Can Self-Identified Issues Hurt You? – Banking Compliance Take
Over the years, I’ve heard bankers talk about self-identified issues and whether or not they should bring them up to the exam team. They think they will get hit over the head a second time by revealing issues they identified. They are worried the examiners will dig deeper, find more issues, and cost the bank more time and money or that violations will be cited. I want to put some of these myths to bed and give you some advice to make sure that doesn’t happen.
Let’s set up a scenario. Let’s say you found some fee issue with a product. Customers were being charged a $10 fee when they shouldn’t be. Someone in your compliance or audit department found it, and now you have to decide what to do to address it. You have a few options.
1. Ignore it and move on.
2. Fix the issue so it doesn’t happen anymore and forget about it.
3. Fix it and provide restitution to those affected and then not bring it up to the examiners.
4. Fix it, provide restitution, and document corrective action for the next examination.
Why would you want to bring it up to the exam team? You must remember that a bank’s Compliance Management System (CMS) has multiple parts that work together to contribute to the whole. One of those parts is monitoring/audit. In this case, your audit or compliance team found the issue, brought it up to management, and the issue was resolved. This precisely displays how a CMS should work. As issues go through your bank, somewhere along the trail your CMS should identify them. If it doesn’t and the examiners find it, you have a weakness in your CMS. Let’s follow the trail for a moment:
· Oversight – Did bank management put in place a program, people, and environment for compliance within your bank to be proactive and find issues? Maybe in this case, but the error still happened.
· Policies and Procedures – This is your first line of defense to help prevent errors. Does the bank have a policy regarding fees, or are there procedures in place to catch issues like this?
· Training – Your second line of defense. Are your people appropriately trained to catch these issues or know the regulation to prevent them from happening? In this case, yes and no. Someone further up the line could have recognized this error but didn’t. However, the reviewer found it, so they had the appropriate training.
· Monitoring/Audit – Your final line of defense. Audit staff are the last people that could possibly find this area (outside of a customer complaint). Yes, the issue got all the way to the end, but it was found and reported to management. Now management runs with it, decides corrective action (including restitution), and makes sure procedures are addressed and people are trained.
Is this an effective CMS? Yes! You have literally proven that your CMS works in identifying issues and preventing consumer harm. I would put this is as a positive in a Report of Examination to show the CMS is effective.
So when could this backfire? The simplest answer is ineffective corrective action. Was the consumer harmed? If the answer is yes, you should make sure they are made whole again. Remember, consumer harm is not just money out of their pockets. It could be erroneous negative credit bureau reporting, lost interest earnings, incorrectly denied for a loan, and so on. If the harm is significant enough, you should consider contacting your regulator and working with them on corrective action. I’ve seen this happen first hand, and the bank was much better off for it.
Remember, you are rated on the strength of your CMS. All banks struggle with issues now and then. When you identify them and properly fix them, it shows your CMS works. That’s what you want the regulator to see; a strong and effective CMS. You identify and fix your own issues.
Visit my website to learn more about Tuscan Club Consulting and how I work to make your entire CMS stronger.