Assessing Your Compliance Management Program



In April of 2016, the FFIEC released proposed new guidelines for rating compliance programs at financial institutions.   These guidelines have since been adopted and will commence in March of 2017.  The new compliance guidelines will represent a strong departure from the current system for rating.  In addition, these guidelines present a strong opportunity for financial institutions to greatly impact their own compliance destiny.   Although these new guidelines have been released with limited fanfare, the change in approach to supervision of financial institutions has been discussed for some time and is noteworthy.  The upcoming changes to the ratings for compliance programs, will put a premium on the overall effectiveness of your compliance management program.   The stronger the program for compliance, the less likely a single finding will impact the overall rating.

Determining Effectiveness

Although it is easy to assume that “effectiveness” is in the eye of the beholder, there are some metrics that can be used to make this determination.   Some of the factors that the regulators will consider when assessing effectiveness include:

  • Ability to identify compliance risks at the institution – under the new ratings systems the risk assessment your institution prepares will be a critical document. On a regular basis, it is necessary to identify all the risks associated with:
    • The products you offer
    • The customers you serve
    • The It systems you are using
    • The training program you have
    • The strength of the policies and procedures in place
    • Turnover at key positions
    • New and additional products offered

Regulators will expect the risk assessment process is comprehensive and robust and all potential problems are considered and addressed.  For each risk mentioned above there should be steps designed to reduce risk to an acceptable level.  In this case, the acceptable level should match with the risk appetite of the Board.  All financial activity has some level of inherent risk.  The risk assessment should detail how your institution has identified the risk and done all that it can to reduce the risk to the level the Board has decided they are willing to take.

  • Appropriate resources to address and mitigate risks – One of the disconnects that often occur between the completion of a risk assessment and the ongoing operation of a financial institution is consideration of the resources that are available. For example, it is one thing to develop comprehensive procedures for testing compliance with flood rules.  It is another thing altogether not to have sufficient staff to complete all the steps in the procedures.  Moreover, if the staff that are expected to follow the flood procedures are overburdened or under trained, your plans for mitigating risk will be thwarted.  The level and quality of resources directed towards compliance will be a key consideration for the overall compliance rating under the new guidelines.  Suppose your financial institution had a finding in the flood insurance area after an examination.  If the finding was caused by an oversight, that is unlikely to repeat, the impact of the finding will be minimized.  On the other hand, if the finding was created because there wasn’t enough time or staff to do a quality check, the issue looms large.
  • Ongoing testing of the internal controls – Much like the old saying “an ounce of prevention is worth a pound of cure” regular testing of compliance controls can greatly enhance the effectiveness of a compliance program.  The testing doesn’t have to be extensive, just consistent.  Take five of the most recent originated loans and make sure that the disclosures were completed timely and completely.  Do the same for deposit accounts that have been recently opened.  Complete a mystery shopping event to test employee’s knowledge of products and services.   By using ongoing testing, a compliance team can determine the areas of true weakness and address them.
  • Training of staff– Most financial institutions rely on on-line training to meet the obligations of keeping staff informed about the applicable regulations. On-line training is an extremely useful and cost effective manner to give staff members basic understanding.  However, effective compliance programs augment this training with in-person classes that allow staff to ask real world examples.  This reinforces the information and allows for a deeper understanding of the requirements of the regulations and how staff is critical for an overall strong program.

Using Findings to your advantage

Maintaining an effective program does not mean that there won’t be ANY findings.  It DOES mean that when errors occur, the compliance team can determine the root cause of the problem and develop a plan to address it.   An effective compliance program will be able to use findings to strengthen the program itself in the long run.


For a Complete Discussion of the New Compliance Ratings System, please visit our blog at

There are lessons for All Financial Institutions in the Wells Fargo Case Part Three- Turning Our Eyes to a Glaring Need



There are lessons for All Financial Institutions in the Wells Fargo Case

We have talked about the Wells Fargo case involved violations of Unfair, Deceptive Acts or Practices Act.  We noted that this is true because the practices of the bank forced extra accounts and products on customers who simply didn’t want them.  In addition to unwanted accounts were significant fees and charges.  In some cases, there were as many as 10 unwanted accounts for customers of Wells Fargo.

While this case continues to wind its way through various administrative hearings, news stories and the inevitable civil lawsuits, there is a strong irony in this case that can easily go unnoticed.  There can be no doubt that customers of the Wells Fargo were victimized by an abusive campaign.  However, while these customers can be considered OVERBANKED there are simultaneously millions of Americans are unbanked and underbanked.

A Forgotten Population

Wells and many other financial institutions continue to pursue practices that forced additional accounts on people who already had a banking relationship.  In the meantime, there are millions of potential customers who have no relationship at all as the FDIC showed inn their 2015 study of Unbanked and underbanked populations.

The FDIC has defined Unbanked and underbanked as follows:

“…… many households—referred to in this report as “unbanked”—do not have an account at an insured institution. Additional households have an account, but have also obtained financial services and products from non-bank, alternative financial services (AFS) providers in the prior 12 months. These households are referred to here as “underbanked.”[1]

Per the Corporation for Enterprise Development, there are millions of unbanked and underbanked households across the country.  For example, in 2010 the same organization estimated that 20% of the households in New Jersey are underbanked.[2].     The number of unbanked and underbanked people that live within the service areas of financial institutions presents both an opportunity and a level of risk.  As the FDIC pointed out in there May 2016 study “Bank Efforts to serve underbanked and unbanked Communities” the whole banking community is better served when the level of trust and participation is increased[3].

Why Unbanked and Underbanked?

The FDIC asks the same sorts of questions every year the answers have been consistent.  Here are some of the key observations:

  • The most commonly cited reason was “Do not have enough money to keep in an account.” An estimated 57.4 percent of unbanked households cited this as a reason and 37.8 percent cited it as the main reason.
  • Other commonly cited reasons were “Avoiding a bank gives more privacy,” “Don’t trust banks,” “Bank account fees are too high,” and “Bank account fees are unpredictable.
  • Perceptions of Banks’ Interest The 2015 survey included a new question asked of all households: “How interested are banks in serving households like yours?”
  • The survey results revealed pronounced differences across households.
  • Approximately 16 percent thought that banks were “not at all interested” in serving households like theirs, and the perceptions of the remaining 8 percent were unknown.
  • Unbanked households were substantially less likely than underbanked or fully banked households to perceive that banks were interested in serving households like theirs. More than half (55.8 percent) thought that banks were not at all interested, compared to roughly 17 percent of underbanked households and 12 percent of fully banked households.

While financial institutions are overbanking the customers they have, there are well over 50 million households in America that currently either don’t have a relationship with a bank or a minimal one.

Why serve these communities?

In many cases, misperceptions from the point of view of customers and financial institutions keep them apart.  For far too long it has been an axiom that the costs of providing banking services for consumer accounts prevents an acceptable rate of return.  However, through the development and use of new technologies, the costs associated with consumer accounts has significantly declined.

Without significant competition for the unbanked and underbanked households, financial needs are met by business that are predatory.  The number of financial institutions offering high cost loans has proliferated and the number of unbanked and underbanked families has grown.

Advances in technology had made it possible for financial institutions to offer services to communities throughout the country and the world without needed to expand the branch system. Today’s digital wallet customer is tomorrow’s commercial loan.

Compliance as an Asset

For the financial institution that considers offering new products and services using technology, a new approach to compliance must be pursued.   Currently for most financial institutions, compliance is viewed as a necessary evil expense that is at best, the cost of doing business.  However, suppose the role and function of the compliance department changed.  When the compliance department becomes fully versed in the requirements for offering Fintech products, the institution can become an active participant in the burgeoning market.  By putting resources into your institutions ability to assess and monitor risks, new products, partnerships and growth is possible.  Start thinking of compliance as an asset- it can be the gateway to new sources of income

Towards New Markets

The fact is that there are products that are available and cost effective while the market for these products is huge; there simply must be a willing spirit.  Rather than committing fraud, consider serving the unbanked and underbanked markets

[1] FDIC survey of unbanked and underbanked households

[2] See anked_Places_in_America.pdf  June 2016

[3]The FDIC recognizes that public confidence in the banking system is strengthened when banks effectively serve the broadest possible set of consumers. Accordingly, the agency is committed to helping increase the participation of unbanked and underbanked consumers in the banking system.