The Federal Reserve Bank of Kansas City recently prepared a publication titled A Banker's Guide to Establishing and Maintaining an Effective Compliance Management Program (the Guide). With the Bank's permission, we are presenting the Guide in two issues of Compliance Corner. Part I of this guide appeared in the Third Quarter 2002 issue of Compliance Corner. Part II appears here.
The Guide is designed to outline some considerations to help organizations manage an effective compliance program. It includes sections on compliance risk assessment, program structure, audit coverage, compliance aids, "red flags," frequent violations, communication, and training. Since this is a generic publication, each topic should be considered within the context of an organization's size and complexity. In addition, since both regulations and the compliance environment change, some of the information contained in the Guide may become outdated at some point in time.
The topics covered in this issue include:
The importance of having a staff that is knowledgeable of regulatory requirements cannot be overstated. Regardless of an institution's philosophy and policies, ultimately it is line staff who process transactions and interact with customers. If employees are not adequately trained in compliance matters, errors are certain to occur. Likewise, if bank management is not aware of compliance issues, it is unlikely to devote adequate time and other resources to compliance. Every effective compliance program includes training procedures or guidelines to address changes in regulations, employee turnover, and the need for refresher training. You may wish to consider the following items concerning training as you review your compliance program.
Training Methods — A wide variety of compliance training methods may be used. Training conducted by the compliance officer, a department "expert," or a holding company trainer may be beneficial. Compliance consulting and banker training companies offer diverse compliance training tools, including formal outside classes, videos, and quizzes designed to stimulate discussion. Seminars and conferences sponsored by the Federal Reserve Bank and other organizations are another tool to keep the institution's personnel knowledgeable about compliance matters.
Job-Specific Training — Employees new to a job should be given the training necessary to ensure that they are aware of the specific regulatory requirements of the transactions they will be processing. Training should be given as part of the orientation process and before they begin their new responsibilities. This training need applies both to new employees and to employees transferring from other work assignments.
Institutionwide Training — Certain topics are worthy of regular training for all employees who have customer contact. As an example, all employees with customer contact should have fair lending training to ensure that "level of service" discrimination, inappropriate pre-screening, or other issues do not arise.
Refresher Training — Ongoing training should be considered to ensure that employees maintain adequate compliance knowledge and are aware of changes in the regulatory environment. At many institutions, this type of training is incorporated into departmental staff meetings.
Follow-Up of Examination/Audit/Review Findings — When compliance errors are noted, the compliance officer should consider the level of additional training needed. One-on-one training or group training sessions should be conducted, as warranted.
Dealers — To ensure compliance with the antidiscrimination and disclosure laws, the institution may consider providing training to dealers.
Flexibility — A strong compliance program addresses all of an institution's forecasted training needs, yet incorporates flexibility to change when the need arises. For example, a training plan may need to be revised (i) to address issues identified in an audit or an examination, (ii) due to unexpected turnover, (iii) when substantive changes occur in the regulatory requirements, or (iv) when new products or services are offered.
Records — Maintaining a written record noting the dates and attendees of training sessions is one way to ensure that adequate training is provided for the appropriate personnel.
Branch Consistency — Training efforts should be structured so that employees receive the same guidance regardless of their location. Inconsistencies, particularly in the lending area, may result in serious compliance violations. Written training guidance, especially flow charts and quick reference sheets, may be helpful in ensuring consistent training.
Effective communication is a critical part of almost all business success. Compliance is no exception. Appropriate information directed to the right people in an organization is one characteristic of a sound compliance program. Suggestions for effective communication are discussed below.
Senior Management and the Directorate — Senior management and the directorate should be aware of the institution's ongoing compliance activities (e.g., training and audits). Such communication may be obtained from periodic written reports or presentations to the board or to a board committee from the compliance officer.
Management and the directorate cannot correct compliance problems if they are unaware of them. Senior management must be regularly informed of the bank's compliance position, so that attention can be focused on correcting problem areas. When compliance performance is not adequate, senior management and the directorate should consider requiring more in-depth, frequent, and fully documented reports on compliance efforts.
Staff — Senior management should ensure that its compliance expectations are communicated to and understood by all employees. Newsletters, memorandums, required policy reviews, or the performance evaluation process could be effective communication vehicles.
Regulatory Changes — A central contact should be established to ensure that all materials related to regulatory changes are properly disseminated. Communication of regulatory changes thereafter could be disseminated via staff meetings, training sessions, newsletters, or memorandums.
Form of Communication — Communication about ongoing compliance matters is handled differently across institutions. The form of the communication will depend on the size of the bank and the structure of its compliance program. Some effective communication methods include staff meetings, training sessions, newsletters, memorandums, and break room postings.
Consumer compliance regulations are detailed and at times difficult to apply. Below is a list of compliance aids that your organization may find helpful.
Written Procedures — Detailed compliance procedures that are easily accessible to operating personnel may help improve performance. Such procedures are especially useful when key staff members are absent or in the case of employee turnover. Written procedures that contain checklists and examples of correctly completed transactions are ideal.
File Checklists — Checklists kept with each loan file in process can help ensure compliance. Given the loan type, any required disclosures may be marked as needed. As the loan is processed, each item can be checked off as completed. At loan closing, a glance at the file checklist could ensure that all necessary documents have been provided and all procedures completed.
File checklists may also be used as an audit tool. The checklists may be audited in lieu of each piece of paper documentation. This allows for broader audit coverage when resources are limited. A small sample of files should, however, always be audited at the document level to ensure that the checklists were completed accurately.
Tickler Systems — Tickler systems may be invaluable for ensuring timely compliance with a variety of consumer compliance provisions. For example, a tickler calendar may show reporting deadlines for HMDA and CRA data. Flood insurance ticklers ensure that required flood insurance policies are renewed in a timely manner.
Advisory Visits — Visits by consumer compliance examination staff of the Federal Reserve Bank of Philadelphia to Third District institutions supervised by the Federal Reserve can be arranged on an individual basis. These visits, which are uniquely structured for each institution, consist of forms, policy, and transaction reviews and/or discussions of regulatory and supervisory issues.
Websites — The Consumer Compliance/CRA Examinations Unit of the Federal Reserve Bank of Philadelphia maintains a website on the Internet. These pages include information on the department's functions and goals, consumer compliance regulations, and the consumer compliance-related services available to Third District state member banks.1 The site also provides links to other consumer compliance-related sites.
Compliance Management "Red Flags"
The following section lists situations where an institution's susceptibility to compliance problems may increase. If these "red flag" situations occur, heightened compliance attention may be warranted.
Rapid Growth/New Branches/Mergers — Compliance resources may be stretched during periods of expansion. Sometimes compliance becomes a secondary concern, thus allowing problems to take hold and spread quickly. Acquisitions of existing banks or establishment of de novo branches often results in compliance difficulties. Managing compliance for several branches presents different compliance challenges than at a single office. Computer conversion issues and new personnel associated with expansion are also compliance management "red flags."
Employee Turnover — Whenever trained staff members are replaced, the possibility of errors increases. Timely training and written procedures are critical. Additionally, a "succession plan" for all compliance-related responsibilities may help ensure that another employee is trained and available to proceed with compliance tasks, at least on a temporary basis.
Computer Conversions — Whenever there is a change in an institution's computer systems, compliance errors are likely to occur. During testing phases of the conversion and once the new system is running in production mode, it is important to check to ensure continued compliance. Disclosures and system calculations should be reviewed after computer conversions.
Small changes to computer systems, such as adjusting interest rates or minimum balance requirements, may also result in unexpected errors. Reviews of system output after such changes may reduce compliance errors.
Reprinting of Standard Forms — Standard forms should be carefully scrutinized when reprinted, especially when changes were made.
The following list shows the most common types of problems by regulation and section number identified in recent Third District compliance examinations. The citations are in alphabetical order and do not reflect any order of importance or commonality.
Regulation B — Equal Credit Opportunity Act
202.9(a)(2) Content of the Notice of Adverse Action Form
Regulation BB — Community Reinvestment
228.42(b)(1) Geographic data relative to the aggregate number originations and purchases of small-business and small-farm loans
Regulation C — Home Mortgage Disclosure
203.4(a)(4) The amount of the loan or application
203.4(a)(6) The location of the property, geographic information
203.4(a)(7) The race or national origin and sex of the applicant, and the gross income relied upon to make the credit decision
Regulation DD — Truth in Savings Act
230.8(b) Disclosure of the Annual Percentage Yield
230.8(c)(3) Minimum balance required to obtain the annual percentage yield
Regulation H — Flood
208.25(c)(1) Perform flood hazard determination, and require flood insurance prior to consummation
208.25(f)(1) Use of standard flood hazard determination form
Regulation Z — Truth in
226.7(d) Disclosure of each periodic rate used to compute a finance charge and the range of balances to which it applies
226.18(d)(1)(i) Finance charges understated by more than $100
226.24(c)(2)(ii) Advertising must state the terms of repayment under certain conditions
226.24(c)(2)(iii) Disclosure and use of the term "annual percentage rate," and whether or not the rate may increase after consummation
As always, feel free to contact Connie Wallgren, Vice President and Chief Examinations Officer at (215) 574-6217 with any questions on your institution's compliance programs.
The views expressed in this article are those of the author and are not necessarily those of this Reserve Bank or the Federal Reserve System.