Five Elements of a Successful Compliance Culture

by State of Mind

Ever since I started delving into compliance as part of my work in the industry, I’ve noticed a dichotomy between the importance of compliance and the respect it is given within the industry as a whole.  Let’s face it, compliance is considered a necessary evil and the less time employees have to spend at it, the argument goes, the more time they can devote to making loans, figuring out good investments, and opening accounts.  In other words, doing the things that attracted individuals to banking in the first place.

A recent speech by Karen DuChene, the Deputy Comptroller for Operational Risk at the OCC, articulates why this cultural firewall between compliance on one side and everything else your credit union does on the other is so misguided:  you can be in technical compliance with every regulation, but unless your board of directors understands that what she describes as your organization’s risk culture must penetrate the entire organization, you’re leaving yourself vulnerable to the type of mistakes that will get your credit union in trouble.  Even though she’s talking about commercial banks, what I like so much about the speech is that she identifies intangibles over which examiners have very little control.  Much of what she says translates easily to the credit union framework.

So what are the five E’s of an effective risk management culture?

  • Enterprise — credit unions come in all shapes and sizes.  But the bottom line is to effectively manage risk you need employees and directors who understand how the credit union and its products are structured.  For example, if you have a CUSO, are there people who understand the impact that its services could have on your bottom line?  Let’s say you use vendors to offer certain types of financial products.  Are there employees responsible for understanding these products?  A successful compliance culture doesn’t start simply with implementing the regulations, but instead starts with understanding the vulnerabilities of your organization.
continue reading »