Compliance Management Program Panelists: Alesia Harlan City State Bank, Norwalk Kathy Burrows Bankers Trust Company, Des Moines Stephanie Christian WCF Financial, Webster City Moderator: Julie Gliha, MBA, CRCM, Iowa Bankers Association 2017 IBA Compliance Conference 1 Purpose of Compliance Management Program Determines compliance responsibilities Ensures employees understand responsibilities Incorporates requirements into business policies and procedures Provides review of operations to ensure compliance Requires corrective action/updates to materials It s a process not a one-time event 2017 IBA Compliance Conference 2 1
Importance of an Effective Compliance Management Program Supports the How Helps to insulate a company (and its officers, directors and employees) from civil and criminal liability Aids in managing risks due to changing products/services and new legislative actions Required due to complexity of the global financial services regulatory environment Expected by Financial services regulators around the globe 2017 IBA Compliance Conference 3 Pitfalls of a Poorly Constructed Compliance Management Program Financial risk Reputation risk Regulatory risk Increases the likelihood of unethical conduct Opens the door for fraud Negative impact on employee morale Serves as a roadmap for prosecutors Loan and fraud losses Reimbursement due to errors Public listing of enforcement actions Media reports Includes both Financial and Reputation Risk Consumes financial and human resources Increases litigation risk and possible penalties Civil and/or criminal penalties for noncompliance Dissatisfied customers Limitations on Expansion 2017 IBA Compliance Conference 4 2
Sources: Guidance Related to Compliance Management Programs Prudential Regulators/FFIEC Interagency Exam Rating System Federal Reserve Board Office of the Comptroller of the Currency Federal Deposit Insurance Corporation Consumer Financial Protection Bureau Enforcement Actions Case Law 2017 IBA Compliance Conference 5 Federal Reserve Board CMS Guidance Firm wide approach to compliance risk management including a corporate compliance function tailored to risk profile Independence of compliance staff and compliance monitoring and testing Board responsibilities Setting appropriate culture of compliance Clear policies regarding the management of key risks Ensuring policies are adhered to Senior Management responsibilities Communicate and reinforce compliance culture Implement and enforce compliance policies and risk management standards Establish, support and oversee compliance management program (CMP) Report to Board as needed on significant compliance matters and effectiveness of CMP Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Compliance Profiles, October 16, 2008. 2017 IBA Compliance Conference 6 3
Office of the Comptroller of the Currency CMS Guidance Framework for identifying, assessing, controlling, measuring, monitoring and reporting compliance risks across the organization Training throughout the organization Three lines of defense: Ownership of risks by front line departments Independent risk/compliance management function Internal Audit validation of risk/compliance governance framework https://occ.gov/publications/publications by type/comptrollers handbook/cms.pdf 2017 IBA Compliance Conference 7 Define compliance responsibilities Federal Deposit Insurance Corporation CMS Guidance Ensure employees understand responsibilities Ensure requirements are incorporated into business processes Review operations to ensure responsibilities are carried out and requirements are met Take corrective action and update materials as necessary https://www.fdic.gov/regulations/resources/director/presentations/cms.pdf 2017 IBA Compliance Conference 8 4
Consumer Financial Protection Bureau Focus Goal: Remain competitive and responsive to consumer needs Continually assess business strategies/modify product and service offerings and delivery channels Develop/maintain sound compliance management system covers product design, delivery and administration (entire product lifecycle) 2017 IBA Compliance Conference 9 CFPB CMS Guidance Establish compliance responsibilities Communicate responsibilities to employees Ensure responsibilities for meeting legal requirements and internal policies are incorporated into business process Review operations to ensure responsibilities are carried out and legal requirements are met Take corrective action and updates tools, systems and material as necessary http://files.consumerfinance.gov/f/201210_cfpb_supervision and examination manualv2.pdf 2017 IBA Compliance Conference 10 5
Goal Succession Planning Protect interest of Board Members, employees, shareholders and other constituents Provide confidence in company s long term initiatives 2017 IBA Compliance Conference 11 Succession Planning Best Practices Analysis Develop solid understanding of most significant challenges in next 4 6 years Skills and experience needed May be different than current position Development Internal Candidates = identify small number of people who may be ready in 2 4 years External Candidates = utilize skills of agency, bring in potential successor through other positions (allows strategic development of candidate). Allows candidate to develop relationships and company to explore likely effectiveness 2017 IBA Compliance Conference 12 6
Succession Planning Selection Internal candidate should be ready (consider internal candidate first if qualified) External candidate list should be updated Ask candidates to present vision for company in next 5 years to the board Transition focus on onboarding and first 12 months Allow to develop relationships with board Allow sufficient time with outgoing employee Understand areas requiring immediate action Get up to speed Board and Successor agree on plan for first year with measurable metrics/milestones and active engagement of all leadership to ensure using same playbook Ensure coaching plan is in place Source: Forbes Best Practices in Succession Planning by Stephen A. Miles and Nathan Bennett 2017 IBA Compliance Conference 13 Panelists: Introductions Kathy Burrows, Vice President of Compliance for Bankers Trust Company, Des Moines Alesia Harlan, SVP, Compliance Officer for City State Bank, Norwalk Stephanie Christian, Market President for WCF Financial, Independence 2017 IBA Compliance Conference 14 7
Panel Discussion How to Create a CMS Kathy Burrows Bankers Trust Company 2017 IBA Compliance Conference 15 A compliance management system is the compliance infrastructure that ensures a bank: Learns about and understands its compliance responsibilities Builds compliance requirements into its business processes Monitors to ensure responsibilities are carried out and requirements are met Takes corrective action and updates processes, as necessary 2017 IBA Compliance Conference 16 8
Components of a sound compliance management system: Board of directors and management oversight Compliance program Compliance audit 2017 IBA Compliance Conference 17 Board and management actions to demonstrate a healthy compliance culture: Demonstrate clear expectations about compliance and adopt clear policy statements Appoint a compliance officer with sufficient authority, accountability, and resources Provide a forum for regular compliance reports to the board 2017 IBA Compliance Conference 18 9
Components of a compliance program: Policies and procedures Training Monitoring Consumer complaint response 2017 IBA Compliance Conference 19 Recommendations for an effective compliance program: Service attitude Build trust Document the department s activities Maintain a change management tracker Clear and open communication 2017 IBA Compliance Conference 20 10
A compliance audit independent review of the bank s compliance with laws/regulations and adherences to internal policies and procedures Audits can be annual or ongoing For annual audits, spend some time scoping out the audit Embrace the process! 2017 IBA Compliance Conference 21 Panel Discussion How to Improve a CMS Alesia Harlan City State Bank 2017 IBA Compliance Conference 22 11
Ongoing Adjustments The improvement/little tweaks never stop after the initial framework is built. Understand your bank goals and strategic plan along with the organization s risk tolerance Will influence how you continue to adjust and run your CMS 2017 IBA Compliance Conference 23 Manage Risk Get the most value out for your time One or two sentence summary rather than detail Identify capacity in branches/other departments Use for low risk items Don t be afraid to try something, monitor for effectiveness and if it doesn t work make a change 2017 IBA Compliance Conference 24 12
Manage Relationships Culture is Critical Don t underestimate the power (time/cost/effort savings) of building rapport with your employee s Be respected as a leader Gain respect of Management, BOD and employees Earned through time Earn a seat at the table get involved early Loan file review improve process so testing system not performing compliance function Include Vendor Management set expectations and don t be afraid to push back 2017 IBA Compliance Conference 25 Planning Develop/use annual review calendar Determine level of risk, area of review, review frequency, responsible party, due date, date completed, etc.) Policy/procedure review schedule Risk Assessments Establish consistent format Simple may be the answer Include possible impact on consumers (i.e. consumer harm) Complaints Train on complaint process and log activity Send reminders if needed Include areas receiving high volume of calls 2017 IBA Compliance Conference 26 13
Policies/Procedures Develop a policy/procedure review schedule List all board approved polices Training Training calendar Training summary (what is covered) Training log (who attended) Audits/Review Create a response/tracking system for recommendations, observations, finding Include due date, responsible party, etc. Report to management (compliance committee, risk committee etc.) Show follow up training Track/document vendor correspondence Reporting/Committee s/ Meetings Be involved with Retail and Mortgage Attend meetings and provide input 2017 IBA Compliance Conference 27 Panel Discussion Compliance Structure (committee vs individual) Stephanie Christian WCF Financial 2017 IBA Compliance Conference 28 14
Individual Compliance Officer Challenges Burden is on Compliance Personnel only Constant regulatory changes/challenges Regulators want to see input from all departments 2017 IBA Compliance Conference 29 Compliance Committee What our Bank uses Structure Formed in 2015 Started with 7 members Now have 7 members, restructured once 2 Members from Management 2 Members from Lending 2 Members from Deposit Department 1 Compliance Officer Meet every other Friday 2017 IBA Compliance Conference 30 15
Compliance Committee Benefits Input from all Departments Training benefits Knowledge Accountability 2017 IBA Compliance Conference 31 What to Report to Board All Panelists 2017 IBA Compliance Conference 32 16
Consider: How to Decide Frequency Level of detail Higher risk areas What is reflected in board minutes and reviewed by examiners What they need to know to direct bank 2017 IBA Compliance Conference 33 Topics BSA New/changing regs. and implementation timeline Changes to products/services Related Risks Resource needs Audit and review report findings Complaints Training/audit calendars Updates to Procedures Fair Lending/CRA 2017 IBA Compliance Conference 34 17
2017 IBA Compliance Conference 35 Closing Thoughts Compliance Officer Role: Establish and maintain open lines of communication with all business lines Facilitate meeting the department goals in a compliant manner 2017 IBA Compliance Conference 36 18
Police Officer or Traffic Cop? Not a police officer Rather a Traffic Cop Directing traffic Slow... Detour... Caution... Full Speed Ahead! 2017 IBA Compliance Conference 37 Don t panic! You ve Got This!!! 2017 IBA Compliance Conference 38 19