The Value of a Compliance Management System

A financial institution’s Compliance Management System (CMS) is the backbone of risk management and also acts as the pathway to success (or failure) when it comes to reviews, exams and audits. The CMS should cover all of an institution’s risk areas ranging from loan processes to customer/member complaints. A robust and comprehensive CMS helps ensure proper procedures are being followed, uncovers risks before potential issues arise and helps assure compliance with regulatory demands and requirements.

The CMS touches almost every department, from marketing to administration. The FDIC, just one of the regulatory bodies of several who evaluate the efficacy of a CMS, has provided guidance that a CMS is how financial institutions 1) learn about compliance responsibilities, 2) make sure employees know and understand compliance responsibilities, 3) review operations to ensure responsibilities are fulfilled and requirements met, 4) define risk areas and take corrective action and 5) update materials as needed.1

A CMS that has been implemented and functioning the way it is intended can save a financial institution from compliance failure and fines as well as a loss of reputation.

CMS Structure

Before examining preventative measures, let’s delve into what’s expected from a CMS. Although regulatory bodies are looking for the same general and overall components, emphasis can differ based on the scope of the audit or exam, the examiner, and of course the regulatory body doing the examination.

The FDIC presents three elements considered essential for an effective CMS.

Board and Management Oversight
It is imperative that the Board and Management be committed to compliance efforts. A culture of compliance encourages cross-enterprise support and is supported by a well-defined policy, clear expectations and a compliance officer with the authority to do what is necessary to keep the institution as free from risk as possible. This is often referred to as the “tone at the top”.

The Compliance Program
A strong compliance program includes policies, procedures, training and monitoring guidelines that are clearly stated and carried out. Response to consumer complaints is an integral part of the compliance program. The path for escalation and resolution should be adopted and consistently applied enterprise-wide.

The Compliance Audit

An independent review of how an institution adheres to internal policies and procedures, and how these policies and procedures comply with consumer protection laws and regulations, helps ensure compliance and identify risk.

The CFPB breaks a CMS into two main elements: Board and Management Oversight and the Compliance program. When reviewing a CMS, the CFPB examiners apply the following five modules.2

Module 1: Board and Management Oversight
Examiners focus on the Board and Management’s commitment to the CMS, change management, identifying risk and understanding its source and the ability to proactively identify risk and take corrective action.

Module 2: Compliance Program
A solid CMS includes a clearly defined compliance program that details policies and procedures, provides effective and relevant training, performs routine monitoring and audits and has a responsive customer/member complaint system in place.

Module 3: Service Provider Oversight
Financial institutions are responsible for their service providers. They must ensure service providers are in compliance with Federal standards to avert consumer harm and avoid liability.

Module 4: Violations of Law and Consumer Harm
If a violation is discovered, examiners will consider the cause, severity, duration and prevalence of the violation. Examiners will delve into the CMS to make sure it identified the issue and triggered the necessary corrective action.

Module 5: Examiner Conclusion and Wrap-up
No matter the institution’s risk profile, examiners will conclude by summarizing and recording their findings and identifying weak spots. They must also review their findings with the bank or credit unions and outline considerations for the following exam and/or any follow-up deemed necessary.

In a broader sense, like the FDIC and CFPB, other regulatory bodies’ examinations consider different components necessary for an effective CMS. But, on a more granular level, each cover similar topics, each nuanced by that body’s particular area of concern. For example, the CFPB’s Compliance Program includes policies and procedures, training, monitoring and/or audits and the consumer complaint process while the FDIC spreads these essential components over the Compliance Program and the Compliance Audit.

With almost every detail of a CMS requiring a host of supporting documents, processes, tools, controls and functions, it’s imperative for the compliance officer to ensure their institution’s CMS answers the needs of each regulatory body. Doing it alone can be overwhelming. That’s where Marquis can help.

CMS Development and Maintenance

Identifying risk and weak spots can be challenging when reviewing how a CMS is functioning and details can be missed if the right questions are not asked and evaluated. Enlisting the help of Marquis Compliance Professional Services will ensure your CMS will effectively manage risk, support compliance and prevent consumer harm. Here at Marquis, we are well versed in the ins and outs of building, refining, and maintaining an effective CMS and will apply this expertise to your compliance program. We get what each regulatory body is looking for.

Conclusion

With recent submissions barely in the rear-view mirror, focus on the risks of potential CMS shortcomings should be on the top of all our minds. Now is the time to refresh and update your CMS. With the help of partners like Marquis Compliance Professional Services, by the time submission season or your next Compliance Exam rolls around your CMS can be addressing the examination nuances of the FED, FDIC, OCC and CFPB.

1 FDIC.gov https://www.fdic.gov/regulations/resources/director/presentations/cms.pdf

2 CFPB https://files.consumerfinance.gov/f/documents/201708_cfpb_compliance-management-review_supervision-and-examination-manual.pdf

Leadership and Your Response to COVID-19

It is an uncharted time for all of us. We have experienced delays in our clients’ plans to conduct their scheduled marketing efforts and are fielding an array of questions from customers who are searching for leadership. We challenge you to be a voice of calm, reason, and leadership.

Here are some positioning ideas for you to use as you assist your customers/members with their plans over the next 90 days.

An overall strategic communications plan centers around three words: commitment, community, and connection. These words are not meant to be platitudes, but action items. Each is an opportunity to DEMONSTRATE what you are doing to be part of the solution and a leader in your market.

This is a time to focus less on automation and more on personal relationships. Automation cannot solve this marketing challenge, but it provides a personal interaction with your customers/members to listen and learn how the institution can assist the individual and the community. Here is a plan divided into 30-day segments.

Next 30 days. Most institutions reading this are often the centerpieces of the community. Your market will look to you for leadership. Marketers should be on the frontline of this effort and demonstrate to the community their institution is leading when it comes to community involvement, assistance, and sanity in this time of uncertainty. Now is NOT the time to send another email to remind customers/members to wash their hands, practice social distance, and avoid hoarding. Customers/members get plenty of that on a media outlet called everywhere. Nor is it the time for a generic message of “we are committed to the health and safety of our employees, customers/members, and community.” No kidding. These messages are meaningless and are already on the home page of thousands of businesses.

What are you DOING? Are you offering to run errands for elderly customers/members? Assisting local business by offering interest-free bridge loans in order to make payroll? Offering retail customers the option to skip an upcoming loan payment? You get my point. SHOW how you are an integral part of the community, providing connection to the market, and committed to its longevity.

This is not bragging. It is about reassuring the community the financial institution is a leader.

Next 60 days. We have already seen the Federal Reserve lower rates to near zero. Money is cheap. This move to make access to cash easier is only half of what is economically required to weather this storm. The government must encourage spending. We only spend when we are confident we have jobs. Washington has passed a massive stimulus package. This includes direct cash payments to citizens, small business payroll assistance, and tax deferrals. You should have messaging prepared around what this directly means to your customers/members. These messages should not be product based, but rather about what the stimulus means to them. The overall arc for the communications should be to connect the customer/member to the institution by (1) explaining what is happening from a local perspective, and (2) making common sense out of the news coming from Washington. Institutions should think hyper local. Highlight success and inspirational messages thereby connecting the institution to the community.

Next 90 days. By this time, we will see the stimulus kick in and the positive impact of social distancing. If our response to the virus goes as planned, we will reach the 10-week mark and we should return to “normal”.

What will be the next area of concern is the upending of small business and the impact it will have on the population. For reference, 99.9% of all businesses are considered small (less than 500 employees). This group employs 48% of the working population. And while the .01% of big business employ an equal number of citizens, there are millions of small businesses that feed their supply chain. In other words, we are all economically connected. The main difference is a small business most likely does not have the liquidity to sustain its operation, hence the stimulus packages. Again, consumer spending will be critical to the recovery.

From your perspective, the financial implications will no doubt be concerning. If a business cannot make payroll, an employee cannot make rent, and a landlord cannot make the mortgage payment. The messaging will need to focus on what your institution and the community are doing to encourage spending from the institution’s perspective – borrowing. Communications should focus on buying local, spending local, and promoting the successes within the community. Operationally, the institution should be well positioned (technology and staff) to provide lightening quick approvals, clear communication, and a welcoming 5-star environment.

Stay Safe & Prosper!