The twin missions of the regulators have become consumer protection and the managing of risk. Whether or not you agree with this approach, the fact of the matter is that the area of compliance is one where costs are rising and will continue to rise.
For many years, trade groups, lobbyists and politicians have discussed the possibility that a separate set of rules and regulations should be developed for community banks to relieve them of some of the burdens of compliance that the larger banks have. Despite the best-intended plans, there has been little to no movement in this area. It is simply not a good or prudent plan to hope that there will be changes in regulations that will allow you to throttle back on compliance! The fact is that the standards for community banks will be similar to the ones set for larger banks with large compliance staffs.
The fact is that while the number and scope of regulations are increasing, the expectations for compliance are also increasing. This is true even for community banks that tend to characterize themselves as “non-consumer” commercial banks. Even in the event that the Bank makes the decision to offer no consumer products, there are aspects of compliance that will apply. For example, Regulation B, the equal credit opportunity Act applies to ALL lending. The same is true for the Community Reinvestment Act. One of the characteristics of the CRA that all banks must consider is how the products that are being offered meet the credit needs of the community in which they operating. Flood insurance is required on all properties that are taken as collateral whether the loan is for business purposes or not. It is also clear that the time is coming when a HMDA-like reporting scheme for business lending will be implemented. There are also issues that sometime “spring to life” with commercial banks. For example, a transaction on a building can become HMDA and RESPA covered with the change of zoning or the whim of a customer who decides to live in the building.
Whether your bank is focused on consumer or commercial lending, compliance will be an important and growing area in the next few years. The expectations from regulators are clear; there should be a comprehensive compliance program that is well documented and effective. There should be Board involvement that includes at a minimum, consistent reporting on the results of compliance monitoring and trends at the Bank. There must be an appropriate level of staff training and specialized training for the compliance officer at your bank. Other areas of emphasis include the managing of complaints and the analysis of the potential for UDAAP violations.
Developing a compliance program in 2015 and beyond incudes among other things;
- Updating policies and procedures
- Ongoing monitoring of the compliance efforts at the Bank
- Providing effective training
- Obtained detailed scoped audits
- Keeping abreast of changes in regulations
- Providing regular reports to the Board of Directors
Increased expectations for compliance have of course resulted in increasing costs for compliance. The number of hours dedicated to compliance is an ever-increasing number
As the requirements for a fully implemented and effective compliance program continue to grow while costs of compliance continue to rise, the time to consider outsourcing arrangements has apparently come. Many banks are now considering or have implemented co-sourcing components of the compliance function. Some banks are now even considering the complete outsourcing of compliance.
What does co- sourced or outsourced compliance look like? Well, it is different for each bank. The FDIC has pointed out in recent publications that the idea of a “one size fits all” approach is the very thing that they want to avoid.  The fact of the matter is that the compliance program for each bank has to fit its unique nature. There are several considerations that should factor into the development of a compliance program. These considerations include but are not limited to:
Current staffing levels
- Levels of consumer activity
- Strategic plan changes
- Results of recent examinations or audits
- Demographic changes in the assessment area
Outsourced compliance should consider each of these factors and should provide support where the Bank determines that there is a weakness or potential exposure to risk. For one bank this might mean performing a series of compliance tests on HMDA entries and then providing training in areas where there are findings. At another bank, outsourced compliance might mean developing and running the compliance committee.
There can be little doubt that the current compliance environment is one where the demands on the compliance program of community banks are increasing. An effective compliance program is one that involves collaborative effort. One effective means of collaboration is outsourcing or co-sourcing.
 See FDIC Supervisory Insights Vol. 11, Issue 1, Summer 2014
James DeFrantz is a Partner in Atlanta-based financial services industry consulting firm Bank Solutions Group. [email protected]