Compliance is like a jigsaw puzzle. Dump a boxed puzzle out on the dining room table and what have you got? A collection of pieces, each with their own importance, shape, size and number of “loops and sockets” needed to complete the picture. 

Compliance is also that way. Whether the pieces will come together successfully is up to you. 

In December 2022, Wells Fargo was fined $3.7 billion for general mismanagement of several covered functions: loan payment application, auto and mortgage loan operations, and deposit accounts. It’s certainly not the first time a bank has been fined for lapses in regulatory compliance. 

While it may appear that a given bank has a comprehensive compliance management system in place, appearances can be deceiving. In these times, a quick view of banks in the U.S. would reveal reams (either in hard copy or digital files) of policies, procedures, training materials, checklists, compliance guides and so forth. Yet, compliance can fail despite the dollars spent on the resources to achieve an effective program. 

Bank regulatory agencies expect and require financial institutions to develop and maintain a sound compliance management system (CMS) that is integrated into the bank’s overall framework. It must be overseen by the bank’s board of directors. The compliance program must include policies and procedures in support of compliance, training and monitoring designed to detect and correct.

The five Cs of compliance management

The keys to effective implementation are the five Cs: coverage, correctness, completeness, comprehensiveness, and checks and balances.

  • Coverage: Every compliance rule must be represented in the bank’s CMS to the extent it is applicable to the bank’s size, structure, location, product and service lines, and legal capacity.

  • Correctness: Accuracy to the requirements of current laws, regulations and regulatory guidance is paramount. Maintaining accuracy tests the bank’s ability to discover and receive all relevant compliance information on a continuing basis, vet it sufficiently to determine its applicability and implement it in a meaningful manner.

  • Completeness: “Well begun is half done.” Creating a system of compliance management oversight is only the start. The sufficiency of all compliance functions must be carefully monitored to ensure continued application over time. 

  • Comprehensiveness: To implement an effective CMS, a bank must ensure policies, procedures, banking rules, laws and regulations are applied across the enterprise. Each branch, each department, and each staff member and manager must be included in the administration of the processes they touch.

  • Checks and balances: How can we know the resources dedicated to compliance are paying off? Independent audit coverage of compliance matters is the fourth component of an effective compliance management system. We should also include periodic management-orchestrated compliance monitoring and reviews.

Regardless of a financial institution’s size, structure or complexity, effective day-to-day monitoring, periodic reviews and targeted audits create a pyramid to help the bank ensure a robust commitment to compliance. 

Monitoring and reviews should look for compliance with laws and regulations but also ensure the practices of the bank and its employees, including third-party partners, maintain consistency with internal policies and procedures. 

The audit function should review an institution’s compliance with federal consumer financial laws and adherence to internal policies and procedures, and be independent of both the compliance program and business function management.

Addressing too-big-to-fail

While larger financial institutions often far outspend community banks on compliance programs, staffing and tools that are visible, they are not necessarily more successful in managing compliance functions efficiently and effectively. 

“We must all work together to address too-big-to-fail and its harmful impact on consumers, local communities and our broader economy.”
—Brad Bolton, Community Spirit Bank

In a Dec. 22, 2022, blog post, Brad Bolton, president and CEO of Community Spirit Bank and immediate past ICBA chairman, points at the failures of “too big to fail” financial institutions, the lack of action from the biggest banks to stem harmful consumer practices, and the burden imposed on community banks and the industry as a whole by their misdeeds.

“With every offense by the nation’s Wall Street firms contributing to the outsized regulatory burden facing the nation’s Main Street community banks, policymakers should continue working to rein in too-big-to-fail financial institutions,” Bolton wrote. “We must all work together to address too-big-to-fail and its harmful impact on consumers, local communities and our broader economy. If the problem is left untreated, our economy will be at the mercy of the megabanks—the antithesis of a free-market economic system.”

The Federal Supervision and Examination Manual encourages banks to make compliance part of the day-to-day responsibilities of management and employees, to self-identify issues and to take corrective action. To fit properly and be effective, the pieces of the program must be complimentary and dovetail without gaps. 

Community banks—with their streamlined structures, relationship-based business models, reinvestment in in their local communities, ability to act and react nimbly, and ability to treat compliance as a part of doing business—can tame the five Cs to effectuate compliance.