5 Strategies to Building a Sustainable Compliance Program

Compliance is a recognized safety and soundness issue influencing the direction of examinations and the perception of management’s effectiveness in the organization. The nature of compliance has become a landscape of almost constant change. Those credit unions who wish to weather the onslaught of regulatory upheaval have come to recognize that an effective and robust compliance program will protect the credit union in these challenging times. Compliance is a key area of risk management. Given the diversity of programs, five qualities appear to be consistent in those effectively addressing compliance concerns: 

1. Employing an experienced compliance professional and/or staff 

Regulations require that management appoint a compliance officer. This person should, ideally, be experienced, have financial industry compliance certification, and be given sufficient authority to do their job. Experience may be considered from prior employment by a bank, credit union, or other financial institution following similar regulatory guidelines. Regulatory experience (such as examiner) is also a good indicator of experience. Compliance certification may be attained through most trade associations or formal training programs. Examples of designations include the Credit Union Compliance Expert (CUCE) from Credit Union National Association and Certified Regulatory Compliance Manager (CRCM) from American Bankers Association. In addition, the compliance officer should possess sufficient authority to carry out designated responsibilities.     

2. Senior management buy-in 

You can be the best compliance officer, have perfect policies and procedures, and receive accolades from examiners, but if you don’t have senior management support, you’re living on a dead-end street. It’s important for senior management (CEO, COO, CFO, EVP Operations, EVP Lending, etc.) to not only buy in, but also to encourage compliance efforts as part of an effective business strategy. The key here is education. The more information you can provide, the more comfortable these executives can be with your recommendations and suggestions. 

3. Educate staff and directors 

So, we come to education. Make sure that staff, officers, and directors are aware of the importance of compliance issues regarding each individual and job within the institution. Of most urgency is setting up a centralized database of rules and regulations, including their timing and implementation, along with a format to convey the database through training. An efficient and effective compliance officer and staff will make facilitation of this a quick and user-friendly process. 

Consistent monitoring of the data from available resources can help effectuate training. Information is now at a premium, but we have numerous means of efficiently capturing it. Develop a meaningful relationship with the internet. Resources are available that include state and national trade association periodicals, online databanks and manuals, and webinars and list serves. (Warning: do your due diligence.) Vendors produce timely information that can be obtained through any search engine (Google, Bing, etc.). Regulatory agencies including National Credit Union Administration, Consumer Financial Protection Bureau, Federal Reserve, and Federal Financial Institutions Examination Council provide perspectives on laws and regulations. 

4. Develop a compliance culture 

Have staff consider the role of compliance in each of their areas of responsibility. Don’t depend wholly on exams and audits to gauge your programs’ effectiveness. The biggest mistake compliance professionals make is to assume that because an exam or audit did not spotlight a particular inaccuracy or omission, it’s not important or it’s OK. In a compliance culture, staff should attempt to weed out problems and issues in their individual areas. Coming across problems or issues that examiners or auditors failed to find is a benefit for us in that it evidences the effectiveness of our internal system and showcases our ability to cure these items expeditiously. 

5. Proactivity and risk 

Anticipation. Speculation. Extrapolation. All elements to defining risk. To be proactive is to anticipate regulatory changes by studying trends and watching how supervisory and regulatory professionals are reacting. This leads to the second area of consideration: speculation. Make a decision based upon past and recent regulatory trends. This brings us to extrapolation, to use known facts as the starting point from which to draw inferences or conclusions about something unknown. Once the trends and facts align, we can usually determine what will be coming in the way of regulation or guidance, which allows us to assess and analyze risk.