By Aubree S. Rehmke
I have spent my entire career working for financial institutions. After graduating from college, I started as a teller and quickly transitioned my way through several positions spending the majority of my profession as a compliance officer and BSA officer for a small community bank. Today, I work as a consultant with Vantage Point Solutions performing audit and consulting services for small to mid-sized financial institutions.
Over the years I have met many novice compliance professionals, and one commonly shared frustration I hear is that they aren’t sure where to start. In the span of almost twenty years, I have learned many lessons (and have made many mistakes). I want to pass that knowledge on to those who may be lacking the mentorship that is essential to navigating this role. So, if you are reading this and you are new to compliance management, here are my two cents on the things you can do to make this job a little easier for you.
Get Organized
Compliance officers are expected to know and manage a considerable amount of information; from policies and procedures to consumer regulations to monitoring and training. Therefore, it is extremely important to build a compliance management program, or what we in the profession sometimes call our “house of compliance.”
Some institutions have the luxury of purchasing software to help manage the compliance function. However, if you are like me and do not have that convenience, then you may need to build your “house” from scratch. It works best for the compliance department to maintain a folder on the institution’s network or intranet where all the electronic compliance-related items are stored. For ease of use, this “house” can be organized in such a way as to include a separate folder for each of the pertinent compliance areas, for example:
- Board & Management Oversight – used to house all of your board reports, requests for approval, compliance committee meeting minutes, etc.
- Policies – used to store all the institution’s approved written policies as well as the annual policy reviews and amendments.
- Procedures – used to store all of the institution’s written procedures; consider breaking this down by department, and then possibly by task or function.
- Risk Assessments – used to house all of the compliance-related risk assessments; organized by annual review year or by type of assessment.
- Monitoring & Auditing – used to store ongoing monitoring functions performed by the compliance and/or BSA role in addition to third-party compliance audits, self-reported violations, corrective action, remediation tracking, etc.
- Training – used to store compliance training organized by year or topic in areas such as online course assignments, handbooks, materials, employee acknowledgments, board training, etc.,
- Consumer Complaints– used for all consumer complaints, incidents, investigations, logs, responses, and management reports.
- Change Management – used to store the tracking of new or changing regulations, products and services, and new business processes or strategies.
- Regulatory Exams – used to store regulatory exam information, request lists, collected exam documents, exam reports, and corrective action/remediation.
- Compliance Library – used to store all of your tools, news articles, agency notices, FAQs, checklists, worksheets, flowcharts, training materials, and any other resources you have collected over time to aid in the compliance officer role; organized by topic or regulation.
Now, obviously, this is just one way to do it. In my experience, this folder system ran like a well-oiled machine after the initial setup. After you create some kind of organization for your electronic house of compliance, you will be more efficient and find it easier to locate important documents and other resources. If you have inherited the previous compliance officer’s folder system, consider taking the time to reorganize it into a structure that will work best for you and your organization.
Create a Project Tracker
With so many different projects occurring at different points throughout the year and at different frequencies, consider maintaining some kind of project tracker. Again, if you are not using software to assist in managing this function, I highly recommend an Excel spreadsheet and/or setting calendar reminders or tasks. The tracker or calendar can be comprised of all the different compliance projects, tasks, and responsibilities you need to complete throughout the year, whether routine or one-time, and can include important data such as:
- the name of the project
- the name of the individual(s) assigned to champion the project
- the frequency of the project
- the next due date
- a brief description of the project
- where the information is to be reported once completed
Once projects are completed, they can be marked accordingly or simply adjust the due date to the next frequency for repeat tasks.
Know Where Your Resources Are
My philosophy on the role of compliance officer is not necessarily memorizing all the rules and regulations, but rather knowing exactly where your resources are. When I started in compliance, nobody taught me how to find banking regulations — I wasted a lot of time thumbing through old training manuals or googling regulatory citations. Compliance professionals should know how to research rules, regulations, and statutes directly from the primary source materials, and also be alerted when something new is coming down the pipeline.
One of the main resources for researching regulations is found on the Code of Federal Regulations website, or the eCFR system, particularly Title 12 and Title 31 where many of the banking regulations are located. Banking regulations can also be found on the federal agencies’ websites depending on which agency has authority over the regulation.
The federal agencies publish their exam manuals which can often be helpful when looking up regulatory information or building an internal audit program.
The agencies also publish communications that are helpful when new information is announced, many of which you can subscribe to receive via email.
It is in your best interest to subscribe to several banking e-newsletters and compliance publications directly from bankers’ associations and other secondary resources. I highly recommend signing up for as many email communications as possible so you don’t inadvertently miss important information that may affect your institution.
Create Alliances with your Colleagues
When I was a compliance officer, one of the most routine methods for regular and consistent contact with colleagues came from the compliance committee. During my time at the bank, our committee was comprised of leadership from several departments, including the bank president. This was perhaps the most substantial opportunity for me to meet with management and discuss consumer compliance topics in lending, deposit, operations, as well as BSA. Each department leader was responsible for agenda items within their area of expertise, which can be an excellent way to create accountability and a culture of compliance within the institution. With this in mind, it is important to note that compliance can be a shared responsibility; the burden does not necessarily need to fall on one person alone. After building a strong rapport with the committee members, you will find it easier to collaborate on projects in between meetings as well.
In addition to creating alliances through the compliance committee, compliance officers also need to be transparent and responsive to all employees within the institution. Remember, you are likely their primary source of regulatory guidance and information. When they have questions, you are responsible for researching the answer which makes being approachable and collaborative essential qualities.
Build a Network of Compliance Friends
Unlike other areas within the banking industry, compliance is not competitive. In my experience, compliance professionals are eager to share tools and resources with each other. If another compliance professional has already developed a risk assessment, or a checklist, or knows of a process that works well and is willing to share — take advantage. Why reinvent the wheel? And, the relationship should work both ways so don’t forget to share your ideas too; obviously, do not share proprietary or confidential information.
How do you meet these “friends”, you ask? Well, one way is to attend compliance conferences and schools. It can be difficult to build a network of compliance friends if you only ever attend virtual events, therefore, meeting with other compliance professionals in person is crucial. Get out there and meet people. Typically, these events will host networking lunches and socializing opportunities to help introduce novice compliance officers to more seasoned ones. If you get the chance to attend any in-person events, I highly recommend you join the networking events and exchange business cards.
Another way you can meet fellow compliance professionals is through local or online peer groups. You can also develop connections with your external auditor, outside consultants, and state bankers’ association. Each of these relationships can provide meaningful and long-lasting resources throughout your career.
Don’t Forget Your Lead Examiner
The last piece of advice I will leave you with is this: don’t forget to build a relationship with your lead examiner. Financial institutions are assigned a lead examiner by their federal regulator, and it is important to have a good rapport with this person. Whenever I felt challenged by a complicated regulatory issue or wanted an expert’s opinion on a matter beyond my scope of expertise, I reached out to my examiner. In my experience, the examiner was more than willing to accommodate my inquiries and provided me with quality feedback. I also made an effort to attend events hosted by the regulatory agency which provided another opportunity to meet with examiners in between exam cycles.
Regulatory compliance has been a challenging and rewarding career path for me. Even now as a consultant, I continue to learn something new all the time. I have a passion for working in bank compliance and enjoy partnering with community bankers to help build successful compliance programs. I hope you find your career equally fulfilling.
Rehmke is a risk and regulatory compliance consultant for Vantage Point Solutions, a WBA Associate Member.
About the Author
Aubree S. Rehmke is a Risk and Regulatory Compliance Consultant for Vantage Point Solutions based in South Dakota. Aubree has almost 20 years of experience in the financial services industry, and she has a passion for mentoring employees new to their roles in compliance and BSA. For most of her career, she served as the compliance officer and human resources manager for a small community bank in eastern Iowa. Aubree is a Certified Regulatory Compliance Manager and brings a broad range of regulatory and consumer compliance knowledge to the Vantage Point financial services team. She holds a B.A. from The University of Iowa and a diploma from the Graduate School of Banking at the University of Wisconsin-Madison where she also earned a certificate in executive leadership. Aubree resides in Dubuque, Iowa.
Vantage Point Solutions offers Virtual Compliance Officer and Virtual BSA Officer services including mentoring programs. If you are interested in these services, contact Aubree at Aubree.Rehmke@vantagepnt.com.