Compliance is often a loaded word for bankers. While regulations within the banking industry are, of course, a necessity, the ongoing conversation about striking a balance between mitigating risk and overregulation continues in government, media and financial institutions themselves.
By nature, a bank is set up to withstand some risk. Some auto loans will go belly-up when a customer loses his or her job. The local economy could shift when a business leaves town. Some degree of ebb and flow is normal for financial institutions, and many bank CEOs or credit unions presidents don’t fret the “win some, lose some” nature of the business.
Yet one bank executive is still likely to lose sleep: the Chief Risk Officer (CRO).
Most closely tied to regulatory issues, the CRO is the boots on the ground, where “win some, lose some” isn’t an option. A recent article from American Banker’s The C-Suite Series explored this executive role and just how little wiggle room there can be when it comes to compliance. The article explains that “a 100% success rate is now viewed by many as the only way to victory in compliance. Even if an error does not indicate a bank-wide compliance problem, banks don't want to deal with the regulatory headaches such slip-ups could create in today's charged environment: big fines, embarrassing headlines, costly administrative hassles.”
The article goes on to point out that while a major issue like fraud or a cyberattack could be catastrophic to an institution, those risks aren’t usually on the top of a CRO’s to-do list. Regulatory implementation is often a CRO’s top concern. Chief Risk Officer at U.S. Bankcorp commented that the amount of time spent on regulatory implementation "can happen to the detriment of actual risk management.”
Regulatory compliance and risk management are very much linked, particularly for the biggest banks in the nation, as the CRO role is now required for institutions with more than $50 billion in assets. However, many banks have noted that the role is critical and would have adopted it regardless of the requirement. Regulators, American Banker notes, are the CROs biggest fans, and are in near constant communication.
During exam time, regulators not only want to see compliance, they want to see good compliance – an important distinction. Good compliance often aligns with the old math class adage of “show your work.” Regulators want to know how a bank is complying. Particularly for large banks, the article notes, “the magnitude of compliance risk stems not just from the number of rules, but from the large potential for error resulting from so many people in large organizations working in business lines that are all governed by the new set of federal requirements.”
It’s no doubt that CROs face a difficult balancing act attempting to manage regulatory risk. In order to better align an institution’s compliance program with its overall risk management efforts, some banks have updated their reporting structure with a chief compliance officer under a CRO. The American Bankers Association noted in the article that while a growing number of banks have adopted this model, it’s still too early to tell if it is a preferred structure. No matter which structure a bank adopts, compliance will continue to be at the front of institution’s interests. State organizations or peer banks in non-competitive geographies could be good sounding boards to explore how exactly one might structure a bullet-proof risk and compliance team.
For additional resources on addressing regulatory concerns, listen to this recorded webinar on the topic, or register now for the 2015 Risk Management Summit presented by Sageworks.