Part One: A Day in the Life of a Compliance Officer
What does a Compliance Officer do?
Being a Compliance Officer (CO) within a financial services organization isn’t for the faint of heart. It’s a tough job with high risks, but it can also be high in rewards. There aren’t many people out in the workforce with the fortitude and skillset to take on the task, but if you’re one of the few, then there are plenty of job opportunities.
However, the risks of the position shouldn’t be taken lightly. Penalties for noncompliance often fall squarely on the shoulders of the CO and personal liability should be a concern. Being the CO takes nerves of steel and copious amounts of patience and persistence, not to mention high levels of functional organization and self-motivation. The balance between maintaining compliance and satisfying business needs is a fine line to walk. The challenge is to get staff on board with a culture of compliance and make compliance work in tandem with the company’s business needs. That is far easier said than done. It’s a love-hate relationship, and at the end of the day, you probably won’t be the winner of the office’s popularity contest. Business compliance isn’t a source of revenue, but once senior management understands the costs of noncompliance, it can save the business a lot of money in the long run by preventing fines, penalties, and reputational risks.
Ultimately, it’s very tough to quantify the positive and preventative impact that “staying compliant” has, both from a reputational perspective and from a bottom line financial point of view related to audits/penalties/legal fees. You can compare a compliance officer to having a full-stack home security system, which deters burglars, but until you’re actually hit with an attempted burglary, it’s hard to qualify the value of the security system.
A Compliance Officer’s general responsibilities, regardless of size or complexity, cover a wide range of duties and span every department and product a financial institution offers. The Compliance Officer must review policies and procedures for compliance with applicable laws and regulations by conducting compliance monitoring reviews issuing findings reports and following up to ensure that corrective action is taken promptly. Or as I like to call it, lurking in the hallway shadows for that loan officer to come back from lunch so you can pounce on him/her to follow up and correct errors for the upcoming audit. The CO must also assess emerging issues or potential liabilities and establish timelines to monitor change management within the organization.
The Compliance Officer is responsible for maintaining and implementing the financial institution’s Compliance Management System, which is required to be written and administered by all financial intuitions. An effective compliance management system is commonly comprised of 3 interdependent elements; (1) Board and Management Oversight, (2) Compliance Program, and (3) Compliance Audits. It can be an intricate tap dance to make sure the institution is maintaining all three elements of the Compliance Management.
1. Board and Management Oversight:
A culture of compliance has to start with the Board of Directors and Senior Management by demonstrating clear expectations about compliance and making compliance a priority. There must be clear policy statements that designate Compliance Officers with authority, accountability, and a requirement to work across departmental lines, having access to all areas of internal operation. The Board is responsible for allocating the necessary resources to ensure compliance and require periodic compliance audits to test the effectiveness of the financial institution’s Compliance Management System. The CO must provide recurrent reports to the Board, which cover all areas of the institution’s operations and enforce effective corrective action. Many institutions implement a Compliance Committee to maintain and administer compliance initiatives and report meeting minutes to the Board.
2. Compliance Program:
The Compliance Program is the meat and potatoes of the Compliance Officers daily functions. The CO is responsible for the financial institution’s many policies and procedures, which must be reviewed periodically for compliance accuracy and updated as needed when regulation or internal procedures require it. The CO administers Compliance Training for all management and staff. Specific regulations require annual training, and others can be conducted on a rotation, but the training must be recorded and tracked for regulatory examination reviews. COs should create individualized training for different job functions, which can be cumbersome, but it’s the most effective means of training. Streamlining and customizing training ensures that staff won’t be overloaded with information not specific to their job functions. Having a robust training program is also an important part of communicating regulatory changes and the effects those changes may have on everyday staff operations. Although it can be frustrating when you discover the training packet in the recycling bin from that session you worked hours on preparing.
Compliance Officers perform monitoring of day-to-day activities and transactional testing to identify problems and deficiencies. Monitoring can include reviewing: disclosures and calculations for various product offerings, document filing, and retention, posted notices, marketing literature, and advertising. It also includes reading and interpreting various state usury and consumer protection laws and reviewing regulations. In addition, it includes managing internal compliance communication systems that provide updates and revisions to applicable laws and regulations to management and staff (Change Management). The CO should be involved in the development and planning of any new product or service to ensure compliance. They are responsible for evaluating the compliance of new products and services, adding it to bank policies and procedures where necessary.
Using a Compliance Risk assessment can help in determining what areas of the operation are susceptible to the most risk, and Compliance Officers can focus on those areas. There are only so many hours in a day and honing in on the areas with the highest risk can have the most significant impact on the financial institution’s compliance. It’s a tightrope of regulatory hot button topics or “flavors of the month,” regulatory trends, new regulations with intense scrutiny, systemic weaknesses, regulations with high penalty assessment possibilities just to name a few.
As Compliance Officer you have to pick your battles wisely because you can’t be everywhere and change everything all at once. It’s about baby steps in the right direction and guiding internal teams to the water, but it’s not always easy to get them to drink it. Some staff will climb on board with no questions asked because they want to do a good job, while others you have to drag kicking and screaming all the way. Some of the more common protests are, “But we’ve always done it that way” or “The examiners have never said anything about that before.” My favorite response is, “Just because you’re driving 80 in a 65 doesn’t mean you aren’t doing something wrong. It just means you haven’t been caught.” For challenging individuals, it usually takes a compliance two by four to get the message across. After beating the issue in like a dead horse, a name drop in a report that goes to the Board-level usually does the trick. Even though the CO is forced to be the villain, the institution is protected from the risk. Sometimes being the “bad guy” is necessary to carry out the job’s responsibility.
3. Compliance Audits:
The last part of the Compliance Management System is compliance audits which are independent reviews of the institution’s compliance with consumer protection laws and regulations and adherence to internal policies and procedures. This audit can be completed by an independent internal audit department or a hired third-party external auditor. The costs and preparation required for an external compliance audit can make any board or audit committee cringe, and it only adds to the stigma of compliance costing money and not making money.
Of course, like at any smaller organization, if you’re a Compliance Officer at a small community bank, you get the lucky “other duties as assigned” job clause, and you might end up wearing more than just the compliance hat. For example, you might also take on the role of the BSA/AML Officer or Secondary Market Loan Quality Control which makes scheduling and meeting deadlines much more challenging. The bottom line is there’s a whole slew of things to juggle every single day. So it is crucial to allocate your time wisely and prioritize the workload. It’s also important to read and interpret state laws and federal regulations. You won’t be able to just digest what someone else feeds. You have to be able to interpret the law for yourself and apply it to individual situations within your own institution, and then break it down so everyone else can understand it. That way when staff has a question, you can answer confidently and give the proper guidance to Senior Management. Think of the Compliance Officer as an internal guide. They are an invaluable and useful tool to ensure a financial institution is following the rules and protecting customers. Compliance is a form of asset protection insurance.
Check out Parts Two and Three here:
Compliance.ai’s SMART platform aims to streamline the process of regulatory research by giving compliance professionals the power the Search, Monitor, Access, Research, and Track regulatory content in real time. Try our FREE 30 day Trial!
Compliance Management System – FDIC https://www.fdic.gov/news/news/financial/2006/2cep_compliance.pdf
What is a Compliance Management System? – FDIC https://www.fdic.gov/regulations/resources/director/presentations/cms.pdf
Compliance Exam Manual – FDIC https://www.fdic.gov/regulations/compliance/manual/index.html