Consumer compliance poses a thorny problem for large financial institutions. They spend millions of dollars each year on compliance, yet their risk assessment and testing processes are often redundant. While banks launch new initiatives and projects each month meant to get regulatory issues under control, a preponderance of enforcement actions both public and private suggest their efforts are making little headway.

Banks, especially large ones, are very unlikely to get compliance right in the current regulatory environment and into the foreseeable future. The primary reasons lie with both bank management and regulatory agencies. Neither banks nor regulators emphasize regulatory excellence the way that they should.

The first issue is that product development, sales and servicing are frequently divorced from compliance ownership. Regulatory excellence is a quality component of financial products and services and should be treated as such. But the bankers in charge of product business lines have historically avoided regulatory matters, preferring to leave such issues to the compliance experts. The compliance group reviews products only at the end of the development process, leaving them with little opportunity to exert influence over production. Moreover, compliance groups hold minimal sway at most banks. While a shift in this paradigm is underway, it is slight and slow and coming.

When regulatory compliance was a strictly technical field with regulator tolerance for low error rates, this system worked well enough. But as principle-based laws and regulations become increasingly common and regulators' tolerance for error hovers close to zero, there is no way for the current system to adequately protect the bank. Compliance efforts will not succeed until business leaders spearhead the pursuit of regulatory excellence.

Another major problem is that bank culture has traditionally devalued compliance efforts. While banks do take regulations seriously and try to comply with them, this work is often regarded as secondary to the real business of banking. Rewards and incentives for business leaders are not linked to their product lines' regulatory performance; compliance officers have historically clocked in at the low end of the pay scale. Compensation for business line executives should be linked to quality and consumer outcomes, not just sales revenues. Compliance executives should be compensated like the professionals they are — by measuring the results of the operations under their control.

The devaluation of compliance is also reflected in annual spending. Compliance programs are long-starved for effective technology. Many rely on slow and expensive manual processes. Some compliance departments have no easy way to obtain and analyze data, leaving them to use incomplete data to monitor compliance outcomes. Institutions that truly prioritize compliance will expand their use of technology so that they can better analyze their own behavior.

Corporate culture comes from the top. Until management communicates the importance of regulatory excellence, compliance efforts will continue to be diminished in the eyes of most banks. Executives who want to change the cultural messaging should be explicit in their public statements promoting consumer fairness and transparency. Performance standards for everyone with positions that have consumer impact should have compliance-related components that are taken into consideration for job rewards such as raises, bonuses and promotions.

Regulators are also partly responsible for banks' struggles with compliance. Because they do not trust product owners to fastidiously observe regulatory requirements, they have decided to strengthen the second line — that is, the compliance departments — by placing greater burdens on them. This approach further widens the gap between the people who know and control products and those who have the responsibility for a key element of quality in that product. The Office of the Comptroller of the Currency's proposed heightened standards guidance illustrates this gap. It requires compliance and risk management areas to increase their governance, scrutiny and oversight of bank products and services. While this may be well intentioned, it does not get at the heart of the problem. If regulators put the onus of compliance on product owners, banks might have a real chance of regulatory success.

Fixing these ownership and cultural issues will be difficult. But banks that decide to undertake the challenge will reap the benefits of much lower total compliance costs and a better relationship with its regulatory agencies. Banks will also be far less likely to get slapped with enforcement actions and lawsuits. Stringent regulation may be here for the long hauls, but overseers will have few complaints with a bank that has a strong compliance culture and effective regulatory performance.

Lyn Farrell is managing director of Treliant Risk Advisors and can be reached at lfarrell@treliant.com. She co-leads the regulatory practice and assists clients in establishing strategic, proactive compliance programs. She is an attorney with over 30 years in bank regulatory compliance work for institutions of all sizes.