Focus on compliance culture and approach, not just transactions
Regulators are taking a different approach to examinations at banks and credit unions. Where, until recently, they focused almost exclusively on files and transaction testing, they are now also taking a harder look at each institution’s overall compliance approach.
With the Australian Prudential Regulation Authority (APRA) leading the charge, regulators are now taking a top-down look at the overall compliance effort, looking for evidence that financial institutions have:
- A strong compliance culture, starting with the right tone at the top
- Effective compliance policies and procedures
- Solid compliance training and monitoring programs
Incidents such as the recent scandal at Wells Fargo in the US, in which an overly aggressive sales culture led to wide-spread abuses, underscore the importance of a top-down, risk-focused compliance management approach. Financial institutions need to invest the time and resources necessary to ensure effective compliance throughout the institution.
Four steps all financial institutions should take:
- Develop compliance policies and procedures throughout the institution that set very clear compliance goals and that spell out exactly what all employees need to do to help ensure those goals are met. Be sure your compliance procedures are specific and actionable.
- Embed compliance into the development of new products and services. Don’t leave compliance as an afterthought that’s addressed after they are in place. Anticipate and address compliance risks during the development process.
- Take customer complaints and audit findings seriously. How financial institutions respond to signals of possible compliance issues is a major indictor of the strength of their overall compliance management system. Escalate customer complaints and audit findings to management and ensure that any underlying compliance issues are identified and addressed.
- Focus on training, support and testing. Having the right policies and procedures in place doesn’t matter if employees don’t understand them. Be sure personnel at every level of the organisation understand overall compliance issues and goals as well as specific compliance tasks that fall within their job description. Regularly test compliance at all levels and hold people at every level accountable for compliance performance. As testing uncovers issues, ensure practices are adjusted to correct for weaknesses. Training is often the weak link. Employees might understand which form to fill out or what actions to take, but if they don’t understand why, then they don’t fully appreciate the associated risks or their role in addressing them. Be sure employees understand their full role in your compliance efforts. Employees should understand their compliance functions as clearly as they understand their operational responsibilities. Consider specifying compliance obligations in their job descriptions.
A more sophisticated and holistic approach to compliance is not just a practice for major national banks.
Reviewing and strengthening your compliance program now will not only help to control your risks, it will better position you to stand up to the deeper focus that regulators will be taking in their examinations.