by Luis Ramos, CEO, The Network, in BankNews (January 2012)
While we are beginning to see some rays of sunshine amid cloudy economic times, beleaguered financial institutions continue to face increasing regulatory and compliance demands along with a great deal of consumer scrutiny. Community banks in particular struggle with the twin challenges of limited resources and a perpetually changing regulatory environment.
Because of limited resources, the fallout from regulatory non-compliance can be catastrophic to the smaller bank. Community banking executives are fully aware of the impact of regulations and the fact that regulatory agencies often demand the same level of compliance infrastructure found in larger institutions.
The best defense is indeed a strong offense – a principle that can be equally applied to compliance initiatives as well as regulatory issues. In light of increasing and changing regulations, organizations must address the root causes of fraud and unethical behavior – the leading influencers of regulatory failure – and not just treat the symptoms, in order to stay in compliance.
A number of smaller independent banks and mortgage lenders have actually strengthened their states of compliance by taking proactive measures to build ethical cultures within their organizations, rather than reactively chasing regulatory change. By taking a best-practices approach to ethics and compliance and adding in a healthy dose of risk management, these institutions have fortified their internal compliance efforts and more adequately protected themselves from the penalties that accompany non-compliance. The initiative to promote the reduction and even prevention of employee misconduct has created a wrap-around effect, which in turn has produced sustainably higher levels of regulatory compliance.
Think of this proactive model as concentric circles consisting of three distinct yet overlapping layers – protection, detection and correction – and at the focal point is the ethical, compliant enterprise. Such an enterprise is founded on a solid code of business ethics and associated policies, committed to and thoroughly communicated from the top down, and bolstered by multiple channels for confidential incident reporting and detection of violations as well as deep-dive incident management and enterprise-level compliance metrics.
In this view, the linchpin to regulatory compliance is found in the “protection” layer, where the ethics and compliance process is infused into the organizational DNA and creates an environment where ensuring compliance is everyone’s job. As stated above, one of the most effective measures against fraudulent activity, especially within smaller financial institutions, is the establishment and strict adherence to a cohesive, top-down code of ethics.
Also critical to compliance protection is the creation and management of policies in support of that code. Instead of shortsightedly reacting to new regulations without addressing the underlying change protocols, financial institutions should focus their efforts on managing those corporate policies that directly relate to regulatory actions. This means not only monitoring regulatory change, but also measuring the impact to the business and applying the necessary updates – to policies, training, procedures and controls – that affect the ability to maintain the systems and processes necessary for compliance.
A well-defined, well-managed ethics initiative clarifies the otherwise gray areas of unethical behavior, creating an ethical environment where non-compliance simply cannot thrive. The task of keeping up with regulatory change is challenging, but applying proactive compliance measures strengthens your regulatory control initiatives and lessens the likelihood of non-compliance.