Western Independent Banker - January/February 2008 - (Page 10)

By Ann M. Brode Compliance Administration The Board and Senior Management’s Responsibility IT HAS BECOME evident in compliance examinations that although the technical aspects of being compliant are very important, the focus of the exams has been even more pronounced in the administration of compliance. And it makes sense. If your bank has a strong program administratively, a couple of small low-risk errors might be the most exciting event during your exam … which would be sweet. As we all know you can’t get through an exam with ZERO errors, so small errors that can be quickly fixed is a fine place to be. So what are some of the most important issues for the board and management to concern themselves with when we talk compliance administration? Read on! Structured, Formalized Compliance Program Compliance exams of late have focused on more administrative issues than ever in the past. Examiners have stated that they are looking for a structured, formalized program. What does that mean? • Structured: The program has to fit the bank’s organizational chart so that all compliance information and training smoothly filters throughout the organization to every employee and every department and yes, even the board! This program needs to be unique to the needs of the bank. • Formalized: Means to have the efforts of the compliance officer clearly documented. Yes, this means to cut down some trees. To show with written policies, procedures, checklists, meeting minutes, training handouts, etc., that compliance is alive and well and an every day event. Compliance Reporting Mechanisms Compliance management must: • Keep the directors adequately informed. Does your compliance officer present to the board on a periodic basis? At least quarterly? To keep the board apprised of Bank Secrecy Act, how compliance audits have come out, results of compliance exams, etc. What type of reporting to the board? • Annual approval of compliance policy • Training session(s) … such as BSA, Fair Lending, Reg O, CRA • Exception reports (to track for any negative or positive trends in compliance errors) • Compliance reviews and audits • Compliance exam report/results • Develop policies, formal or informal, that define the bank’s risk tolerance and are compatible with the bank’s strategic goals. • Oversee the development and maintenance of management information systems to ensure that they are timely, accurate, and informative. Audit should be doing some transaction testing to make sure that the compliance reports used by the compliance officer and BSA/OFAC officer are accurate and something they can rely on. Compliance Risk Management Banking is a business of taking risks in order to earn profits. Risk levels, however, must be appropriately managed and controlled. Indeed, a bank’s safety and soundness is contingent upon effectively identifying and managing its compliance risk exposures. Therefore the bank’s compliance program must be risk based. Because market conditions and bank structures vary, no single compliance program works for all banks. Each bank should develop its own program tailored to its needs and circumstances. Regardless of the compliance audit/ risk management program’s design, it should include mechanisms for identifying, measuring, controlling and monitoring risks. Compliance Audit Programs—what the examiners are looking for: • Volume and significance of compliance violations • Identifying high risk regulations and developing a compliance review schedule • Review of compliance policies and procedures • Personnel—level of compliance knowledge • Compliance control systems And in Conclusion … No matter how hard you wish for it, compliance requirements are not going to go away! So, make sure your bank is prepared. As a director or senior officer, can you sleep at night knowing your compliance officer has it all handled and has the support and resources to do the job the way it should be done? Might be time to take your compliance officer out to lunch to discuss with her/him how the program is going and what might be the needs for the bank’s program in 2008 and beyond! Ann M. Brode is president of Brode Consulting Services, Inc. in Ravenna, Ohio. She was a speaker at WIB’s 2007 Annual CFO, Investments & Operational Risk Conference. She can be reached at ann@brodeconsulting.com. Compliance exams of late have focused on more administrative issues than ever in the past. Examiners have stated that they are looking for a structured, formalized program. 10 www.wib.org Western Independent Banker http://www.wib.org

Table of Contents for the Digital Edition of Western Independent Banker - January/February 2008

Western Independent Banker - January/February 2008
A Message from the President
Compliance Administration
Four Realities of Data Security Policy, Enforcement
Managing Internet Banking Risks
Understanding Data Breach Notification Laws
The Effect of Business Continuity Management on Compliance Programs
Bridging the GAAP
Top 10 Compliance Fitness Steps for De Novo Banks
Common OFAC Errors and How to Avoid Them
The Intersection of Equal Credit Opportunity and Sub-Prime Loans
Location-Based Tax Credits for Banks
Protect Your Bank and Your Customers
WIB Calendar
Welcome New Members
Index to Advertisers

Western Independent Banker - January/February 2008