As a bank consultant, I'm often surprised to see clients making the same, avoidable risk management and compliance mistakes. With a little concentrated effort, banks can change the way they deal with these issues and have fewer problems from regulators.

Mistake 1: Leaving risk to junior officers. Often risk management and compliance are viewed as necessary evils forced on banks by regulators and people who do not understand banking. As a result, the tendency is to do the minimum, spend the minimum and pay attention to these areas as infrequently as possible.

The average bank hires a compliance officer who is marginally qualified, spends almost nothing on support and training and then wonders why the regulators will not give them a break. It is understood that these areas are not profit centers. But they are profit preventers! Regulatory action can create additional staffing expenses, curtail future activities and present reputational risk to the bank.

We had a client who did the bare minimum to show the regulators that it had a compliance department. One junior individual in the lending group and one in the operations group were appointed compliance officers. Both of these individuals had minimal experience in the compliance/risk management area, and neither of these individuals did compliance as their primary function. These individuals were very sharp and were able to determine that the bank had compliance and risk issues.

However, in neither case were the warnings heeded and soon the bank ended up with a memorandum of understanding and the added expenses of having to add a complete compliance staff and address the issues in the MOU.

Compliance and risk management must be elevated to the senior management level, must be a part of strategic planning and must be considered one of the core competencies of the bank. The compliance department in particular must have the resources to receive training and provide effective training of staff.

Mistake 2: A casual attitude toward risk management. It is very easy to dismiss compliance and risk management. Banks never fail over a compliance issue, right? Maybe not, but Bank of America (foreclosures) Union Bank (Bank Secrecy Act) and Wells Fargo (Fair Lending) would probably beg to differ.

The easiest and best way to make pesky reporting requirements from regulators go away is to convince them that you take it seriously and are addressing whatever the concern may be. Explanations for less-than-satisfactory findings that include, "we were in a cost-cutting mode" or "our compliance manager position is in transition" only guarantee a further and more incisive look by the regulatory team.

A risk management and compliance program that requires regular reporting to the board of directors and demonstrates management follow-up goes a long way toward achieving regulatory harmony. Take these areas seriously, respond to concerns and actively address areas that require attention. The failure to do so only adds to future and prolonged misery!

Mistake 3: Failing to discuss regulators' feedback. So you have developed strong policies and procedures, have an established risk management profile and well-versed compliance staff. Despite all this, you are getting vague and threatening feedback from your regulators.

Comments such as, "minutes of the compliance committee should be more robust" appear in the draft of an examination report. Even to the casual reader, this comment is vague and is difficult to respond to in an effective manner. However, so many of our clients take the stance that it is better to go along and get along than to fight.

The phrase "pick your battles" comes up quite a bit. While this is often good advice, it is a mistake to make this stance the standard response to all feedback from regulators.

If your well-qualified staff is questioning the meaning of a finding or comment, it is well worth your while to ask for clarification. Without doing so, the bank is setting itself up for a repeat finding in an area where there was no previous agreement to begin with!

Flood insurance coverage is a good example. The regulation requires that with each new renewal extension or modification of a loan that is in a flood zone, the borrower be notified.

While this requirement may seem straightforward, it has been the experience of many of our clients that the results of examinations have been anything but straightforward!

The interpretation of what is a modification and exactly when a new notification is required will vary depending on the regulator and the particular team the regulator sends to your bank. Because experiences will vary, it is critically important that the bank receive clarification of the source of findings.

If the bank feels that the feedback from the examiners is unclear, unjust or flat-out wrong, the proper response is not to grumble and/or wait for another examination crew. Now is the time to seek clarification. This in no way means that the bank's staff should be contentious or rude. Simply asking for clarification and directions is the right and duty of management. 

This column originally appeared at Bank Technology News.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access