Compliance Resourcing
Are you sufficiently staffed?
There is significant risk in not ensuring the sufficient allocation of compliance resources to address sanctions,
regulations, and day-to-day compliance
operations. Regardless of any change in
presidential or regulatory agency administration, the importance of the compliance function should not waver. Without
a risk-based rationale behind compliance resource allocation, a regulator
would be entitled to question a financial
institution’s grasp of the risks it faces and
of the appropriate allocation of controls
to mitigate such risks.
Compliance Risks
Compliance risk is defined by the Basel
Committee as “the risk of legal or regulatory sanctions, financial loss, or loss
to reputation that a bank may suffer as
a result of its failure to comply with all
applicable laws, regulations, codes of
conduct and standards of good practice”.
According to the Basel document, the
risk includes the conduct of banking
and financial business, conflicts of inter-
est, privacy, data protection, and the
prevention of money laundering and
terrorist financing. As such, it addresses
the negative consequences of non-com-
plying with applicable laws, rules and
standards versus the litigation exposure
of an institution’s deposit and or credit
contractual obligations. 1
The primary responsibility of the
compliance function is to assist the Board
of Directors and senior management
to manage the institution’s compliance
risks effectively—that is to comply with
the applicable laws, rules and standards
to which the institution is subject. The
compliance function serves to identify,
record and assess compliance risks associated with the institution’s operations,
including new and existing products and
services as well as customer relationships
(e.g., complaint management).
Like any other business strategy, compliance risks drive other banking risks.
Thus, compliance must be integrated
into the institution’s overall business
strategy from the onset and not be an
afterthought. Why? In the advent of an
adverse outcome, the stakes are higher
because because of the possibility of
regulatory actions.
These regulatory actions could result
in limiting an institution from expanding
through a merger and acquisition, or new
branch applications. And, of course, they
could also result in significant financial
penalties, fines, disgorgement of profits,
and restitution. In addition, reputational
risk could also occur which might fur-
ther exacerbate financial loss through
a decline in accounts or other business
services. This emphasizes the criticality of
ensuring the compliance function is fully
integrated into an institution’s enterprise-
wide operational risk management.
Resources assigned to the compliance
function must be positioned to manage
compliance risk adequately, efficiently
and effectively, throughout the institu-
tion—whether in the areas of deposits
or lending. It also holds true for all of
the regulations that impact us such as
BSA/AML. The Bank Secrecy Act (BSA)
actually mandates covered institutions to
have a sufficient allocation of resources
to address the prevention of any criminal
activity through the financial systems,
including anti-money laundering (AML)
and terrorist financing. Generally, all
financial federal regulators (Board of
Governors of the Federal Reserve System
(FRB), the Federal Deposit Insurance
Corporation (FDIC), the National Credit
Union Administration (NCUA), the Of-
fice of the Comptroller of the Currency
(OCC), and the Bureau of Consumer Fi-
nancial Protection (CFPB)) have stated
their expectations within their examina-
tion manuals, which state that:
“… a financial institution must
develop and maintain a sound com-
pliance management system (CMS)
that is integrated into the overall
risk management strategy of the
institution.” One of the “key actions
that Board and management may
take to demonstrate their commit-
ment to maintaining an effective
CMS and to set a positive climate
for compliance include: …
• appointing a compliance officer
with authority and accountability;
[and]
• allocating resources to compliance
functions commensurate with the
level and complexity of the insti-
tution’s operations …” 2
WITHOUT AN EFFECTIVE AND EFFICIENT compliance function within a financial institution, the strategic, financial, legal and reputational risks are insurmountable, yet compliance departments are often staffed “lean”. And, when it comes to
allocating resources within an organization, non-revenue generating departments
such as compliance, are often considered “overhead.” In addition, unprecedented
financial sanctions levied by regulators over the past decade have resulted in
banks increasing the staff of their compliance functions and departments.
However, despite these recent additions to staff, compliance remains under-resourced, which causes regulator concern.