Good (compliance) help is hard to find – is outsourcing the answer?
Regulatory compliance seems to get more complicated – and more expensive – every year. Attracting and retaining qualified compliance staff is also becoming more complicated and expensive. As a result, there’s a growing trend for credit unions to outsource all or part of their compliance function. Is this something for you to consider as we head into the 2022 budget season?
The reasons for outsourcing are many:
- Your current compliance staff is overwhelmed
- “Compliance Officer” is just one of many hats you wear
- Your compliance officer is resigning/retiring
- Your budget doesn’t support additional staff or technology
- Elimination of key person risk
- An independent voice provides an objective assessment from someone who isn’t too close to an issue
Outsourcing compliance work can save time and money. It can free up in-house staff to focus on tasks that require a unique understanding of your processes and members. It can also be helpful if you need specialized knowledge right away and don’t have time to train your staff, like when a new regulation requires immediate action or if you have a sudden vacancy and need someone to fill in for a few months or longer.
Some compliance functions that can easily be outsourced include compliance monitoring, mandatory training, review of marketing materials, policy review, and scanning the horizon for regulatory changes. You may seek to outsource a specific area of weakness, such as BSA assistance or vendor management, or one that requires specialized knowledge. You can also outsource your entire compliance department and compliance officer position. You don’t need to worry about turnover hurting compliance because the work is being done by a fully staffed company instead of just one or two key individuals who could leave at any time.
Another benefit of having a third-party compliance partner is that you have access to multiple compliance professionals with many years of combined regulatory compliance experience. Different eyes, different experience, and different perspectives all serve to give a more comprehensive review of policies, procedures, and programs over time. This allows you greater confidence that significant issues are being identified and accurately addressed. A third-party compliance partner is focused only on compliance; they aren’t wearing many hats or distracted by other pressing issues.
Your credit union is unique. So are your credit union’s compliance needs. Avoid providers that use standardized, generic checklists that don’t fully capture your business models and compliance risks. Instead, look for a compliance partner that shares and supports your credit union’s values, and offers customizable compliance services that can be tailored to fit the specific needs of your credit union.
One final note. Because we’re talking about compliance here, I’d be remiss if I didn’t point out that while you can outsource compliance functions, you can’t outsource risk. Your board of directors and senior management are ultimately responsible for ensuring that outsourced activities are conducted in a safe and sound manner and comply with applicable laws and regulations. Regulators will want to see that you’ve performed appropriate due diligence to understand and manage the risk involved with outsourcing. The Federal Reserve’s “Guidance on Managing Outsourcing Risks” contains helpful information on evaluating third-party providers.
Interested in learning more about the benefits of outsourcing compliance? Read real stories from Aux’s credit union compliance clients at auxteam.com/customer-stories or visit Aux’s Compliance page at auxteam.com/products/compliance.
