The financial industry is experiencing change like no other in recent history. The “alphabet soup” list of regulations is growing. The expectation of board members is not that you know all the details, but that you provide a supportive environment that gives bank staff the necessary tools to do their jobs in order to comply. New regulations to protect consumers are being presented at a pace that makes it difficult to keep up, let alone understand and implement policies and procedures to comply. With the potential for more than 30 new consumer regulations as a result of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the need for Board support is greater than ever. Consumer compliance is demanding more of a bank’s resources. As a board member, it is important that you understand the need to allocate adequate resources to this area.
Your responsibility as a director is to provide your bank with a compliance management program that includes preventive, detective and corrective measures to ensure compliance with laws and regulations.
Preventive Measures
Components of a compliance management program intended to prevent violations from happening include policies, procedures, internal controls and staff training. A strong foundation of detailed policies and procedures complemented with a robust training program will ensure staff has the tools necessary to comply with required laws and regulations. Preventive controls can also include the use of computer software for disclosing required information to consumers when required.
Detective Measures
A second component of a strong compliance management program is one that includes detective measures designed to identify errors or violations of law. Methods designed to detect undesirable activities include audits or operational monitoring procedures, board and management oversight, risk monitoring and management information systems (MIS). Employing various detective measures will allow for early detection of errors, limiting the adverse impact they would have on the bank.
Corrective Measures
Corrective measures are actions taken when violations and errors are found. Corrective actions must include correction of errors identified by internal and external monitoring procedures, as well as violations and recommendations identified by your primary regulator. Regardless of who identified the violation or error, corrective action must be taken seriously.
Corrective action plans should include individual or group responsibility, due dates for completion and periodic status reports to communicate progress. The corrective action process should include the identification of weaknesses that led to the error. It is important to determine if errors are isolated or systemic, a result of inadequate policies and procedures, or deficiencies in the training program.
Areas of Particular Concern
A director’s responsibility is not to be a legal expert; however, there are some laws and regulations you should be familiar with because they may apply directly to you as a director or come with significant penalties for noncompliance. Those of particular concern are:
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Regulations
- Office of Foreign Assets Control (OFAC)
- Loans to Executive Officers, Directors and Principal Shareholders – Regulation O
- Privacy of Consumer Financial Information – Regulation P
- Fair and Accurate Credit Transaction (FACT) Act – Regulation V
- Community Reinvestment Act (CRA) – Regulation BB
- Equal Credit Opportunity Act – Regulation B
- Flood Disaster Protection Act
- Truth in Lending Act – Regulation Z
- Real Estate Settlement Procedures Act – HUD Regulation X
- Truth in Savings Act – Regulation DD
- Electronic Fund Transfer Act – Regulation E
- Expedited Funds Availability Act – Regulation CC
This is not meant to be an all inclusive list, but rather to give you an idea of some of the laws and regulations that can present greater risks to your organization.
Consequences of Noncompliance
Consequences for noncompliance can result in informal and formal regulatory enforcement actions. Informal actions can be in the form of board resolutions, commitment letters or memorandums of understanding (MOU). Formal actions can be written agreements, cease and desist orders (C & D), prompt corrective action directives, civil money penalties (CMPs) and prohibition and removal actions.
Penalties for noncompliance can come with a high price tag; some easy to determine, others not so easy. Direct costs related to reimbursement to customers can be easily quantified, the indirect costs resulting from damaged customer confidence, a damaged reputation and time taken from more productive activities is harder to determine. In any case, the costs are high.
Your responsibility as a director is to oversee all aspects of the bank, including regulatory compliance. Although you may not know all the laws and regulations, providing resources and support to staff to ensure compliance can go a long way.
