This week G2 attended a merchant compliance session at the ABA Regulatory and Compliance Conference entitled “Compliance Management Systems: Does One Size Fit Most?”. In this session, presenter Elizabeth Snyder, regulatory compliance team leader at Plante Moran, provided insights into the three main areas for a solid compliance management system to help meet heightened regulator expectations.
1. Board Management Oversight
According to Snyder, the CFBP, FDIC, FRB and OCC have all provided guidance on what effective board management oversight means when it comes to compliance, but the CFPB has the most extensive guidance on this topic. The CFPB recommends that the board of a financial institution:
- Demonstrate clear expectations about compliance, within the financial institution and with respect to and within third-party service providers
- Adopt clear policy statements
- Appoint a qualified and experienced chief compliance officer and provide for other compliance officers with authority and accountability
- Allocate sufficient resources to the compliance function
- Address consumer compliance issues and associated risks of harm to consumers through product development, marketing, and account administration, and through the entity’s handling of consumer complaints and inquiries
- Require audit coverage of compliance matters
- Provide for recurring reports of compliance risks, issues and resolution
The expectation is that the board plays a strong role in compliance and establishes appropriate governance throughout the organization. Regulators are also looking for documentation of any BSA-related discussions in the board meeting minutes.
2. Merchant Compliance Program
According to Snyder, a strong merchant compliance program includes the following components:
- Policies and procedures: These need to be clear and should be communicated throughout the organization
- Training: Particularly for topics such as BSA/AML, regulators prefer in-person training. They have been known to review the training curriculum in detail and even take the test exams to determine their effectiveness
- Monitoring and corrective action: Monitoring and corrective actions need to occur before audits take place
- Complaint response program: All complaints – including verbal – should be documented and promptly acted upon
3. Audit Program
One Size Does Not Fit Most
While Snyder recommends these components for a strong compliance management system, she acknowledges that it must be customized for each financial institution based on a variety of factors:
- Asset size
- Location and number of offices
- Types of products offered
- Organizational structure and complexity
- International or internet-based business
- Overall business strategy, particularly if it includes taking on higher risk customers
In addition, a bank’s asset size should not drive the number full time employees hired to handle compliance. Rather, this decision should be based on the bank’s overall business strategy and their risk profile.
Strengthen your compliance program with G2’s Solutions for Commercial Banks
At G2 Web Services, we specialize in providing our customers with critical information needed for thorough risk assessments, both at onboarding and for ongoing monitoring. With Business Customer Intelligence based on our proprietary Business Data Map, we generate a real-time Compass Score® for each business customer, providing you an easy way to make onboarding decisions. In addition, with Persistent Merchant Monitoring, you can track any changes in your business customer portfolio that could impact your business. With our solutions for KYC, your organization can implement the level of due diligence and monitoring required for effective compliance.
View our webinar, “Business Customer Intelligence for Better KYC”, to learn more bout how we can help you strengthen your compliance program.