Five Elements of a Successful Compliance Culture

April 29, 2013 at 7:43 am Leave a comment

Ever since I started delving into compliance as part of my work in the industry, I’ve noticed a dichotomy between the importance of compliance and the respect it is given within the industry as a whole.  Let’s face it, compliance is considered a necessary evil and the less time employees have to spend at it, the argument goes, the more time they can devote to making loans, figuring out good investments, and opening accounts.  In other words, doing the things that attracted individuals to banking in the first place.

A recent speech by Carolyn G. DuChene, the Deputy Comptroller for Operational Risk at the OCC, articulates why this cultural firewall between compliance on one side and everything else your credit union does on the other is so misguided:  you can be in technical compliance with every regulation, but unless your board of directors understands that, what she describes as your organization’s risk culture,  must penetrate the entire organization, you’re leaving yourself vulnerable to the type of mistakes that will get your credit union in trouble.  Even though she’s talking about commercial banks, what I like so much about the speech is that she identifies intangibles over which examiners have very little control.  Much of what she says translates easily to the credit union framework.

So what are the five E’s of an effective risk management culture?

  • Enterprise — credit unions come in all shapes and sizes.  But the bottom line is to effectively manage risk you need employees and directors who understand how the credit union and its products are structured.  For example, if you have a CUSO, are there people who understand the impact that its services could have on your bottom line?  Let’s say you use vendors to offer certain types of financial products.  Are there employees responsible for understanding these products?  A successful compliance culture doesn’t start simply with implementing the regulations, but instead starts with understanding the vulnerabilities of your organization.
  • Ethics — this is my favorite one.  As  DuChene points out, the ethics of an organziation influence both what products and services your credit union offers, and determines how your employees treat each other and your customers.  To be successful, the importance of ethics must be reinforced throughout the organization.
  • Education/expertise — your credit union has to dedicate resources to educating employees about the issues for which they are responsible.  For instance, one of the most successful programs offered  by Mike Carter at our compliance department has been front line compliance training.  You can have the best compliance people in the world, but unless the front line staff understands what they are supposed to do and how they’re supposed to do it, you won’t have an effective compliance program.
  • Empower/engage employees — As . DuChene explains “in a sound risk culture, risk isn’t owned only by the first line of defense . . . ”  I love this one.  Based on some of the phone calls the Association gets on its compliance hotline, I think many employees view compliance as an obstacle to be worked around rather than a component of whatever product or service they are offering.  For example, marketing departments seem to dislike compliance officers almost as much as everyone seems to dislike lawyers.  Things work much better when compliance is involved early in the process of introducing a new product or service.
  • Executive expectation — this can be summarized as how seriously does your management team really take risk management.  No matter how big or small your credit union, do compliance people get promoted within your organization or is taking on compliance duty tantamount to buying a one way ticket to career oblivion?  Are employees held responsible for failing to carry out compliance responsibilities?  And here’s a tough one:  are people promoted  because they say what the boss wants to hear or because they say what needs to be said?

The bottom line is do you have a culture that  promotes grappling with the tough legal, compliance and ethical issues involved with running a credit union?  Or do you instead task one brave soul with the responsibility of trying to implement the regulatory monstrosity that financial regulation has become?

Entry filed under: Compliance, Regulatory. Tags: , , , .

Can Payday Loans Really Be Regulated? CFPB OKs Credit Cards For Mom: NY’s DFS Slams Payday Lending Proposal

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 445 other followers

Archives