Bank Compliance Officer vs. Compliance Auditor

Posted By: Nick Grant

Bank Compliance Officer vs. Compliance Auditor - 04/20/09 01:02 PM

Would anyone venture to define for me the difference between a bank compliance officer and bank compliance auditor. Would it ever be acceptable to be both?

Comments and regulation cites will be appreciate.
Posted By: BrendaC

Re: Bank Compliance Officer vs. Compliance Auditor - 04/20/09 01:44 PM

At my previous bank our Chief Risk Management Officer headed up risk, compliance and audit.
Posted By: #Just Jay

Re: Bank Compliance Officer vs. Compliance Auditor - 04/20/09 01:52 PM

I do both.
Posted By: RR Joker

Re: Bank Compliance Officer vs. Compliance Auditor - 04/20/09 02:56 PM

I used to be both until we got too big. Now Internal Audit does compliance audit and I do compliance management.
Posted By: Andy_Z

Re: Bank Compliance Officer vs. Compliance Auditor - 04/21/09 10:59 PM

If I were defining the differences I'd say audit handles the banks accounts, policies and procedures and compliance handles the alphabet soup regs. That is a general definition.
Posted By: Richard Insley

Re: Bank Compliance Officer vs. Compliance Auditor - 04/22/09 01:54 AM

The term "compliance officer" is not defined and there is no clear industry standard for the duties associated with this job.

Over the years, regulators have pushed banks to turn the "compliance officer" position into a type of auditor--for their own convenience. If you audit the bank, then their job is much easier. Unfortunately, yours isn't.

Before there can be anything to audit, regulations must be implemented and managed. Managing regulatory risk involves far more than testing for exceptions. A compliance manager watches the horizon for new and changing regs and emerging "hot button" issues. S/he manages the bank's relationship with its regulator(s), including on-site exams. Most importantly, s/he coordinates line managers' efforts to implement and control regs. Often, the compliance officer is responsible for all regulatory policy writing and training.
Posted By: luvflipflops

Re: Bank Compliance Officer vs. Compliance Auditor - 04/23/09 05:30 PM

IMHO - a compliance manager is one that establishes policies, procedures, processes. Or at least proposes them to the decision makers. The CM also has an oversight capacity for the processes that contribute to compliance and is held responsible when/if the compliance auditor finds an issue. The compliance auditor should be seen as the refining tool for the compliance function. They come in with a different set of eyes (and probably a little more perspective) and audits the efficiency, compliance, etc of the policies, processes and procedures that the CM has established and manages.
Posted By: ahou

Re: Bank Compliance Officer vs. Compliance Auditor - 04/24/09 01:43 PM

To me, a Compliance Auditor is independent from day to day compliance activities and mgmt decisions. The audits performed by this person have the purpose of ensuring the BOD that internal controls and bank procedures are adequate to ensure compliance. The auditor serves in a advisory capacity when sitting on committees, rather than being directly involved in mgmt decisions. Sometimes the auditor is called a "Compliance Officer", which seems to be a generic term, whose duties could be anything depending on the bank they work for smile
Posted By: Richard Insley

Re: Bank Compliance Officer vs. Compliance Auditor - 04/26/09 12:03 AM

These are all good observations, but it's a design flaw to hold the compliance manager responsible for implementation errors & omissions and for operating breakdowns. I've watched countless C/Os become incredibly frustrated (and been there myself) when they're told "it's a compliance problem...your title is compliance officer so that means you own it." I didn't mind accountability--but not for things I couldn't control.

It's not unusual for the lonely compliance professional to become a dumping ground for any project or problem which can have the "C" word pasted on it. Business managers love to do this because they hate regulations and want to get the monkey off their backs. Also, they know that the cost of compliance stays out of their budgets if it can be pushed into a general corporate cost center. Try walking into a business, and taking charge of human & financial resources necessary to implement a reg. & you'll underscore why you can't be held accountable.

Working under bank counsel, I arrived at a relationship with the major businesses which gave the head of the business a full or part-time compliance specialist. These folks were housed & budgeted in the business, reported to the top business manager (with varying degrees of informal "dotted line" reporting to me), and totally responsive to their businesses needs. Our business heads liked this arrangement because it eliminated a bottleneck---they never had to hear "I'll get to you as soon as I finish ____."

I realize this model can't scale down to banks with only one compliance position, but it's still possible to move a businesses' quality control functions to its servicing unit and "deputize" someone within the business unit to help with implementations, examiners, and other activities that can run you ragged.
Posted By: Sound Tactic

Re: Bank Compliance Officer vs. Compliance Auditor - 05/15/09 07:57 PM

Originally Posted By: beachgirlatheart
IMHO - a compliance manager is one that establishes policies, procedures, processes. Or at least proposes them to the decision makers. The CM also has an oversight capacity for the processes that contribute to compliance and is held responsible when/if the compliance auditor finds an issue. The compliance auditor should be seen as the refining tool for the compliance function. They come in with a different set of eyes (and probably a little more perspective) and audits the efficiency, compliance, etc of the policies, processes and procedures that the CM has established and manages.


I totally agree which means I disagree with many of the posters here. A Compliance Auditor is not a Compliance Officer. A Compliance Officer is responsible for the Compliance of the bank, setting policies and establishing risk tolerence. A Compliance Auditor reports to the board the condition of the banks compliance program, including how well policies are being followed. Two totally different positions and should NEVER be the same person. That said, sometimes banks have no choice because of size, etc., however it should never be the same person.
Posted By: Dolly Nugent

Re: Bank Compliance Officer vs. Compliance Auditor - 05/18/09 08:48 PM

I am the Compliance Manager at my institution. I am responsible for risk assessments, developing policies & procedures and training.

We have an outside company perform our compliance audits. However, my department also performs "internal monitoring" to ensure that policies and procedures are being observed in between audits. We are regulated by the FRB and they like our program. They especially like that we "self-identify" problems and adjust our procedures.

The compliance auditor reports her findings directly to the Audit Committee. I also report findings related to the internal monitoring performed by my department to the Audit Committee.
Posted By: Dolly Nugent

Re: Bank Compliance Officer vs. Compliance Auditor - 05/18/09 08:51 PM

I am the Compliance Manager at my institution. I am responsible for risk assessments, developing policies & procedures and training.

We have an outside company perform our compliance audits. However, my department also performs "internal monitoring" to ensure that policies and procedures are being observed in between audits. We are regulated by the FRB and they like our program. They especially like that we "self-identify" problems and adjust our procedures.

The compliance auditor reports her findings directly to the Audit Committee. I also report findings related to internal monitoring to the Audit Committee.
Posted By: Richard Insley

Re: Bank Compliance Officer vs. Compliance Auditor - 05/20/09 02:23 PM

Regulators always like self-review & don't much care who does it. If you do it, they get to go home early.

From the management perspective, however, if you look like an auditor and quack like an auditor, your business managers will welcome you like an auditor ("oh no, not you again, you couldn't be here at a worse time.") If there's any way to transfer the QC to the business units (usually their servicing support staff), do it. By shifting the never-popular error detection duties to employees under the control of the business head, these busy execs can better control the flow of their businesses. Your auditor can still review the scope, findings, and follow-through for the QC process, and you are still available to help repair things that have broken down.