Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Eight Things a Compliance Officer Should Focus on in 2019

February 15, 2019
Read Time: 0 min

Now that we’re already one month into 2019 (how is that possible?!) and the holiday haze is wearing off, it’s time to dive into 2019. With the beneficial ownership-ridden 2018 in the rearview mirror, here are eight things a compliance officer should focus on this year:

  1. Formalize the Three Lines of Defense

I know you’ve heard about it at conferences, and you’ve read about it in your closely-followed industry periodicals. You know what it is, but you may be thinking: “I’m too small for that.” The truth is you aren’t. The three lines of defense – front line business units, independent risk management (hey there, compliance officer!) and internal audit – are scalable to financial institutions of all sizes and varying levels of complexity. You are not exempt from prudent risk management due to your size. Do you have to comply with the stringent requirements of the OCC’s Heightened Standards – NO. However, you should have a solid and effective risk management program that crosses the entire organization. Dare we call it Enterprise Risk Management (ERM)?!

To have an effective ERM program, you need the equally strong and uniquely divided three lines of defense. Formalize the structure in your Risk Policy. Your regulator will love it!

  1. Keep Your Regulatory Change Management Policy Updated

As the storm of consumer compliance overhaul slightly settles, some of you may be thinking: “I’m almost done with this regulatory change management plan.” I’m sorry to burst your bubble, but you shouldn’t be. A solid regulatory change management program is one that is in place during both the calm and the crazy. If you wait for another influx of regulatory change to dust-off the regulatory change management policy, you are already two steps behind. This program should continue to evolve and mature even in times where the regulatory environment isn’t wrought with change.

  1. Identifying New and Emerging Risks

This should be an ongoing, continuous process. Your front-line business units should always have an eye out for new and emerging risks. They deal with them daily. Is there a newly implemented process that is showing poor results during quality control exercises? Do you notice a certain product causing a spike in consumer complaints? Has your front line reported seeing a new check fraud or elderly financial abuse trend? Ensure that two-way dialogue with business units is rich so that risks do not go uncovered!

  1. Modernize Your Risk Assessment Process

You know that Selena Gomez song, “I’m so sick of this same old love…”? Yeah, me neither – but, it always makes me think of work when I’m (not) listening to it in the car. I’m so sick of that same ole risk assessment, policy, training slide deck, fill in the blank here. You can’t possibly think that you are properly identifying, tracking and measuring risk using the same tool you implemented the year that mean regulator told you that you needed a risk assessment. It isn’t working! I promise! You have to modernize your practices, including your risk assessment process, to mitigate risks properly.

Could your BSA department use an extra set of eyes? Our Advisory Services team can help.

Contact us
  1. Eliminate Exceptions

Speaking of terribly catchy pop songs – Bye, Bye, Bye… to exceptions! Exceptions are okay…until they become the rule. I know that you want friends at work and a table to sit at when you go to the breakroom for lunch, but sometimes you have to be the bad guy. Exceptions should not become an excuse. They aren’t an allowance to go around the policy. They should be only used in times where it is a true anomaly and something you could not have excepted to encounter when authoring the policy. Take a close look at exceptions across the organization. Let them help drive your policy and process revision schedule as well as training schedule for the year.

  1. Do a culture check

Look, I know writing policy and procedures is the joy of your life. You think about it on the evenings and the weekends and it just fills your cup. I get it – you’re a compliance officer. Have you ever stopped to think about what happens after you release that masterpiece into the wild?

Change! It should affect change! Words on paper do nothing to help you manage your program and mitigate compliance risk. Do you know how that change happens? People and systems…and you need people to work your systems. So it comes down to people. Your people have to make it happen. Their day-to-day work activities can either open you up to undue risk or fully mitigate any risks you may be facing. The best workers are happy workers. Here at Abrigo, we see people as the key to success, and you should too. Monitor employee satisfaction qualitatively and quantitatively to ensure you are properly mitigating conduct risk in your organization. Your exceptions tracking and finding remediation plan will thank you.

  1. Set a cadence with marketing

Do you remember that one time there was a new product code in the system and the marketing campaign hit the internet, but the compliance department had no idea a new product was introduced? No? Good – that means you’re killing it! If this has happened to you, you need to open the communication with marketing to ensure it doesn’t happen again. You should have a seat at the table when marketing is discussing new products and services, even in the infancy stages. You are the key player for identifying potential compliance risks that these new products and services can introduce to your institution. If you don’t currently have a seat at the table, squeeze in a chair! Put some time on the marketing leader’s calendar, explain the criticality of compliance within product and marketing, and make a new friend. You won’t regret it!

  1. Face Your Findings Remediation

Every institution should have a matured and well-implemented findings remediation process for audit and regulatory findings. If not, it is time to play catch up. Findings remediation should be a formal process with participation and buy-in from all business units and risk management functions. Progress should be monitored and measured with results communicated to senior management, executive committees, and the Board, as appropriate. I know that sometimes it feels like you're airing your dirty laundry, but it is all for the greater good. A clean audit may mean that you need new auditors. There are always new and emerging accepted practices, and these findings are how you grow and develop your program.

If you need help with achieving or implementing any of these eight steps, we’re here to help. Our advisory services team can help with any short or long-term projects at your institution.

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.