Don't Waste Money on Compliance
By Blair Rugh, Executive Director, Kirchman Regulatory Service
Several years ago I wrote an article entitled "Compliance Ain't Tough". That was a lie. Compliance is tough --- and expensive. The problem is that many banks make compliance tougher and more expensive than it has to be. The reason is that most banks do not apply the management expertise to compliance that they do to other areas of the bank. Loans are fun, so senior management is normally highly involved with the lending process. Deposits and operations are not quite as much fun as loans, but that part of a bank is usually well managed also. To senior management of a bank, compliance is not fun. A good day is a day when no one is told that they have a compliance problem. If management has the attitude that it does not want to hear about compliance, it certainly is not going to go looking for it. And that is the root of the problem.
In most banks the cost of compliance is the third highest cost in the bank, behind interest expense and personnel cost. If I have something that is costing me that much money, I am not going to ignore it, pleasant or unpleasant. Most bankers have no idea what the compliance cost is in their banks, and many don't want to know. Many bankers believe that the cost of compliance is like death and taxes-it is inevitable and what will be will be. Not so. The real cost of compliance is very controllable. However it will not control itself. Left alone the cost of compliance can run amuck, and in many banks it has.
Now, some simple steps to manage the cost of compliance.
Number one. Develop a risk profile for each of the regulations and allocate resources accordingly. A violation of some regulations can entail severe penalties and/or liability to the bank's customer. A violation of other regulations may bring, at most, criticism from an examiner. I seldom advocate violating a regulation, but I am sure more cautious about not violating one that is going to cost me money than one that has no financial or public relations impact. No bank can afford to comply strictly with every regulation every time. If that were the goal, a bank would spend all of its time complying and would have no time left for banking. But a bank can comply with some of the regulations all of the time.
Review the various aspects of the laws and regulations as they impact your environment and determine which violations can have the greatest impact on your bank. In some circumstances a single violation of a regulation can have a significant impact. For instance, one incident of blatant illegal discrimination can be disastrous. On the other hand, a single violation of another regulation may be insignificant, but because of the bank's operations, if the violation occurs once, the same violation will probably occur over and over again. For example, if a bank's automation is incorrectly accruing interest on a deposit account, that same error will probably occur on every similar deposit account. An error in one account is not significant; an error in 10,000 accounts is. Some regulations may not impact your bank at all. If you do not offer credit cards, there is no reason to learn the credit card rules of Regulation Z.
Determine which regulations are at the top of your examiner's hit list. Because of the events of September 11, OFAC, The Bank Secrecy Act and The USA PATRIOT Act will obviously get close scrutiny. You know that in every examination the loans and deposit accounts of executive officers and directors will be reviewed for Regulation O compliance. HMDA reporting, CRA and issues of illegal discrimination are always going to be reviewed. Also extremely significant is anything that your bank has been criticized for in the past. If you were criticized for regulatory violations in a particular area in your last examination, you need to be sure that you have cleaned up your act in that area before your next examination.
After you have developed the risk profile for your bank, allocate your resources accordingly. Concentrate your training time, your internal audit personnel and your management time on the high-risk areas. Not to say that any law or regulation should be ignored, but the response to each should be proportionate to the risk that you have defined.
Number Two. Develop policies and procedures for the bank's employees and an audit program to verify that the procedures are followed. If a bank's employee has never been told what the bank's policy is relative to a certain situation, and the employee faced with that situation uses his or her best judgment in resolving it, the employee ought not be criticized for not following the bank's policy. In most banks, few employees are "home grown." Most came to the bank from another bank. Many have worked for several banks. Unless instructed to the contrary, those employees will continue following the policies of their prior institutions because that is the way that they have been trained. Every bank should have a comprehensive set of policies that are communicated to the employees whose jobs they impact. Without policies a bank is rudderless. Every employee is a free agent headed in the direction that he or she thinks is best.
Potentially more important than a bank's policies are procedures implementing the policies. Let's presume that it is the bank's policy to comply with all aspects of Regulation Z and provide all consumer loan customers accurate disclosures of their loans at the appropriate time. Lets also presume that the bank hired a hot-shot Regulation Z expert to put on a one day seminar for the bank's 20 loan officers on the requirements of the regulation. The next day there would be 20 people trying to comply with Regulation Z in 20 different ways, each believing that his or her way was the best. Guaranteed chaos. All of the bank's loan officers don't need to know the ins and outs and minutia of Regulation Z. What they do need is a comprehensive set of procedures, which if followed, will provide the correct result. If this, then do this and then go to step 2. Procedures should leave nothing to the imagination. If procedures are properly crafted loan officers don't need to be taught about Regulation Z; all they need to learn is how to follow the procedures. Procedures are also a great tool for training new employees. "Here is our policy and here are the procedures you are to follow in implementing that policy." A teller's time does not have to be wasted with an in-depth study of Regulation CC. All he or she has to be provided is the bank's funds availability policy, a set of procedures to follow and training on the procedures.
Once a procedure is in place and all of the bank's employees are following it, if it is determined that there is a better way to accomplish the bank's policy, or if the policy changes, it is easy to change the procedure. On the other hand, if a bank has no procedures and it wants to change a policy it will only add confusion to the preexisting chaos.
Here is how policies and procedures work. Assume that I am the president of a community bank in Florida and across the street from my bank is a swamp. There are alligators that live in the swamp, and occasionally they eat one of my customers. Until now that has not been a particular problem because customers were easy to come by. But recently a regional bank has begun construction of a branch a block away from my bank, and a de novo bank has applied for a charter next door. From now on customers will be more difficult to come by so I had better protect the ones that I have. This morning I developed a policy for the bank and I called my 100 employees together to announce it. "It is the policy of our bank to drain the swamp. If we drain the swamp and keep it dry then the alligators will move away and our customers will be safe. Now you, my loyal employees, go drain the swamp."
If you were to call a meeting of your 100 employees and announce that policy, probably ten of the employees slept through the meeting and didn't get the message. Another ten will think that your policy is a bad idea. Customers just clog up the branch and cause more work. They think you should import more alligators. But the other 80 employees, all well intentioned, will charge off in 80 different directions with 80 different ideas on the best way to drain the swamp. In all likelihood, at the end of the day there will be just as much water in the swamp as there was in the morning. What I omitted was a procedure.
Step 1. Get a bucket.
Step 2. Find a river.
Step 3. Make sure that the river does not empty into the swamp.
Step 4. Take a bucket of water from the swamp and dump it into the river.
Step 5. Repeat step 4 until the swamp is dry.
Is this the best way to drain my swamp? I doubt it. Will it work? Yes. And when I find a better way I can change the procedure and I will still have all of my employees working in coordination.
A couple of days later one of the employees who has been laboring on the bucket line comes into my office and says, "Boss, the swamp is dry and the alligators are gone. It is so safe you can let your children play out on the front lawn." Now, I have a lot of money invested in my kids, and I am counting on them to support me in my retirement. I am not going to jeopardize that investment on the word of one of my employees that he or she has done her job correctly. What am I going to do? I will send one of the employees that was not responsible for draining the swamp out to see that it really is dry. Audit.
If a bank has a comprehensive set of procedures for its employees to follow, the internal audit of the bank is markedly easier. All the internal auditor needs to do is audit to make sure that the procedures were followed. And if 79 people are doing something one way and one person is doing it another, the person out of step stands out.
Policies, procedures and audit. If a bank will follow this program for its compliance issues, the cost of compliance will be reduced markedly. Now, when a loan officer makes a loan, rather than spending an hour on compliance related issues, he or she can follow the procedure and accomplish the compliance tasks in fifteen minutes.
Number Three. Periodically readdress all of the compliance decisions that have been made in the past to determine if they are the correct decision today. Take advantage of what the rules allow you to do. All of us are, to one degree or another, creatures of habit. We tend to do whatever we did yesterday, and we did it yesterday because we did it the day before. Finally something becomes so ingrained in our behavior we do it without considering why. We don't question what we are doing; we just do it because we have always done it. For example, prior to Truth In Savings and Regulation DD, most banks sent their customers a notice after an automatically renewable time deposit renewed, telling the customer the rate on the renewed deposit. Then Regulation DD came along requiring that the customer be provided a notice prior to the maturity of an automatically renewable time deposit. Banks began sending the required notice but continued to send the post-maturity notice as well. When postage stamps were three cents, that might have been a good decision, but now that it costs at least fifty cents to send a notice to a customer, the decision to send that second notice that is not required might not be so good. At today's rates, if a customer has a $100 time deposit that automatically renews quarterly, the cost of mailing the extraneous notices may be more than the interest expense.
Considering today's interest rates, when was the last time that anyone reviewed your bank's policy for early withdrawal penalties? When the interest rate on a time deposit was six percent, 90 days or six months of interest was a penalty that would deter early withdrawals. In today's rate environment 90 days of interest is not a penalty that is much of a deterrence from jumping to another product if rates rise only marginally. "But we have never changed our early withdrawal penalties." And whose fault is that?
When Regulation DD was implemented it required that a bank disclose to its consumer customers when the bank would begin paying interest on noncash deposits. The rule is that a bank must begin paying its customer interest not later than the day that the bank receives credit for the deposit. If the bank is clearing through the Fed, it will normally receive credit for items two business days after the Fed receives the bank's cash letter. When weekends and holidays are factored in, that generally means that three days after a bank receives a customer's deposit, the bank must begin paying interest on that deposit. The bank can begin to pay interest earlier than that if it wishes, but not later. When Regulation DD was first published bankers were concerned that customers would actually read and understand the disclosures and shop around for whom had the best deal. Accordingly, all of the Regulation DD decisions were made "consumer friendly." We now know, that other than interest rates, customers do not often shop the other aspects of a deposit account. Moreover, customers don't understand what the disclosures say anymore than bankers do. For the above reason, many banks made a decision to pay interest on noncash items from the day of deposit. I recently did an audit in a bank with $480 million dollars in assets. Changing the interest accrual date from the day of deposit to the day the bank receives credit for the deposit saved that bank $38,000 in interest expense annually.
Another Regulation DD disclosure issue is the payment of accrued but uncredited interest when an account is closed. If a customer closes an interest bearing deposit account, be it a time deposit or savings account, the bank is not required to pay the customer the interest that has accrued but not yet been credited to the account. If the bank is not going to pay the accrued interest, however, it must disclose that fact in its Truth in Savings disclosure. Changing from paying to not paying accrued interest saved the bank mentioned above $24,000 per year.
The laws allow a bank to pay checks in any order that it chooses, low to high, high to low, in serial order, etc. In most instances paying high to low will increase the number of overdrafts and accordingly the fee income to the bank. From a customer's perspective, the largest checks are usually the most important and the ones that a customer would want paid. A bank must select an order in which it will pay checks. Why not select the order that is the most profitable, and potentially the order that the customer would prefer. In this regard, we suggest that a bank define the order in which checks will be paid in its account agreement. That will preclude a customer from successfully claiming he or she was unfairly charged.
If your bank has over $43 million in transaction accounts, you are maintaining a significant reserve balance with the Fed that you are not being paid interest on. For example, if your bank's transaction accounts total $100 million, your reserve requirement is approximately $6 million. That is $6 million dollars on which you are earning nothing, but could be lending or investing. There is a method of establishing a shadow savings account for each transaction account and transferring funds automatically between the two accounts within the constraints of Regulation D that will reduce your reserve requirements to virtually nothing. If you are earning 5% on your loans, we are talking about $300,000 per year in additional income potential. That is big money to almost anyone.
On loans, does your bank accrue interest on a 365 or a 360-day base? Using a 360-day base versus 365 will add about eleven basis points to your loan yield. A bank must disclose the higher APR on consumer loans and the loan documents must describe what is being done, but eleven basis points on a $100,000,000 loan portfolio increases income $110,000 a year. You can not change what is being done on your present portfolio, but you can certainly take advantage going forward.
Within any bank there are literally hundreds, if not thousands of issues like the seven that I have raised, where a bank can change something that it has always done and either increase income or decrease expenses. Charge your bank's compliance officer with challenging everything that the bank is doing in its product definition and processing and bring to management a report stating, for each issue, here is what we are doing, here are the alternate ways that the regulations allow us to do it and here is the bottom line impact of each alternative. You will be amazed at the amount of money that you will find. If your compliance officer needs a head start on additional ideas, have him or her give us a call at 1-800-KIRCHMAN ( 547-2462) and we will suggest some areas to explore.
Risk rate the regulations and deploy your resources accordingly. Implement a program of policies, procedures and audits. Challenge all of the things that the bank is doing just because that is the way that they have always been done. Any bank that rigorously goes down these three paths will find its compliance cost markedly reduced and its bottom line materially enhanced.
Metavante Regulatory Services (formerly Kirchman Regulatory Service)
Metavante Regulatory Services (formerly Kirchman Regulatory Service) has been the leader in banking compliance for over 15 years, and currently holds a strong presence in the industry today by providing comprehensive, timely and accurate advice to thousands of banks and financial institutions. Offerings include seminars and workshops throughout the country, custom presentations and speaking engagements, training media, web conferences, telephone consulting, “Regulatory Advisory Notice” e-mails, and the Regulatory Compliance Manual, the industry’s leading source for compliance information available both on the Metavante Regulatory Services website and Westlaw. Metavante Regulatory Services Premium Membership provides a full range of compliance services deigned to work together to support and provide your staff with complete up-to-date information on all the federal laws and regulations, and more importantly is the most efficient way to comply with them. To learn more about the products and services offered by Metavante Regulatory Services, call (800) 547-2462 or e-mail us at email@example.com and visit us on the web at www.kirchman.com.
First published on BankersOnline.com 2/14/05
Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.