Let's talk about your RCMP ... that is, your Regulatory Compliance Management Program. Whatever acronym you use - or official title you give it - every financial institution needs a system to ensure compliance with all federal and state "banking" regulations. No matter the size of your institution, or whether you have members or customers, examiners expect financial institutions to have such a program in place.
So what exactly does this program need to include? Whether you are a seasoned professional or new to the game, compliance officers have so many things to consider that it can be hard to know where to begin at times. With so many moving parts and ever-changing compliance regulations, how can you ever know for sure whether your system is effective? Like anything else, it is accomplished one step at a time, or you might say one regulation at a time, through an internal compliance audit of your systems and controls.
A key component of a strong compliance management system is an internal audit function of your policies and procedures to catch errors and weaknesses before the examiners walk in the door. Well-documented, self-identified errors may not prevent a comment in your final report from your regulator, but they will certainly demonstrate that you have internal controls and processes in place. For example, consider implementing post-closing TRID loan reviews. Performing such internal compliance audits will reduce your institution's overall compliance risk and liability. Under the Truth in Lending Act (Reg Z), self-identified APR or finance charge inaccuracies remedied within 60 days of discovery prevent your institution from becoming subject to civil or regulatory liability under the Act. This sounds like a great reason to have an internal audit procedure in place to review closing disclosures (CDs), particularly within 60 days of closing to ensure any post-closing refunds are provided on time.
Of course, your compliance management system is only as strong as those who support it. It is truly a team effort that must include everyone from lending and deposit operations to executive officers and the board of directors. Compliance is never one individual's responsibility. It requires clear documentation of day-to-day operations from every individual involved. For instance, when performing an internal review of TRID loan files, it's essential for a lender to include clear documentation anytime a changed circumstance event occurs. Essentially, the loan file should tell the story of what prompted a revised LE or CD to allow that tolerance reset. Without clear documentation during the lending process, you may not be able to determine whether a revised disclosure was provided within three days pursuant to a valid change in circumstance. If you can't read the story, then it's likely an examiner can't either.
If you are a loyal member of our Temenos Compliance Advisory service, you have likely heard me respond to one of your compliance questions about how clear documentation is ultimately the key to demonstrating compliance. The less time an examiner spends digging through your loan files, the fewer errors they are likely to find. The compliance department of a financial institution may not be a revenue producer, but it can certainly be a cost saver by avoiding certain risks and penalties through a well-supported compliance management program.