Make compliance part of your institution’s DNA
Compliance is top-of-mind for every bank executive today – it might even keep you up at night – but do all of your employees feel the same level of responsibility? They should.
There’s a difference between following prescribed protocols from regulators and having a truly effective and efficient compliance system. In the struggle to keep ahead of new and changing regulations and complex expectations from examiners, some banks have fallen into the rut of using their compliance department as the last line of defense. However, a holistic approach to compliance, where key elements are knit into an integrated whole and every employee feels personal ownership of their role within the compliance system, tends to be more effective (and more efficient) than viewing the compliance department as a safety net.
The foundation of a holistic compliance system is the distribution of ownership across all departments and the bank’s strategic plan. “Compliance is the responsibility of the organization as a whole, so it needs to be distributed,” explained Elliot Berman, Principal at Bowtie Advisors. According to Berman, distributed compliance systems are one of the most effective responses by financial institutions to the continuing challenge of meeting the resource needs of today’s regulatory expectations about compliance. A distributed system is not just an idea; it must be put down on paper as part of the bank’s plans and processes to create accountability. “It is critical that each area of the bank examine its compliance risks and articulate in their operating plans how they will manage them,” said Joe Fikejs, COO of Bank Mutual, Milwaukee. “Then, they need to be held accountable to the goals and plans that are set. This best practice also reiterates the message that compliance is not just the responsibility of the compliance department.”
Another key feature of a holistic compliance system is compliance personnel that are seen as collaborative partners to be consulted in the early stages of every project rather than gatekeepers or the final step in a process. “I prefer the ‘compliance first’ approach,” said Ami Dregne, compliance officer at Citizens First Bank, Viroqua. “I don’t like being the last stop before something goes out.” Berman also prefers this model of spreading responsibility because it allows the compliance team to be subject matter experts. “That’s a more effective use of their expertise,” he said. “I’ve seen organizations where compliance is viewed as the ‘department of no’ and that’s not conducive to success.” Dregne also advocated for a collaborative relationship between compliance and the rest of bank staff. “You don’t want staff to feel like the compliance officer is ‘Bad Cop,’” she said.
When implementing a distributed compliance system, first lay the groundwork with communication and support from upper management. “Having management involved is key so that the employees know and trust the compliance team will tell them how things need to be done in order to stay compliant, rather than just make their jobs harder for no reason," Dregne explained. A hands-on management approach is also essential to foster a sense of ownership for all staff. “You won’t have a strong risk-conscious culture until all employees feel they have key roles that they take ownership of,” said Fikejs. “It is as simple as connecting the dots between regulation and key processes.” Drawing those connections for staff doesn’t require that management be subject matter experts, either. “It’s not a compliance issue, really,” said Berman. “It’s a communication and operations issue.”
Another facet of this holistic approach to compliance that cannot be overlooked is the need for ongoing training. “Weaving compliance and risk management across all key areas of a financial institution’s strategic plan is the start, but it cannot stop there,” said Fikejs. “It needs to be reinforced on a regular basis at key meetings, training and in communications.” Compliance training doesn’t have to be torturous, either. “Compliance is not as exciting as other functions in banking, so try to have fun with it,” Fikejs suggested. “Use gamification at meetings to reinforce key messages.” It’s also important not to let your compliance training schedule slip into “peaks and valleys,” according to Berman. Even though changes to regulations and procedures require mandatory training to update employees, it is also important to provide ongoing refresher training. “Find a balance between the ‘big training’ and the reminders,” he advised.
Finally, equip your compliance personnel for success by ensuring they have access to all the tools and resources they need to coordinate your compliance program. One of the most powerful resources out there is a wide network of peers. “It’s important to have a peer network you can rely on for perspective,” said Dregne. “Many compliance officers wear many hats and some are stronger in certain areas, so we lean on each other a lot.” Regular contact with industry thought leaders and other compliance experts will help your team guide the institution to consistent success.
As with many business functions, the bank’s compliance system should also undergo a continuous improvement process. “Review processes and workflows frequently to ensure unnecessary complexities and controls are removed,” Fikejs recommended. “The more simplistic the process, typically the better.” The ultimate goal is to empower everyone in the bank to work in tandem with the compliance team and take ownership of their individual compliance role. With that approach in place, the whole institution will benefit from a more efficient and effective compliance system.