Our compliance committee is meeting for the first time next week. Does anyone have items they generally discuss in their meetings. I was thinking going over regualtory changes this year and what I know for next year and also training program. I appreciate what others do in their meetings.

Thanks,

Here are a couple of sample agendas from meetings I've had this year.

AGENDA
COMPLIANCE COMMITTEE

April 16, 2009

I. Approval of Minutes from March 2009 meeting

II. FACTA/ID theft program update

III. Audit responses/monitoring format

IV. Internal Monitoring update-Loan files

V. SAS70 reviews

VI. Vendor Management Update

VII. HMDA update-2009

VIII. FDIC and state compliance exam update

IX. Appraisal changes update efft. 5/1/09

X. CTR errors update

XI. Consumer Complaints-

AGENDA
COMPLIANCE COMMITTEE

October 15, 2009

I. Approval of Minutes from September 2009 meeting

II. FDIC compliance exam update

III. Federal & State Regulatory Changes
 SAFE Act Mortgage Licensing update
 Reg GG update-Illegal Internet Gambling
* Reg Z and RESPA changes update

IV. Audit results

V. FCRA and Lending audit update

VI. MSB update

VII. Procedures Committee Update

VIII. Account Opening-Minimum Age Discussion

IX. Check Kiting-Closing of Accounts Discussion

X. CTR error update

XI. On-line training update

XII. On-line Banking Risk Assessment-

XIII. Consumer Complaints

Our committee agenda was a little more generic. Each area was required to submit a quarterly report. The officer responsible for the area provided a brief update that covered new regs and impact, any proposals that we planned to comment on, testing results, complaints, audits, significant metrics, training.

Lending Compliance
BSA/AML Compliance
Deposit Compliance
Privacy/Information Security Compliance
Security Report
Misc (Accounting, HR, Securities, etc.)

Over time, we were able to design report templates that enabled a consistent presentation of info on the various topics. We could use these to prepare summary for Audit Committee of Board. Regulators and examiners liked the consistent presenation. They knew exactly where to go to find what they were looking for.

PM me with your email, and I will be happy to send you a sanitized version of my agenda, and notes.

Brenda - please don't take this the wrong way, but what does the compliance officer do in your institution if the officers are responsible for reading, interpreting and implementing regulatory changes? I am trying to restructure our compliance committee and I am truly struggling with where lines should be drawn for responsibility, so I'd appreciate your expanding.

SkiDoo, I think Brenda was referring to her compliance officers over those repsective areas. I only know that because I used to work for her and I was the compliance officer over many of those areas and I was the one who submitted those reports.

Oh - so each area has its own compliance officer. We are a small bank and I am the compliance officer for the whole bank. I just can't figure out an effective way to get more people involved. I have tried subcommittees, but I still end up doing all the work. I am sort of envisioning something like - I provide the rule/reg, interpretation and guidance for policy changes required, procedural changes, etc. The dept head is responsible for making those changes, getting them reviewed by Compliance and either submitting to the board for approval or I would submit it. The problem I think is the dept head having time to do it and if I do it, I always get "but you didn't think of this or that" even though they allegedly read it before I presented it to the board.

So - how do other small banks do it?

P.S. I don't mean to hijack this thread, so you can PM if that is more appropriate.

For many years, we had only two compliance officers and we split the duties. As compliance evolved, and our bank(s) grew, we took on more responsibilities and had some minimal support staffing. I was responsible for BSA/AML, Deposit, Privacy/Information Security and eventually Security (for a short while pending acquisition). It is challenging, but it is doable with organization and management support.

One of the tools that helped me was a "delegation of duties" outline that I used when we were smaller to ensure we were all reading off of the same page as to who was responsible for what. For example, our operations officer was responsible for certain verifications of Reg CC holds and our electronic banking manager was responsible for Reg E error resolutions. I periodically tested the testers.

One thing I found helpful was a "compliance working group" in addition to the "compliance committee" of managers (or instead of)...folks that the department heads named to be the doers in their area. Loan ops, deposit ops, lending (front office - consumer, residential, commercial) and so on. When something needed to get developed and rolled out, these were the folks who worked with compliance to develop the procedures and make it happen. They received extra regulatory training.

Kaybee, I have tried that in what I called a subcommitee, but when I would try to schedule a follow up or status meeting - no one had time to meet and when we did - nothing got done. I would end up writing the program. I am thinking maybe you had a higher authority to report non-action from your committee to???

Brenda - I like the idea of a delegation of duties. Is that something you would be willing to share? If not, this is sort of what I am doing now (using Reg GG as an example):

Retail Dept - develop and implement procedures to prevent payments to gambling businesses using the internet. Train accordingly.

Ops -develop and implement procedures to...

Chief Credit Officer - train staff on general requirements- particularly the certfication requirements.

Sr Mgt - decide if we are going to open accounts for internet gambling businesses; if so, when we will close said accounts.

Compliance - work with all above to effectuate implementation; prepare notice to commercial customers and work with Marketing for distribution; create policy and obtain board approval.

As of today, the only things done are the compliance functions. I am now working on everyone elses steps. (Sr. Mgt never responded to my request for answers to the bank or not bank question - so I just wrote it in the policy as we would.) Is the problem that I am asking them to do too much? Was your "delegation of duties" similiar?

When I had my "sub-committee" it was set up formally with senior management agreement and those named to the committee had it added to their job duties. There were no "outs" from doing the work. I had to wheel and deal to get it set up but in the end with audit committee and board support it went through and it worked.

That is a great idea! Thanks!

Was the range of responsibilities similar to what I posted or am I asking too much? I was criticized by examiners for not keeping up with my audit schedule - but when they realized I was writing the policy, writing the procedures, preparing the forms, doing the training and then testing/auditing - they said no wonder you can't keep the audit schedule!! You need to get more help from your complaince committee, so I am trying to do that, but I don't know how to do it any differently than what I have posted and I am not sure if I am asking too much. In the example about the Ops Officer verifying holds, do they report back to you that all holds were in compliance - or do you just trust they did it, then audit for it?

We have a compliance officer who has overall responsibility for regulatory compliance. In addition there is one person on the deposite side (me) and one person on the lending side who work with compliance icluding BSA. It is part of my job description that I will assist with compliance in the deposit area including. I work with both external auditors and regulators on all regulatory issues associated with deposits.

This evolved over time because the compliance officer could not do it all. Since I work in deposits I understand how are products are set up, what we offer, what we don't offer and what we have the ability to do.

This sounds like they way I would like our bank set up. Can I ask how big of an institution you are & how many branches you have? Thanks.

My compliance committee is made up of department managers (consumer lending, residential lending, H/R, deposit operations, etc.) and we meet quarterly.

I provide a list of new or amended final rules or regulations, significant proposed rules, upcoming effective dates, audit or exam plans and results, upcoming internal and external training opportunities and I provide time for any other discussion items or Q&A time.

I provide bullet points in the meeting agenda hitting the highlights of the changes or new stuff. I think it is helpful to do that to stimulate discussion at the meeting of the affects of the changes rather than use the meeting to inform about the changes. Of course, this also means you have to send the agenda a couple of days prior to the meeting so they can read it and give the changes some thought.

We have only one branch which is also our main office so everyone is in the same location.

Brad, this is how we are set up too, but who actually implements the changes?

Our department managers are responsible for implementing the changes. I help coordinate, make sure everything is addressed, answer questions, etc. but ultimately the department managers have to manage compliance in their areas.

Ok - thanks!