A heightened regulatory environment is here to stay, that much seems clear. So how are banks and bank management teams coping?
They are hiring more employees, buying software, scrutinizing vendors for compliance and focusing more and more on the business of complying with regulations, in addition to running the bank. Preston Kennedy, the CEO of $200 million asset Bank of Zachary, in Zachary, Louisiana, says he spends one-third of his time on compliance and regulations. “The regulations are now the table stakes,’’ he says. “If you want to go outside in the winter, you have to wear a coat. If you want to be a banker, you have to abide by a lot of regulations. ”
The following is a list of ways in which banks are coping with increased regulations.
Hiring a Chief Compliance Officer or Chief Risk Officer
Previously the domain of the largest banks, even small banks are hiring chief risk officers or chief compliance officers. In Bank Director’s 2015 Risk Practices Survey, 71 percent of respondents from banks below $1 billion in assets had a chief risk officer. So, too, did 92 percent of respondents from banks with $1 billion to $5 billion in assets. Bank of Zachary, despite its small size, has both a compliance officer and a recently hired chief risk officer, who reports directly to the CEO and the board of directors.
Buying Compliance Software or Getting Outside Advice
Banks also are turning to software vendors, core processors and outside consultants such as Fiserv, FIS, Computer Services, Inc. and DH Corp. to help manage compliance. “We are definitely seeing more indications that banks are relying on software more in all different areas,” says Christine Pratt, a senior analyst at financial services research firm Aite Group. Bank of Zachary just purchased a $35,000 program from Continuity to keep track of new regulations that will impact the bank, and help the bank document its compliance. Proper documentation is key because banks have to prove to regulators that they are in compliance. “In order to run a $200 million bank in suburban Louisiana, we have to rely on a company that is hardwired to the government to keep up with this pipeline of new regulations,’’ Kennedy says. “It’s absolutely ridiculous but it’s the task that we have.”
Banks are shifting away from handling compliance after the fact and moving toward incorporating compliance into many of their basic business processes, says Jamie van der Hagen, director of consumer lending for Wolters Kluwer Financial & Compliance Services, which sells regulatory consulting services and compliance software to banks. For example, instead of giving out loans and then checking to see if they meet fair lending standards, banks increasingly incorporate fair lending standards into the process of making loans. “Proactive compliance efforts, through automated testing for example, help banks validate their entire portfolio of products and accounts and identify potential compliance issues before they become a problem,’’ says van der Hagen. “Finding and addressing these possible compliance issues can have a positive impact on the bottom line by enabling institutions to identify loans that qualify for CRA credits and other premiums that can help them improve their overall bottom line.”
Starting to Prepare in Advance of Knowing the Final Rules
Banks are finding they have less time than in prior years to adjust after a rule is finalized and goes into effect. That means they have to prepare even as the rules are in the proposal stage. “They don’t have the time anymore to wait for the rule to be formulated,” says Pratt. “Banks have told me they’re writing two different versions of software [to prepare ahead of time]. That’s incredibly expensive.” Alternatively, vendors should help with the process of updating software on time.
Scrutinizing Vendors for Compliance
Regulators are increasingly emphasizing that banks are responsible for the missteps of their vendors on pretty much every law or regulation, including fair lending, debt collection or unfair consumer practices. The New York State Department of Financial Services, the state’s banking regulator, recently surveyed banks to determine their oversight of vendors for cybersecurity, as it is preparing new regulations on how banks should monitor third party vendors. Managing a bank’s vendors for compliance is a complex process, but there are general guidelines to getting it right.
However much of a burden it feels, bank management teams and boards know that they have to comply with regulations to stay in business. Managing the pace of regulatory change and keeping the bank out of the crosshairs of regulatory fines and punitive enforcement actions has become a core responsibility of the bank’s management team. “The pace of regulatory change has really increased in the last 10 years and there is no indication that it is going to go down,’’ says van der Hagen.