Importance Of Compliance And Effective Risk Management
Anyone who has worked in a highly regulated industry knows that being “compliant” hasn’t always helped to improve your efficiency ratio, and after years of tacking on new processes to address multitudes of new requirements or regulations many companies find themselves with compliant, yet ineffective processes. While I admit that I’m of the school of thought that Compliance is not something that can be completely automated, I’ve witnessed firsthand technology begin to transform how we used to think about compliance in the workplace.
I first started in compliance for a local community bank in 1997. I was fortunate that computers were already “a thing” and I had software to ease the pain of regulatory reporting. Some banks I knew were still manually completing their loan application register on a pad of paper, which looked a little something like this:
One of the very first tasks my boss gave me was to manually review source documents in mortgage loan files to validate data that had been exported from the loan origination system into an Excel spreadsheet. I was grateful to him for teaching me Excel and was almost giddy the first time I used the “concatenate” function in Excel to join two data fields together to facilitate our annual reporting requirements.
I would have to manually correct the address fields in the Excel to exclude apartment numbers that I knew would prevent the software from generating a census tract to identify the location of the loan. If that still didn’t work, I would pull out my well-worn Thomas Guide atlas to manually look up the right code. Little did I know that the number of data fields I was required to collect would exceed 100 by the year 2018.Once I was confident the data was clean I would run it through the software for a first pass before submitting it to the regulatory agencies. I remember thinking at that time how incredible it was that the software included “data edit checks” that would alert me if, for example, I had erroneously reported household income instead of “NA” for a multi-family home loan. After March 1 of each year I would crash like a CPA after tax season.
Those of you not in the banking industry may be asking yourself why so much time an energy would be spent correcting loan data each year? Well, if the regulators came in and found an error tolerance that was too high to enable them to rely on my reporting, we would be forced to rescrub all loan files and resubmit the data to allow them to conduct their exam. The agencies regularly conduct examinations of banks to identify potential fair lending violations or evidence that a bank is not serving all segments of its market, known in our industry as “redlining”. Consider the impact of failing such an exam – diminished reputation, costly corrective action, and limitations on growth and expansion. There are many public examples, including a recent one the Department of Justice just issued a press release on regarding an order entered into with a bank in Minnesota.
Wouldn’t it have been better if I could have used my skills to analyze the loan data to look for trends and patterns that might indicate a fair lending issue or gaps in the communities we were reaching rather than wasting that brain power on calling back individual fields in loan files?
This walk down memory lane is intended to illustrate the point that while you may be compliant, it doesn’t necessarily mean you are effectively managing your risks. Technology has allowed us to think differently about the people we hire into compliance roles. Compliance used to be a job you would assign to the most detail-oriented person in the bank – the one who was always annoying everyone by spotting every mistake. These days, you can leverage technology to catch those mistakes so your compliance people can focus on the “so what.
Compliance may not be transformative by its very nature – there are many days where I feel like I’m reliving the past over and over again. However, technological developments make it possible for you to reimagine the skillset (and dare I say personality?) of the next compliance officer you hire. Look first for deep regulatory knowledge because you cannot automate that which you do not understand. Look next to creative thinking and the ability to innovate; someone capable of thinking beyond the traditional checklist mentality. If you can successfully harness the creative power of this new breed of compliance officer to collaborate with your technologists when implementing compliance requirements,you will never again consider compliance a “speed bump” to be avoided. Better still, leverage data gathered during the process to assess risks to your strategic objectives and you quickly gain competitive advantage over unsuspecting peers.
All that said, with the technological advances we have made in the last 20 years, in the world of compliance some things never change. Look – that old data edit check is still there!
Check out: Top Risk and Compliance Solution Companies