Regardless of the size or structure of the institution, the compliance team plays a pivotal role in the CMS. In today’s regulatory
environment, the second line compliance team is more than a
ready reference for regulations and a monitoring function. If
it is to foresee and prevent compliance risks and help develop
the compliance culture, it requires a balance of the following
■ ■ ■ Compliance acumen—to perform its duties advantageously, the
compliance team must be well-versed on the regulatory requirements, or at a minimum, know how to research and interpret
requirements applicable to the institution’s products and services.
■ ■ ■ Operational and risk management knowledge—a keen understanding of the business and related processes and risks is imperative. In addition, when an error or exception occurs, a proper root
cause analysis is necessary to ensure the process change addresses
the cause of the error, not just the symptom. Without this knowledge and analysis, it is difficult to apply the laws and regulations,
or understand where compliance risk exists. One mission of the
compliance team is to be an advocate for the business and find
ways to say “yes” rather than only saying “no”. A strong working
knowledge of the business and operations will help to explore
options, and compliance will be able to better fulfill that mission.
■ ■ ■ Systems knowledge and process improvement—with the advent of financial technology (Fin Tech) and regulatory technology (Reg Tech), the compliance team must possess the skills to
understand relationships between data sets and identify warning
signs. However, before technology can be effective, policies and
practices must translate to compliant, efficient, and repeatable
processes. Automation of monitoring processes will also require
individuals with process improvement and technology skills. Forming methods to perform compliance related activities better and
faster will elevate the compliance team’s value to the organization.
■ ■ ■ Change agent—the compliance team must be skilled in change
management and inspire the hearts and minds of colleagues across
the organization as it relates to compliance. Persuasive communication and negotiation skills are as important and perhaps more so
than the regulatory requirements themselves. When a regulation
or a process changes, the compliance team must ensure the business lines understand and accept the change for the new process
to be sustainable.
■■ ■ Coach and trainer—One of the
team’s main responsibilities is to advise
on compliance questions and issues and
to train on regulatory requirements.
Excellent presentation and communication skills are required for training
and presentations to everyone from
business lines to senior management,
the board, and regulatory agencies.
■ ■ ■ Facilitator—Ideally, the compliance
team is involved in business strategies
including product and service development or changes to key operational
processes. Occasionally, compliance
risks may require discussion across
functional areas and the compliance team may facilitate such
discussion to ensure all impacted parties come together and
understand the risks and how to adequately address them.
CMS criticism within enforcement or supervisory actions highlights the breadth and depth of business and regulatory knowledge
expected of compliance teams. So many skills and disciplines
are needed, and it can be difficult to find them all in one person,
especially at smaller institutions where it is more difficult to balance the cost of compliance with other business objectives. Larger
institutions may have more leeway in building the team, though
constraints are also present such as limited budgets and competitive offers from other companies or business units.
When deciding the make-up and structure of the compliance
team and whether to build or selectively buy compliance services,
consider the following:
■ ■ ■ Education and Experience—To date, compliance officers have
evolved from various educational and working backgrounds including operations managers, risk managers, internal auditors,
examiners, and attorneys to name a few. While each discipline
may approach the compliance program from different starting
points, all must do so in a risk-based fashion. For example, a
risk manager may approach risk measurement from a product
viewpoint and then apply the regulatory requirement while an
attorney may start with a regulation and look at which products
and services to which they apply.
■ ■ ■ Training—A good compliance officer who is also an effective
trainer is not easy to find. It is often a challenge to deliver the
technical content to a group and do it in an interesting way that
is also conducive to visual, auditory, read/write, and kinesthetic
learners. Consider leveraging training and development professionals within the human resources function to provide compliance training developed with the compliance team’s assistance.
This approach not only addresses a skill gap, but it also teaches
the compliance team about different learning styles, and it helps
educate the training/human resources function on compliance.
Keep in mind that the most memorable and successful compliance training is customized to the institution, and delivered in a
Because the entire institution has an
obligation to manage compliance activities
effectively, defining who is responsible,
accountable, consulted, and informed of these
activities is the cornerstone
to a successful CMS.