Day in the life of Compliance

As an introduction, I am the Compliance Officer for a small community bank. My bank is under $1 billion in assets with six branches located in a midwestern city. I wear many hats in addition to being designated as the bank’s BSA and CRA Officer. (Fortunately, we have 1+ employees solely dedicated to BSA monitoring and compliance.) For reasons many in my part of banking will understand, I prefer to remain anonymous.

And so a typical day begins.

Beep, beep, beep, beep … my alarm is going off…

6:00 A.M. 

A fresh start! 

I plan on getting to work early to get a major project done, while also clearing up some other minor items.

8:00 A.M.

Turns out I didn’t get in as early as I expected due to:

___  The cat coughed up a hairball on the living room carpet.

___  The gas gauge was floating just above “E”, so I had to stop for a fill-up.

___  An unexpected rain shower hit the metropolitan area during rush hour turning everyone into student drivers.

___  All of the above

I stop by the lunchroom for a cup of coffee and see that the last person to get his morning jolt has left little more than a shot glass of liquid in the carafe. I make a new pot, wait for it to brew, and fill my cup. I return to my desk, boot up my computer, and start going through my emails.

Hmm. My password expires in five days. Is this the one that requires at least one capital letter and special characters? Or it is no caps, but can’t be more than eight digits? I decide to procrastinate and update it tomorrow. I successfully log-in.

First things first: checking email. Thank goodness for our spam filter, but still it’s amazing the amount of dreck that slips through. (A gift card to a warehouse club I don’t belong to?  Really?)  Sorting the wheat from the chaff, I start by looking at the various compliance-related feeds that I’ve signed up for.

I’m sidetracked a bit as I see:

___  A proposal for comment on the new Extraneous Consumer Documentation Propagation Act.

I would like to add a comment, but don’t really have the time. But I do add a brief summary of the proposal for the monthly reports I prepare for the Compliance Committee and Board packets.

___  An invitation for a free webinar on the Expanded Frivolous Loan Data Collection Act.

I sign up since it won’t strain my annual training budget.

___ An email from a colleague to several of our peers asking for clarification regarding the Confusing Deposit Disclosure Generation Act. I fire off my opinion. (My peer group is a godsend since I don’t have access to legal counsel and they will reciprocate if I have a question on a compliance matter.)

___  All of the above.

Clearing up the email took longer than I expected. Time to tackle my daily chores:

___  Approving vacation requests/time cards.

___  Conducting an independent review of selected reports for unusual IT activity. (Whenever an external audit calls for an independent review of something, all eyes immediately turn to me.)

___  Checking the BSA software audit reports for any unauthorized parameter changes.

___ All of the above.

Finally, I’m ready to start on today’s project.

___  The annual review/update of the Compliance Policy for presentation to the Board.

___  A compliance risk analysis of a proposed small dollar loan product.

___  Preparing for the annual Red Flags Risk Assessment.

I gather up my materials that I have accumulated on the task at hand, start reading and taking notes.

After about ten minutes I see something out of the corner of my eye. I look up to see the Chief Operating Officer standing in the doorway. He needs to know if there is anything in our state’s statutes that defines what constitutes an electronically created check. We go through my state reference books and also check the state’s Department of Financial Regulation’s website and finally find what he’s looking for.

Back to the task. Then an instant message pops up.

It’s the Board secretary reminding me that because the CEO will not in be town at the end of the month, the Board meeting has been moved up a week and the Compliance Board package is due today. I offer my thanks for the reminder, while silently cursing inside.

I drop everything and work on the packet.

The Board packet is finished so it’s now back to the task.

I have a good 15 minutes of uninterrupted research and writing when another pops up appears on my computer screen—a preprogrammed reminder to send out RFPs for:

___  An independent compliance audit.

___  A new vendor to provide internet-based compliance training.

___  An independent BSA/AML audit.

I decide to hit the snooze button to remind me again tomorrow.

I recollect my thoughts and dive back in.

An IM pops up. It’s from the BSA staff telling me that there’s a new SAR created and that I have to review the narrative and approve the SAR for filing.

I log into the system, review the entries, make a few comments, and approve the SAR for filing.

I glance at the clock and realize that it’s already time for lunch.

Noon

Although I will, upon occasion, eat lunch at my desk, I normally eat lunch in the employee lunch room. It gives me a chance to switch gears and read the paper. (No regs, guidances, or requests for comments!)

I’m just settling in with my microwaved leftovers and my paper when I hear ”I knew that I would find you here.” 

I look up and it’s someone from commercial lending with a question of whether or not a complicated commercial loan is HMDA-reportable.

After a brief discussion, we come to a conclusion and I return to my now-cold leftovers, read about half the paper and return to my desk.

The message light on my phone is blinking. I retrieve the voice mail to find out that it’s a loan officer calling for an opinion. He’s having a “discussion” with Loan Operations about whether or not government monitoring information is needed for a commercial loan to a trust.

I dig through my files and email them both with the answer.

I log back in to my computer. Another pop-up:

“Restart your computer to finish installing important computer updates.”

I hit the Postpone button and check my email for updates.

I see that:

___  A vendor is asking whether we’ve submitted our check for the (fill in the blank) we use.

I know that I approved the invoice, so I call the person who handles our accounts payable. After some discussion, we determine that there was a typo in the address. I email back, apologizing profusely explaining what happened and announce that the check is in the mail. (How original.)

___ One of the employees has emailed that the (fill in the blank) policy has not been updated on the compliance page on the bank’s intranet site.

I send a thank you, send the updated policy to the webmaster to update the page, and make a note on the calendar to check tomorrow that the update is actually posted.

___ The IT Department has forwarded a complaint that has come through the bank’s general email address.

The customer has complained about the color of the ink used on our monthly mailed statements.

I call our head of operations and discover that there was a glitch with the toner one day during last month’s statement cycle. (This is the first that I’ve heard of it.) 

I write a response, include a replacement statement, and create a file for the examiner’s next visit.

I decide to get a refill of coffee and stop by the mail room for the daily delivery. Several flyers, one request from a local non-profit for a donation, and the latest issue of Banking Exchange.

I put the donation request in the CRA committee file so that it can be discussed at the next meeting.

Back to work. I’m making the required updates to the policy (those regulators have been busy in the past year), when there’s a knock on my door.

___ It’s our marketing manager asking me to review and approve a proposed mailing for our (fill in the blank) product.

The marketing manager profusely apologizes and explains that an answer is required ASAP as the postcards are due to go to the printer tomorrow.

I scan the copy, make some recommendations for clarity (UDAAP rears its ugly head), initial my approval, and make a copy for my advertising file.

___ It’s the head of Human Resources.

He says that he knows there are regulatory prohibitions against hiring a felon, but wonders if there is a statute of limitations exemption. (The felony is from 12 years ago.)  He leaves, I surf the regulator’s website for guidance, and email him my answer.

___ It’s one of the employees from Credit.

She needs her internet-based compliance training password re-set. I log in to the system (I’m the Administrator), assign her a new temporary password, and send her on her way. I jot down a note to schedule the annual Reg CC training for two months from now.

Another Outlook pop-up appears.

In 15 minutes it’s time for me to:

___ Chair the Compliance Committee meeting.

___ Attend the Operations Committee meeting.

___ Chair the CRA Committee meeting.

Luckily I prepared/received the agenda and minutes from the previous meeting already.

While the meeting will take at least an hour from my day, the face-to-face interaction is a good way to dispense updates and get feedback on compliance issues.

(And sometimes discover some compliance-related issue that I didn’t know about.)

The meeting runs a little longer than expected. As usual the head of the (fill in the blank) department didn’t attend.

I resign myself to the expected push-bank I’ll get regarding the major compliance-related issue that was discussed at the meeting.

I return back to my office and collect my thoughts. I remember that there was an interagency guidance issued during the past year that will impact my project, so I do a web search for the document. (I shudder when I think of what such a search entailed before the internet.) 

I finally track it down and start reading the guidance.

Bing!  Another reminder.

In 90 minutes, I have to :

___ Attend a Board meeting for the local Habitat affiliate.

___ Attend a fundraiser for the local English as a Second Language program that the bank supports.

___ Conduct credit counseling for LMI clients at a local social service agency.

Not only will this activity count for CRA service credit, it helps promote the bank’s name and makes me feel good to boot.

I clean off my desk, power down my computer, and lock all my drawers. (As the bank’s designated Privacy Officer, I have to lead by example.) 

I manage to pick up something for dinner on the way and just make it to the activity in time.

I get home just before the nightly news and hop into bed.

Tomorrow’s another day.

3:00 A.M.

I sit up bolt upright in bed. OMG!

___ Did our Consumer Lending Department update the historical index on our HELOC disclosures?

___ Did I forget to add the new (fill in the blank) product to our CRA public file?

___ Did I remember to sign up to attend the ABA Regulatory Compliance Conference before the early registration deadline?

I’ll look into it the first thing tomorrow morning.

And right afterwards I’ll finish:

___ The annual review/update of the Compliance Policy for presentation to the Board.

___ A compliance risk analysis of a proposed small dollar loan product.

___ Preparing for the annual Red Flags Risk Assessment.

Déjà vu all over again.

Or Groundhog Day?