If you’ve ever observed a house being built, you’ve no doubt been struck by the way that millions of details must all come together to form a habitable dwelling. One board out of place or a line that’s not level can wreak havoc and doom a structure that may have stood for centuries. An overlooked element can mean the difference between passing or failing a required inspection. The devil, as they say, is in the details.
Similarly, details are the devils of the compliance realm. There are literally tens of thousands of details to consider in ensuring compliance. Just like building a house, it takes careful design and planning, timely and well-coordinated execution and attention to detail to build an effective compliance program. Just as building codes dictate there is a right way to build a house—there is a right way to build a compliance program and passing examinations means making sure your program is up to code.
I’ve been privileged to work alongside some of the industry’s finest minds during my career as a banker, examiner and consultant. Together, we’ve observed common themes among compliance programs that succeed and those that don’t. So, what do the most effective programs have in common? How are they similar to construction projects?
They have a blueprint, a foundation, and a framework—ensuring consistency across the organization and all regulatory requirements.
When contractors (or board members) are charged with oversight, if a clear blueprint is not in place from the beginning, it can be difficult to keep up with change. Remember the wise adage “measure twice, cut once?” With a daunting number of compliance details and no strategic plan, it’s easy to fall into the trap of having a series of tasks but no one looking at the big picture, thus compromising the program.
When designing a compliance program blueprint, it’s important to identify different types of risk: credit, operational, market, legal and reputational. However, risks do not occur independently from each other. Most activities encompass all risks in some form or fashion. For this reason, regulators are starting to take a holistic approach in their examinations. They want to break down the silo perception of risk—because risks rarely fit into just one bucket or another. Since oversight is integral to a financial institution’s overall success, board members need to be sure that everyone is doing their part to ensure that the blueprint is being followed.
A durable building starts with a sound foundation, designed to prevent structural risks. Periodic maintenance is required to ensure that the structure does not become compromised. If flaws are noted, they must be addressed to prevent further deterioration.
In the world of compliance, a sound foundation is built by establishing a chain of responsibility and a standardization of process. Maintenance, in the form of periodic reports, ensures that the program does not become compromised and any weaknesses are addressed. A defined hierarchy of accountability and standardization increases visibility, minimizes risk exposure and ensures an institution is running efficiently.
After the foundation is laid, four walls and roof are constructed to ensure a sturdy building. On top of the compliance program’s foundation of accountability and standards, a well designed controls environment needs to be built. The “building code” for this framework includes risk assessments, policies, procedures, monitoring and audits.
Well-run compliance programs incorporate these controls across all key areas of compliance oversight. By focusing on what’s the same about every implementation (i.e., the process, the blueprint, the framework, the controls) an institution can cut its overall workload, costs and frustrations for the compliance program.
How can you inspect a structure, or your compliance program, in the absence of the foundation and framework? Without standards for building foundations, they'd collapse, crack with frost, fail to shed water, be unable to bear the necessary weight, etc. It takes a plan, the blueprint, to lay the foundation and build the framework providing the well-run compliance program an accountable standard. Built to this standard, we can evaluate adherence and gain comfort knowing that things were done right.
Using lessons learned from the construction industry, financial institutions can maintain compliance accuracy, efficiency and effectiveness. Applying these principles, you can administer your compliance program with less worry, less conflict and at a lower cost than traditional methods will allow. In our next installment in this series, we’ll discuss how to maintain your compliance “house” through effective reporting and oversight.