Since the economic downturn and the Dodd-Frank legislative response, proper attention to most every risk in banking tracks back to compliance.
Whether the challenge is anti-money laundering compliance or cyber-attack risk, vendor management or insider and affiliate loans, or fair-lending compliance and deposit agreement disclosure, the threshold question in safety and soundness or compliance examinations and internal audits is whether the board and senior management adequately managed risks by committing the necessary resources to ensure there is appropriate enterprise-wide risk management and that the bank satisfies its regulatory compliance requirements.
The elevation of compliance and corrective action over most other bank matters has often resulted, by default, in less attention by community bank boards across the country to growth and expansion of products and services. Additionally, the increasingly higher bank-by-bank infrastructure cost of expanding compliance expertise tends to undermine the continued viability of community banks as the cornerstone of U. S. small business lending.
Is there an alternative to the current compliance cost spiral?
Does every small bank need to bulk up its staff overhead and engage numerous consultants and vendors in order to obtain top-notch compliance expertise?
Maybe there’s a better way.
Share the experts
One alternative is to take a consortia approach to meeting the challenges of compliance. Friendly competitor banks could cooperate by sharing costs and expertise to provide themselves, their regulators, and their customers with a level playing field of best practices compliance.
There is longstanding authority for state and national banks to co-invest in companies that provide services to banks which each could perform for itself. The 1962 Bank Service Corporation Act, permissible national bank activities and investments, and similar statutes in many states allow banks to jointly establish a corporation or a limited liability company to which banks could loan or second their respective best-talent and experience part-time.
This entity could provide noncompetitive compliance expertise to each bank individually, as well as providing uniform compliance risk management and operations programs, improved policies and procedures, and examination preparation assistance.
While the early uses of banks’ authority to enter such joint ventures was to provide check services, bookkeeping, and data processing services, compliance advisory, implementation and auditing services are well within the scope of services banks can provide to one another.
Groups of community banks could form service companies based on geography or other characteristics (such as size or market niche) and would need only invest a modest amount of capital, sharing the costs and time of their different staff compliance expertise as it may differ from bank to bank.
Consultant, outside counsel, and vendor costs could be similarly allocated by acting through a jointly owned entity. Independent directors of this entity could include former examiners, regulatory counsel, and chief risk officers. A single law firm could help form and guide the multi-bank venture on governance issues and regulatory matters.
Going in with the right goals
The establishment by a group of banks of a “shared” compliance service company would not absolve the board of directors of each bank of its fiduciary responsibilities and accountability for their individual institution’s compliance programs and risk management practices.
Each bank’s senior management would remain responsible for the implementation and reporting obligations, as well as any corrective actions that may be required due to its banks own compliance shortcomings.
As with vendor management, each bank’s board, and each bank’s regulators, must find that the compliance programs, procedures, staffing, and risk management of each bank’s operations are deemed satisfactory, which would include an evaluation of the services provided by the compliance company.
Information and database access procedures and restrictions would have to be established in the formation and operation of the service company to address customer privacy and strategic and other competitive concerns where several banks will have standard compliance programs and where compliance experts of one bank may consult and advise competitor banks on behalf of the compliance entity.
However, as stress testing and enterprise risk management trickle down to establish new minimum norms for community banks, a bank-owned compliance service company could share costs and resources to offer participating banks uniformity in satisfying these evolving compliance burdens.
If community banks were to instead look within their ranks for existing excess expertise capacity that could be utilized for the mutual benefit of other banks which similarly contribute their personnel and resources, the result could be a more efficient, compliant, and profitable corps of community bank competitors.
Editor’s note: Some state bankers associations have set up programs for compliance assistance, through a single association or a shared approach. One such example is the Compliance Alliance. In addition, ABA member banks can avail themselves of many forms of expertise and assistance through ABA’s Center for Regulatory Compliance and other ABA compliance resources.
- M&T Bank, Bank of America, and Keycorp Bank Double Down on Criticism of LIBRA
- Applying Security Across Heterogeneous IT Systems
- Beyond Wells Fargo: Can High Performance and High Standards Co-exist?
- Credit Suisse Group AG Board Set to Make Decisions Surrounding Spying Scandal
- Lessons Learned from Capital One’s Breach: What Banks Need to Know About Data Security in the Cloud