Communication: The Oft Forgotten Component of Bank Compliance

green headphones near laptop and microphone
Photo by samer daboul on

Banks spend enormous sums of money each year to meet their federal and state regulatory compliance requirements. They hire professionals with the requisite experience to tackle things like their Bank Secrecy Act and Information Security programs; they invest significant budget dollars in today’s sophisticated compliance software tools; and they spend countless hours developing policies, processes, and procedures to stay compliant.

But despite all that time, money, and effort, the one thing that often gets overlooked when it comes to bank compliance is communicating about it often and to everyone in the organization.

A Steady Stream of Communication

Several years ago, the Financial Crimes Enforcement Network (FinCEN) issued an Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance. While this publication was geared toward BSA programs in 2014, its logic still applies today to a bank’s enterprise approach to compliance. Just as FinCen suggested then, it still is today: “The culture of an organization is critical to its compliance.”

Building a culture of compliance requires a steady stream of communication.

Upstream Communication

Ever since the 2008 financial crisis, federal banking regulators have emphasized that bank boards are ultimately responsible for all business operations, including compliance. Often, board members come from a variety of industries. Even those with a background in financial services often do not have particular compliance expertise.

That’s why they rely on those within the Compliance or Risk Management Office with the requisite expertise to keep them abreast of changes to regulatory guidance and laws, as well as to internal or external environmental changes that could impact the bank’s ability to comply with existing or changing regulations.

Cross-stream Communication

The Compliance Office is an interdependent function of almost every other bank area, including individual business units, corporate communications, e-commerce, finance, information technology, legal, marketing, product development, operations, risk management, and even third-party service providers. An institution’s ability to effectively comply with their regulatory requirements demands an open and healthy back-and-forth line of communication between the Compliance Office and these other areas.

For instance, if marketing is working with product development to roll out a new product and its corresponding marketing collateral, the Compliance Office should be in the loop. Conversely, if a new regulation is going into effect, such as the General Data Protection Regulation did in May, then it is incumbent upon the Compliance Office to provide timely details and periodic updates to the managers of all directly and indirectly impacted functions.

Downstream Communication

The everyday task of complying with many banking regulations falls on the shoulders of employees in either customer-facing or operations roles. They cannot be expected to do a good job at such compliance if they do not have the support and information they need.

Support comes in the form of senior management emphasizing their dedication to a culture of compliance in every word and action they take. Employees only buy-in when they believe senior management is on board and leading the way.

Information should come from the Compliance Office on a timely and routine basis, so that employees understand their responsibility to specific regulations, the importance of complying with them to the overall health of the institution and its customers, and  where to go for help if they don’t understand either.

Don’t Let a Failure to Communicate Undermine Your Compliance Efforts

Sophisticated technology has certainly helped streamline bank compliance efforts, but it shouldn’t be considered a replacement for good, old-fashioned communication, which today, thanks to such technology, can be delivered in any number of ways to those who need it, so that it is at their fingertips at all times.

And by good, old-fashioned communication, I mean exactly what your sixth grade English teacher taught you. Explain the who, what, where, when, and why of the situation as concisely and yet comprehensively as possible.

The by-product of such communication is proof to bank examiners of your commitment to building a culture of compliance.


CFPB Grants Reprieve on Prepaid Accounts Rule

By Mary Crotty, Freelance Writer for Banks and Third-Party Service Providers

Making good on a promise it made in December, the Consumer Financial Protection Bureau (CFPB) yesterday announced that it is officially delaying the effective date of its Prepaid Accounts Rule along with other changes to its original final rule on the matter.

Effective Date for Prepaid Accounts Rule Moves to April 1, 2019

Financial institutions that issue prepaid accounts and cards will now have until April 1, 2019 to comply with the CFPB’s rule. This additional year, which provides time for issuers to update their prepaid card packaging to meet new disclosure requirements, appears to be the CFPB’s compromise between issuers’ need for additional preparation time and the Bureau’s continued stance that this increasingly popular consumer financial product should benefit from consumer protection regulations.

The other two major changes announced on January 25 also reflect this sentiment.

Error Resolution and Liability Changes

Under the Final Rule’s amendment, “financial institutions are not required to resolve errors or limit consumers’ liability on unverified accounts.” The CFPB indicates that this change is intended to encourage consumers to register their prepaid accounts in order to enjoy their full utility, while ultimately lessening the compliance burden of this rule on financial institutions.

In addition, financial institutions will not be required to retroactively resolve errors or limit liability on transactions made prior to the account verification.

Provision for Credit Cards Linked to Digital Wallets

The CFPB estimates that $116 billion will be loaded onto prepaid accounts by the year 2020. This rapidly escalating number is fueled in part by credit card holders linking their credit card accounts to digital wallets, which fall under the prepaid accounts definition. The final major change from the CFPB “ensures consumers continue to receive full federal credit card protections on their traditional credit card accounts while making it easier for them to link those accounts to digital wallets that can store funds.”

Make Sure to Update Employees on Revised Effective Date

The project team within your institution that is working on preparations for the Prepaid Accounts Rule implementation should communicate the revised effective date to all relevant departments to ensure that everyone is aware of the delay and understands the other changes associated with this rule amendment.


Civil Money Penalty Maximums Going Up

By Mary Crotty, Freelance Writer for Banks and Third-Party Service Providers

If your bank or credit union is cited for a compliance violation this year, expect to pay more. Within the last week, each of the primary financial regulatory agencies announced increases to their maximum civil money penalties (CMPs). These increases adjust for inflation as required by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015.

Financial Regulatory Agencies Announce CMP Maximum Increases

On January 10, the Board of Governors of the Federal Reserve System (Fed) published a final rule adjusting its CMPs for inflation, which was effective that same day.

The Federal Deposit Insurance Corporation (FDIC) and the Consumer Financial Protection Bureau (CFPB) each published a final rule for adjusting maximum CMPs on January 12 with an effective date of January 15, 2018.

For its part, the Office of the Comptroller of the Currency  (OCC) issued A Notice of Monetary Penalties 2018 that is “applicable to penalties assessed on or after January 12, 2018, for conduct occurring on or after November 2, 2015.”

Finally, the National Credit Union Administration (NCUA) issued its final rule in the Federal Register on January 16 with an effective date of January 15, 2018.

Communication Is Key to Avoiding CMPs

Well written documentation and routine communication with employees about your organization’s compliance requirements is a vital part of a sound and robust compliance program. If you need help creating compliance documentation or communicating policy updates or requirement changes, contact bank risk and compliance writer Mary Crotty at