Proper product development should bring compliance to the table early
By Cheryl Winokur Munk
As regulatory and competitive pressures mount, more community banks are starting to invite compliance to the product-planning table. But many are still waiting until after dessert has been served to extend an invitation, consultants say.
Some community banks become anxious, often for competitive reasons, to move forward quickly with ideas for products and services, and as a result they don’t always consider all the potential compliance ramifications, according to Ruth Razook, chief executive of RLR Management Consulting Inc., a compliance services firm in Palm Desert, Calif.
Razook estimates from her experience that more than half of community banks still view compliance as an afterthought to the product-development process. “That is really causing them many more headaches than they need,” she says.
Compliance staff needs to know about all of the activities within the bank, in a timely way. “You don’t want a risk assessment done after you’ve already rolled out a product. That’s useless,” observes Kevin Kane, president of Financial Regulatory Consulting Inc., a compliance consulting and services firm in New York City.
Mobile banking, continued enhancements to remote deposit capture, P2P payments, text banking, virtual safe deposit boxes, online loan applications, and online deposit account openings are among the products and services in which the compliance voice should be heard from the beginning. However, too often banks plan and develop products and services within a single department rather than with a team of people from various operational areas, consultants say. Compliance problems often arise from that siloed approach, when regulators later flag the issues during examinations. At that point, the costs to fix problems that could easily have been avoided become significant.
For example, when rolling out a mobile banking app, a bank’s project team could fail to realize the app will deliver a form of customer communications that must avoid certain regulatory red flags, says Dee-Ann Dobson, executive vice president of Risk Management Partners LLC, a risk-management consulting firm in in Fort Worth, Texas. What particular words are used, or not used, in such communications, and what disclosures might be provided or left out, can mean a lot to second-guessing examiners.
Developing proper consumer disclosures is another task that would benefit from early compliance involvement in a product’s initial development, Razook explains. To write proper and effective disclosures, compliance staff needs a thorough understanding of the products involved. Including compliance staff in early discussions and planning will provide the background foundation to develop disclosures that pass muster with examiners.
Razook recalls a particular bank that encountered serious regulatory problems over potentially troublesome mortgage advertising and origination practices for a new loan product it had rolled out. If compliance had been involved early in that product’s development, the costly fines, customer remediation expenses and rework that the bank encountered could have been avoided, she says.
Dobson cites another example of potential problems for banks introducing online loan applications. From a regulatory perspective, for instance, deadlines must be met to respond to completed customer applications. Without a compliance officer’s input in launching an online loan application channel, how these deadlines will be met and disclosures delivered could easily be problematic or overlooked altogether, she notes.
One way to encourage the necessary ongoing communication is to establish a compliance committee, which can encourage conversations and problem avoidance that may not otherwise happen, Kane says. A compliance or product-development committee should consist of representatives of different business units, and it should be a forum where new products and services are talked about, he says. Committee members also should discuss upcoming exams, training and more.
Kane suggests that a compliance committee meet monthly at first until it gets established. Then its meetings could occur monthly or quarterly, or convene when a particular new product initiative starts.
“You don’t want a risk assessment done after you’ve already rolled out a product. That’s useless.”
—Kevin Kane, compliance consultant
Cheryl Winokur Munk is a financial writer in New Jersey.