Common Challenges of Community Bank Compliance Officers
The job of a bank compliance officer can be challenging. The officer will not only Not only will the officer face the daily tasks of managing and implementing an effective compliance management system (CMS) but will also face challenges outside of the regulatory role, such as confronting the board and senior management about bank culture or feeling isolated within the organization. These challenges vary, based on bank size, environment, and culture.
This article focuses on six common challenges facing community bank compliance officers and, based on observations of Federal Reserve System (FRS) consumer compliance examiners, discusses ways compliance officers have successfully navigated these challenges. We also discuss how the bank board and senior management can support the compliance officer in creating and maintaining an effective CMS.
Challenge 1: Transitioning to the consumer compliance role
- Confirm board and senior management support
- Provide authority and time to perform duties
- Provide sufficient training
Professionals newly transitioning into a compliance officer position have often found this move to be transformative. The role entails important responsibilities that include understanding and implementing a substantial amount of detailed, technical requirements. It also involves considerable soft skills. While the board and senior management are responsible for providing the compliance officer with the necessary authority, environment, resources, and training, it is the compliance officer’s responsibility to implement an effective CMS.
Ensuring board and senior management support for consumer compliance is important when transitioning to the role of a compliance officer. That support should be clearly communicated throughout the organization and confer sufficient authority to perform consumer compliance-related activities wherever they may lead within the organization. An organization’s culture starts at the top. When the board and senior management firmly communicate the organization’s responsibility to support the compliance officer in performing her duties, it greatly facilitates the compliance function. It may therefore be beneficial for the compliance officer to remind senior management of the importance of an independent and well-supported compliance function.
In community banks, the compliance officer may also have other management or officer roles. A compliance officer wearing multiple hats should consider whether sufficient time is allocated to compliance and whether having multiple positions potentially creates conflicts, especially if the compliance officer role includes performing internal reviews. These issues should be discussed and vetted during the transition with the board and senior management.
It may be difficult for the compliance officer to quickly develop the depth of consumer compliance knowledge needed to maintain an effective CMS. For example, if the compliance officer’s prior role at a bank was limited to one function, such as operations, moving to a role requiring some knowledge of all bank functions can be overwhelming. It is therefore important for the board and senior management to provide adequate training and resources, which we discuss in Challenge 3.
Challenge 2: Obtaining and maintaining regular, direct access to board and management committees and teams
- Understand the bank’s governance structure
- Develop and obtain approval of a communications plan
- Develop an appropriate agenda
An effective compliance officer understands the bank’s governance structure, knows the individuals with consumer compliance responsibilities, and has a communication plan for regular contacts with the board, relevant management, and staff. Board and senior management contact should be ongoing and designed to facilitate the compliance officer’s understanding of the strategic decisions that set the bank’s risk appetite. The compliance officer should have access to the board and/or board management committees that discuss any part of bank and third-party product life cycles.
Here are compliance officer tips for board and senior management meetings and presentations:
- Address the person(s) directly responsible for consumer compliance
- Carefully consider the appropriate frequency of presentations
- Work with the board and senior management to establish triggers for unscheduled presentations, such as a significant new legal requirement or a new product
- Make presentations high level, including a discussion of the following:
- Overall consumer compliance risk profile
- Controls used to mitigate risks
- Activity monitoring
- Actions needed to resolve existing compliance issues
- Board and management compliance training
- Compliance and business line risk management collaborations
Challenge 3: Keeping track of regulatory changes
- Subscribe to regulatory agency’s notifications
- Subscribe to consumer compliance services and obtain regtech tools
- Join support networks
Finding time to monitor and consider the changing legislative, regulatory, and supervision landscapes is a challenging but critical part of the compliance officer’s responsibilities. Many resources and tools are available, including subscribing to trade publications and regtech services, attending webinars and continuing education courses, and signing up for email updates from federal regulators, including the Federal Reserve Board,1 the Consumer Financial Protection Bureau,2 the Office of the Comptroller of the Currency,3 the Federal Deposit Insurance Corporation,4 the National Credit Union Administration,5 and the Department of Housing and Urban Development.6 Consumer Compliance Outlook provides articles with a supervisory perspective as well as a regulatory calendar of pending and final rulemakings, while our Outlook Live platform hosts compliance webinars. In addition, trade organizations (such as state banking associations) often have compliance-related forums where bank staff can discuss compliance issues. Similarly, local compliance networks, where employees of local banks create an informal network to meet regularly to discuss common challenges they face, are fairly common.
Challenge 4: Based on risk findings, convincing the board and senior management of the need to implement cultural changes
- Leverage the lines of communication developed with the board and senior management
- Discuss risks resulting from regulatory and environmental changes
- Communicate to staff members shared their consumer compliance responsibilities
Having direct lines of communication with the board and senior management is important, especially if a risk assessment identifies an unmitigated, high-risk area or substantive violation of consumer protection laws. To adequately correct the issue, the board and senior management must fully support and communicate the required changes throughout the organization. The change may require a simple process revision.
Conversely, the change may require a deeper cultural adjustment. In that case, the compliance officer should be able to explain to the board, management, and staff why the change is required. For example, process revisions and cultural adjustments may be necessary when a community bank providing manually completed deposit account disclosures is consistently unable to provide disclosures accurately reflecting bank policy changes or regulatory requirements. Or an internal compliance review may find a high risk of discrimination on a prohibited basis, with risk mitigation requiring procedural and cultural changes that would affect several lending functions. The CCO article “Understanding How Culture Drives a Bank’s Mission”7 may help the compliance officer in communicating to the board and senior management the importance of developing and communicating culture, especially if consumer compliance risk is high.
Although changes begin with the board and senior management, it is important they filter throughout the bank to be effective. The compliance officer should not rely solely on board or senior management messaging to make staff understand the issues at hand. Successful compliance officers proactively provide the board and staff with “the skinny” about consumer compliance issues and clearly communicate the nature of the problem and the necessary changes to address it. They also find ways to proactively communicate with staff so they understand the compliance issues at hand.
For example, suppose the compliance officer learns from reviewing the bank’s loan policy that, for commercial loans secured by a warehouse and its contents in a Special Flood Hazard Area (SFHA), the bank requires flood insurance on the warehouse but not the contents because the security interest in the contents is done only in “an abundance of caution.” According to interagency flood insurance guidance, when a lender takes a security interest in improved real estate and contents located in an SFHA only as an “abundance of caution,” flood insurance is required.8 As a result, the compliance officer should update the loan policy to be consistent with the guidance and explain the change to the lending staff, perhaps providing examples. Using such a ground-level approach to compliance builds staff understanding and accountability and reinforces the messages communicated by the board and senior management.
Challenge 5: Championing change when the CMS does not have systemic issues
- Celebrate what went well
- Focus on being proactive
- Determine areas of unaddressed or increasing inherent risk
- Celebrate what went well
- Focus on being proactive
- Determine areas of unaddressed or increasing inherent risk
A well-managed compliance program should be celebrated. A satisfactory internal review or consumer compliance examination rating, with few or no issues, is the time for a compliance officer to discuss what went well and encourage vigilance. Compliance officers should be aware that it may be more difficult to obtain board and senior management attention and support during periods of success than it would be if the bank were facing serious deficiencies and legal and supervisory actions. It may be logical to divert consumer compliance resources from training and monitoring to address concerns in other areas after receiving satisfactory or outstanding consumer compliance ratings. However, the compliance officer’s job is to ensure a proper balance is maintained in all areas to appropriately monitor and mitigate risk.
When the CMS is performing well, keeping board and senior management’s attention may require a proactive approach. The compliance officer should remind the board and senior management that conducting risk assessments is an ongoing activity to monitor and control inherent environmental, legal and regulatory, and institutional risks as they evolve and increase. If risks are not identified, they cannot be properly mitigated. The Outlook article “The Benefits of a Proactive Compliance Program”9 may help the compliance officer frame the benefits of a proactive mindset for the board and senior management. For example, the compliance officer may consider discussing that, while the bank’s compliance program is currently satisfactory, it may not be keeping pace with evolving regulatory or environmental changes or will be tested by the bank’s growth strategies. The Outlook article “Promoting Effective Change Management”10 provides helpful suggestions.
Challenge 6: Expanding your support system
- Expand internal networks
- Explore external professional and social networks
- Similarly situated local and area banks
- State and national banking organizations
- Use regulators as resources
A compliance officer needs support systems to help overcome the challenges of feeling overwhelmed and isolated within the organization. While board and senior management support is important in this area, Federal Reserve consumer compliance examiners have also found that developing other strong internal and external support networks is helpful. Such networks can prevent isolation, create a space for brainstorming ideas for enhancing a compliance program, and provide sounding boards when deciding how to handle compliance issues.
One way to forge an internal support group in even the smallest bank is to build a compliance committee represented by each bank function or area (e.g., lending, operations, marketing/development). A well-structured, involved compliance committee can help the new compliance officer understand department functions, products and services offered, available management reporting, and key terminology. Committee members may also serve as consumer compliance ambassadors taking compliance information, training, and recommendations back to their areas, and they may serve as sounding boards for new ideas. During compliance internal reviews, committee members may act to allay staff unease, which includes by facilitating information requests.
External support groups provide a forum for discussing consumer compliance laws and regulations, regulatory guidance, and supervision experiences, in addition to providing more social support. The best external support may be banks similarly situated in asset size, area, and strategy, and some compliance officers begin the search for support networks by asking board members or senior management for consumer compliance contacts with similarly situated area banks. In addition, several financial technology vendors host user groups that a compliance officer may use to build relationships with similarly situated banks and gain knowledge of the functionality and limitations of bank technology and reporting. Participating in state banking organizations and attending state and national banking conferences may also introduce the compliance officer to supportive contacts.
Harnessing the long-standing relationships between community banks and their state and federal consumer compliance regulators can provide a mutually beneficial support system. Periodically contacting the federal examiner(s) assigned to the bank may be helpful in discussing the regulatory landscape and existing guidance and better understand supervisory expectations and the supervisory process. Although the examiner would be unable to provide recommendations, examiner contacts may be used to help the bank circumvent blind spots related to its compliance risk assessments, onboarding of products and services, or implementing strategic change. From these contacts, examiners gain a better understanding of the bank’s consumer compliance risk management process and emerging issues that may affect inherent consumer compliance risk.
Conclusion
Managing and implementing an effective CMS presents challenges, especially for compliance officers at smaller banks that lack the resources of their larger counterparts. It is important for board and senior management to support compliance officers and their staff in addressing these challenges. Compliance may be viewed as a cost center at some institutions and does not always receive the full support needed. But both the bank and its stakeholders benefit from an effective CMS, which can save the bank and its brand from legal and reputational risks that could result in enforcement actions and monetary penalties. Moreover, protecting bank customers makes good business sense. Specific questions and issues should be addressed to your primary regulator.
ENDNOTES
1 See Federal Reserve subscription to email notifications.
2 See Consumer Financial Protection Bureau subscription for press releases.
3 See Office of the Comptroller of the Currency subscription of email updates.
4 See Federal Deposit Insurance Corporation subscription for email updates.
5 See National Credit Union Administration subscription service.
6 See Department of Housing and Urban Development subscription service.
7 Robert L. Triplett III, “Understanding How Culture Drives a Bank’s Mission,” Consumer Compliance Outlook (First Issue 2018).
8 See Q&A Other Security Interests 9, “Loans in Areas Having Special Flood Hazards; Interagency Questions and Answers Regarding Flood Insurance,” 87 Federal Register 32826, 32885 (May 31, 2022).
9 Kathleen Benson, “The Benefits of a Proactive Compliance Proactive Program,” Consumer Compliance Outlook (Issue 3 2020).
10 Allison Burns, “Promoting Effective Change Management,” Consumer Compliance Outlook (Second Issue 2019).