For decades, banks’ compliance officers have clamored for a “seat at the table”—a chance to weigh in on product and service and policy decisions before the concrete hardens. Gradually, legal and regulatory evolutions have brought this about in more institutions, of all sizes, Dodd-Frank being the latest push.
But the price, going by the views of three CEOs speaking on a panel at ABA’s recent Regulatory Compliance Conference, has been a significant cultural shift for compliance officers as well as their institutions—plus the expectation that having earned that seat, Compliance will keep on earning that seat.
John Hairston, co-CEO and COO at $ 18.9 billion-assets Hancock Holding Co., Gulfport, Ms., said that “in decades past, the compliance function was minimized.”
However, Hairston said there has been a sea change.
“I’ve grown to regard my compliance head as close counsel,” said Hairston. “She’s tough. I’m a little bit scared of her. She knows what she’s doing—and she’s perfectly confident to tell me I’m wrong.”
But Hairston said that balance is essential to this relationship, and added that “such trust is earned. It’s not a gift—it’s a two-way street.”
“When you get the opportunity to show your value, do so. Your job is not to be ‘Dr. No.’ Your position should be, ‘Here’s how we can do that’.”
Agreeing, John Ikard, president and CEO at $14 billion-assets FirstBank Holding Company, Lakewood, Colo., said he once saw Compliance “as a hurdle,” but now saw more of a partnership. However, said Ikard, ABA chairman-elect, “I [still] don’t want somebody who says ‘no’ to everything. Once you have a seat at the table, I expect you to use it.” Suggest alternatives to what you say won’t work, he insisted.
Compliance versus “flick of a pen”
At a later point, Ikard underscored how seriously he takes regulatory and compliance developments out of Washington now. He pointed out that his institution had maintained record profit levels through the recession because of its conservative lending philosophy.
But, he said, “I’ve lost more money with the flick of a pen in Washington than anything from credit losses and other causes.”
He and other panelists objected to the way the banking industry has been portrayed during and since the crisis.
“You can’t damn the whole industry because of a few bad apples,” said Ikard.
In fact, Hairston challenged attendees to take a greater part in regulatory evolution at the fount of all red tape: Washington.
Hairston suggested the compliance officers, with their depth of knowledge about regulation, should be participating in Washington fly-ins and other visits to regulators and legislators.
“Raise your hand and say that you want to go” when management talks about these trips, said Hairston.
Costs lead to changing perspectives
Hearing from top management in one form or another has been a staple of the ABA compliance conference. In years past however, listeners could have come away with the sense that leaders were saying what they felt ought to be said about compliance.
To be blunt, compliance officers, having long felt at the bottom of the heap, might have come away still skeptical, in spite of talk of authority for themselves, accountability for business units that mess up, higher status for the compliance function, and more.
But in 2014, in the wake of walloping big regulatory hits to banking companies, the much-repeated description of Compliance as “The Department of Cost Prevention” seemed to have greater resonance in the C-suite. The Justice Department and federal prudential regulators, the Consumer Financial Protection Bureau, and state regulators and state attorneys general, all have had their impact.
The third panelist was Michael Carpenter, CEO at $97.8 billion-assets Ally Financial—his own compliance head, Dan Soto, served as session moderator and interviewer. Carpenter held little back as he discussed not only the significance of a “seat at the table” and what he expected in return, but the kinds of cost impacts that underscore the need for inviting Compliance to the table.
Carpenter said a while back he sent “a message to the organization” to indicate that he cares about compliance. The message came in the form of an org chart revision. Originally Ally’s chief risk officer and chief compliance officer reported to the company’s chief administrative officer. Carpenter revamped structure such that each function reports directly to him.
“That change comes with responsibility,” said Carpenter. “You have to have functional knowledge to hold your own in top management meetings.” He said compliance officers who aspire to such assignments must ask themselves if they can hack that.
Soto couldn’t resist the opportunity to kid the boss. He said the occasion of the conference was the first time in three years he’d been allowed to turn off his Blackberry.
Compliance challenge morphs
Carpenter said that he recently gathered his top 20 executives and asked them to step out of the corporate eco-system long enough to say plainly what troubles them the most, what “keeps them up at night.”
“They said that it was the unpredictability of the regulatory environment,” said Carpenter. “You never know what direction it is going to come from next—and it’s not always based in facts.”
Carpenter objected to this trend: “The regulatory environment should be predictable—there should be no surprises.”
For his part, Hairston spoke of the change in tone between bankers and examiners. Years ago, regulatory visits were akin to inexpensive consulting, a fresh set of eyes. Not so much anymore.
“I was never afraid of a regulator,” said Hairston. “I had respect for the relationship.” Now, he said, he felt that too much of the process was a matter of “gotcha!” He added that he objected to the industry being regulated by headline.
It costs, one way or the other
Carpenter noted that his young company—which rose phoenix-like from GMAC—had written “some substantial checks” to the federal government over compliance issues. He spoke of the importance of building a compliance function to a level of competence that establishes credibility with agencies.
Prior to 2009, when Ally became a regulated bank holding company, and began building a compliance regime, “we had no credibility with our regulators—and that is an understatement,” said Carpenter.
“So we worked our way through MOUs and MRAs, to the point where I thought we were MIA,” quipped Carpenter.
Ally self-reported its involvement in what became know as the robo-signing issue. Carpenter said he considered the matter little more than a clerical issue. In his eyes, a notary public attesting to a signature wasn’t sitting right by the signer, but was in the same room—nothing that he thought would trigger punishment. The settlements reached in the wake of this issue are a matter of record.
Later, Carpenter ordered an analysis of the company’s home foreclosures, and found that “we didn’t foreclose on anybody that we shouldn’t have foreclosed on. … I’d like to see the data on how many people were [allegedly] foreclosed on inappropriately.”
And yet in the end the Ally case numbers became serious enough that Residential Capital, a subsidiary, had to file Chapter 11 in 2012 to address settlement charges and other costs of the mortgage business.
Carpenter said that besides the checks cut to the government, Ally spent huge amounts to bring its compliance apparatus up to speed. That was essential, he said, to establish credibility with regulators.
Compliance isn’t just for Compliance anymore
While the CEOs all saw an increased managerial role for Compliance, they all reflected on how this duty has grown beyond the confines of practitioners’ departments.
“It requires a village to manage through regulatory issues,” said Hancock’s Hairston. He pointed out that once an organization passes the $10 billion mark, regulatory relations develop into a continuous exam, or nearly so, as special visits and reviews and interim questions blend into each other.
Carpenter has a conference call with the Federal Reserve every month and Ally’s board meets with FDIC twice a year. “Dan [Soto] is a member of our senior management team,” adds Carpenter.
Ikard is a big believer in delegation, for his part, and believes that his essential job as CEO is to put the right people in compliance-oriented posts.
“Ninety percent of the issues that come up I won’t know about because my compliance people take care of it,” he said. His trust in his team, he said, “gives me the confidence to sign documents” attesting to compliance with laws, rules, and accounting standards.
Personal liability: Will the bank back you?
Panelists insist that no top manager accept a compliance examiner’s decision as final if they disagree.
“If you really feel strongly, you really have to state your case,” said Carpenter. “Never, ever let a difference of opinions go unstated,” agreed Hairston.
Ikard noted that bankers are culturally fitted to compliance—“bankers like rules,” he explained.
However, critics and others lie in wait for industry errors. Noting calls in some quarters for bankers or other players to be held personally liable for major compliance errors, Ally’s Soto probed the CEOs about their feelings on that score.
The executives generally spoke of the importance of sticking by their people for what typically would not be intentional errors. Ikard said that failing to stand behind staff would mean that “your company culture would collapse.” Carpenter pointed out that the personal liability issue arises more typically when someone has done something arguably wrong, not when there’s been a misunderstanding of a rule or requirement.
Hancock’s Hairston drew a solid line in the sand:
“If what you have done is criminal, you’re on your own.”
More articles from ABA's Regulatory Compliance Conference online