“Possibly relegated to the role of support function in the past, internal compliance resources are now claiming a significant seat at the management table, arguably on par with sales and marketing in terms of operational effectiveness and institutional health.”
The Culture of Compliance Trumps the Culture of Defiance By Michael McNulty
JUNE 2015 n National Mortgage Professional Magazine n
In response to the financial crisis of 2007-2008, Congress successfully passed the Dodd-Frank Wall Street Reform Act, which, via Title X of said Act, authorized the creation of the Consumer Financial Protection Bureau (CFPB). According to Annual Reports1, the CFPB has grown from less than 75 employees in 2011 to nearly 1,500 employees today, and has levied penalties in excess of $150 million, to include $78 million in fiscal 2014, up from $50 million in FY 2013. Expanding its reach well beyond credit card issuers and mortgage companies to include investigations of and actions against the payday lending, automobile finance, debt collection, for-profit education and banking industries, the CFPB has established itself as a serious contender in the fight for consumer protection within the financial services industry. As a result of this focus, many companies are left wondering how
to effectively establish an internal compliance program that not only protects the consumer, but also the company itself. While many of the affected industries to date require licensure to practice, it can be effectively argued that licensure is not enough, as most licensure examinations are constructed to measure only minimum competency in the chosen field. Compliance, human resources and legal departments are quickly coming to realize that minimum competency is not a viable, long-term solution. Further, without specific guidelines as to what and how much training must be undertaken, it is left to the individual companies to decide how best to implement a valid and defensible culture of compliance within their organizations. Possibly relegated to the role of support function in the past, internal compliance resources are now claiming a significant seat at the manage-
ment table, arguably on par with sales and marketing in terms of operational effectiveness and institutional health. Enter the need for governance, risk and compliance (GRC) training on a much grander scale. Companies that have expanded their view of employee training are adding terms like Anti-Money Laundering (AML); Unfair, Deceptive or Abusive Acts or Practices Act (UDAAP); UDAAP, the Real Estate Settlement Procedures Act (RESPA); Truth-in-Lending Act (TILA); and Bank Secrecy Act (BSA) to their vernacular and enforcing strict adherence to a compliance culture that ensures an ethically practicing and educated workforce is in place. Depending on industry and size, many companies are finding it necessary to push this same training down to third party vendors to alleviate any exposure due to outsourcing. Few companies had a significant line item associated with compliance in the past, and now, few can afford not to. A cursory Internet search of “CFPB fines” will indicate that there is a need to take this new focus seriously. It has been said that the Internet is written in ink, and it can be argued that the fines levied against financial services firms pale in comparison to the long-term impact to their reputation, which is oftentimes crafted over many decades. A 2013 study published jointly by Deloitte and Compliance Week2 revealed that 52 percent of respondents to a survey of companies between $1 billion to $5 billion in revenue and 5,000 to 10,000 employees dedicated five or fewer full-time personnel to compliance. Clearly, this is a need that successful companies can no longer discount. Regulatory oversight aside, the very health of our industry is at stake. Establishing a culture of compliance is not a static goal, but, rather, this ongoing exercise must be viewed as a process that is constantly evolving and requires support, maintenance, and, most importantly, leadership. The need for GRC training
must be acknowledged, accepted, and clearly established within an organization’s DNA, and this can only be accomplished through leadership—leadership in word, without question, but also leadership in action. The process that must be undertaken, however, is not arduous and is remarkably similar for all financial services employers, regardless the size of the employee cohort in question. Be it an internally-established program or one that is outsourced to a group, the devil is in the details. Constant organizational support and communication are necessary for success and, as in most projects, planning is vital. Careful consideration must be given before a course of action is taken as companies must ascertain their weaknesses, identify areas for improvement, build a solution, and, most importantly, develop processes that continually monitor the program to assure the control environment is effective. Every day brings increased scrutiny on our industry and increased regulatory oversight is quickly becoming the only constant in our business. Without question, the time for action is now—abandon the culture of defiance and recognize the value inherent to a culture of compliance. Michael McNulty is executive vice president of financial services for Hunt Valley, Md.-based OnCourse Learning Corporation. In this role, Michael maintains complete financial and operational responsibility for OnCourse’s mortgage, insurance, bank and credit union, and money services compliance products. He may be reached by phone at (410) 628-1060, ext. 7202 or e-mail firstname.lastname@example.org.
Footnotes 1—http://files.consumerfinance.gov/f/201411cfpb_report_fiscal-year-2014.pdf. 2—http://deloitte.wsj.com/riskandcompliance/files/2013/09/us_aers_grr_final_deloitte_compliance_week_pdf_080813.pdf.