By Pam Perdue
It may shock you to hear a compliance expert suggest that your bank might be spending too much on compliance. But it’s not only possible, it’s probable.
The uncertain regulatory environment continues to worry bankers. With some rules being eliminated, others added and many in constant flux, changing regulations critically impact bank operations and interfere with profitable and efficient processes. It’s a never-ending challenge for banks to manage regulatory change and work around the burdensome costs of complying with existing rules.
An April 2018 study from the Federal Reserve Bank of St. Louis found that compliance costs for community banks averaged 7 percent of noninterest expenses. For banks under $100 million, compliance costs averaged nearly 10 percent of noninterest expense, while the largest banks’ costs averaged 5 percent.
With such a significant expenditure, one would logically expect that with a greater compliance spend come higher compliance ratings. However, there is no discernable difference in their compliance ratings or outcomes. If there is no significant difference between the two groups, then it begs the conclusion that the dollars spent at the smallest community banks aren’t being spent effectively.
While there isn’t a standard calculation or formula to predict how much banks “should” spend on compliance, there are signals that dollars aren’t making a positive impact. Often banks are spending on outdated ways of doing things, like spending too much time reading regulations, training and retraining staff, failing to upgrade technology and allowing repeat findings on audits or exams.
Reading regulations versus implementing requirements.
Understanding long, complex regulations requires undivided attention and concentration. According to a recent Continuity Banking Compliance Index, financial institutions had nearly 1,400 pages of regulatory changes to read and analyze in one quarter alone. This step is crucial, as banks must first gain a proper understanding of a regulation and how it will impact their specific institution.
But ask yourself two questions:
- Does your compliance team have time to digest and interpret regulations themselves (or worse, circulate them to other teammates)?
- Does your compliance team have the diverse legal, operational, risk and regulatory-specific background to do this work efficiently?
Placing over-reliance on internal analysis breeds risk and error. Instead, savvy banks are reducing the amount of time required to read and analyze regulations by partnering with outside experts for analysis. By outsourcing the time-consuming step of regulatory analysis, and pairing it with technology that simplifies implementation, banks are able to take action and focus on strategic initiatives.
Ineffective training and lack of enforcement of standards.
Training is a necessary part of any compliance program. However, if training is not delivered in a job-specific way that combines the regulatory requirements with your bank’s unique policies and procedures, you’re wasting time and money delivering information that may not be actionable.
Where weaknesses are identified in audits or exams, it’s important to determine whether and why internal quality control and monitoring didn’t detect the issue sooner. Training is rarely the only cause of noncompliant outcomes. If your detective controls aren’t working, or if standards aren’t being enforced by management, training won’t help. Training cannot be effective unless other variables within the compliance equation have been addressed first.
Inefficient or absent use of technology.
There is a significant gap in effectiveness and efficiency between banks that use advanced technology to aid in their compliance management and those that continue to rely on documents and spreadsheets. A strong compliance management system can boost efficiencies, reduce the amount of time dedicated to compliance and help strengthen results.
Examiners are increasingly expecting to see a centralized compliance management platform that houses all relevant compliance information and tasks in one easily accessible location. Comprehensive systems will alert employees to relevant tasks that need their attention, proactively push out pertinent regulatory information and automate previously manual documentation and procedures.
However, a bank’s technology spend is only as strong as those who leverage the resource. This is why implementing a culture of compliance is so important. Employees must have both the will and the skill to leverage technology solutions and modernize their efforts.
Repeat exam findings.
Perhaps the most obvious red flag of all is when auditors and examiners consistently identify the same problems at an institution. Banks that are spending a hefty amount of resources on compliance but continue to receive the same audit feedback are clearly not using their time or money effectively.
Layering additional training over weak policies or poorly designed procedures will only aggravate compliance weaknesses and frustrate staff. Repeat findings are neither common nor inevitable — they signal serious flaws in your CMS that mean good dollars are being spent chasing after bad outcomes that could have been prevented with proper oversight.
Compliance efforts will continue to command significant portions of a bank’s budget. However, throwing money at this problem without strategic planning and cultural clarity is a waste. Banks must be intentional with their compliance spend, first determining a strategy and clearly defined end-goal and then determining how to successfully meet that goal, which often involves technology and partnerships. If many of these pitfalls apply to your organization, it might be time to take a closer look at your compliance strategy. Well-run institutions respond quickly to banish these common mistakes and ensure their compliance environment is designed and positioned for success.
Pam Perdue is chief regulatory officer, Continuity. For more information, visit www.continuity.net.