A compliance officer’s tidy tips for growth in a messy regulatory environment
For credit unions of any size, navigating an increasingly complex regulatory environment takes time, attention and resources. The investment gets even bigger and more expensive when compliance issues arise. In fact, according to a CUNA-commissioned study by Cornerstone Advisors, the combined effect of increased costs and reduced revenue due to regulation amount to at least $6.1 billion in financial impact to credit unions.
As chief compliance officer for a banking technology provider and former credit union compliance and risk executive, I have firsthand experience with the messy and costly business of regulatory compliance. I also clearly see the innovation mandate for growth—even survival— as credit unions face a tightening competitive squeeze from nimble digital challengers, deep-pocketed big money centers and other well-funded banking alternatives. The divide between innovating for growth and controlling risk can feel deep and daunting. For many credit unions, it’s a chasm that’s just too wide to cross. As a result, these institutions are falling behind, not growing, in today’s world of digital-as-default banking.
Compliance, though, doesn’t have to be a roadblock to innovation. With these three practices, credit unions can make thorny regulatory challenges less painful along the path to growth.
1. Use the Support Around You
Today, credit unions are operating in an environment where rules, players and expectations are in continuous flux. But amid the change, the foundational values of credit unions remain constant. The credit union movement is built on cooperation and support, so lean on it.
Compliance can be a good excuse to stay stuck in the status quo. You can avoid risk by maintaining programs and services that check the required regulatory boxes. But growth means delighting members and forging deeper community connections. That takes change. It’s the job of regulators to check the boxes—to ensure your programs fully comply. It’s the job of credit unions to ensure those programs are compliant and deliver value to members. Many credit unions are getting that right through innovative approaches that deliver exceptional member value while managing risk. And they’re willing to share their experiences to help others thrive too.
Actively participate in credit union support networks, including local, state and national credit union leagues such as CUNA and NAFCU. Engage in industry forums that address compliance and ask questions. I have personally leaned heavily on leagues and attended group working sessions on compliance, audit and risk. In these groups, we shared challenges and ideas, networked and offered practical feedback. Online message boards and discussion groups also provide vast opportunities to learn and share. The result is programs and approaches that go beyond satisfying regulators and deliver member value that fuels growth.
2. Take a Hard Look at Data—from All Angles
There are two sides to the data issue, and one falls squarely within the scope of risk and compliance.
For a long time, FIs had large volumes of unused data from millions of transactions. Now, through an abundance of sophisticated tools, that data is collected, analyzed and leveraged to better understand members and deliver improved services that build loyalty and help solve member problems. But it also creates compliance considerations and potential risk.
Evolving regulations that cover the aggregated collection of member data, such as the Home Mortgage Disclosure Act (HMDA), and data-focused compliance management program components, such as Fair Lending, have been outlined as regulatory priorities. Regulators are paying attention to the volume of data credit unions have at their disposal and using it to assess how credit unions ensure fair and equitable treatment across their member bases. With renewed emphasis on consumer protection and the minimization of consumer harm, credit unions must take a hard look at the data at their disposal and consider how to use it to continually self-assess their programs.
There is immense value in your member data, but with it comes increased responsibility. As data use becomes more sophisticated, there will be some immediate grey areas for compliance. To mitigate risk now, find ways to test processes through a data-driven lens and address possible compliance issues uncovered in your internal testing.
3. Choose Your Partners Wisely
Choose technology providers that will help you confidently move past regulatory roadblocks to innovate for growth. This means ones that are committed to relationships, not just providing products or services.
When credit unions feel mired in regulations, it stymies growth. A partner that provides active regulatory and compliance support, especially as its technology evolves, can be a lifeline. For example, because speed is critical to both improved service and operational efficiencies, use of automation powered by AI and machine learning is rapidly increasing. Regulatory comfort surrounding the automation, though, can be unclear. When people are replaced by automated decision-making, the compliance implications related to Fair Lending must be considered to avoid unintentional discrimination. When you work with partners that provide this technology, it’s necessary to ask if they have thought through the implications and what they’re doing to prohibit it. You don’t want to sign a seven-year contract with a provider and learn in two years that it has created compliance issues—and costs—that outweigh the benefit of automation.
Your partner choices should be strategic. Many fintech vendors address very specific functions but may not consider overall risk to your credit union. That risk then becomes yours alone. Ensure your partners understand your credit union and, in the event an audit raises an issue, that they are ready to address it collaboratively and willing to make changes to avoid it in the future.
Don’t just pick a vendor, pick a partner that prioritizes risk and understands the specific regulatory scrutiny you’re under as a credit union. Forward-thinking fintech partners don’t consider it sufficient to say regulations don’t currently apply to them and push through. They say, “We know it’s likely coming, we’ve built a program internally to address it, and we’re working with customers and regulators to demonstrate what we do.”
Technology solution providers will have lasting effects on your credit union’s growth, so determine risk alignment early. These questions will help you know whether a prospective vendor is the right long-term partner for your credit union:
- How does it think about compliance and risk?
- If a fintech, what is its stance on fintech regulation?
- Is it preparing for impending regulations affecting fintechs and its solutions?
- Is compliance a consideration on its product roadmap?
- What is its compliance process?
- Does it have specific credit union regulatory experience?
- Especially with digital automation products, what controls does it have in place?
- What is its compliance strategy, and how can you ensure it’s aligned with yours?
- Does it have an internal compliance and risk team?
- How does the team work with customers?
- Do customers have access to compliance experts for questions and audit support?
- How does compliance support work?
- What compliance resources are available to your credit union?
- Is someone responsible for the organizational risk function of its business?
- Is a compliance officer among its executive leadership?
- How does it participate in the credit union movement?
Don’t let compliance stymy innovation and growth for your credit union. You can navigate even the messiest regulatory environments with the right support, approach and partners. To learn more about how Nymbus is helping credit unions accelerate innovation and manage compliance, contact one of our experts.