Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Risk Management FREE Briefings Record Retention
 

Support for BOL is provided by:

MAIN CONTENT 
Compliance

    Agency Road Maps

    Alphabet Soup

    Compliance Tools

    FACTA/FCRA

    OFAC

Lending

    FACTA/FCRA

    Lending Tools

    SCRA

Marketing

Operations

    Check 21

    Operations Tools

    SAR Resrch Guide

Security

    AML/BSA

    Bank Robbery

    Counterfeits

    ID Fraud/Phishing

    Security Tools

Technology/eBanking

    Info Security


SPECIAL AREAS 
BOL Archives

BOL Blogs

Briefing Archive

Calendar

Court Watch

Examiner's Corner

Executive Briefing

Infovault

Launch Pad

Risk Management

Site Map

Site Orientation

Top Stories


~ ~ ~
SERVICES 
CrimeDex

Em@il Education

ID Verification

Record Retention


~ ~ ~
SHOP 

Banker Store
Bankers Info Ntwk
Vendor Connect

CONNECT 

Career Connect

Learning Connect

Vendor Connect

Guru Central

INTERACT 

Ask a Guru
Bankers Threads

Contact Us

Give Us Feedback


TOOLS 

BOL Toolbar

60 Second Solutions

Alphabet Soup

Banker Tools

BOL Forms

FUN 

BOL Recipes

eCard Exchange

LEARN MORE 

About Advertising
About Our Sponsors
About Us



Print Friendly! Email This Article! Discuss NOW!


Compliance - More or Less?

What is compliance and how much is enough? The recent publication of the FAQs on the CIP rule provide some implicit guidance on where to draw the line.

First, what is compliance? One approach to compliance is to do precisely what the laws and regulations say - no more and no less. This approach is based on giving full attention to legal requirements and examiner expectations. It is an approach designed to avoid violations and citations for errors. How well does this work?

For some laws, such as HMDA reporting, precision makes sense. There is really only one way (more or less) to get the LAR right. There really isn't any such thing as doing more than the LAR or doing the LAR better than correct. This is a pass/fail type of regulation. Aiming to do precisely what HMDA requires, no more and no less, gets a good result.

For other laws, things aren't so clear. In fact, concentrating totally on what the law and regulation require without considering how the process works for the institution and for customers can actually be a problem. We certainly discovered that with Privacy.

When institutions did precisely what the agencies recommended, even to the point of copying and using the sample notices provided in the regulations, the result was a mess. The language was the type regulators are used to, but it drove customers' nuts. Not only did those notices fail to communicate, they actively confused many customers. This was a case of good and careful compliance causes problems rather than gets results.

We have asked two questions: what is compliance, and how much is enough. What we find when we take a close look at the impact of compliance on our customers is that the "what is" question is often best answered by "how much?"

The answer to "how much" is really a matter of how to get the job done most effectively for both the institution and the customer. In working on CIP, and looking ahead to working on FACTA, how much of your attention is being given to customer results and how much energy is being spent instead on parsing sentences and deciding how much to do relative to how much someone might get away with?

We think this is the wrong approach. The agencies said it well when they introduced the FAQs to CIP: "The agencies encourage banks to use the basic principles set forth in the CIP rule, as articulated in these answers, to address variations on those questions that may arise." In other words, if you think about what the law is for and what it is trying to accomplish, you should be able to come up with your own answers.

When you sit down with a group to discuss implementation of FACTA, the first question asked of you is likely to be "what do we have to do?" We tend to answer this by observing that the law requires the following things.

This time, try a different approach. Start with a discussion of the purpose and goals of FACTA. For example, open with "we need to find ways to help customers protect themselves from identity theft. Or "we need to help customers understand how rates and terms for credit are set based on their credit information.

Let your team think about how to get the job done. When you refrain from answering the "tell us what to do" question, they will be free to get creative. Better yet, when they are free to be creative, they are likely to have more ownership of the process and the result. That kind of ownership usually results in better performance - and better compliance.

Keep the door open on creativity rather than slamming it shut with a list of requirements. These laws don't require specific procedures. You are free to design your own. What you have to do is get the job done. There are lots of different ways to accomplish this. Let people think outside the compliance box. Your result may be the best compliance ever.

Copyright © 2004 Compliance Action. Originally appeared in Compliance Action, Vol. 8, No. 16, 1/04



Print Friendly! Email This Article! Discuss NOW!


Privacy Policy    Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.