Banks spend enormous sums of money each year to meet their federal and state regulatory compliance requirements. They hire professionals with the requisite experience to tackle things like their Bank Secrecy Act and Information Security programs; they invest significant budget dollars in today’s sophisticated compliance software tools; and they spend countless hours developing policies, processes, and procedures to stay compliant.
But despite all that time, money, and effort, the one thing that often gets overlooked when it comes to bank compliance is communicating about it often and to everyone in the organization.
A Steady Stream of Communication
Several years ago, the Financial Crimes Enforcement Network (FinCEN) issued an Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance. While this publication was geared toward BSA programs in 2014, its logic still applies today to a bank’s enterprise approach to compliance. Just as FinCen suggested then, it still is today: “The culture of an organization is critical to its compliance.”
Building a culture of compliance requires a steady stream of communication.
Ever since the 2008 financial crisis, federal banking regulators have emphasized that bank boards are ultimately responsible for all business operations, including compliance. Often, board members come from a variety of industries. Even those with a background in financial services often do not have particular compliance expertise.
That’s why they rely on those within the Compliance or Risk Management Office with the requisite expertise to keep them abreast of changes to regulatory guidance and laws, as well as to internal or external environmental changes that could impact the bank’s ability to comply with existing or changing regulations.
The Compliance Office is an interdependent function of almost every other bank area, including individual business units, corporate communications, e-commerce, finance, information technology, legal, marketing, product development, operations, risk management, and even third-party service providers. An institution’s ability to effectively comply with their regulatory requirements demands an open and healthy back-and-forth line of communication between the Compliance Office and these other areas.
For instance, if marketing is working with product development to roll out a new product and its corresponding marketing collateral, the Compliance Office should be in the loop. Conversely, if a new regulation is going into effect, such as the General Data Protection Regulation did in May, then it is incumbent upon the Compliance Office to provide timely details and periodic updates to the managers of all directly and indirectly impacted functions.
The everyday task of complying with many banking regulations falls on the shoulders of employees in either customer-facing or operations roles. They cannot be expected to do a good job at such compliance if they do not have the support and information they need.
Support comes in the form of senior management emphasizing their dedication to a culture of compliance in every word and action they take. Employees only buy-in when they believe senior management is on board and leading the way.
Information should come from the Compliance Office on a timely and routine basis, so that employees understand their responsibility to specific regulations, the importance of complying with them to the overall health of the institution and its customers, and where to go for help if they don’t understand either.
Don’t Let a Failure to Communicate Undermine Your Compliance Efforts
Sophisticated technology has certainly helped streamline bank compliance efforts, but it shouldn’t be considered a replacement for good, old-fashioned communication, which today, thanks to such technology, can be delivered in any number of ways to those who need it, so that it is at their fingertips at all times.
And by good, old-fashioned communication, I mean exactly what your sixth grade English teacher taught you. Explain the who, what, where, when, and why of the situation as concisely and yet comprehensively as possible.
The by-product of such communication is proof to bank examiners of your commitment to building a culture of compliance.