Banking Exchange Magazine Logo

What’s your “compliance mindset”?

Upgraded federal compliance ratings process requires fresh approach

  • |
  • Written by  Pam Perdue, Continuity
  • |
  • Comments:   DISQUS_COMMENTS
Attitude may play a role in how well your bank scores in new federal compliance ratings, suggests consultant Pam Perdue. Attitude may play a role in how well your bank scores in new federal compliance ratings, suggests consultant Pam Perdue.

At a recent technology event, a motivational speaker set forth his developmental program based on the work of Stanford University psychologist Dr. Carol Dweck.

Dweck's landmark work, Mindset: The New Psychology of Success, distinguishes levels of human achievement based on "fixed" versus "growth" mindsets. A grossly oversimplified synopsis of this groundbreaking book is as follows:

• In a "fixed" mindset, people believe they are born with a finite amount of capacity and capability, whether physical, intellectual, or relative to resources.

• Those with a "growth" mindset believe they can expand, learn, and grow in any area and every direction.

More than mere optimism, a "growth" mindset allows the individual to pursue success more vigorously and explore a wider range of options for achieving it. "Fixed" mindset folks, on the other hand, tend to stay within their comfort zones, believing that venturing outside of their pre-defined personal limits will result in danger and/or failure.

Which describes you and your bank?

No doubt you are thinking: How do psychological paradigms apply to compliance ratings?

Very directly it seems, if our real-time interactions with bankers are any indication.

Since April 1, federal examiners have been using new interagency assessment criteria to establish consumer compliance examination ratings for banks.

What we’ve seen during the past few months is that the bankers with a "growth" mindset readily and quickly adapted their compliance programs to meet the new standards. They viewed the new procedures as an opportunity to leverage modern technology to get compliance work done more efficiently, and document it more effectively.

Meanwhile, those with a "fixed" mindset are still trapped by a predictable pattern.

First, they whine and complain about how onerous and troublesome the new requirements are. Then spend months agonizing over just how to update the same spreadsheet they've been constantly doing upkeep on for the last 30 years. Then complain some more about how no one in their bank is going to like cooperating with their antiquated approaches.

In other words, the bankers with a growth mindset got ready faster, and were prepared to drive better outcomes—with less effort—than their fixed-mindset counterparts.

Looking at the new ratings

Moving forward, let’s examine the ratings as revised.

The sections below identify each of the new ratings criteria by category and the assessment factors under each. As you digest these new inquiries, be mindful of how your institution is performing, documenting, and creating an evidence trail that each of these criteria are being met.

Chances are, if you haven’t started using technology more intelligently in your risk and compliance functions, you may be missing opportunities to streamline this tracking and reporting process.

Assessment Category 1: Board and Management Oversight

Are the board and management sufficiently engaged in the institution’s compliance management system?

Assessment Criteria:

• Oversight and Commitment

The board’s level of oversight and commitment is demonstrated by making appropriate resource allocation for the size and complexity of the institution; hiring and retaining competent and knowledgeable staff; developing and enforcing a suitable governance structure; and assuring proper third-party due diligence and oversight.

• Change Management

Examiners will consider the speed and adequacy of response to change; consideration of regulatory impacts when making product or service changes; and monitoring of performance after the change.

• Risk Management

An institution’s ability to identify, measure, monitor and control risk exposures, including emerging risks, will be evaluated.

• Self-identification and Correction

Examiners must evaluate how quickly and accurately institutions can identify errors or weaknesses and fix the problems noted.

Assessment Category 2: Compliance Program

Is program design sound? Is its execution effective?

Assessment Criteria:

• Policies and Procedures

An assessment of whether policies and procedures are sufficient, providing adequate guidance to personnel on how to manage and mitigate compliance risk, must be made.

• Training

Examiners will inspect whether training is timely, comprehensive, and tailored to job responsibilities. Other areas of inquiry will include whether training is: periodically reviewed to confirm attendance and testing results; and whether it is updated proactively when products or regulations change.

• Auditing and Monitoring

Examiners must decide whether the institution maintains effective, timely, comprehensive, and up-to-date programs which allow for identification of changing risk exposures and any organizational or process deficiencies.

• Consumer Complaint Response

Processes for intake, investigation, and response will be analyzed to determine whether they are executed accurately and timely and include periodic analysis of complaint results for identifying and responding to any noted patterns or trends.

Assessment Category 3: Violations/Consumer Harm

Was the law broken? To what extent were consumers harmed?

Assessment Criteria:

• Root cause

Examiners must determine whether the cause of weaknesses was major or minor and how easily correctable are the issues.

• Severity

The type and extent of impact to consumers as a result of the issue(s) will influence examiner ratings of violations/consumer harm.

• Duration

When assessing ratings, examiners must consider the time period over which violation or harm persisted.

• Pervasiveness

Whether violations or harm was widespread or isolated is a factor in deciding examination ratings.

Inside the ratings process and bank response

Within each criteria, examiners are asked to decide whether the institution’s programs are strong, adequate, inadequate, seriously deficient, or critically absent.

Along this continuum, there is quite a bit of room for subjective interpretation of the terminology, leaving opportunity for discussion as well as disagreement on how performance is viewed and rated by examination teams.

Given the level of precision now articulated for these criteria, bankers have to be prepared to demonstrate compliance differently than they did in the past.

Previous methods of inspection called for risk-based approaches to transactional testing and sampling. So long as you were generating compliant outcomes at the end of a transaction, the methods by which you got there received little scrutiny.

Imagine now, that's flipped on its head, and the method by which you get there is now what's being scrutinized. The quality and effectiveness of your compliance management system is now what’s under review.

A solid, stable, and well-built system can withstand intense and frequent change and still deliver compliant outcomes. A reliable CMS is what examiners expect to see, and they’ve laid out the recipe for creating one with their new examination protocols.

To achieve success, your compliance management systems must also have a “growth”-based approach. Like the humans who oversee them, they must flexible and adaptable to any set of circumstances.

Whether regulation volumes grow or shrink, whether products and services are added or taken away, whether specific employees join or depart ... your CMS has to roll with the changes.

To best prepare your organization for the new examination criteria, a few minutes spent confirming that you’ve modernized your mindset as well as your methods will be time well spent.

About the author

Pam Perdue, a former compliance officer and Federal Reserve senior examiner, is EVP & Chief Regulatory Officer at Continuity, a regtech firm.

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo