Compliance Officers Plug Leaks, Bail Water Aboard the Good Ship Credit Union
My father recently asked me what I do for a living. I help fix leaks, I told him. As usual, he shook his head and walked away.
Paternal disdain aside, I think the analogy is perfect. Credit unions can be seen as a boat. The board of directors picks the destination, and the CEO dons a captain's cap and gets to work. What does compliance do on the U.S.S. Credit Union?
It prevents leaks, plugs them when found, and bails water when necessary.
Contract reviews, risk-based planning and old-fashioned strategic planning are a few of the ways that compliance professionals prevent leaks. At first glance, a good compliance officer can seem overly pessimistic. But dig deeper, and you'll see risk avoidance. Compliance officers look for potential problems. Product development. Ad campaigns. Contracts. They look for holes, hidden disasters and ugly warts. When they find them, they alert the captain who can marshal the credit union's resources.
Not all leaks can be avoided. New guidance can punch a tiny hole in the U.S.S. Credit Union. NCUA Letters to Credit Unions, regulatory alerts, risk alerts. Without a crystal ball, a compliance officer will never anticipate every contingency in a proposed regulation. When the regulation goes final, you'll have leaks. That's a fact of life. Remember the guidance on multi-factor authentication? In that case, a 14-page guidance document likely cost U.S. financial institutions hundreds of millions of dollars.
Leaks are not always life threatening. If, however, you have enough of them, or the leak is too large--then start looking for buckets. When FinCEN and the financial regulators released the 300-plus page Bank Secrecy Act/Anti-Money Laundering Examiner's Manual in 2005, it caught many financial institutions off guard. There was no proposal or notice and comment period. No lighthouse, if you will. And the water poured in, causing financial institutions to bail for their lives. Just ask folks who worked at Riggs. Or AmSouth. Or the many financial institutions that received a regulatory cease and desist order for BSA-related issues.
While we like to blame BSA for our compliance woes, it isn't the only cause of rising waters. Everywhere you look, guidance and regulations are hitting our hull. Recordkeeping. Red flags. Third-party due diligence. Affiliate marketing. Pandemics. Amendments to Regulation Z. As I write this, I hear that REPSA reform is right around the corner. Leak after leak must be stopped. But there are only so many fingers or pieces of bubble gum. Too many leaks can lead to buckets.
When I talk to credit union captains, I hear a common theme. While credit unions want to comply with regulations, the problem is there's no way for credit union captains to know how many compliance sailors to bring aboard. In a risk-based world, I think one reason is that credit unions cannot control the largest risk factors: Congress and the regulators.
How will the final amendments to Regulation Z's open-end rules look? I don't know. RESPA? I'm not sure. How many new compliance burdens will emerge from NCUA's data collection pilot? Good questions. Will the various bills on Capitol Hill that address mortgage lending, bankruptcy, overdraft protection, credit cards and data security come to fruition? If they do, how will they look? I think you get the point.
About a year ago, I had a wonderful opportunity to chat with folks from the Treasury Department, including representatives from the Financial Crimes Enforcement Network and the Office of Foreign Assets Control. I told them that credit unions could handle BSA. Credit unions can do anything, I argued, if they can throw enough resources at the problem. However, I indicated that I'm worried about the next BSA. That statement seemed to puzzle them. I continued to explain that credit unions and banks might not be able to handle multiple BSA-like regulations. I explained that FinCEN was not the only regulator with powers over credit unions and banks. They have to worry about fair lending, security issues, disclosures, contracts, third parties, etc. What if another regulator requires credit unions and banks to devote BSA-like resources on something new? Or two new issues? Or three? Then we'd have problems. And we'd start bailing.
I know that credit unions' return on assets has been shrinking in recent years. Some blame the economy or the inverted yield curve. What about the crushing weight of regulation and guidance? When does the weight of regulation and guidance itself become a threat to safety and soundness? Credit unions are not-for-profits. However, we must take in more than we shovel out to build net worth. When we have to hire additional compliance officers, purchase software or employ outside consultants, the credit union's ROA will go down, all other things remaining equal.
To our regulators and lawmakers, I say this: Keep in mind that credit unions and other financial institutions want to do the right thing, but resources are scarce, time is limited and compliance officers are expensive.
And to our credit union CEO/captains: We need your help. When regulatory proposals are floated, we need your comments, your input and your observations. The folks who draft regulations do not have your operational expertise. They want and seek your input. Anything you can do in this area would be worth its weight in gold.
It might seem strange to have a compliance guy hoping for less regulation. While complex regulations mean job security, at the end of a day I'm a credit union guy. I want my credit union to spend as little time bailing water as possible. After all, we have a business run--or a ship to sail, if you will.