ICS Compliance has one mission, which is to help the banking and financial services industry manage its risk in today’s challenging and rapidly changing environment. The 14-year-old firm, which is headquartered in New York and has offices in 17 cities across the United States, employs more than 150 risk management experts whose specialties include compliance, internal audit, and credit risk management. Recently, Bank Director spoke with CEO John F. White about the importance of having a strong risk management program, and how it benefits the bank.

What are the most pressing regulatory concerns today?

Whenever you have the kinds of problems in the industry that we’ve had over the last couple of years, Washington wants to regulate with a strong hand, just like the Sarbanes-Oxley Act nine years ago. So the most pressing regulatory concern is that banks maintain a comprehensive risk management program in accordance with the CAMELS Ratings (Capital adequacy, Asset quality, Management, Earnings, Liquidity, and Sensitivity to market). Strong risk management, which includes compliance, internal audit, and credit review programs, will help banks get high ratings in these areas, which in turn will help them maintain a high level of profitability.

What should banks be doing now in terms of risk management?

Banks must implement a comprehensive risk management program, consisting of a compliance program that includes BSA/AML and manages all of the evolving regulatory rules and regulations; an internal audit program that evaluates the effectiveness of the control environment; and a credit review program that monitors asset quality and assures that all loans are being reviewed and rated properly in a timely manner. If a bank has a strong risk management program in place it’s not only less likely to be criticized, but it’s also going to achieve higher earnings and stronger capital.

As the industry’s regulatory burden increases, what’s the key to having an effective compliance program?

It’s crucial that management and the board keep themselves up to date on all the new regulatory requirements and that they allocate the necessary resources to managing compliance risk. You have to have experienced people who understand compliance and BSA/AML. You need to have the right systems and processes in place so that you’re getting all the information you need to manage the risk properly. Regulatory compliance can be especially challenging for small banks that can’t afford to build the necessary infrastructure to manage compliance risk effectively. But they can still accomplish that without making a costly investment by partnering with the support of a qualified vendor that understands the rules and regulations and knows how to establish a strong risk management program. The regulators are very comfortable with this approach. They are less concerned about how it gets done than with the fact that it is getting done.

What is the board’s role from a governance perspective when it comes to risk management?

The board is not responsible for day-to-day management of the bank, but it is responsible for oversight and protecting the interests of the shareholders. The bank has to have written compliance, internal audit, and credit review programs in place; the board has to approve them. The board also has to make sure that the bank has qualified compliance, audit, and credit review officers in place, and if the bank isn’t going to manage all facets of the program itself, the board has to ensure that a qualified vendor has been selected to work closely with the officers. Finally, the board must ensure that appropriate and timely corrective actions are being taken in response to regulatory examinations and audit findings.

John White