I've been asked to find cases where financial institutions have received C&Ds and/or fines for failing to have an adequate compliance structure specifically addressing to whom the Compliance Officer reports. If anyone knows of any cases from a government agency I would appreciate it.

Backstory - our compliance team reports to the CEO and Legal. Legal submits reports to the Board regarding compliance but there is no direct line from compliance to the Board. Both the CCO and I feel the current structure is inadequate and he should have a direct reporting line to the Board. He's asked me to put together a convincing paper for our CEO (who feels the current structure is fine).

Thanks.

If GA is General Auditor, that person should most definitely have a direct reporting line to the board (usually to an audit committee of the board). I don't have any enforcement actions to offer, but maybe someone else will know of some. I would expect your regulators to cite you for your audit function not being independent, but maybe it depends on the size of your bank.

Sorry, meant Legal not GA.

I (and the CCO) agree with you. Our CEO responds much better to "we could get fined X dollars" than a threat of an as-yet unproven audit finding. We are in uncharted territory because of our recent growth but he's still in the old reporting paradigm which worked for us well previously.

Where's the audit department in this picture?

the duties and responsibilities of each HNAH senior compliance officer, and with respect to BSA/AML compliance functions, staff positions, including the reporting lines within HNAH, and between HNAH and its business lines and legal entities;

http://www.federalreserve.gov/newsevents/press/enforcement/enf20101007c1.pdf

We do not have an audit department currently because we are not technically a financial institution - long story I won't go into here. However we are looking to hold ourselves accountable as close as we can to the standard that an FI would normally maintain. Having internal/external audit is another factor we have discussed but it will not materialize in time for our pressing of this compliance restructuring.

The best case structure that I am working towards implementing is to have compliance operations report up (only) through Legal and have compliance reporting go directly to the Board (there is no Audit Committee as yet). For all intents and purposes the CEO and business-side would be removed from the equation, in as much as it is ever actually feasible to remove business influence from compliance operations.

Thanks EdAudit, appreciate the info. That will help a lot.

Something I have considered is changing the viewpoint of our position from the need for Compliance to be independent from the business to the Board's need to have compliance feedback unfettered by the business.