When I was starting out in the compliance field (albeit many many moons ago), I was taught that you probably should consult with the bank's outside legal counsel when the answer to a problem wasn't found in black and white in the regulation, and there was interpretation of the regulation or law needed. I still hear and read compliance philosophers today who say that compliance tends to lend itself to a roadmap approach or a recipe, as if you can follow it and end up with a well-done, appetizing product.
Compliance issues have long since evolved beyond this simplistic distinction with legal issues. The volume and complexity of the scope of compliance regulation has made the compliance professional's job much more challenging.
A discussion towards the end of last year with fellow compliance professionals brought this home in a practical application.
TAG as a compliance case study
We were discussing the upcoming possible expiration of the temporary unlimited FDIC insurance coverage for non-interest bearing transaction accounts that was coming up Dec. 31, 2012, and the obligation to notify depositors of that event. (For stories of how banks are handling this, see the "Pass the Aspirin" blog.)
Up until the end of the year, it was not known whether Congress was going to let the unlimited FDIC insurance coverage for this type of account expire or extend the provision of the law to continue the unlimited insurance coverage beyond the Dec. 31 expiration date. Yet, banks had to notify their customers about what was happening.
Our discussion was lengthy and explored many different options and variations of each option.
Some were planning on waiting until it was definitively known that Congress would or would not extend the coverage. Then they would notify customers. That meant they would probably have to do a mailing, because it would be too late to do a statement message or statement stuffer and get it to customers in a timely fashion.
Others were planning on notifying customers earlier that the coverage would be discontinued. And then if Congress did decide to extend it, they would send another notice that would update customers about the extension news.
Some banks were considering sending a notice that contained language that told customers about both possibilities and telling them to check the bank's website for the final outcome at year-end.
Even the FDIC gave banks options with a short-form and long-form model notice to use to notify customers of the change. Then there's the third option of writing your own notice, which is more customer-friendly.
As with any compliance regulatory requirement, there's always the option of doing nothing and risk getting tagged with a violation. (Not a good option, just an option.)
Turning simplicity into complexity
So, a seemingly simple requirement ends up being the subject of much discussion and work by various bank departments:
• Marketing Department, to make sure the notice is worded in a customer-friendly manner.
• Operations Department, to make sure the statement message or statement insert can be scheduled and will fit.
• Customer Service Department and New Accounts Representatives, to be ready for the calls and visits from customers who got the notice and are confused or want to see if it really applies to them.
And so on and so on: How should this requirement be implemented? Who needs to be trained? How do we document the steps that were taken to comply? All of this was being asked, about a relatively limited, straightforward affair.
It would be nice to have the recipe for compliance and be able to get the "right" result every time. But, there are options and choices and many decisions have to be made for every compliance regulatory requirement, even the small ones.
I guess that's why it boils down to having a good compliance management "process." From that basis, a compliance requirement that comes along can be sliced, diced, cooked, and consumed (if not enjoyed).