How Bank Compliance Teams Can Champion Micro-Innovation

Written by

Despite the compliance group’s reputation as a dream-crushing, idea-stomping wielder of power, they actually do want to help the rest of the bank succeed in delighting customers and clients.

It’s time to approach digital transformation as the new normal for banks. The best way to do that is to get compliance teams on board early — and the best way to accomplish that is by practicing micro-innovation. Micro-innovations are incremental changes that run parallel to proven processes, allowing nimble, modern organizations to try new approaches or strategies without sapping time and attention from what’s known to work.

Jeffery Kendall, the CEO of Nymbus and my colleague, says it best: “Modern organizations know that incremental innovation at a quick pace usually wins, compared to spending years developing a single product.”

The key for banks is to start talking with compliance when the bright idea is forming — not when the work is done. When teams are on the same page from the start, compliance can be an invaluable partner that can help balance risk throughout your micro-innovation strategy.

Align Teams From the Start
Start by including front-line staff and, yes, even compliance, when it’s time to set micro-innovations in motion. Long-tenured employees can be change generators. A recent study showed that the average American customer stays with the institution connected to their primary checking account for 14 years. Chances are, some of them have a relationship with tellers and lobby staff who understand their frustrations better than anyone and can bring these insights to the planning table.

Involving compliance from the outset can uncover what’s possible, rather than just reinforcing what can’t be done. By including compliance early, you can enliven achievable possibilities through micro-innovations. Start with monthly level-setting conversations and a deep dive into what projects and initiatives are on the horizon. Include teams in product development, sales, marketing and compliance so the bank is aligned on opportunities and goals from the start.

Find the Compliance Sweet Spot
Banks face a challenging operating environment; for compliance and risk, it’s also an opportunity to innovate. To support innovation in this landscape, compliance officers can ask themselves “How can we get where we want to go?” and “Where are the boundaries?”

In reality, most of a bank’s biggest processes, procedures and inefficiencies route through the risk compliance organizations at some point. This makes compliance staff natural advocates for change. Because they own the processes, empowered compliance officers are well positioned to understand nuance and identify opportunities for improvement and change.

Siya Vansia, chief brand and innovation officer at ConnectOne Bancorp in Englewood Cliffs, New Jersey, notes that when she stepped into her role, she “stopped hiring for innovation” and “started building internal advocates.” By working with compliance and others throughout the organization, Vansia creates a culture of innovation that looks for opportunities instead of tallying roadblocks.

With 70% of banks saying the Great Resignation has challenged their ability to carry out compliance requirements, some are considering unconventional hiring to fill jobs. As your institution prepares for 2023, prioritize retention and employee satisfaction to retain the talent you have on hand.

Digitize Progress, Not Inefficiencies
It can be tempting for banks to build an app and migrate longstanding inefficiencies onto a new digital platform. That’s a missed opportunity for positive change and customer loyalty.

“The future is about making banking better and connected, not simply having a cool app with a lot of features,” says Corey LeBlanc, cofounder and chief operating and chief technology officer of Fort Lauderdale, Florida-based Locality Bank.

As your institution identifies targets for micro-innovations, examine existing processes to ensure they still fit what your customers need and want. Look for opportunities to remove inefficient and cumbersome practices and simplify the customer experience. Even one or two steps in a process can add up over a customer journey; incremental improvements can have a significant impact on satisfaction. Compliance here can be a tool to identify inefficient processes. Leverage these same techniques to assess your people, resources and strategies. Start now with small changes that can have an innovative impact right away.

Your bank’s compliance office doesn’t have to be a “no” factory. Compliance teams can help banks build delightful experiences that matter to their customers — especially when they’re aligned on solving the problem from the start.

It can be daunting to assemble a 2023 strategic plan that hits the key performance indicators, solves the issues and makes digital a reality — all at once. So don’t. Instead, divide and conquer with micro-innovations that allow your institution to take small and mighty steps toward growth and change without delay.

Risk, Performance and Banking: What Really Matters

Written by

The goal of banks is to create financial stability and profit while building strong relationships with customers, employees and the community. What’s standing between your bank and that goal? Asking that question is the first step to finding out.

Banks measure performance in financial terms: they compare loan rates, customer growth and other key performance indicators (KPIs). But looking at performance in this way only shows how things are going, not why they are going that way or how performance could change in the coming weeks, months or years.

Understanding the “why” requires deeper analysis — an analysis that comes from enterprise risk management, or ERM. ERM is a system for managing risk holistically throughout a financial institution to create value. It’s about identifying, assessing, measuring, monitoring, mitigating and communicating risk — and using that information to build a stronger, more resilient institution.

Why should bank boards care about ERM?

1. Compliance Management. Compliance management is a huge concern for any bank. From federal and state consumer protection and privacy regulations to Bank Secrecy Act/anti-money laundering (BSA/AML) regulation, the number of regulations and the speed of regulatory change can be overwhelming.

Not only can non-compliance hurt individual consumers, it can damage a bank’s ability to offer the best-possible pricing, products and services. Failing to comply can result in costly enforcement actions, fines and lawsuits. It can also lead to limitations on growth.

Banks need to have a strong compliance management system, or CMS. This allows them to identify, measure, monitor and mitigate compliance risk. A CMS can also help banks respond more efficiently to regulatory changes by ensuring they implement changes while minimizing the cost of compliance.

2. Vendor Management. Third-party partners like including vendors, fintech partners and consultants can easily increase the potential risk to a bank or its customers. Data breaches can expose customer data. Outages can prevent customers from accessing the products and services they need. Mistakes can result in compliance violations and consumer harm. Automatic contract renewals can cause the bank to sign long-term contracts with unfavorable pricing.

Managing third-party risk requires a good vendor management program. It’s not just a regulatory requirement; it’s also a best practice. Not only can vendor management help a bank secure lower pricing, this required due diligence and monitoring helps banks identify vendor partners that could help the bank grow and thrive.

3. Findings Management. A bank needs to correct identified problems quickly. But it can be easy to lose track of these problems — whether they are self-identified, examiner or audit findings — with the demands of day-to-day responsibilities.

Every bank should have a findings management program that logs every finding, assigns it to someone responsible for remediation and tracks its remediation. This creates accountability that ensures that no finding is overlooked, whether it’s a consumer complaint, a weakness in a control, a vendor issue or a compliance violation.

Risk Performance Management for High-Performing Banks
Each of these three areas of ERM have the potential to hurt or enhance a bank’s performance. Done well, they can better control costs, strengthen the banks’ resilience and more quickly achieve the board’s strategic goals. One of the most effective ways for a bank to gauge its risk and performance is by leveraging expert solutions that provide the frameworks, tools and knowledge that executives and the board need to maximize the efficiency of the process. These solutions can also serve as an educational primer, showing banks what needs to be done and the best ways to do it efficiently, so the bank can follow a clear, well-informed path forward.

These solutions also make it easy to understand where the threats and opportunities are for an institution. This is especially important as banks try to keep pace with evolving technology and consumer expectations. Having the right risk management tools in place directs the executives and employees to quickly ask the right questions when evaluating new technologies, partners and strategies, and understand what those answers mean.

Whether it’s knowing how regulations impact a new product or service, or assessing the maturity of a vendor’s cybersecurity controls, good risk management means having more information sooner to make better decisions — and that leads to better performance.

Five Common Sense Board Oversight Techniques

Written by


oversight-4-3-17.pngIt seems that all of the banking industry is abuzz about the prospects of potential legislative changes and financial regulatory reform. It is anticipated that Representative Jeb Hensarling will propose Financial Choice Act 2.0, bringing broad and sweeping changes to banking laws and a great number of regulatory changes. While most of the industry supports these changes, it is unclear if any of them will ultimately become law. With uncertainty about whether change in regulatory oversight will be made, we suggest that banks take a look at the functioning of their constant regulator: the board.

Most bank board members would recoil at the notion that they are regulators. They correctly view their role as enhancing shareholder value, which includes setting the strategy for the bank. In some cases, it is a dynamic strategy. However, the oversight function of the board requires that board members serve as the bank’s primary line of regulatory oversight. The board needs to ensure that the bank not only has reasonable programs in place designed to promote compliance with laws and regulations, but also that the bank is appropriately implementing the strategic plan adopted by the board. With that in mind, we believe bank boards can improve their oversight function by adopting some of the key proposals under discussion for regulatory reform.

  1. Adopt a limited number of key principles: A board’s primary guidance to management—the strategic plan—should set forth high level requirements for the direction of the bank. Developing a detailed operational plan at the board level, or attempting to co-manage the bank along with officers, is frequently counterproductive and causes management to spend too much of its time complying with the board’s requirements rather than building value in the business.
  2. Tailor oversight to the size and complexity of the institution: It is critical that the board’s oversight function evolve as the business model and the growth of the bank does. While we sometimes see boards impose requirements on management that are overly complex and burdensome, it is more common that boards fail to evolve their oversight as the bank grows and becomes more complex. This issue is particularly prevalent among fast-growing, acquisitive banks. Boards sometimes take the same approach to compliance and regulatory oversight as they did when the bank operated in a single community with a small number of conventional products.
  3. Eliminate concentrations of power: Just as many bankers find the unchecked power and single director structure of the Consumer Financial Protection Bureau objectionable, concentrating too much power in one or two directors can also be destructive for a bank. Among the bank failures we saw, a disproportionate number relied on the oversight and guidance of a single dominant director. A properly functioning board should foster discussion and debate among directors with diverse business backgrounds, risk tolerances, and points of view. Moreover, directors should feel accountable to each other and to shareholders.
  4. Eliminate useless reporting: Just as bankers seek to streamline regulatory reporting, board reports should be streamlined as well. When was the last time your board had a discussion about the usefulness of the various reports received at each board meeting? There is a terrible opportunity cost to having some of the best minds in the bank prepare reports that do not provide actionable information or, even worse, are ignored by board members. Boards should periodically discuss which reports are no longer helpful, and also, which types of additional reports might be beneficial as the business model of the bank evolves.
  5. Provide timely feedback: One of the less publicized provisions of the Financial Choice Act is a requirement for timely delivery of regulatory exams. Boards should adopt this policy as well with regard to key board actions and feedback to senior management. A concern raised in a board or committee meeting without timely resolution by the board can leave management in limbo, afraid to make any decision that might ultimately be deemed by the board to be a bad one. If the board’s oversight function raises a concern, boards should work to resolve the concern and take any necessary action as quickly as possible in order to allow management to move forward.

In a deregulatory environment, it may seem strange that attorneys would suggest that boards likewise streamline their oversight function. However, it is our belief that reducing regulation is not nearly as important as improving the effectiveness and efficiency of regulation. By focusing the board’s oversight function on monitoring the key risks of the bank in an efficient manner, board members will create more time to focus on developing effective strategy, and for their management teams to focus on building value for the bank. Thoughtful board oversight is as important as regulatory relief for the industry, if not more so.

M&A: Avoiding Compliance Sinkholes

Written by


11-11-13-Moss-Adams.pngWith interest rates on loans at an all-time low and fee income significantly diminished as a result of a new focus on consumer protections, many banks, credit unions and other financial services companies are looking to acquisitions to supply needed growth in balance sheets and income sources. But along with acquisitions come many potential regulatory pitfalls, including consumer protection risks.

Without appropriate levels of due diligence, your bank could end up with a number of hidden compliance nightmares, such as violations of the Truth in Lending Act, Real Estate Settlement Procedures Act, or flood insurance rules that result in consumer restitution, fines or civil monetary penalty assessments from your banking regulator.

Here are a few key compliance considerations to keep in mind during your preliminary evaluation of an acquisition target. Think about these things well before seeking approval of the acquisition from regulators and shareholders.

Institutional History

Has the acquisition target historically had regulatory issues? Be sure to check for published enforcement actions regarding products, services or practices that may affect the combined institution’s compliance and reputational profile. Don’t forget to use simple Internet searches, including social media outlets, through readily available search engines. You might be surprised by the results of your searches.

Compliance Management

Does the acquisition target have a well-run compliance management system? Include an evaluation of key compliance management components in your due diligence. Always consider risk assessments, policies, monitoring schedules, training, and complaint-management practices. Is the institution’s program comprehensive? Is reporting to the board regarding program activities concise and detailed? Are issues reported and resolved in a timely manner?

Third-Party Service Providers

Does the acquisition target offer a large inventory of consumer products, and does it use third-party service providers to sell and deliver some or all of those products? With consumer products come a variety of laws, rules and regulatory expectations regarding consumer protection. Significant levels of risk may reside in third-party relationships the institution has developed to sell and service consumer products.

Evaluate management’s assessment of risks associated with service providers and the strength of the institution’s vendor management program as well as key provisions of contracts, including recourse related to noncompliance. Allocating time in this area could help prevent significant issues after a transaction has been completed.

Product Sets and Features

Does the target institution have multiple deposit and lending products with complex features? Conversion of products is a significant risk factor related to consumer compliance. The more complex features become, the more challenging converting accounts and providing accurate disclosures will be.

Stories of failed customer account conversions and public relations disasters are all too common. Address details regarding conversion of products as early as possible in acquisition planning. Include consideration of required timing of consumer disclosures and alternatives for accommodating customers when eliminating or adding key products and services.

Post-Conversion Compliance Activities

How will the acquisition affect your current compliance management activities? How will your institution ensure appropriate staffing is maintained in the compliance function after the merger is complete?

Compliance management activities change considerably in the months following an acquisition or merger. Besides the fact the merged institution will have an expanded customer and employee base, there are a number of factors that affect the personnel requirements after a merger, including heightened customer service activities, monitoring new employees and changes in procedures and processes.

Budget significant time for your compliance department to review consumer disclosures, particularly periodic statements, after conversion of the acquired institution’s accounts. For example, are interest accruals correct and in accordance with the contractual requirements of the loan or deposit account agreement? Are payments being applied as originally disclosed and properly allocated between interest and principal? Are Web sites and mobile applications functioning as planned and are consumer disclosures accurate?

Also plan an increased budget for compliance training. It should be tailored and conducted in person with new staff regarding key regulatory requirements and your institution’s procedures regarding handling of customer inquiries, complaints and other important aspects of your compliance program.

Conclusion

In the push for new revenue, it can be easy to see acquisitions as the path of least resistance, especially as other financial levers (fees and loan interest rates) cease to be as powerful as they once were. But clearly, for those who haven’t taken the time and care to evaluate the details well ahead of time, taking the plunge with another institution is fraught with risk. Only by performing sure-eyed due diligence can you hope to make the combination a happy marriage.