Rather than deal with the obvious, “How do I ensure a satisfactory rating on my next compliance examination?,” let’s deal with the most common type of compliance questions financial institutions ask.
After all, you’d be hard pressed to say what is the most common type of Ice Cream (Vanilla, but you get the idea). As such, I like to group the type of common questions into three categories:
1. The “Catch-22” Compliance Questions
2. The Numbers Compliance Questions
3. The Dark Art of Compliance Questions
The “Catch-22” questions often deal with the frequent contradictory elements of compliance or the catch-22s of compliance. These questions often point out a flaw or weakness in the regulation, examiners, or the like.
“I went to a conference offered by ___ regulator and they said ___ and that contradicts what ___ says. Which is right?” or “I see that the law says we have to do ___, but another regulation prohibits ___, which one is right?
These questions are interesting because they delve into hierarchy of compliance, which approaches art (relatively speaking). Answers require appreciation of the more subtle elements of compliance. This is where progressive experience is always valuable. The progressive part demands that the experienced individual accepts a constancy of change. Nothing in compliance stays the same for long and there is a pendulum of risk/emphasis that must be accepted.
The Numbers Questions
We deal in a world of dates, numbers, figures, amounts it gets rather daunting. Disclosures within X days, notices within Y days, limits of Z and so on. Wouldn’t it be wonderful if there were the Compliance Book of Numbers? Many questions deal with some number in the form of how long, how much, how little, how many days, etc. The key to dates is systems. A strong system for processing, a strong system for training and a strong system for quality control are a must have especially if your risk factors place you in the cross-hairs of increased risk where those pesky numbers are always found.
The Dark Arts Questions
These are those questions that go down deep into the nooks and crannies of regulatory compliance. We do enough webinars that we get our fair share of such questions. They are technicalities of technicalities and often require splitting hairs to come with the most correct answer.
A question like:
I have a question as it relates to a loan we have on a mini-storage facility. The facility has 10 separate stand-alone buildings with each building housing between 10 and 15 units. We were recently notified by the flood determination company that this property is now considered to be in a flood zone AE. In calculating for flood insurance coverage, do we need to show replacement cost coverage for each stand-alone building when determining how much coverage will be required? Or will it be sufficient to have coverage for the amount of our loan or the full replacement cost of all structures?
The Compliance Gurus out there seem to eat, drink, and sleep compliance in order to answer these types of questions and a good answer is important (that question requires a lot more info to answer, but you get the idea). While proper resolution of any deep question is important, it is likely more important to put our compliance program house in order. That is where a strong regulatory risk assessment where we ask the really important questions is valuable. If I were reversing the situation, here are some of the questions that I would pose:
1. Do we have a solid understanding of our FI and the Compliance Risks facing us and is that understanding documented in appropriate risk assessments?
2. Is our compliance program geared towards those risk factors?
3. Do we have sufficient strength within our departments to meet our compliance obligations?
4. Are our reporting mechanisms working effectively and efficiently?
5. Is our training program commensurate to our risk position?
Those are more along the lines of great questions. Answer those to the positive outcome and the Catch-22s, the Alchemy and the Dark Arts of compliance will fall into place. If they don’t, ask us.