How does your compliance culture stack up? Here are 6 questions to consider, as well as a free self-evaluation. Read more:
Earlier this week, the Financial Crimes Enforcement Network (FinCEN) released a report about the importance of compliance culture in response to recent BSA/AML civil and criminal enforcement actions. The report discusses the importance of a strong culture of BSA/AML compliance for senior management, leadership and owners of all financial institutions to FinCEN’s regulations, regardless of size or industry sector.
Is Your Fair Lending Analysis Difficult, Time-Consuming, or Stressful?
Learn how to change that with this free Fair Lending 101 Info Kit!
While FinCEN's report speaks directly to BSA/AML compliance, the guidance includes six specific items that may be applied to compliance in general. How does your institution score on those six essential elements? Take the free self-assessment included below to find out.
What is a Culture of Compliance?
Merriam-Webster defines "culture" as "a particular society that has its own beliefs and ways of life." Culture is like the air we breathe: it's all around and within us, and is largely invisible. It is a way of thinking, behaving, or working that exists in every organization, and can influence our judgement and affect how we attach meaning.
Regardless of its size or business model, “a financial institution with a poor culture of compliance is likely to have shortcomings” in its compliance program, according to FinCEN,
For financial institutions, it's important to have a "culture of compliance" that informs the perspective of everyone in the institution. Due to today's volume and complexity of regulation, it takes the entire organization to comply with regulatory compliance regulations.
Assess Your Compliance Culture with these 6 Questions
FinCEN outlined six items that are present in a robust compliance culture. We have reframed the items outlined by FinCEN as questions, to allow you to quickly assess if your organization is fostering a culture of compliance:
Leadership: Does leadership actively support and understand compliance efforts?
Effective Culture: Leadership is responsible for being familiar with the institution’s responsibilities regarding compliance. This support should be visible to others in the organization.
Alignment: Are efforts to manage and mitigate compliance deficiencies and risks not compromised by revenue interests?
Effective Culture: Compliance should have sufficient authority and autonomy to implement a successful compliance management program.
Open Communication: Is relevant information from various departments within the organization shared with the compliance staff?
Effective Culture: Compliance should have access to relevant information required to comply with regulatory compliance regulations.
Resources: Does the institution devote adequate resources to its compliance function?
Effective Culture: Based on the organization’s size and complexity, financial institutions should be prepared to adjust resources to reasonably manage policies, procedures, reporting, risk assessments, due diligence, etc.
Independence: Is compliance tested by an independent and competent party?
Effective Culture: Independent testing of a compliance program (internal or external) will help safeguard the integrity of the compliance program and help identify corrective actions to address deficiencies.
Compliance Role: Does leadership and staff appreciate the purpose of compliance efforts and how reporting on various regulatory compliance areas is used?
Effective Culture: The reporting and the transparency that financial institutions provide allow the financial institution the necessary optics to help determine compliance with regulatory regulations.
According to the Federal Reserve Bank, in an effort to foster a positive culture to effectively oversee compliance risks, leadership should work with their compliance management teams and ask the following questions:
What? – What is the regulation/guidance? What is the change? Why was it adopted?
Impact? – What is the impact for our institution? What products does it affect? Do we require system upgrades? What is the difficulty of this new/change regulation? What is the risk of noncompliance?
Cost? – What is the estimated cost of compliance? Training? Systems? Forms?
Plan? What is management’s plan for implementing and monitoring compliance?
These questions “provide the foundation for the types of discussions that addresses the root of various compliance risks and stimulate the type of interaction seen in an engaged ‘top down’ compliance management program.”
TRUPOINT Viewpoint: The message continues to ring true in every financial institution: successful compliance cultures come from the top. FinCEN has effectively described the essential elements of a successful compliance culture. This is an excellent reminder that compliance is a team sport. A compliance officer cannot build a culture of compliance alone. Compliance is everyone’s job.
How Does Your Organization's Compliance Culture Rank?
Next step: Have members of management independently take this self-assessment at your next compliance committee meeting or senior management gathering. Where are there differences in opinion? Why? Healthy dialogue will result!