Long long ago (most of the '80s and '90s), I was responsible for what the industry commonly called "compliance" and the people who did the work were called "compliance officers" (and similar titles for the sub-officer level assistants.) If my office had a door, it would have been titled "Compliance Department." I thought I knew what I did and where my responsibility began and ended.
SOP was that whenever something of a regulatory nature hit the fan in any department of the bank, the department's manager labeled it a "compliance problem." Since the Les Nessman door to my office said "Compliance Department," the problem was delivered to me...no additional resources, no additional staff, and no authority to change procedures or policy in the affected business unit...just the problem. Eventually, I realized that the "Compliance Department" was a 5-lb bag and something needed to change.
Condensing a story that played out over several years, I scraped the name off the office door and replaced it with my unit's newly authorized title "Regulatory Management." My mission statement changed from "do it" to "help affected business units understand their regulatory obligations and meet them, and be ready at any time to sell our results to regulators."
I was required to maintain the highest level of knowledge of all regulations already affecting our company, and awareness of potential/new/revised regulations, our regulators' hot-button items, and common regulatory problems throughout the industry. I managed our relationship with all regulators before, during, and after any type of examination. I assisted with structural issues like policies and DP. Whenever a situation demanded, I rolled up my sleeves and joined the fire fight.
We did our best to decentralize the responsibility for day-to-day compliance, but settled for a hybrid. The biggest business units (credit card, mortgage company, trust company) had already evolved to that arrangement. It was extremely important for them to control the flow of their businesses and a woefully-understaffed and underbudgeted central office support unit (me) was an unacceptable bottleneck. Their execs happily set up internal compliance support units and managed and budgeted them directly. I worked with them when they asked and coordinated with them when regulators were in. My department worked with the smaller business units and other central office units (marketing, facilities, in-house DP, HR/training) however made the most sense.
At the end of the day, my bank realized that the words "compliance officer" were almost meaningless. What mattered was thorough risk assessment and a good plan to protect the bank from the consequences should risk become reality.
_________________________
...gone fishing.