Compliance Management System (CMS) – A Refresher
- Contributor
- Chris Cain
Jul 2, 2021
Let’s face it—today’s financial institutions are confronting many challenges post-pandemic. However, one major area that has received renewed emphasis with the change in administration is compliance. Financial institutions must continuously navigate an evolving environment of complex compliance regulations. Bank board members and management understand that a compliance issue can cause significant time and resources to diverge from an institution’s strategic mission. Furthermore, a compliance oversight may result in regulatory action, penalty, litigation, or damage to one of the financial institution’s most valuable resources— its reputation. Given this renewed focus on compliance, what should financial institutions do to prevent a failure proactively? One of the most important places to begin is the compliance management system (CMS). A financial institution’s CMS drives its overall compliance approach. The FDIC notes that an effective CMS encompasses three integrated elements:
- Board and management oversight;
- Compliance program; and
- Compliance audit*.
These foundations of the CMS must be robust and work cohesively to ensure the financial institution complies with the multitude of federal and state regulations.
Board and Management Oversight
The board of directors is ultimately responsible for compliance and must set the overall tone for compliance adherence. These groups set the compliance tone by defining clear expectations, allocating appropriate resources, appointing a qualified compliance officer or compliance committee, and ensuring that the compliance function provides periodic updates to the audit committee (generally at least once every six months). One aspect of this oversight that often gets overlooked is making sure the compliance function is proactive instead of reactive. It is vital for those involved in the compliance function to understand, plan, and prepare for upcoming regulatory changes instead of waiting for the regulators to identify compliance issues.
Compliance Program
An effective compliance program begins with current policies. Policies and procedures developed by the compliance officer and compliance committee must provide the financial institution with an effective and efficient means to comply with regulatory requirements. Other important aspects of a robust compliance program are relevant training, comprehensive monitoring, and reporting. By having updated training, employees can ensure that they are aware of any compliance changes. Monitoring activities are detailed and comprehensive to self-identify opportunities for improvement. Accurate reporting allows stakeholders to understand the severity and nature of the compliance findings so the underlying cause of the problem can be resolved. Currently, many financial institutions are focused on offering new products and services to generate additional revenue. Compliance personnel should be involved early in this evaluation process so that concerns are adequately investigated and addressed before implementing the new product or service.
Compliance Audit*
Generally, a compliance audit is an independent evaluation of a financial institution’s compliance with specific bank policies, including certain laws and regulations. This process involves developing a tailored program based on compliance risks and problematic compliance areas of the organization. The compliance audit should work in conjunction with board and management oversight and the financial institution’s monitoring for an effective CMS. When all three elements of the CMS are working harmoniously together, the compliance risks of the institution can be better managed. By engaging with a team of Certified Regulatory Compliance Managers (CRCMs), your financial institution can confidently undergo an independent evaluation of CMS as well as conduct compliance procedures in specific areas such as Fair Lending, CRA, HMDA, loans, deposits, etc. If your organization is interested in learning more about these services, please reach out to a CRI advisor for further guidance and information.