that should help bank senior and line
management understand compliance
implications for proposed actions and
activities they are pursuing. These interactions include:
■ ■ ■ Approval of new business ventures;
■ ■ ■ Review of third party agreements;
■ ■ ■ Regulatory change management
■ ■ ■ Technology product reviews/
■ ■ ■ Due diligence activities associated
with mergers or acquisitions; and
■ ■ ■ New and amended products and
Regarding UDAP/UDAAP risk in
institution products, services, and other
activities, institutions employ several
methods for managing and monitoring
potential risk situations. A majority of
institutions conduct compliance reviews
before product, service, or activity launch,
and compliance reviews/examination after launch. Almost half of respondents indicate that they also have UDAP/UDAAP
internal audit reviews. Fifty-nine percent
of the compliance officers indicated that
UDAP/UDAAP was reviewed in their
last regulatory compliance examination.
These examinations are slightly more
prevalent at larger institutions.
A financial institution’s relationship with
its examiners, as well as the supervisory
and policy staff of its primary regulator
in the district and Washington, DC offices, is extremely important. Survey responses indicate that compliance officers
are generally positive about the relationships they have with their examiners.
Almost 75% agree that their examiners
give them positive credit for their self-correction of compliance deficiencies.
When we look at this positive feedback
broken down by each regulatory agency,
the respondents told us they received
positive credit from the:
■ ■ ■ OCC, 81%,
■ ■ ■ FDIC, 73%,
■ ■ ■ FRB, 65%, and the
■ ■ ■ Bureau, 50%.
Exhibit 4 below shows that willing-
ness to question examination findings
the compliance officer disagrees with
or does not understand, increases with
bank asset size.
Another issue that has been an ongoing concern of bankers is their belief that
examiner recommendations for action
are actually requirements for action. In
the Survey, 59% of compliance officers
agreed that they believe examiner recommendations are in fact, requirements.
When looked at by regulatory agencies
the sentiment is consistent. As for institution size, those with less than $100
million in assets were decidedly less in
agreement with this contention, than
their larger institution counterparts.
The Survey contained several questions related to the compliance officer’s
view of their latest examination experience. For those institutions subject to
traditional point-in-time examinations,
47% of respondents said their most re-
cent examination was more risk-focused
than their previous examination; 43%
said it resulted in the same compliance
rating, and 36% said it was comparable
to the previous examination. For those
institutions subject to continuous exami-
nations (larger institutions), 25% of the
compliance officers felt examinations
focused on the highest risks, while 23%
also said the examinations resulted in
the same compliance rating.
Respondents indicated that the com-
pliance reviews that offered the most
useful information for improving their
compliance programs were: regulatory
agency examinations (24%), external
audits (21%), and internal audits (19%).
Lower down the list were compliance
quality assurance reviews and outside
consultant/service provider reviews.
Sixty percent of respondents said
examiners reviewed the bank’s risk man-
agement system prior to conducting its
examination. Of those, 39% say they saw
no discernible difference in the exami-
nation process. As Exhibit 5 shows, the
examination impact of the agency’s risk
management review varies somewhat by
Do you push back when examiners present you with examination findings
that you do not understand or you disagree with?
What impact did the agency risk management review
have on your examination activity? By Regulator: