Provide Regular Updates
If you only talk to your businesses when there are issues to report, you can
end up giving the impression that you don’t have enough to do. And they
will think of you as someone who only bears bad news. Think about the
typical day in your compliance shop. Not every review identifies significant
issues (hopefully); not every project is launched to fix a compliance gap; and
not every negative news search results in a finding. We all do a lot of work
maintaining and executing the Compliance Management System (CMS) in
our shops, researching changes to regulations to identify potential impacts,
along with our other day-to-day activities. Providing updates on what is
being done and what is coming up helps to show how Compliance fits into
the bigger picture and the outputs the businesses can expect, as a result. And
don’t forget to share the good news with them too!
Well before bank examiners come into our banks for routine exams, we already
have a clear idea of what they will look for and review. Examination manuals
are available online. In addition, regulators send a request letter weeks before
the visit, and they are available for questions and clarification before they even
walk in the door. The routine examination can be just that—routine. When
we set expectations by telling our businesses the rules and how we check to
make sure they are followed, then they can better demonstrate compliant
operations. What you are looking for should not be a surprise.
However, if you find something unexpected—let’s call it a “potential violation”—it’s important to:
■ ■ ■ Confirm the facts;
■ ■ ■ Determine if there is a “regulatory gap”; and
■ ■ ■ Let the business unit know what you have, well before the final report
Only once in my career have I called a business leader who was on vacation while I had compliance audit. In this instance, the testing team had
identified something significant. I applied my litmus test: If this bears out,
could it appear as front page news?
Just remember, if there is a potential issue, management wants to hear
from you first, not through the media or through a tweet-storm.
Also under the category of no surprises,
be sure to talk to your business before you report a problem to a wider audience. Just as you
wouldn’t want to be caught off guard, neither
Both Positive and Negative
Once a year, the President of the United States
addresses Congress in the State of the Union
address. The common theme of past addresses has been “the state of the Union is strong.”
Compare that to how compliance organizations
often report positive results, e.g. “acceptable”,
“satisfactory”, and “no issues identified”. The
tone of these descriptors seems as if the highest
grade a business unit can get is a “C”.
While it is not the purpose of Compliance to
be a cheerleader, it is good form to give credit
where credit is due, such as when:
■ ■ ■ Controls have improved;
■ ■ ■ Business units have proactively identified and raised potential issues; or
Publicly recognizing the department, leader or individual, demonstrates
that we are all on the same team, working together to protect the institution from regulatory risk. And during your regular meetings, don’t forget
to provide shoutouts to your business partners to remind them how much
you appreciate their cooperation.
Find Ways to Help
Show the business units you’re on their side. In compliance, there are often
small ways you can support your partners, that will positively impact your
overall relationship. If you have the option to be flexible with the monitoring
schedule or training plan, take their busy times into account to ensure you
don’t overwhelm them. You can also show your support by running point
on exams or audits to ensure the business is only cited for actual problems.
Doing so will prove your merit in more ways than you may realize.
And that’s what this is all about. Whether we are updating management on
the status of an open issue, giving the results of a compliance review to line
management, or presenting to senior management or the Board on the need
for more resources, we are attempting to influence management to take action.
This action will not happen if we are not credible and persuasive. Influence
is based on trust and trust is built through how and what we communicate,
and what we do with it. ■
ABOUT THE AUTHOR
ROBERT MARX, CRCM, CIA, is a VP of Compliance and the Treating Customers
Fairly Officer at WebBank with over 26 years of compliance and internal
audit experience at financial service institutions. Previously Robert was Chief
Compliance Officer, CRA Officer, and BSA Officer at various small and mid-sized banks. He currently serves as an Advisory Board Member and Faculty
Member of the American Bankers Association (ABA) Compliance Schools and
is a member of the Compliance Committee for the Utah Bankers Association
(UBA). Robert can be reached at email@example.com.
While it may be hard to
build trust when interacting
infrequently with others,
when you interact on a
regular basis, it’s
easy to shine.