How to be a better compliance officer

Through many years of reporting and editing on compliance, one of my “go to” people has been Ana Foster of Cambridge Trust Co., Cambridge, Mass. Ana offered sound input on articles, as a source. More so, I always looked forward to our regular cups of caffeine at ABA’s Regulatory Compliance Conference. Over the years I gained not only insights on what was currently important to compliance officers, but a sense from the front lines of how the profession of compliance was evolving from strict rules management to a much broader viewpoint—and on a practical level. She helped me understand the discipline’s transition to more of a risk management function.

When Ana emailed recently to say that she was retiring, ahead of the next conference, I asked this veteran banker if she could leave a few words behind for other compliance officers. Here is what Ana sent.—Steve Cocheo, executive editor and digital content manager

I began my banking career in 1974 as a translator in an international bank. Along the way, I became a translator of regulatory concepts.

From that first job I then worked as a teller and loan clerk in a credit union, managed unsecured and equity lending in a community bank, and eventually asked to become the security and compliance officer at that  same community bank.

Three banks later I am retiring as an Operational Risk Officer, leading a Risk Department that consists of a BSA Officer and a group of AML fraud analysts, a Compliance Officer, a Gramm-Leach-Bliley Act/Vendor Management Officer, and a Security Officer.

How much has changed!

From obscurity to essential protection

Change has swept every aspect of the job.

The year I graduated from high school the Truth in Lending Act and the Federal Reserve’s implementing rules came into effect. Today we have TRID, merging aspects of  Truth in Lending and the Real Estate Settlement Procedures Act, under the management of the Consumer Financial Protection Bureau. (The brainchild of one of my own state’s senators, actually, the former Harvard professor Elizabeth Warren.)

We—and our customers—have evolved from paper to paperless and from the desktop to mobile. Social media went from something few bankers understood to something that kept us up at night worrying about reputation risk,  to something more and more banks actually embrace—still with an eye towards compliance, of course.

After years of feeling left out, we compliance folk now have a seat at the table, something we once despaired of gaining. We can see the light after having been relegated to some out-of-the-way corner office. (If we were lucky!)

As the industry’s appreciation of the broad nature of risk in banking improved, the understanding of the roles of Compliance and Risk Management also matured. Many factors contributed to this expanding viewpoint. Increasingly, it has been accepted that Compliance and Risk Management is not just the responsibility of people with those terms in their titles —everyone plays a role.

Advice to the next generation

So, the regulations, banking, and the world have changed and the compliance profession has evolved, but I choose to think there remain a few basics that have stood the test of time:

• Knowing the regulations is not enough.

Be patient, be willing to get your hands dirty, learn bank operations and workflows.

Be a “blue-collar compliance person.” By that, I mean there is no substitute for knowing the guts of your institution and its functions. Understand core, teller, account opening, and loan origination systems (LOS). Learn to read a loan file. Understand where data resides and how it flows in your bank. Understand how to utilize that data for analysis, tracking transaction flow, and implementing fraud prevention.

In short, understanding how your bank works will serve you—and your bank—well. You'll be a better compliance and operational risk officer. And you will earn the respect of and establish great working relationships with your bank colleagues.

• Take the time to network.

I have made some great friends through networking.

Compliance is not a competitive sport. All banks are all subject to the same regulations and face similar challenges. We can help each other get the job done and fulfill the spirit of compliance as well as the letter of it.

Join your local compliance networking group. (Shout out to the Eastern MA Compliance Network!)

Do your research and ask your questions, and share your own expertise and experience. Help each other write comment letters, draft a joint comment letter, or request an opinion.

Work with your state bankers association, maintain contact with your examiners throughout the year, and volunteer with trade associations. You will learn a great deal, gain access to more extensive resources, make some great friendships, and become an even greater asset for your bank.

• Be a “yes person,” in the best sense.

Traditionally, compliance people are perceived as naysayers. Or as the ones who delay initiatives. Be creative and open-minded and work with the team to figure out how to achieve the goal, instead of telling them why it may not be possible.

Become involved early in bank initiatives, so you have time to effectively research compliance challenges and offer solutions—on schedule.

Educate your bank’s team about the compliance requirements or restrictions in each business area so you can work together to achieve a favorable conclusion.

Those contacts you've established through networking will come in handy when you need a quick, practical answer to keep things moving. Your operations experience will help you ask the right questions as you gain a clear understanding of how an initiative will really work, always important with disclosures and agreements.

A bit more advice

The points I’ve made will stand you in good stead, but there are a few more:

SMILE! Be patient, be detail-oriented, be well organized, and develop good writing skills.

Be ready to research and answer questions about issues you did not think were “compliance.”

But also know when to contact counsel.

Be a public speaker, trainer, and friend. What you bring to each relationship will not be one-sided. You will gain for what you give.

One final point: Don’t get lost in the regs. Ultimately, Compliance and Risk Management are people businesses, because banking is a people business.

I’ve been privileged to work with many fine people who happen to do compliance for a living. I’ve been star struck when working with the “gurus.” And I have been honored to participate on some great committees. 

Thank you all!

And thank you, Ana. SC