Chief Accountability


Managers and directors play top roles in shaping compliance cultures

By Mary Thorson Wright

It’s no secret that bank compliance activities do not generate revenue, and they can be unpopular because they often affect essential resources of the business—time, money and operational continuity. Nevertheless, as the scope of regulatory obligations expands, so too does a community bank’s risk exposure. The risk demands that bank leadership implement proactive procedures to balance it, despite time, money and operational constraints. Sometimes the importance of compliance management is realized only after a bank has entered the regulatory bull’s-eye due to an unsuccessful examination or a regulatory penalty.
A bank’s board of directors is ultimately responsible for developing and administering the institution’s compliance management system (CMS) that ensures compliance with federal consumer financial laws and regulations. The board and senior management must accomplish two major actions for an effective CMS:

  • Establish the operational program necessary for a comprehensive CMS; and
  • Create a culture that fosters compliance throughout the organization.

The documented program
A documented compliance program, now done increasingly in electronic processes, is the first initiative of a bank’s board and senior management. In the regulatory world, it is often said, “If it is not written down somewhere, it doesn’t exist.”

The documented program is the starting point for regulatory examinations, and it is the outward face of the CMS. It begins with board and management oversight to create, implement and maintain an effective, recorded compliance management program. Documentation across the bank should consistently reflect policies, procedures and practices that reflect current regulatory standards and the bank’s actual performance. The structure of each bank’s compliance program may vary based on its size and complexity, but each program should address:

  • board activities and board records, including expectations for and policy commitments to consumer compliance, regularly scheduled compliance reporting, and training for directors and senior management;
  • appointment of a qualified and experienced compliance officer who has access to the board and senior management;
  • allocation of resources to support compliance commensurate with the size and complexity of the bank’s operations, practices, business model and compliance risk profile;
  • policies and procedures that are maintained as a living, dynamic set of documents;
  • training that is commensurate with the responsibilities of management and personnel who are performing compliance activities at all levels of the organization;
  • a consumer complaint process that addresses consumer compliance issues and associated risks of harm to consumers;
  • compliance planning in product development, marketing, and account administration;
  • audit coverage and reviews of periodic compliance audit results, management responses, and evidence of corrective action; and
  • a process to prepare for and manage regulatory compliance examinations and an after action process to engage stakeholders to understand, respond to, and address examination findings and recommendations.

A compliance program should be designed to rigorously uphold regulatory and organizational standards, but be nimble enough to flex with the regulatory changes and in bank products, services, operational shifts and structure.

Begin at the Top
Although a well-documented compliance program is important, it will not be successfully executed without the support of the board and management at all levels. An overall compliance culture points to bankwide buy-in and engagement of a bank’s staff on the importance of achieving effective compliance. It reflects an environment where compliance is promoted by the board and management, not just decreed nonnegotiable in a directive way but encouraged because it is a critical element of the banking business. It also protects the reputation, assets and accomplishments of the bank.

Enemies of an effective compliance culture include frustration with the volatile regulatory environment; shortsighted understanding of regulatory protections; an inadequate change-management process to facilitate compliance in the least burdensome manner; and people’s resistance to change, in general. A strong CMS that trains, supports and monitors goes a long way to keep compliance efforts on track.

Remember, it’s not just the employees on the front line who may rebel against compliance efforts or become apathetic to them. Bank leadership sets the tone for the compliance culture and influences success or failure of the program through its actions and words. Regardless of a bank’s size and business model, a poor culture of compliance may indicate CMS shortcomings. Examiners do assess this cultural effect during interactions with bank management and employees, and it can influence the direction or outcome of an examination.

What does it take to create a positive compliance culture? Leadership and the willingness to lead by sharing the importance of effective compliance—essentially, what’s important and why it’s important—in a constructive, professional manner. The following are ways a community bank’s compliance culture can be strengthened:

  • Bank leadership actively supports and understands compliance efforts.
  • Bank leadership devotes adequate resources to demonstrate its commitment to the compliance function.
  • Compliance deficiencies and risks are rigorously addressed and not compromised by revenue interests.
  • Managers across the organization, including compliance and audit, are engaged and share relevant information to further compliance efforts.
  • An independent and competent party tests the compliance program to verify its effectiveness, and the results are addressed promptly.

Today’s regulatory environment demands a commitment to the letter and spirit of compliance by word and deed. It demands compliance reality. The federal bank regulators prescribe a compliance management system as the framework for an effective compliance solution, and it allows each bank to implement the elements of such a framework in the manner most appropriate to fit its real needs.

CMS Framework Series

This month’s feature “From the Top” is the third installment in a three-part series of articles in
Independent Banker on the framework of compliance management systems outlined by federal regulatory guidance.

See the first installment in the series “The Full Framework” by Mary Thorson Wright in the August issue of Independent Banker, and the second installment “Trust but Verify” in the September issue. Both articles are available online at

Mary Thorson Wright, a former Federal Reserve managing examiner and compliance consultant, is a financial writer in Virginia.