The CO administers Compliance Training for all management and staff. Specific regulations require annual training, and others can be conducted on a rotation, but the training must be recorded and tracked for regulatory examination reviews. COs should create individualized training for different job functions, which can be cumbersome, but it’s the most effective means of training. Streamlining and customizing training ensures that staff won’t be overloaded with information not specific to their job functions. Having a robust training program is also an important part of communicating regulatory changes and the effects those changes may have on everyday staff operations. Although it can be frustrating when you discover the training packet in the recycling bin from that session you worked hours on preparing.
Compliance Officers perform monitoring of day-to-day activities and transactional testing to identify problems and deficiencies. Monitoring can include reviewing: disclosures and calculations for various product offerings, document filing, and retention, posted notices, marketing literature, and advertising. It also includes reading and interpreting various state usury and consumer protection laws and reviewing regulations. In addition, it includes managing internal compliance communication systems that provide updates and revisions to applicable laws and regulations to management and staff (Change Management). The CO should be involved in the development and planning of any new product or service to ensure compliance. They are responsible for evaluating the compliance of new products and services, adding it to bank policies and procedures where necessary.
Using a Compliance Risk assessment can help in determining what areas of the operation are susceptible to the most risk, and Compliance Officers can focus on those areas. There are only so many hours in a day and honing in on the areas with the highest risk can have the most significant impact on the financial institution’s compliance. It’s a tightrope of regulatory hot button topics or “flavors of the month,” regulatory trends, new regulations with intense scrutiny, systemic weaknesses, regulations with high penalty assessment possibilities just to name a few.
As Compliance Officer you have to pick your battles wisely because you can’t be everywhere and change everything all at once. It’s about baby steps in the right direction and guiding internal teams to the water, but it’s not always easy to get them to drink it. Some staff will climb on board with no questions asked because they want to do a good job, while others you have to drag kicking and screaming all the way. Some of the more common protests are, “But we’ve always done it that way” or “The examiners have never said anything about that before.” My favorite response is, “Just because you’re driving 80 in a 65 doesn’t mean you aren’t doing something wrong. It just means you haven’t been caught.” For challenging individuals, it usually takes a compliance two by four to get the message across. After beating the issue in like a dead horse, a name drop in a report that goes to the Board-level usually does the trick. Even though the CO is forced to be the villain, the institution is protected from the risk. Sometimes being the “bad guy” is necessary to carry out the job’s responsibility.