Let me begin by saying that we are a very small bank (less than $150 million) with very few employees. I currently hold the title of internal auditor and compliance officer. Our regulators have raised concerns about me holding both titles. They cite independence issues (ie. - I could be auditing my own work).
I conduct audit and compliance risk assessments, create audit/review schedules, and conduct the reviews. We do engage an third-party consultant to conduct some independent reviews each year. As far as operations is concerned, I am independent from daily processes. On the compliance side, I do assist in creating policies and devising processes, consulting, and training.
Management is considering moving the compliance officer title to another individual (with limited compliance background), but not truly changing anyone's daily responsibilities - meaning I'd still be the one to handle all compliance issues as they arise. It seems like a smoke screen to appease the regulators. We surely won't be hiring another person so we can have a seperate compliance officer and a seperate auditor.
Any ideas or suggestions on what we can do or how we can respond to the regulators?