Why small-ball compliance matters

Yogi Berra knew that little things could have a big impact.

Compliance officers have to sweat the small stuff. Here’s how you can play by the rules when they’re always changing.

By Mary Thorson Wright

“Little things are big.” So said Yogi Berra, American professional baseball great.

Berra had it right. The result of a ball game depends on players’ ability to play “small ball”—like following the rules, working as a team and exercising basic skills. Similarly, compliance success depends on executing the fundamentals day in and day out to manage the risk.

Headlines shout about big financial institutions that suffer huge fines and regulatory reprimands for infractions affecting thousands of customers and accounts: insurance and mortgage abuses, opening unauthorized deposit and credit card accounts, unlawful overdraft fees on one-time debit purchases and ATM withdrawals, and more. The magnitude of each infraction can be shocking, but when the layers are peeled back, each root cause points to a failure to execute daily on the basics.

Know the rules

Keeping up with requirements and trends is a cornerstone of compliance. Tim Grooms, chief risk officer at $469 million-asset First State Bank in Winchester, Ohio, believes there is something to be learned from each high-profile case and regulatory announcement.

“We use publications across the federal regulatory agencies, state banking division, ICBA and others to keep up,” he says. “We also compare the high-profile cases to the bank’s risk management systems, including compliance, to help identify gaps or potential issues.”

Richard Tripp is the compliance officer at First Volunteer Bank, a $985 million-asset community bank in Chattanooga, Tenn. He sees his position as a gatekeeper to stay up to date with regulations, rules and guidance through regulatory agency materials, conferences, webinars and other third-party communications.

At North Valley Bank, a $164 million-asset community bank located in Thornton, Colo., chief financial officer and compliance officer Krystal Gaskill knows her bank’s examinations can be greatly affected by examiners’ experiences in the field. She likes the FDIC’s quarterly newsletters, in addition to other industry resources, to keep up on trending issues.

Coach the team

What the community bank does with this information is a critical element. Escalating regulatory requirements demand a team approach to compliance, and the compliance committee structure is used more widely than ever by community banks. Banks without a compliance committee must ensure close coordination among the compliance officer and all stakeholders.

Tripp leads a compliance committee comprising representatives from all areas of the bank. “I’m responsible for communicating information I’ve gathered to the committee,” states Tripp. “I help identify the areas and processes affected and help the stakeholders determine what needs to be done to meet the changes. If there are multiple areas affected, we might create a subcommittee or project team to fulfill the change.”

“The team approach keeps compliance in front of everyone.”
—Krystal Gaskill, North Valley Bank

In Gaskill’s work coordinating North Valley Bank’s compliance efforts, she has found an operations committee with representation from all areas of the bank to be extremely valuable. “Every month, we devote a portion of the committee meeting to compliance,” she says. “We discuss where a requirement fits in and who needs to be looking at it. The team approach keeps compliance in front of everyone.”

Practice everything

Risk-based examinations are a good checking tool. Regulators have transitioned almost exclusively to risk-based examinations and supervision to apply resources to the industry’s products and services that could be the most injurious, and to more efficiently manage the costs of supervision.

On the other hand, strict, risk-based bank compliance leaves something to be desired. A risk assessment can be a good tool to allocate bank resources proportionately. However, banks should periodically seek a line of sight to all compliance requirements, regardless of risk level.

“We look at all the compliance regulations annually and typically have the full-scope work done by our external compliance resource,” says Gaskill. “We use a risk assessment, and we look at higher-risk areas, for instance, TRID loans, on a more frequent basis internally.”

Tripp’s bank also outsources internal audits, and compliance is included in the internal audit risk assessment and plan. First Volunteer Bank’s compliance department performs periodic monitoring to help identify problems before they can become a pattern or practice.

“The audit and examination culture has shifted. The regulators are very open about the extensive use of the risk-based approach.”
—Tim Grooms, First State Bank

“The audit and examination culture has shifted,” says Grooms. “The regulators are very open about the extensive use of the risk-based approach. However, we engage our third-party internal auditors to take a comprehensive look periodically.”

Little things are big, as Berra put it. Community banks should digest the headlines and regulatory requirements and look for the underlying compliance fundamentals. Successful compliance results, after all, are the sum of small efforts, repeated day in and day out.

Mary Thorson Wright, a former Federal Reserve examiner, is a financial writer in Virginia.