By now everyone is familiar with the approach used with the various federal prudential regulators to assess the risk that a bank incurs in connection with its compliance with the various applicable laws and regulations. The regulators refer to this as a bank's Compliance Management System or CMS. According to the regulators, your bank's CMS is how your bank:

  • Learns about its compliance responsibilities;
  • Ensures that employees understand these responsibilities;
  • Ensures that requirements are incorporated into business processes;
  • Reviews operations to ensure responsibilities were carried out and requirements are met; and
  • Takes corrective action and updates materials as necessary.

An effective CMS is comprised of three interdependent elements:

  • Board and management oversight;
  • The bank's Compliance Program; and
  • Compliance audit.

All of these elements need to be strong and working together to successfully manage compliance.

The second of these elements is the bank's Compliance Program which regulators assess separately. Your Compliance Program includes the following components:

  • Policies and procedures
  • Training
  • Monitoring
  • Consumer complaint response.

Training, obviously, is an integral part of your Compliance Program Guidelines from the regulatory agencies stress that the education of a financial institution's Board of Directors, management, and staff is essential to maintaining an effective Compliance Program. Management and staff should receive specific, comprehensive training in laws and regulations, and internal policies and procedures that directly affect their jobs.

The compliance officer should be responsible for compliance training and establish a regular training schedule for Directors, Management, and staff. Appropriate training can be conducted in-house or through external training programs or seminars. Once personnel have been trained on a particular subject, a compliance officer should periodically assess employees on their knowledge and comprehension of the subject matter.

An effective compliance training program should be updated frequently with current, complete, and accurate information on products and services and business operations of the institution, consumer protection laws and regulations, internal policies and procedures, and emerging issues in the public domain.

You should ask yourself how well your current training program measures up to each of these standards.

At the February Quarterly Meeting Patsy Parkin will conduct a study of just what constitutes an effective training program. It seemed appropriate, however, to consider some common short comings that some banks encounter in their training efforts. In other words what is NOT an effective training program?

The regulators stress the frequency, completeness, accuracy, and timeliness of your training. It follows that training should be systematic and well planned. It should not be haphazard or reactionary. For instance, training that takes place just before a compliance examination, or just after a compliance review that reveals problems, is probably not what the regulators have in mind. Although this type of training is sometimes necessary, a more planned and proactive approach can often eliminate the need for a lot of "crash" training.

A second form of training that is sometimes required, but should be avoided whenever possible, is training that takes place in response to a requirement in an enforcement action brought by one of your regulators. Almost every Board Resolution, MOU, Consent Order or Cease and Desist Order carries with it a requirement that the bank conduct comprehensive training on the subject area(s) covered by the enforcement action. In most instances the regulators require that this training be conducted by a third party consultant. Obviously this approach is more expensive and less preferable to a well-planned and more continuous training program that just might avoid the imposition of an enforcement action in the first place.

The regulators view comprehensive training for Management, the Board of Directors and the bank's staff as the responsibility of the Compliance Officer. Materials provided and the program content of the regularly scheduled Quarterly Meetings of the MRCG and the MSRCG should help in developing an on-going training program that will pass regulatory muster.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.