way that allows a forum for questions
■■ ■ Internal audit—Internal audit
expertise is costly and difficult for a
smaller institution to maintain. For
cost/benefit considerations, many
community institutions outsource
the internal audit function (including
compliance audits), to a firm with the
requisite expertise. Larger institutions
typically have internal audit functions,
but they may still choose to co-source
certain compliance audits (such as fair
lending) that require a higher level of
expertise than is resident in-house.
Where is all the good compliance talent? Good compliance officers are still very much in demand. Through the last several
years, in light of the implementation of the Dodd-Frank Consumer Protection Act, there has been an increase in the number
of compliance professionals. Finding the right fit requires analysis
of what is most important to the culture and existing state of
compliance within an institution.
Recruiting firms have created a niche for compliance specialties and for the right position, engaging such a firm may be well
worth it. Compliance talent may also be present within the ranks
of the institution. For example, individuals who possess mortgage
loan expertise, where most of the lending consumer compliance
requirements are involved, would bring a level of operational
knowledge to complement the team. Internal auditors looking
to be more involved in the operations while utilizing their audit
skills would also be good team members.
Once the right team is on board, what strategies will make them
want to stay? Management and Board support is probably the
most important job satisfaction factor to a good compliance officer. Without it, no matter how hard one tries, it will be an uphill
battle that in the end will not be worth climbing, especially with
the high demand for compliance talent.
Support means compliance has a seat at the management table
and is informed and involved with certain management decisions.
It means being able to challenge decisions that present potential
compliance risk and work through solutions collaboratively. Compliance must also be able to present issues and approach business
lines in a constructive and diplomatic fashion. After all, everyone
is working for the same institution and has the same goals!
In a constantly changing regulatory landscape, training and
education is very important for the compliance team. Training
on technical regulatory content is a given. Essentially, the team
operates as an internal consulting firm. They must be able to
speak comfortable with all levels of bank employees from tellers
to management and even the Board of Directors. As a result, they
should receive training that includes interpersonal, communication, presentation, and negotiation skills.
Communication with the regulators and facilitation of examinations also largely rests within the compliance function. A variety of
technical and compliance management training options are available
through industry association schools, seminars, conferences, and
webinars. A program that allows different team members to participate in rotation is a great start. Hiring managers with professional
certifications such as the ABA’s Certified Regulatory Compliance
Manager (CRCM) and Certified AML and Fraud Professional
(CAFP) demonstrate the institution’s commitment to compliance.
As with any profession that is in demand, a competitive compensation package and an inclusive working environment is vital to hiring and retaining effective personnel, from compliance
analysts to the CCO. Institutions building their teams will want
to incorporate opportunities for advancement within the team.
For a CMS to be truly effective, the team must be seen and heard
throughout the organization as advisors rather than the “
compliance police.” Fostering collaborative working relationships with
all lines of business and support functions will deepen the culture
of compliance. It is up to compliance, with management’s support, to set that tone. Managers must also allow the compliance
team, armed with organizational and regulatory knowledge, the
opportunity to see, think, and interact on their own. Compliance
is not just about the regulations, and more importantly, it is about
communication creating an effective feedback process for the institution to operate within the spirit and boundaries of the myriad
of laws and regulations. The right compliance team will make all
the difference in ensuring an effective CMS. They will also help an
institution mitigate risks by controlling or eliminating improper or
non-compliant practices resulting in a higher level of trust with its
customers, employees, business partners, and regulatory agencies. ■
ABOUT THE AUTHOR
LIZA WARNER, CPA, CFSA, CRMA, is a Managing Director at
CrossCheck Compliance and a bank internal audit, compliance,
and risk management executive with over 30 years of experience
in the financial and professional services industries. Previously Liza
was the chief compliance and operational risk officer for a mid-size
regional bank and has consulted with institutions of all sizes on
their internal audit and compliance needs. She started her career
in the internal audit function of what is now one of the largest
national banks. She is a CPA, a Certified Financial Services Auditor
(CFSA), and she holds a Certificate in Risk Management Assurance
(CRMA). Liza can be reached at lwarner@crosscheckcompliance.
Compliance is not just about the regulations,
and more importantly, it is about
communication creating an effective
feedback process for the institution to operate
within the spirit anw boundaries of the
myriad of laws and regulations.