Mops! Buckets! Disinfectant! "Clean up on Aisle 4!" Okay, maybe that is not exactly the "mess" I'm referring to here, but it's definitely one that demands quick action on the part of the Compliance Officer. Rather than a spilled carton of milk, you are faced with findings from a compliance exam and you have to take corrective action. Where do you start?
First, identify the issue requiring corrective action as well as the root cause of the issue. Is it a lack of understanding on the part of the staff or is it an error from the loan platform? What can you do immediately to correct the issue and what needs to be done to prevent the issue from happening again? You will also need to determine why the compliance-monitoring program didn't discover the issue. Once all of these items have answers, you'll need to implement a solution and monitor ongoing performance to ensure corrective action is achieved. Make sure to document all steps followed during the discovery and corrective action phase. As we all know, examiners will follow up on issues noted in the last exam when they next return; and, without documentation of the remediation steps, it will be difficult for you to convey the message the matter was resolved.
Now, let's break this down a bit. You'll need to consider whether the issue is due to a lack of adequate policies and procedures or a failure of employees to follow the institution's policies and procedures. Examine the types of transactions affected and where the breakdown in the process occurred causing the violation. These steps may tell you which area needs corrective action.
Once you've identified the problem is with your policies and/or procedures, you must make the corrections to the policies and/or procedures then implement those changes. You also need to conduct training on all recent changes. If, during your review, you noted select employees caused more issues than others, you may need to develop additional training for those employees. If it is a vendor issue, you will want to work with the vendor to ensure the problem is corrected as quickly as possible and testing is conducted to ensure the issue is resolved.
The next question to solve is how or why the compliance-monitoring program missed the issue. You'll need to review your existing audit and monitoring systems then identify the weakness. Perhaps the item may have been missed due to the length of time between audits, was considered a low-risk item when you conducted your risk assessment, or it could have been an item not included in either scope. Whatever the reason, now is the time to improve your audit and oversight systems to avoid a recurrence of the violation.
Last, test the changes to ensure any corrective action you've taken is effective and mitigates the risk and occurrences of future violations. Monitoring is key! "Monitoring" is defined in the FDIC Compliance Examination Manual as a "proactive approach by the institution to identify procedural or training weaknesses in an effort to preclude regulatory violations and includes reviews at the transaction level during the normal, daily activities of employees in every operating unit of the institution." If you're a department of one, enlist the help of others. When you notice certain areas need improvement, make additional changes and re-test. If more training needs to occur, re-train. Make all necessary adjustments to fine-tune the process so future issues are detected prior to exam time! Remember, the corrective action process is part of your Compliance Management System. The goal is to have everything shiny and clean, with no spills and no messes, the next time examiners pay your institution a visit.