Drawing the Big Picture

Stepping back and taking stock of regulatory strengths and weaknesses

By Karen Epper Hoffman

In this compliance-heavy, post-financial crisis world, community banks should step back and take stock of their regulatory strengths and weaknesses. But how to begin and whom to involve? Experts weigh in.

When it comes to managing regulatory issues, it’s easy to get bogged down in the growing day-to-day demands of compliance, to become overwhelmed by the daily grind.

And while the devil is indeed in the details, it’s more critical than ever to keep an eye on the big picture, say several regulatory consultants. That’s why they also agree that conducting an overarching strategic review of their regulatory compliance processes is more important for community banks than ever.

Analyzing your community bank’s regulatory compliance strengths, weaknesses, opportunities and threats (the handy, age-old SWOT analysis) can be valuable not only for getting a better handle on avoiding undue regulatory risk, but also seeing the possibilities for the future.

“The focus [in regulatory compliance] is usually on the examinations only … worrying about the next exam,” says David Bequeaith, principal of Bequeaith Banking Solutions of Overland Park, Kan. It’s easy to “play to the examiner’s needs,” he says, rather than think in terms of what compliance policies can enable community banks to do, including offering more products and services.

In addition, there’s the fact that planning ahead will help your community bank better prepare for its ongoing challenges of examination, too. As Kevin Kane, founder and president of New York’s Financial Regulatory Consulting Inc., puts it: “Banks should do strategic planning for compliance to ensure they have the appropriate resources available to handle changes in the regulations.”

That planning should ensure your community bank has sufficient resources to cover such variable compliance activities as staff training, policy and procedure adjustments, and ongoing monitoring to ensure regulatory changes are implemented effectively, Kane points out. In addition, strategic compliance assessments should identify who is responsible for regulatory tasks, such as testing and reporting, and what timeframes those tasks need to be addressed.

Then there’s just keeping up with the pace of compliance change. Donald D. Hutson Jr., a partner with National Financial Services of St. Louis, Mo., says, given the ever-changing regulatory environment, community banks should maintain an active compliance risk management program as part of their corporate governance oversight. “With the constant regulatory changes, a strategic review of the current regulatory environment, an analysis of current and proposed changes, as well as its monitoring and control environment is imperative,” he says.

Consultants also say these overview discussions can help your community bank make the most of what it has—which, of late, may be stretched pretty thin. “The most compelling reason [to conduct a strategic analysis] is to ensure judicious allocation of resources,” offers Mary Thorson, vice president of Bethesda, Md.-based Chartwell Compliance, the regulatory consulting service provider for the ICBA Compliance & Risk Management program. “There is a lot of discussion of limited resources at community banks, and rightly so,” Thorson adds. “Their human resources may be limited, they are often located in small communities; they may be limited from a technical standpoint.” By taking a broader view of regulatory compliance directives, community banks can better see where their gaps lie and how to address them.

“The stakes are just so high given the current regulatory environment,” says John Zasada, principal with CliftonLarsonAllen LLP of Minneapolis.

Assembling a plan

So once your community bank agrees that it should conduct a SWOT review, or other strategic analysis, what are the first steps? “A lot of community banks don’t know where to begin,” says David H. Ruffin, co-founding member of Credit Risk Management LLC in Raleigh, N.C., adding that the strategic compliance plan should be “as much a process more than a person or a department.”

“It should be part of its comprehensive enterprise risk management program with all levels of management involved in the process,” adds Hutson. “It starts with the board of directors and the executive management team which established the ‘tone at the top.’”

Indeed, most experts say that like any good strategy, the plan should be driven from leadership. “The direction comes from the top, from the bank’s strategic plan,” says Bequeaith, “instead of compliance driving strategy.” Too often, he adds, banks get caught up in feeling like there are products, services and geographies they are shut out of because of compliance factors. Instead, banks should consider first what they want to do and what fits with their overarching goals, and then they can look at their relative compliance strengths and challenges in those areas.

In that process, your community bank might find, for example, that a greater focus on controls and training might help it meet it compliance goals and overcome its existing weaknesses.

Consultants say a community bank’s board of directors along with its chief executive should be involved, as well as executives overseeing particular lines of business that would be affected by changing regulations. And, of course, the compliance officer and any employees who manage compliance within those lines of business should also participate.

When meeting on a regulatory SWOT analysis, a good first step is to review the results of previous (especially recent) compliance exams or internal audits, according to Thorson. “That report from the exam or the internal monitoring or audit is a good starting place to identify areas that need attention,” she says.

Zasada suggests embracing the SWOT process or a similar model to help “keep this simple—and not snowball with various variables.” Given the increasing complexity of regulatory compliance changes, especially around lending and mortgages, and examiners’ heightened attention to deposit and overdraft programs, managing the process of a strategic compliance review could easily become confusing and ultimately bog down.

Given increased dependence on technology as well, Bequeaith suggests that community bank executives ask themselves specifically: What are my bank’s technical proficiencies? What are my bank’s IT limitations? “A lot of banks want to embark on a growth strategy when their core systems are barely supported,” he says, “and these problems compound compliance issues” and make expansion difficult or impossible.

Thorson agrees that questions should follow on from other issues, namely the results of the last compliance exam and external reviews, new products and services introduced and their effect on operations, and key changes in personnel.

“Banks should say ‘what are our strengths in terms of lending, in terms of talent?” says Ruffin. “Community banks can’t be all things to all people.” More community banks should also consider the pluses and minuses of niche lending as well as how those loan products might affect a bank’s image in its community.

‘Forewarned is forearmed’

Once your community bank’s leadership has put together a strategic regulatory compliance team and identified what questions to ask, next comes the potentially more difficult work—candidly pinpointing the organization’s weaknesses and threats and working on them.

“When identifying strategic weaknesses it is necessary to look at how changes in regulations may negatively impact a bank because of previous findings,” Kane says. “For example, in the instance where a bank had problems with residential lending and there are changes to come for residential lending regulations, then strategically that is important for a bank to know in terms of preparation, training, policies and procedures, and monitoring.”

Why turn a spotlight on weaknesses and threats?

“The old saying goes ‘forewarned is forearmed,’” says Thorson. “And particularly in a volatile regulatory environment, with limited resources, community banks have a big challenge to keep up on the changes. They have to have a strategic function in place to look over the regulatory landscape. Forward-thinking is critical.”

As Zasada sees it, “Things are going to happen … but by having a clear implementation plan that’s about reducing risks, you can reduce the likelihood of enforcement actions.” He stresses risk assessment as “part and parcel” of any strategic regulatory compliance discussion. “Risk assessments are what examiners want to see,” Zasada says. “You can have higher risk if you show you can mitigate it.”

A written record of this analysis, complete with action steps to be taken, is also a good idea. “You have to do more than talk about it,” he emphasizes.

When top executives and department chiefs sit down with the compliance professionals, Bequeaith says, they should look at their roadmap for all their loan and deposit services and ask “can we do this effectively today?” Part of targeting weaknesses and threats, he says, is looking at whether it’s worthwhile to develop proficiency for certain products or services and then determine what is lacking. “Too often bankers say ‘we ought to be offering a home equity line of credit, why don’t we offer that?’ and it’s because of a compliance limitation,” he says.

Weaknesses and threats can be about people as much as products and regulations. Kane says that in addition to changes in regulations, community banks must consider changes in personnel and how that may impact their bank strategically. “For example, if a bank just lost its loan administration department head, what impact will that have on all the compliance regulations involved in residential lending,” he says. “If the bank loses its compliance officer, what impact does the loss have on the bank’s compliance program?” Knowing your community bank’s strengths is just as important as knowing its weaknesses, experts say. It can point out larger opportunities for the bank’s overall direction and also give the organization a shot in the arm for future meetings with examiners. “It shows you have had success previously,” says Zasada, “and it’s never a bad idea to be able to point that out—the longer the list, the better.” Moreover, the ability to show examiners what’s working in some areas, he says, can help “counteract” an institution’s weaknesses in other areas.

Bequeaith says that being able to enumerate strengths not only goes a ways toward building better relationships with examiners, it also puts a more positive gloss on the bank’s regulatory history. Then, if a bank can show it has been getting compliance right, it may be less gun-shy about offering new products and entering new markets. “The overall thinking is shifting from ‘we can’t do that,’ to ‘we can do that, but here’s what it will take,’” he says.

Karen Epper Hoffman is a financial writer currently living in Europe.