In one job description handbook, which is tailored to financial institutions, it describes the bank Compliance Officer as reporting to the CEO and Board, and summarizes the job description as "oversee[s] the compliance of laws and regulations as they apply to the financial institution."
Is everyone clear now?
Maybe not- the description goes on to provide particulars of the Compliance Officer's job, which I have summarized below:
-develop, administer and monitor programs that ensure the bank's compliance with laws, regulations and rules
-research federal and state banking laws and regulations
-review bank policies and procedures for compliance
-oversee record retention and record destruction
-coordinate disaster recovery
-meet and provide information to management regarding compliance
-schedule compliance audit and review
-report to Board
But, even that may not be broad enough. Compliance Officers often help with compliance training and testing, answer department questions, review products, monitor customer complaints, create checklists, etc.
How does one or three or ten people do all of this? I don't know, and it gets harder all the time.
One thing that I know for certain-and it was emphasized by a speaker at Spring Conference this year -Compliance is NOT the responsibility of the Compliance Officer. The Compliance Officer should, at the very most, be responsible for OVERSIGHT of compliance. EVERYONE is responsible for ultimate compliance.
We hope that the KBA offers our members and their Compliance Officers resources that make their lives a bit easier. If there is something else we can do, let us know and we will try to provide it.
But, consider the following resources:
First and foremost, each Compliance Officer MUST have access to the internet. If you are concerned about security breaches, allow them to set up a separate computer with a separate internet connection. There is simply too much information available online to restrict their use of this resource.
A site that should be regularly checked is www.kybanks.com.
For Kentucky state laws, the Compliance Officer should have the most recent edition of "Kentucky Banking and Related Laws and Rules." The current edition is 2010. Always keep a copy of the most recent version on your desk, as the laws do change with some regularity and you do not want to research obsolete laws. When we send out a notice that the Kentucky Banking Laws has been revised, ORDER A NEW COPY.
The Compliance Officer should also know where to find (and how to navigate Kentucky laws and regulations on the internet):
* Kentucky laws online-http://www. Irc.ky.gov/krs/titles.htm
* Kentucky regulations online-http://www.lrc.ky.gov/kar/titles.htm
For Federal Laws and Regulations, the KBA attempts to send out notices on relevant proposed and final changes. We will be providing a calendar of proposed and final regulations, as well as required action dates.
In addition to that information, most Compliance Officers will want to be aware of the materials of various regulators and websites. Here are some that I suggest should be visited regularly and subscribed to, although each can be accessed through our website:
www.fdic.gov
www.ffiec.gov
www.federalreserve.gov
www.stlouisfed.org
www.clevelandfed.org
www.fincen.gov
www.kfi.ky.gov
www.occ.treas.gov
Compliance personnel should not limit their research to your bank's specific regulators. You will be surprised at the similarity of trends among the various regulators, especially with examination issues.
Start off with more resources than you think you will need, cull out the ones that are more useful and reduce the attention given to those that aren't as useful. This holds true for email services as well. Sign up for as many as you think that you might be interested in- review them and determine the relative value of each compared to the time that you have available.
Continued training is a must. It doesn't matter if your bank's Compliance Officer has been on the job 15 months or 20 years. The laws and regulations continually change and the bank needs to stay up to date. Take advantage of free training opportunities (especially webinars). But, remember that you often get what you pay for and make sure that your bank is willing to pay for additional, more comprehensive training on repeat or multiple topics.
Compliance Officers should also be encouraged to network with Compliance Officers at other institutions, regardless of competitive concerns, differences in sizes or operations. These networking/sharing opportunities are invaluable to resolving complicated issues, allow for innovation solutions to problems and maintain sanity in a key member of your bank team. In addition to encouraging phone calls, make sure that your Compliance Officer takes full advantage of face to face networking opportunities, such as KBA's Compliance Roundtables.
Last, but not least, the Compliance Officer should have access and support of key management of the bank. That means:
* Compliance Officers should be involved in the most preliminary discussions of changes and development of new products
* Compliance Officers should feel comfortable approaching and discussing compliance issues and concerns with all levels of employees, including management, in accordance with bank protocol
* Bank staff should get clear signals from management regarding the importance of compliance
* Compliance Officers should be involved in compliance audits and examinations, including exit meetings.
You probably still don't have a clear picture of what, exactly, your Compliance Officer should be doing. That is because the role is evolving. Hold on tight, it's going to be a bumpy ride...
No comments:
Post a Comment