Trimming the Compliance Burden

As compliance costs and hassles mount, banks are searching for ways to improve efficiency. Some are more successful than others.

In a study of $2 billion asset credit unions by Cornerstone Advisors, a Scottsdale, Arizona-based consultant, the biggest spender devoted 107 basis points of assets, the equivalent of more than $21 million, to compliance. In contrast, the thriftiest of the bunch spent just 29 basis points, or less than $6 million on the same tasks. (The median institution devoted 0.54 percent of its total assets to compliance staff and expenses.)

Cornerstone Senior Director Vincent Hui figures the range is about the same for banks. What could your institution do with that $15 million in savings?

“Compliance is driven more by effectiveness than efficiency,” says Hui, a regulatory consultant. “But you want to strike the right balance between the two or else you’ll be at a competitive disadvantage.”

Effectiveness and efficiency aren’t mutually exclusive, but sometimes it can feel that way. Big banks receive roughly 200 regulatory updates-from state and federal banking agencies, the Securities and Exchange Commission and others-per day, according to Thomson Reuters. For smaller banks, consultants say, the figure is in the dozens.

It’s easy to miss something, and even easier to engage in overkill. Things are moving quickly and no two institutions’ products, markets and risk appetites are exactly alike, making specific compliance best practices tough to peg.

Boards can help rein in costs by demanding better measurement. “Compliance is often the only department in the bank where the board doesn’t see any reports that include dollars and cents,” says Pamela Perdue, executive vice president and chief regulatory officer for Continuity Control, a New Haven, Connecticut-based regulatory technology firm.

“Banks need to measure compliance performance the same way they measure financial performance,” Perdue says. “Directors should ask management, ‘How much are we spending on compliance and how can we do better?’”

Benchmarking against peers with similar compliance issues, and then discussing with management, is one way to drive improvement. With a little study and thought, smart boards find that building a more-efficient compliance shop doesn’t have to be rocket science. It does, however, require smart people, good leadership and training, and the right blend of technology and process. Here are some of the things that appear to work.

Automate
Most banks now use technology to help manage the steady flow of documentation flowing in, out and around their institutions. “The volume and velocity of regulatory change is so tremendous, traditional methods can’t keep up,” Perdue says.

Jeri Hewitt, vice president and compliance officer at $1.5 billion asset Emprise Bank in Wichita, Kansas, has worked in bank compliance for nearly 30 years. Until recently, “we were using spreadsheets and email to get things done, and I would spend a lot of time reading through regulations and outlining implementations,” she recalls.

Four years ago, Emprise hired Continuity to help automate that paper trail and interpret the growing mountain of regulatory updates. Continuity’s cloud-based compliance management system prompts branch employees to provide required information and upload documentation, and then generates required reports.

The firm also has a staff of about 20 regulatory experts who analyze the latest federal pronouncements and customize implementation based on the bank’s profile. (It doesn’t track state updates, however.) “If [the update] is about payday loans and the bank doesn’t offer payday loans, you never see it,” Perdue says.

Perdue says she’s seen banks shave as much as $150,000 from compliance expenses through automation. Hewitt thinks of it more as a break-even proposition: It costs money to subscribe to a regtech firm’s services, but “I wouldn’t have been able to manage implementing all those new regulatory requirements without adding staff if we hadn’t automated things,” Hewitt says.

Manage Vendors
Continuity is among a growing cadre of “regtech” firms-including the likes of Quarule and Trulioo-that blend new big data capabilities and automation with expertise to help banks control compliance costs. They compete with compliance offerings from core vendors, such as FIS, and big technology companies like IBM, which in November acquired Promontory Financial Group, a large regulatory consultancy.

Hui says it’s important for banks to manage third-party relationships, whether they are regtech vendors or others who simply have to comply with banking regulations. He tells of one bank client whose vendor missed the final 2015 implementation date for the Consumer Financial Protection Bureau (CFPB)’s TILA-RESPA Integrated Disclosure Rule, forcing the institution to temporarily halt some home-equity lending, losing revenue.

Smart banks meet with vendors quarterly to ensure they are keeping pace with regulatory changes. Having business-line representatives in those meetings can be especially useful for ensuring that important product-related developments are flagged.

“It’s both a cost and a revenue issue,” Hui says. “You need to hold their feet to the fire to make sure the necessary controls and functionality are implemented on time.”

Eliminate Redundancies
Technology can help boost efficiency, but process is equally important. One buzz phrase uttered often in the world of compliance is “checkers checking checkers checking checkers”-a nod to the redundancies many banks have built into their processes, due to silos or other internal roadblocks.

Hui offers the simple example of a mortgage loan that is subject to pretty much the exact same review in the processing, pre-closing and post-closing stages. “You’ll have people looking at the same loan file three times. Each department believes it’s doing the right thing from a quality assurance perspective,” he says, “but it’s inefficient for the organization.”

Attacking such redundancies by implementing controls that cut across all departments can save money. In the above example, for instance, one complete review might be done pre-closing, with the other two groups pulling a 10 percent sample.

Get Cultural Buy-In
Getting the buy-in needed for these kinds of changes often takes some prodding from the top, as well as training. Boards can help set the right tone at the top by positioning compliance as an opportunity to enhance the bottom line.

“You want compliance viewed not as a cost center, but as a cost-reduction center,” says Paul Osborne, a regulatory partner at Crowe Horwath, a Chicago-based accounting and consulting firm. “You don’t want people introducing a product or service without thinking through the compliance ramifications first.”

Osborne says the most efficient banks gently imbed compliance at the business-line level, incorporating compliance measures into incentive compensation or making it part of employee reviews. Avoiding missteps that could lead to fines and losses is easiest when everyone is part of the effort and communicates. He gives the example of a consumer-lending group that decides to offer home-equity lines of credit with lower fees or rates than the mortgage department.

“You might get a complaint from the CFPB, asking why two customers are getting different deals. It’s a fair-lending issue,” he explains. If the two units were on the same compliance page, such an incident would never happen.

Don’t Strive for Perfection
You want to be as accurate as possible, of course, but the trade-off between effectiveness and efficiency encourages compromise. “We can’t be perfect on everything,” Hewitt says. Nor should banks try. Compliance spending is a game of diminishing marginal returns, and a bank could go broke aspiring to eliminate all risks and mistakes.

Perdue says most banks she works with “go for a gentleman’s C,” and don’t try to get every single thing right. “If you go for a high mark the first time through, you’ll be overspending and stressing yourself out,” she says. What’s important is to learn from your mistakes and not repeat them next time around.