Hello,

I am in the process of assessing our Compliance department’s structure and I was wondering if anyone had a minute to share the structure of their departments. Also, do you have a Loan Review department or is that outsourced? We are a 1.3B institution (and growing), with 14 branches. Any information would be greatly appreciated!


Thank you!

We are a $1.2 billion community bank with 11 branches. I am the compliance department.

Our loan reviews are outsourced.

We are $2.6 billion credit union with 22 branches. Compliance consists of an AVP, three compliance analysts, and three BSA analysts. There is a separate department that does loan quality control/assurance reviews> Also use a third-party to review a set percentage of the loans..

Compliance department means a lot of things. Without knowing what you mean and other information, such as your risk profile, this is an exercise in futility.

Do you consult with and advise management, do you also perform internal control processes, do you actually perform line duties, such as HMDA reporting, how much of the BSA activities are in the compliance department, etc. The list is endless.

In this case, a horse is not always a horse. This has also been attempted dozens on times in the past. Do a search on "+compliance +structure".

Thank you for your responses. Rlcarey I did do a search before I posed the question. The only results I found were for community banks with a smaller asset size. We are primarily a commercial bank, but recently merged with another institution and obtained a mortgage department.

We have a separate BSA department of 7, Internal Audit department of 3, and Loan Review department of 3, these department and the Compliance department along with vendor management fall under Risk Management. We have a Chief Risk Officer, I am the Compliance Officer and have two compliance staff members. Compliance reports to the compliance committee and the Board, I am responsible for the oversight of the overall compliance monitoring program, internal compliance testing, training, and compliance risk assessments. I do advise and consult with upper and executive management on compliance issues.

This is a hard question to answer because every bank is different including outside forces. For instance if the examiners think you need more bodies, you may be forced to hire additional staff. Even with your detailed description above it is difficult to analyze.
My recommendation would be to analyze how other banks in your area are set up and their staffing levels.

There are generic = broad answers but the mechanics can differ greatly, as was noted. Some banks have attorneys on staff or review the regs and write the policies for banks and compliance never has to read them, just get Legal's interpretation on how it impacts the bank. Others farm out auditing, and some consist of a sole person. Its all over the board.

What works for your bank, and have there been any comments from your regulator as to what wasn't working? Those are key. And you said the bank is growing, are there plans for a staffing increase? And lastly, how much does compliance do, or are many tasks parted out to other areas based on the transaction volume? Those need to be answered internally to make plans for the future.

If management was as simple as copying another bank's org chart, there wouldn't be an "M" in CAMELS.

The boxes and lines on a chart are necessary, but it takes A LOT of work to get to that stage of the project. You are designing a complex management system. It exists to assure that the bank's franchise and income streams are not threatened by unnecessary costs and the unfavorable consequences that result from violations of scores of local, state, and federal laws, rules, and regulations.

Arguably, the first step is to identify all of the laws, rules, and regulations that apply to the bank's product lines, business locations, workforce, and other elements of your operating environment. This "legal inventory" forms the basis for high level legal/regulatory risk management. Because the law is always changing and your product lines are always changing, it must be someone's job to keep your "legal inventory" up to date at all times and to notify all bank managers who need to be aware of these changes. Since litigation and enforcement are part of the legal environment, someone must also track trends in these matters.

Wherever you identify a legal/regulatory obligation, you need an action plan. That plan consists of a policy (for guidance), one or more procedures (to assure an appropriate response to the legal/regulatory obligation), staff training, forms and automation, quality controls (to be sure the procedures always work as intended), operations support (to guarantee that products and services are delivered as planned), and appropriate audits (to be sure no one has dropped a ball.)

After you have developed the framework for your management system, it's time to determine where people are required and to write the job descriptions and titles for their roles in your plan. With the right number of people appropriately addressed to the necessary tasks, THEN you and add a few managers, assign groups of employees with related duties, and draw the boxes and lines.

Notice that I didn't use the word "compliance" to describe any of the players or plan? It's a meaningless word that everyone in banking uses constantly and understands clearly. Unfortunately, those "clear" understandings are all different! "Compliance" is the destination, not the means to getting there. By resisting the urge to sprinkle the "C-word" throughout your organizational materials, you stay focused on the goals, the nature of your jobs, and the reporting lines that keep everyone connected to the bottom line.