It may seem counterintuitive, but one of the big stories in bank regulation in 2010 will be the return of increasingly severe compliance examination. One would think that with the flames of the financial crisis just recently under control but still smoldering — thanks to Europe, municipal finance and commercial real estate issues — safety and soundness examination would be virtually the entire focus of the regulatory agencies. However, this is not the case.
Yes, safety and soundness examinations are tough, and will be getting tougher. However, compliance is the other shoe, and it has already dropped, particularly at the moment in the anti-money-laundering and sanctions areas.
The focus on anti-laundering and sanctions is easy to explain. The plain fact of the matter is that terrorism has not gone away. Whether it is the attempted bombing in New York or the continued carnage in the Middle East, the U.S. finds itself under serious threat if not siege and Washington continues to be seriously focused on terrorist financing, which almost always involves some banking nexus.
There are valid private-sector concerns that anti-laundering program efforts are a little like looking for a needle in a haystack and are thus costly and inefficient. However, from a Washington perspective, this kind of concern has not been and will not be persuasive.
Furthermore, both the Justice Department and individual attorneys general have been involved and are involved in emerging high-profile anti-laundering and sanction-related litigation. This tends to further focus regulatory anxieties.
However, this is not the sum total of what we can expect from compliance examination. Sales practices are not far behind anti-laundering in terms of tough exams and expectations. Whether or not there is a new consumer agency — and I would anticipate one — the banking agencies will be very serious about bank compliance with sales practice rules. Fair lending will be closely watched. As moderate-income communities struggle amidst stubbornly high unemployment, Community Reinvestment Act compliance will also receive focus.
So what should bankers do to respond to these concerns?
I suggest several steps be taken.
- However good your compliance programs are, conduct a comprehensive review of the programs that tests both effectiveness and adherence to regulatory rules and guidelines. The regulatory bar is being raised in this area and even very good programs measured by decade-old standards are not likely to be as highly rated today.
- Particularly make sure the governance of your compliance program is strong. Good governance should include board — as well as management — oversight. Tolerances for errors should be set, just as risk tolerances are set in a sound enterprise risk management program.
- Needless to say, an ongoing program of training and testing is also important. This is true with respect of course to new products and new employees but also with respect to new technologies.
- Beware the new-technology trap. Do not rely on technologies — however costly — alone to solve compliance problems. Most compliance technologies have to be carefully adapted to your bank and periodically tested for effectiveness.
- Finally, scrutinize exam reports and respond to concerns with vigor. Not infrequently we have found that buried in last year's examination report were the concerns that make up this years regulatory order if not fully addressed in a timely manner.
In sum, this is not the kinder and gentler regulatory season, either in the compliance or safety and soundness areas. Forewarned is forearmed.