Now that we’re already one month into 2019 (how is that possible?!) and the holiday haze is wearing off, it’s time to dive into 2019. With the beneficial ownership-ridden 2018 in the rearview mirror, here are eight things a compliance officer should focus on this year:
- Formalize the Three Lines of Defense
I know you’ve heard about it at conferences, and you’ve read about it in your closely-followed industry periodicals. You know what it is, but you may be thinking: “I’m too small for that.” The truth is you aren’t. The three lines of defense – front line business units, independent risk management (hey there, compliance officer!) and internal audit – are scalable to financial institutions of all sizes and varying levels of complexity. You are not exempt from prudent risk management due to your size. Do you have to comply with the stringent requirements of the OCC’s Heightened Standards – NO. However, you should have a solid and effective risk management program that crosses the entire organization. Dare we call it Enterprise Risk Management (ERM)?!
To have an effective ERM program, you need the equally strong and uniquely divided three lines of defense. Formalize the structure in your Risk Policy. Your regulator will love it!
- Keep Your Regulatory Change Management Policy Updated
As the storm of consumer compliance overhaul slightly settles, some of you may be thinking: “I’m almost done with this regulatory change management plan.” I’m sorry to burst your bubble, but you shouldn’t be. A solid regulatory change management program is one that is in place during both the calm and the crazy. If you wait for another influx of regulatory change to dust-off the regulatory change management policy, you are already two steps behind. This program should continue to evolve and mature even in times where the regulatory environment isn’t wrought with change.
- Identifying New and Emerging Risks
This should be an ongoing, continuous process. Your front-line business units should always have an eye out for new and emerging risks. They deal with them daily. Is there a newly implemented process that is showing poor results during quality control exercises? Do you notice a certain product causing a spike in consumer complaints? Has your front line reported seeing a new check fraud or elderly financial abuse trend? Ensure that two-way dialogue with business units is rich so that risks do not go uncovered!
- Modernize Your Risk Assessment Process
You know that Selena Gomez song, “I’m so sick of this same old love…”? Yeah, me neither – but, it always makes me think of work when I’m (not) listening to it in the car. I’m so sick of that same ole risk assessment, policy, training slide deck, fill in the blank here. You can’t possibly think that you are properly identifying, tracking and measuring risk using the same tool you implemented the year that mean regulator told you that you needed a risk assessment. It isn’t working! I promise! You have to modernize your practices, including your risk assessment process, to mitigate risks properly.