How to ace your regulatory audit

Experts offer their best tips for maximizing your audit and compliance examination results.

By Mary Thorson Wright

The first-day letter for the bank’s next compliance examination or audit (collectively, examination) has arrived. The compliance officer’s heartbeat quickens with anticipation, concern and doubt about the potential results. Sound familiar?

Many community bankers obtain maximum results from compliance exams because they recognize universal themes that lead to positive outcomes. Not surprisingly, daily work, organization, project management, communication and professional business practices are essential.

An examination measures the effectiveness of the bank’s compliance management system (CMS). The CMS is employed in some manner every day, and, in that sense, exam preparation also occurs each day, according to Jim Bedsole, senior vice president and chief compliance and risk officer for BankSouth, a $586 million-asset bank in Greensboro, Ga.

“The examination is an open-book test!” offers Bedsole. “The manuals are online, and they can be used as a roadmap to help check on the compliance impact ongoing. Work you do each day determines the ultimate outcome.”

When the first-day letter arrives, it is too late to identify and address issues that have become embedded over a 12-month period or longer.

Barbara Boccia, senior director, advisory services and regulatory relations, compliance solutions at Wolters Kluwer, agrees with Bedsole. “Keep policies and procedures up to date on a regular schedule, practice solid version control and ensure board of director reviews and approvals are documented,” she says. “These types of things are always requested, and, when they are well-controlled, it allows more time to address other requests.”

Boccia urges community banks to log board minutes with bullet points about “compliance” labeled.

Communication needed
When the first-day letter arrives, there are more best practices that contribute to better results. Communication with the bank’s team, project oversight and organization for the exam are essential.

“Treat the exam as project management,” suggests Boccia. “If you can, dedicate one person with project management skills to track the activities. Bring in other key contacts and stakeholders—representatives from the lines of business, operations, legal—and conduct exam training, mock exam scenarios or Q&A sessions to help present a unified, knowledgeable front to the exam team.”

Brief all bank employees to refer offhand requests that examiners pose to the point of contact (POC), and to be mindful of casual conversations about bank business around the water cooler or in local places like a café next door.

Loose lips sink ships
Tim Grooms is the chief risk officer for $458 million-asset First State Bank in Winchester, Ohio. “Fortunately, we’ve had few changes in key positions and little internal reorganization over the course of several examinations,” he says. “Consistency in the team helps keep the process efficient. When there are changes, new players must be integrated into the bank’s exam management process.”

Community bankers should recognize that new staff members may have either experienced a very different process at their previous bank or may not have been in the circle of examination contacts at all.

More help online

Open the Compliance Vault for answers to almost 2,000 compliance Qs. icba.org/compliancevault

“We assign one primary POC who is a gateway for all questions, requests and responses from start to finish,” says Grooms.

“Before and during the exam, that person may be able to address an issue personally or may direct the request to a manager or employee to respond,” he adds. “The response then flows back through the POC, who tracks completion and ensures the response is reviewed for sufficiency. We assign exam requests among different managers, and we set up a folder on our network as a repository for all responses,” he continues. “We use a standard naming convention that aligns to the request list to make identification of folder contents consistent.”

Check and double check
Before uploading the materials folder for the examination team, either Grooms or someone he designates reviews it to be sure it is applicable, complete and accurate. He believes that this significantly reduces examiners’ questions and problems of acceptance.

When they ask questions, Grooms recommends paying attention to the specific details and responding accordingly to answer only the question that they ask. For instance, if the request is for annual or monthly information, the response should be consistent and dovetail with related items without gaps. Explain any gaps, and, if possible, provide the missing piece(s) of information to present a seamless story. Brief memos might be attached to explain issues, organized and numbered to correspond to the requests.

To prepare, Grooms says his community bank uses examination manuals, regulatory guidance, industry best practices and enforcement actions to focus on areas that carry higher risk. The previous examination and internal audit compliance workpapers and results are also resources.

Bedsole advocates networking to help understand shifting hot buttons. He says keeping an ear to the ground about what is happening at other community banks helps him stay on top of trends.

Once the on-site exam commences, a communication strategy with the examination team takes top priority. An opening meeting is imperative to create a comfortable, professional environment. Ensure the exam team has the facilities it needs, and lay the groundwork conducive to discussion and negotiation.

7 tips for a successful exam

1. Prepare every day
2. Respond promptly and communicate about delays
3. Manage the project and process
4. Prepare bank representatives
5. Review all materials before providing them
6. Choose your battles and discuss issues thoughtfully
7. Employ professional courtesy, respectful rhetoric and business acumen in each exchange

Boccia recommends telling the bank’s story, including bank background, types of products, changes since the last exam, compliance preparation and training conducted to address new or changed regulatory requirements, completed projects or progress of those in process, and introducing the designated POC and team contacts.

Bedsole structures communication to help manage the flow of the examination. “Overall, don’t just let the exam happen. A regular check-in gives me the opportunity daily to see if the examiners are drawing the wrong conclusions from the information we’ve provided, or if there is an unexpected issue that I want to head off.”

Boccia says if surprises or self-identified issues occur, community bankers should take immediate corrective action, if possible, or develop a plan and a target for completion, and communicate that with the exam team.

Grooms, too, uses examiner check-in meetings, rather than risking emails lost in the sea of email traffic everyone battles. He and his team keep notes of the discussions and have found them valuable, especially for items like directions from examiners that do not become part of the examination report but may be noted in the exam workpapers. Notes also help keep tabs for corrective actions or enhancements following the exam.

Professional, productive communication is key to mitigating confrontation and obstruction. “You can’t take a bad situation and manage the exam to a good outcome,” quips Bedsole, “but, I have seen times when bankers take a not-so-bad situation and mismanage it to a terrible outcome.”

New joiners
Expect that examiners who are new or new to your bank will need more coaching and explanation than those familiar with your business model and practices. When an issue arises, request more information from the examination team and use the best bank representative available to more quickly and succinctly resolve it. Whatever approach you choose, be selective about who goes before the examiners. An offsite meeting of bank personnel may be helpful to prepare for the discussion.

Employ the same discussion and documentation protocols to reap the most beneficial outcome from the wrap-up. Ask the exam lead for a preview to ensure the right people are included in the exit meeting and to allow them to prepare. It is to the bank’s advantage to resolve issues before the exam team leaves the bank and preliminary findings are committed to a written report.

Compliance actions taken every day and your community bank’s management of the next compliance examination or audit will determine the results. What are you doing today to prepare?


Mary Thorson Wright, a former Federal Reserve examiner, is a financial writer in Virginia.

Top