“It feels like just yesterday that I was appointed the compliance officer; that was 10 years ago.” Sound familiar? The life of a compliance officer is ever-changing, ever-evolving. You can get the essentials down and then they go and change the rules, or worse, they don’t change the rules but put a new twist on the interpretation. Ughh!
Having a compliance program itself has evolved from a nice-to-have, to a regulator’s requirement (read your exam manual, it does state “must”). Over the past 10 years, compliance management has evolved from, “Oh yeah, we do that” to “Here are all my written policies and procedures. You will find copies of what was in place when MDIA first came out, then the new-now-old-RESPA rules and this stack over here has all of the current policies and procedures for TRID”. If you could only imagine how many copies of the pre-2010 copies of RESPA I gave out between 2010-2012 because examinations don't just start with a new rule, they cover a period of time when there could have been several rules or several changes (sorry for that flashback of near monthly changes to the Title XIV Regulation Z rules).
Perhaps one of the biggest regulatory drivers for change management practices is the ever-changing world of federal banking regulation. Just like any other type of business, financial institutions must stay on top of its business operations, processes, products, services, IT, etc. Compliance must be looked at as an ongoing process, constantly managed throughout regulatory changes.
The lack of change management processes in regulated environments is typically the result of the basic business requirement of rapid response - be it to a customer or regulator. The result is change management on the fly. It might seem like a good idea, but ultimately, it is ineffective and quite inefficient - and typically, not compliant. That one little loan exception can be an opened door to a fair lending inadvertent mistake that becomes a violation nightmare.
What can you do? Start by having your arms around what rules and regulations impact you. For example, if you are Mortgage Company, the Truth-in-Savings Act does not apply to you, as you are not taking deposits. Are you a credit union? Then, Regulation DD (12 CFR 1030) does not apply to you, but Part 707 TISA does. One key factor that folks miss with just buying or licensing the generic compliance-in-a-box solutions is that they forget to tailor it to the institution - its products, services, and appetite for risk. It is easy to say, “We just skip over it because we know it doesn’t apply to us”. Get rid of it. Delete it, hide it, suppress it and make sure no one makes an assumption that if it is in there, you must be able to do it. Close the door.
Next, create a tracking tool or buy one (or if you are a Temenos Compliance Services client, leverage the one we provide to you on our KnowledgeBase). Track the regulatory changes that impact compliance. Pay particular attention to ones that impact your institution, your current product and service offerings and the ones you (hopefully) know of that the institution is contemplating. Identify the operational areas impacted. Engage operations to deep-dive into the proposed and final rule changes; after all, they are the ones who will be directly impacted. Let operations nit-pick out the actual or potential impact of the changes. Then of course, everyone’s favorite, assess risk. If compliance officers had a nickel for every time they heard that, we would all be retired.
Once you have your list, you can then team with management, the Board, IT, operations, audit and third party vendors (if applicable) to develop and execute a roll-out plan. Challenges and opportunities always arise; be sure to include backups and workarounds. Compliance officers and operations are all too familiar with workarounds, particularly in light of TRID and so many loan platforms not accommodating product offerings. So, backup planning must be part of your risk assessment and change management processes.
By better managing changes, financial institutions can better comply with regulations, while also making more efficient use of existing resources.
Financial institutions need to look closely at and establish a regulatory change management program. One that identifies relevant information, tracks accountability, identifies impacts, establishes priorities, coordinates all impacted areas, and ensures all applicable policies, procedures, risk management, training, etc. are adjusted to address the change.
A change management policy, process or program may appear to create more work on the front-end, but if done properly it could make the changes go smoother in the long-run.