Juggling the demands of regulatory change in 2016
As a compliance officer in today’s regulatory environment, it’s easy to pinball between hot button regulations that dominate the headlines. But the frantic pace of regulatory change has made it nearly impossible for credit unions to keep up with the latest changes – let alone ensure compliance with existing regulations. After analyzing the latest Banking Compliance Index (BCI) figures, three trends stand out for 2016:
- The enforcement climate is still hot, and only getting hotter.
- Many institutions lack compliance with longstanding, fundamental statutes.
- Agencies are still introducing change at a burdensome pace.
Acclimating to a “New Normal”
Anyone examining this quarter’s BCI figures closely will notice the jump in the enforcement rate against financial institutions up to 11.19 percent, which eclipses the enforcement rates of the preceding two quarters.
Historically, the BCI tracked wild enforcement rate fluctuations within calendar years; for instance, over the past three years, the BCI has been in a range of 6.87% at the start of 2013 on the low end to 12.9% in Q2 of 2015. But more recently, we’ve seen enforcement rates steadily creep higher: over the last five quarters, the enforcement rate has consistently remained above 10 percent.
This data supports the argument that bankers must acclimate to a “new normal,” where more than one in 10 financial institutions could face enforcement action in any given year.
In our experience, some compliance leaders mistakenly believe focusing on the newest or most popular regulation for a short period of time will keep their institution safe from scrutiny or action. Our research team in the Regulatory Operations Center® has confirmed what bankers have long known: it takes regulatory bodies months if not years after introducing a new rule to begin cracking down. The average time from a new rule’s effective date to its first appearance in adverse examination-related findings is approximately two years.
Back to Basics
Having analyzed Q1 2016’s enforcement actions, one thing is clear: many institutions still struggle to comply with basic regulations that have been in place for years.
The Bank Secrecy Act and Safety and Soundness standards aren’t new, and Call Reports have always required timely filing. But violations of those and other longstanding rules still cost institutions millions of dollars last quarter.
With limited resources, compliance leaders can struggle to ensure their institution stays on the straight and narrow. They can often find themselves too distracted by incessant streams of new rules to chip away at the cumulative regulatory burden or take action to shore up fundamental compliance weaknesses. Bouncing from new regulatory item to new regulatory item, despite good intentions, doesn’t make institutions immune from examination woes or enforcement actions.
What’s Sustainable?
Amidst higher rates of enforcement, regulatory agencies still introduced 69 regulatory changes in Q1 2016, which equates to over 425 hours each institution must spend to ensure compliance with just these new requirements. At the end of the day, institutions still need the efforts of more than one full-time employee just to keep up with the most recent regulatory issuances from the previous quarter.
Our team has also noticed a greater degree of complexity as well as specialization in the newest regulations, making it even more difficult for institutions to ensure compliance. And the volume of regulatory changes from quarter to quarter remains incredibly volatile and unpredictable. It’s challenging for compliance leaders to make sound staffing and forecasting decisions when they may need to pore over more than 4,000 pages of new regulations in one quarter (as was the case in Q4 2015) and 1,500 pages in another (as was the case for Q1 2016). A tripling of workload over a 90-day period, followed by a subsequent reduction to more normal levels immediately afterwards, can be difficult to accommodate using traditional methods.
The self-directed approach to compliance management is proving difficult and unsustainable, if not impossible. When examiners come calling, they prefer to see detailed records of actionable progress to ensure compliance with regulations in question. An institution that can’t produce suitable evidence of its compliance actions finds itself in jeopardy of examiner criticism. An even worse consequence than unhappy examiners are inefficient business processes that mean dollars lost to ineffective outcomes. Given the perils of getting it wrong, it’s time for institutions to update their approaches to regulatory change management. By introducing better methods and modern technology to their compliance management systems, institutions can properly identify, evaluate and manage the many risks facing their organizations.
