Successfully Managing Regulatory Compliance Risk in Banking & Finance

Vernon Tanner, CRCM, CAMS, V.P. Real Estate Governance and BSA at 1st Franklin Financial Company

“Resistance Is Futile” isn’t just a classic ominous warning issued by many a fictional evil character in sci-fi movies. It’s a fundamental truth about regulatory compliance for financial institutions – be it consumer protection laws, AML/BSA requirements, IT security, etc.

After more than a decade since Dodd-Frank became law, most industry leaders have accepted (or at least resigned to) the fact that it’s no longer a question of “if” but rather “to what extent” must we comply. With all due respect, that may be short sighted.

Why? Because that view can result in either reacting to compliance problems after they’ve manifested themselves and it’s basically too late, or at the other end of the spectrum; over-reacting to problems that don’t yet truly exist (sometimes referred to as de-risking). Both approaches are perfectly understandable because the sheer volume, breadth, and complexity of regulations can be intimidating and confusing, much less understanding how the regulators actually apply them in our institutions.

There is a better way.

Let’s start with consumer protection laws. Several years ago, all six prudential regulators on the Federal Financial Institutions Examination Council (FFIEC) quietly issued the first complete and unified revision to their examination procedures in decades. The new “Consumer Compliance Rating System” is a relatively short document of just 32 pages. It provides a completely transparent look at exactly what the regulators are going to consider during examinations and how they’re going to grade us on them. It is a straightforward and easy-to-understand version of their gameday playbook, if you will. And here’s the thing: unlike a professional sports team that guards its playbook like Fort Knox gold, they actually want us to read theirs! Starting here helps focus our limited resources on shoring up matters that genuinely need attention (areas of vulnerability), and less on those that do not (areas of strength).

“The new “Consumer Compliance Rating System” is a relatively short document of just 32 pages. It provides a completely transparent look at exactly what the regulators are going to consider during examinations and how they’re going to grade us on them.”

The same is true for AML/BSA, IT Security, and the rest. All of the regulators have openly published their examination manuals for each of these areas and taking time to read them will pay immeasurable dividends. Just think of how much better examinations will go when you know exactly what to expect and where to focus your attention getting ready for them? Furthermore, if a regulator strays from their own examination manuals, the manual can be used as a means of reeling them back in and keeping exams on trac.

Mind you, none of this makes regulations easy, per se, because the proverbial devil is still in those regulatory details. Thus, financial institutions are still required to attract and retain professional talent (especially those who understand success includes profitability), then trust their guidance. But this approach to pre-exam preparation will definitely help find that elusive balance of preventing regulatory problems before they pile up, yet not overreact by de-risking unnecessarily. Ultimately, this enhances profitability & shareholder value, and frankly, makes life better for everyone involved.

So, yes, resistance to regulatory risk may indeed be futile, but a fundamentally sound approach to understanding and managing these risks on a pre-exam basis is not science fiction, but quite real and achievable.