The Bank Compliance Officer Role: A Trajectory over TimeIncreasing Visibility and InfluenceExpanding Topic Matter and Responsibility

Phone: 515-689-2114

You Tube: https://www.youtube.com/channel/UC8L_SrabonOYLPQ0FW96o4A

Trajectory of One Compliance Officer

Bank Examiner in Iowa

Consultant

Very Large Bank and Mortgage Company

Community Bank between $1billion and $5 billion

Mortgage Originations Service Provider

Consultant

How Has The Role Changed?

How many have seen "scope creep" or additional

areas of oversight added your roles since 2008?

What contributed to this?

What new areas of responsibility have you assumed?

What challenges have you faced?

Do you have days where you feel like…

”

“ …You Never Know

What You Will Get?

Think of it as…

entertaining chaos

Analogy:

Professional Cyclo-Cross Race

HTTPS://VIMEO.COM/185225432

Will it be dry?

Business as

Usual (BAU)

Will it be snowy?

Prepare for winter

Will it be

muddy?

Triage

Material

We Will

Cover

Visibility and Influence of Role:

Evolution of Compliance Officer duties

Evolution of Skillset

Expanding Topic Matter:

Operational Risk

Conduct risk, Governance, Cultural Change

Cyber security

UDAAP

Anti-money laundering and BSA

Technology and data integrity

Change Management

Third Party Management

Practical Matters:

Three Lines of Defense

How to Keep Up

Reprioritizing

Triage

Evolution of Compliance Officer Role

Legacy Role

Focus on technical knowledge of regulations

Low visibility and limited interface with business

leaders and technology

Not an influential role

Detail oriented - testing and checklists

Siloed or bolted on to business process

Rigid definition of “compliance”

Focused on identifying errors and driving

remediation

Staying abreast meant reading proposed and

final rules

Evolved Role

Technical knowledge still important but within the

context of business process

High visibility and frequent interface with business

leaders and technology

Highly influential role

Big picture oriented

Integrated with business process

Elastic definition of “compliance”

Focused on collaborating with operations when

they self identify errors

Staying abreast expanded to monitoring and

understanding enforcement action

From Check the Box to Strategic Partner

Visibility and Influence

What Skills do I Need?

Cross-functional experience is becoming a requirement

A track record in delivering change

Ability to independently engage, question and drive resolution – Credible Challenge

Strategy and big picture

Cultural awareness and change

Relationships and collaboration

More emphasis on finding efficiencies

New Topics and

Territory …

Compliance is evolving

toward a more

integrated, enterprise

role.

BEING PREPARED

FOR - YOU NEVER

KNOW WHAT YOU

WILL GET…

Operational Risk

Operational risk is the prospect of loss resulting from inadequate or failed

procedures, systems or policies. Employee errors. Systems failures. Fraud

or other criminal activity. Any event that disrupts business processes.

Need deeper understanding of operational risk

Understand your bank’s operations in all areas

Compliance issues are born of operational risk

Implement root cause analysis, identify trends, develop measurements

and metrics

Cybersecurity

Interconnectedness with Third Parties Biggest Risk – Internet of Things https://motherboard.vice.com/read/15-million-connected-cameras-ddos-botnet-brian-krebs

FFIEC Cybersecurity Assessment Tool (CAT) https://www.ffiec.gov/cyberassessmenttool.htm

Dwolla Enforcement – CFPB received no complaints to trigger http://www.consumerfinance.gov/about-us/newsroom/cfpb-takes-action-against-dwolla-for-misrepresenting-data-security-practices/

Incident Response

Education! 25% of people who get phishing emails open them and 11% click on links

FDIC Board Vignettes for BOD Training https://www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html

Technology and Data Integrity

Understand your bank’s technology infrastructure and data

flows

Be aware of software releases in critical systems and ensure

they are tested, implemented, tested again

Make sure data you rely on for reporting is good – garbage in

garbage out

Leverage technology wherever you can

BSA

BSA is inextricably tied to fraud – look for ways to reduce duplication, create

synergy

Personal Liability

FinCEN’s final rule on Customer Due Diligence Requirements for Financial Institutions

https://www.federalregister.gov/articles/2016/05/11/2016-10567/customer-due-

diligence-requirements-for-financial-institutions

New rule does not require that CDD verification steps be identical to CIP requirements

Covered financial institutions have until May 11, 2018 to implement

The rule is not retroactive; it does not require a “lookback” for existing

customers, unless those customers experience a triggering event.

Conduct Risk, Governance, Cultural Change

Conduct Risk

Whistleblower duties (Code of Ethics)

Formality of governance

Reporting to Board – Dashboards and Metrics

Culture of Compliance

UDAAP

Military Lending (MLA)

Elderly

Students

Disabled

Digital Accessibility

UDAAP

Change Management

Project Management

Challenges in defining “Project”

Technology Change Management

Technology Releases again – monitor and ensure they

receive appropriate prioritization

Regulatory Change Management

Leverage project management process

Regulatory Change Management Tool Requirements and Project Committee Comments Regarding Impact

Item NumberAgency or

EntityTitle of Rule

Short

DescriptionEffective Date Risk Level

Link to

Legislation /

Material

Responsible

Party

Requirements Due

By

Project

Reference or

Link

Compliance and

RiskLending

Facilities and

OpsTechnology Deposits

High Level

Status

1 CFPB Regulatory

Agencies

2016 E-Alerts

CFPB – Annual

Threshold

Adjustments for

2017

The Bureau of

Consumer

Financial

Protection

(CFPB) issued

a final rule

amending the

regulatory text

…..

01/01/17 Low http://www.con

sumerfinance.g

ov/about-

us/newsroom/c

onsumer-

financial-

protection-

bureau-

announces-

annual-dollar-

thresholds-

truth-lending-

act-regulations-

certain-credit-

transactions/

12/01/16 June 4, 2016

MMR

COMPLETED

NO IMPACT

Third Party Management

Oversee the program, ensure it is sound

Make sure contracts include key areas outlined in

regulatory guidance – the OCC guidance lays this out

well https://www.occ.gov/news-

issuances/bulletins/2013/bulletin-2013-29.html

Leverage BCP/Business Impact Analysis

Consider forming a committee to review and approve

new third party relationships

Three Lines of Defense

Trickle down of three lines of defense from heightened standards for

large banks – which speaks to clarity of roles and formality of risk

management system. http://www.occ.gov/news-issuances/news-

releases/2014/nr-occ-2014-4a.pdf

Implementing preventive controls into first line of defense and

assigning ownership of risks creates efficiencies across the

organization

Given that compliance officers are responsible for more and more,

clarity in their oversight role within second line of defense is critical

There is a push for integrated risk management structures from both a

regulatory and an efficiency perspective

How to Keep Up

Collaborate

Build network

Subscription tools

Associations

Don’t get caught in the “too busy” trap

Technology – Continuous monitoring is replacing periodic review. Instant notification vs. waiting for 2nd/3rd lines of defense.

Creative solutions to resource challenges – cross department, interns

Importance vs Urgency http://www.businessinsider.com/dwight-eisenhower-nailed-a-major-insight-about-productivity-2014-4

Prioritizing

Make Your Lists

Master List, Today List, This Week List,

Review your lists

Recalibrate

Regular meetings

Coaching

Triage and Reprioritizing

Back to importance vs urgency

Start with your lists and recalibrate

Some examples of when you have to stop the bleeding

Fraud cases

Code of Ethics Violations

UDAAP

Reimbursables

Discriminatory Practices

Regulatory Action

Conclusion

Take advantage of the opportunities in “You Never Know What You Will Get”

Learn the big picture and keep it in mind when prioritizing

Develop your ability to independently engage, question and drive positive change –

Credible Challenge

Train departments to be first line of defense

Understand and leverage technology

Leverage network, associations, subscription services

Develop relationship with your executive team

Attend training in areas of expanding responsibility

Questions?

Phone: 515-689-2114

You Tube: https://www.youtube.com/channel/UC8L_SrabonOYLPQ0FW96o4A