Enhancing Your Compliance Training Program
Training programs are one of the largest investments a financial institution can make in its employees after compensation. The benefits of training include:
- Mitigating compliance risk: It can help maintain a sound compliance management system and mitigate compliance risk by providing staff with the needed technical knowledge to comply with internal policies and procedures and consumer protection laws and regulations.
- Promoting a proactive compliance culture: It can also enable the board of directors to maintain a culture of compliance while executing its business plan.
- Implementing effective change management: It is an important part of the change management process.
- Improving customer experience: It can help ensure that staff treats customers fairly.
Generally, a financial institution’s training program should be commensurate with its organizational structure and the activities in which it engages.1 To help financial institutions maximize this investment and reap the benefits of an effective training program, this article discusses several specific key attributes of an effective training program, including comprehensiveness, timing, and tailoring.2
Comprehensiveness
As stated in the Federal Financial Institutions Examination Council (FFIEC)’s Uniform Interagency Consumer Compliance Ratings System and the Federal Reserve’s Community Bank Consumer Compliance Risk-Focused Supervision Program, the scope of a strong training program is comprehensive. The training program should focus on the requirements of laws and regulations applicable to the financial institution’s products and services, sources of compliance risk within the bank’s operations, and the specific risk mitigation methods incorporated in the organization’s policies, procedures, monitoring, internal controls, and automated systems.
Financial institutions can use a variety of training methods. For example, computer-based training modules can be effective in delivering specific role-based content focused on legal and regulatory requirements. On the other hand, face- to-face training provides the opportunity to interact among participants and present organization-specific examples that may require further clarification. This approach can be particularly helpful with high-priority training (e.g., when regulatory requirements or financial institution policies or procedures have recently changed). Of course, financial institutions may deliver training using multiple methods that reinforce or complement one another.
A training program may be enhanced through external training opportunities, whether provided in person, through the Internet, or by teleconference. These sessions share knowledge from subject matter experts and often include a discussion of sound practices. These sessions also may provide credit for continuing education requirements, which enhances the credibility of the financial institution’s compliance program and offers professional development opportunities to employees.
A training program is adaptable. When an examination, compliance review, or audit identifies violations or lack of adherence to compliance program standards, consider whether the existing training should be modified to prevent future instances of noncompliance or to strengthen program adherence. Perhaps most important, an effective training program remains current by ensuring that the program is regularly updated to reflect not only legal and regulatory changes but also changes in the financial institution’s operations. For example, is a new product or modification of an existing product being introduced?
A training program should incorporate accountability, most commonly by including training attendance and achievement in employee performance measures.3 For example, computer- based modules can test for comprehension and document training status and achievement levels. However, regardless of the training delivery method, formal training should be captured in training logs that document attendance and, as applicable, achievement measured through testing or similar evaluation.
Timing
When developing a training program or a specific training event, the timing of the training should align with the training objective. Introductory training is typically provided for new employees or for those assuming new job responsibilities. Depending on an employee’s specific responsibilities, many financial institutions have found it beneficial to provide “refresher” training routinely. This may be particularly beneficial if the risk associated with noncompliance is high, given an employee’s scope of authority. For example, staff members who interact directly with customers may benefit from regular training on fair lending and unfair or deceptive acts or practices (UDAP). When compliance findings are identified through internal reviews, audits, or examinations, consider the need for additional training soon after the findings have been released. Training can be targeted to specific individuals, to all individuals occupying a specific role, or to entire business units or functions.
Depending on the complexity of the topic and the associated compliance risks, many financial institutions find that training is best staged by first providing a foundational understanding, followed by training on the specific operational procedures necessary to ensure compliance. This staging may be necessary when new products, services, laws, or regulations are implemented because it assists in building awareness, considering implications unique to the financial institution, and introducing procedures that support compliant business practices. After significant process changes, management may want to assess the need for follow-up training to clarify areas of confusion or to cover modifications made after the initial implementation.
Tailored
Strong training programs are typically tailored to the particular job responsibilities and each level of employee experience. New employee training, for example, frequently focuses on the regulatory and institution-specific knowledge necessary for the employee to perform his or her job proficiently. As an employee’s scope of authority increases, the scope and frequency of training may also increase to include routine refresher training for critical compliance responsibilities. Training, regardless of timing, is typically structured to align with functional roles and will routinely target management and staff involved in lending and processing of loans (segmented as necessary by specialized type of lending), deposit activities, and marketing and product development functions. Strong training programs can also provide cross-functional instruction on critical compliance topics such as the Community Reinvestment Act (CRA), fair lending, and UDAP.
Training should be tailored not only to the job role but also to the specific compliance risks present in the financial institution’s operations. A compliance training program that explicitly establishes a link between identified compliance risk and employees’ day-to-day work supports a broader appreciation of the importance of a strong compliance environment. For example, training might help an employee make a connection between customer service training and the potential compliance risks identified through the financial institution’s complaint management program.
Some financial institutions enhance their training program to expose staff members to a broad range of compliance topics outside of their specific area of responsibility or direct span of authority. This approach can reinforce a financial institution-wide compliance culture and prepare staff for other roles in the organization. Managers and officers in particular may benefit from, or find a need for, compliance training that may be less detailed but focused on broader organizational compliance objectives and the interconnectedness of different business functions.
The need for training exists at all organizational levels, including board members. The training provided to a board of directors will typically differ from training provided to employees because of their different roles. The board member’s role includes providing oversight to ensure that management identifies, measures, and manages risk effectively. Therefore, board members must not only understand risk but also be aware of actions management has implemented to mitigate risk. Stronger compliance programs will frequently accomplish this through periodic topical presentations to the board of directors that include an overview of a risk topic, with a specific focus on how the organization mitigates the risk.
Topics for the board can be prioritized based on an organization’s compliance risk assessment. Director training will typically focus on higher risk areas that could lead to reputational damage, supervisory sanction, or financial penalties, or areas that could otherwise interfere with the bank’s ability to execute its business strategy. Such topics would typically include periodic presentations on the CRA, fair lending, and UDAP. Additional training for board members, at an appropriate level, is warranted when implementing significant new products or services or when serious compliance issues are identified that require corrective action.
To tailor training to specific responsibilities, training administrators can use computer-based modules to select content based on employee roles. In these instances, employees with responsibilities directly related to the topic would work on more detailed modules, while others may only require a high-level overview. For example, a high-level awareness of fair lending is typically appropriate for employees outside of the lending function, whereas staff with lending responsibilities, new product development, or marketing require more in-depth knowledge of fair lending laws to mitigate fair lending risk.
Conclusion
Effective training programs are critical for sustaining a sound compliance management system. Therefore, the effectiveness of a financial institution’s training program should be evaluated regularly during internal or external audits or review processes or whenever compliance issues are identified. Questions to routinely ask are:
- Is the training comprehensive enough to cover the institution’s compliance risks and risk controls and to include accountability for attendance and achievement?
- Does the timing of the training align with the training objective?
- Is the training appropriately tailored to the particular job responsibilities and the specific compliance risks?
Strong training programs share all these attributes. Specific issues or questions regarding training-related expectations for your financial institution should be discussed with your primary regulator.
Endnotes
1 See Federal Reserve CA Letter 13-19, Community Bank Risk-Focused Consumer Compliance Supervision Program (RFS) at p. 25. For more details regarding the Federal Reserve’s evaluation of the adequacy of an institution’s training program, see Appendix 3 to the attachment to CA Letter 13-19, which provides guidance on assessing consumer compliance risk management. In addition, see the Uniform Interagency Consumer Compliance Rating System, 81 Fed. Reg. 79473, 79482 (November 14, 2016) (“Consumer Compliance Rating System”). The revised Consumer Compliance Rating System evaluates compliance in three general areas: Board and Management Oversight, Compliance Program, and Violations of Law and Consumer Harm. For the Compliance Program, training is one of four factors considered.
2 See Consumer Compliance Rating System.
3 See RFS, p. 65.