Federal and state regulatory enforcement actions and unprecedented fines for alleged fraud—fraud that apparently originated with sales incentive compensation plans—have left bank executive management teams and boards wondering if the same thing could be happening at their institutions. These concerns are shared by banking regulators, as evidenced by the flurry of activity, including testimonies, speeches and information requests, in the fourth quarter of 2016.
Given the huge media attention to one bank’s alleged misdeeds, bank executive management teams and boards are wondering if the same thing could be happening at their institutions.
Excessive risk-taking, without proper risk management and controls, often has been cited as one of the root causes of the recession that begin in late 2007. Progress certainly has been made since the financial crisis, particularly in fostering a healthy compliance culture, committing to effective risk management and governance, and improving how customers are treated. However, the issues associated with sales and incentive plans have thrust these concerns back into the open to be scrutinized by the public, policymakers, law enforcement and regulatory agencies.
The 2010 Guidance on Sound Incentive Compensation Policies
In June 2010, the Office of the Comptroller of the Currency (OCC), the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and the Office of Thrift Supervision published their final Guidance on Sound Incentive Compensation Policies in the Federal Register. The guidance applies to all banking organizations supervised by the OCC, the FDIC and the Federal Reserve, regardless of the size of banking organization.
The guidance is based upon three key principles about incentive compensation arrangements, namely that they should:
- Provide employees with incentives that appropriately balance risk and financial results in a manner that does not encourage employees to expose their organizations to imprudent risks.
- Be compatible with effective controls and risk management.
- Be supported by strong corporate governance, including active and effective oversight by the banking organization’s board of directors.
The guidance, as well as other similarly focused rulemaking activities, clearly indicates that incentive-based compensation arrangements now are under the microscope. Every bank should review its incentive-based compensation arrangements to make sure they are in compliance with the applicable regulations.
What’s My Exposure?
Bank executives and directors who are trying to determine their entity’s exposure related to sales incentive programs need their bank to undergo a risk assessment focused on common activities that are aligned to their bank’s sales incentive practices. If the assessment reveals problems with improper behavior, the bank then must determine its level of exposure.
A comprehensive approach to assessing exposure should encompass the following high-level areas and analyze associated data at a level sufficient to identify whether improper behaviors are occurring:
- Review accounts, products and services offered to consumers or small businesses through all channels (including branches, phone, internet and private banking).
- Analyze incentive program payments by product or service provided.
- Consider noncash incentive programs.
- Ensure reports are issued by internal audit, front-line self-assessments or an external party that cover sales practices or account opening or closing procedures.
- Establish policies, procedures and reports of concerns with sales practices or account opening or closing procedures resulting from employee terminations or exit interviews, whistleblower or ethics hotlines or consumer complaints.
- Develop training program materials for employees who sell products and services.
- Institute policies, procedures and detection controls specific to account opening and closing metrics.
It is important that assessment and data analysis activities include third-party risk management programs to identify and effectively manage risks related to third parties that are involved in opening and maintaining customer accounts.
In addition, banks should consider performing culture assessments to determine if there are conflicting elements or subcultures that are misaligned. Many banks change their cultures by sequentially aligning strategies, structures, processes, rewards and people practices.
With assessment information in hand, executives and boards are better able to make informed decisions and take appropriate actions necessary to help protect the bank and its customers. Depending on the assessment results, the bank then might need to take the following steps to mitigate the risk:
- Further investigate the areas for which the exposure assessment identifies improper behavior or potential fraud.
- Test the design and operating effectiveness of existing controls to prevent and detect account origination, servicing and termination fraud as well as unfair, deceptive, or abusive acts and practices (UDAAP) within the sales process.
- Develop and implement new controls within the sales, account origination, servicing and termination processes.
- Review incentive compensation plans and their governance processes.
- If necessary, reshape overall compensation plans to eliminate incentives that could lead to a higher likelihood of fraud and undue risk-taking.
- Design and implement systems or functions to identify, measure, monitor and control risk-taking and standards of behavior.