Compliance management keeps evolving

A combination of increasing pace of industry change, more intense examinations, demands for greater agility, addition of a regulatory view beyond traditional hard lines, and increasing complexity drives an evolution in the compliance department job description.

Today’s compliance officer increasingly does not look like the traditional regulatory expert, but a multitasker. Speaking on a panel at the recent American Bankers Association Regulatory Compliance Conference, Cara James, senior vice-president and director of group compliance, Arvest Bank, said that compliance officers must now have tactical, conceptual, and strategic skills.

“You have to have all this to be successful,” said James. “And yet we still have to have people who are able to sit at a desk for half a day to study a regulation—and are willing to do that.”

Communications skills rank higher than ever, James said. “You have to be able to influence and persuade people. You won’t be successful in compliance if you don’t develop interpersonal skills.”

Beyond this, said James, compliance officers need to be resilient. As all of banking has become more challenging, compliance officers sit between regulators on one hand and fellow bankers from business lines and management who increasingly speak in terms of “agility.” Compliance officers need to balance their regulatory duties on the bank’s behalf against the need to be responsive to business lines attempting to remain competitive or even lead their specialties in the market.

“Not everybody has resiliency,” said James. “You need to see this work as energizing, not overwhleming and not intimidating.”

She added, to the laughter of a sympathetic audience, “maybe not every day, but most days.”

Part of that resiliency, said James, entails developing a thick skin and becoming solutions oriented.

And that means moving further away from the traditional comfort zone of being the regulatory interpreter. A prime example concerns technology.

“There’s no way around technology today,” said James. With increasing use of technology to serve customers, and more and more fintech competition, this is a must. “For those of you who are not comfortable with technology, I would say that it is very appropriate to become involved.”

James herself sits on an internal technology committee at Arvest. She says she has found it helpful in understanding issues, and becoming part of the team—avoiding the perception of being a “barrier.”

Department of getting things done

Panelists acknowledged the old saw about compliance being the “Department of No.” Perhaps now the battle is to avoid the label of being the “Department of Slow.”

“Business units say we can’t say ‘yes’ fast enough, even when we have the capability to say so,” said Kathryn Reimann, managing director and chief compliance officer for global consumer banking, Citibank N.A. “There’s a preconceived notion that Compliance can’t do this.” Business units speak of “agility,” but doubt that compliance can keep up.

Reimann’s answer has been to embed compliance people in units that require such fast action and input. She puts it to the business unit—how many seats can you provide in your space for dedicated compliance people? (This is discussed in more depth in “Banking, compliance, and “fintegration”) 

“And I put people in those seats,” she said. She recruits people with a bent towards technology for such positions, and has worked to make this a career development step.

“In this job, you really have the ability to effect change,” added Reimann.

But she also sees a closer relationship with agile business units as a two-way affair. The units have much data on their hands that she believes can be re-purposed as compliance-oriented metrics. This can help in managing compliance responses and balancing of resources.

If a compliance department does not develop better connections with business units, especially those in fast-moving areas, “you begin to look like a barrier,” said Reimann.

Tap the new generation’s smarts

Noting how many college graduates lack jobs, Reimann suggested that with the growing need for compliance expertise, there is a natural connection. She also pointed to the much-discussed desire on the part of millennials—regarded as tech savvy and bright—to be part of something that does good for people.

Reimann suggested, as an example, that work in fair-lending compliance can be presented not so much as a regulatory position, but as an opportunity to help ensure that people are treated fairly in their access to financial services.

“What we do fits in with their social conscience,” said Reimann.

Ultimately, panelists said, fairness delivered through compliance fits into the growing adoption of the concept of the customer being the center of things.

A positive spin on compliance like that can help get the job done, suggested Richard Harvey, Jr., senior vice-president and chief compliance officer, Colonials Savings, F.A.

“It can’t just be about fear,” said Harvey. That used to be the compliance department’s leverage, he said, but now the better way is to portray compliance as the path to getting things done.

“Compliance can’t just be Chicken Little anymore,” said Arvest’s James. “You can’t just act like everything that happens is a 10 [as on the Richter scale]. You lose credibility when you do, because people know that not everything is a 10.”

Meanwhile, back in the trenches

While panelists spoke of the work of cooperating with business units, Compliance faces its own direct challenges in the form of increasingly intense examinations.

One element seen especially by larger banks represented on the panel is increasingly heavy demands for data from examiners.

The norm in examinations traditionally was random sampling to check the details in a limited number of cases, often to prove the efficacy of the bank’s compliance approach. Now, the norm more resembles “data mining,” in the words of panelist John Krenitsky, chief compliance officer, Discover Financial Services.

Even at Colonial, a smaller institution, the feeling of ongoing examination is strong. “The intensity of exams has built up,” says Harvey. “Now I’m in continuous exam mode.”

Citi, as large as it is, has long had resident examiners who are there all the time, including a resident team from the CFPB, Reimann noted. But even at Citi, intensity is increasing.

Reimann explained that now additional examiners have been showing up from outside of the regular teams, bringing specialized knowledge with them. She said both the Federal Reserve and the Comptroller’s Office have been sending “guest examiners.” She believes that in time these specialists will be learning from their cross-institution exposure, and sharing what they learn with other examiners.

One benefit that she predicted is that “we’ll see more consistency in the types of exams we’re facing.”

However, predictions of fewer exams—though more intense—have not come to pass, said Reimann. The reasoning had been that this would happen because of shifts in examination policy and the entry of CFPB, including its assumption of areas previously handled by prudential regulators.

As it turns out, according to Reimann, “all of our regulators are looking at all issues.” So there’s been no appreciable change in examination frequency, but they have become more intensive.

Compliance management structure

The “three lines of defense” approach—very regimented among larger banks, but also catching on in some ways among smaller banks—has become an industry standard. In this scheme, the business unit is the first line of defense against risk and compliance error; the Compliance function is part of the second line of defense; and Internal Audit is the final bastion. The conference featured separate sessions for large banks and small ones devoted to the principles and practice of the three lines strategy.

Related to this is the emphasis by regulators, especially CFPB and OCC, on compliance management systems.

Reimann noted that in her recent experience, examiners want to get a firm understanding of how well each line does its job on its own and in relation to the others. There’s an expectation that the first line is testing itself to be sure it complies, and that the second line is acting to correct what the first line isn’t catching.

The reality, she said, is that “testers testing the testers” is coming to be a reality. This can strain resources, she said, so Compliance must work to avoid redundancies where that is possible.

“Although,” she said, “in a high-risk area, a bit of redundancy is necessary.”

Cara James said that exam teams have met with multiple lines at a time in order to observe the dynamics between them. She advised listeners to be prepared to demonstrate how well the relationships work.

Strap yourself in for a bumpy ride

Moderator Ryan Rasske, senior vice-president, risk and compliance markets, at ABA, asked the panel if they thought the pendulum of regulation would swing back towards an easier experience at some near point.

Panelists doubted it.

“I think somebody caught the pendulum,” said Reimann, “and is holding it in place.”