November 20, 2019 by Jeremy Smith
When it comes to the critical credit union priority of compliance, you have to do it right. With a compliance management system (CMS), you can stay on track and be sure you are remaining compliant.
A CMS is a comprehensive program that helps your credit union remain fully aligned with all appropriate laws and regulations. Done correctly, it spans all aspects of your day-to-day operations.
Think of it as a compliance game plan, one with several key elements designed to work together to both ensure compliance and help your credit union gain operational efficiencies. When rules and regulations stop being roadblocks to what you are trying to accomplish, it becomes a smoother and more streamlined operation.
Here is a quick look at each of those key elements:
- Board and management oversight. Success starts at the top, with an informed and supportive board and management team. They need to understand the risks and requirements associated with compliance at a big-picture level so they know the right questions to ask to make the best decisions. They set the tone, so everyone in the credit union knows that compliance is a priority.
- Policies and procedures. To use a sports analogy, this is your team’s playbook. It helps each of your credit union’s players understand their role and how to carry out their objectives. Without a clear definition, it is difficult for your people to execute their duties within the compliance framework. Policies serve as the high-level overview of your compliance program, while the procedures function as line-level documentation for various processes, such as guiding a teller through the various interactions of the day in a compliant manner. Or guiding a loan officer through all the required information in a loan estimate.
- Training. This is the key to ongoing success. It needs to be current, complete and directed at the right individuals and the work they do. Your training needs to correlate with compliance requirements and ensure that each individual knows what is expected of them. Make sure the various compliance pieces are integrated into all aspects of your training. As you train across your credit union, there are aspects of compliance in almost everything your people do, which should be reflected in your training materials.
- Monitoring and testing. This isn’t as formal as an audit process, but it is important to take your pulse regularly. You might run a Reg B check on your adverse action notices, for instance, to make sure those are going out within the proper time frame. Such monitoring and testing is best done on a regular schedule and followed up with corrective action for any shortcomings you find, especially in critical high-risk areas. Any major findings should be escalated to senior management or board level as appropriate.
- Auditing. This is a more formal process and ideally done independently. You want someone objective to provide a thorough look at your operations, measuring what you do against all relevant laws and regulations. It is best to do this on a regular schedule and scale it to the complexity of the various issues. Move quickly to take any necessary post-audit corrective actions.
- Member complaints. As hard as you try, not all your members will be fans. And when they make their feelings known, be sure to log and categorize that, with special attention to anything high-risk. If a member complains about the temperature in your Elm Street branch, that’s one thing; if they contend they were discriminated against, that is a much more serious issue. Carefully log the efforts you made to resolve the complaint – in case the member escalates it to the state or federal level.
- Third-party risk management. Your credit union likely works with many different vendors, and you need to be aware that you may be at risk in some instances. Make sure your written agreements are clear on third party obligations when it comes to compliance, especially in areas such as lending or your core systems. On an ongoing basis, you need to be monitoring the activities of those partners as well.
To learn more about the operations of a compliance management system, check out the recent webinar conducted by Jeremy Smith, PolicyWorks’ Director of Client Partnerships. That webinar, titled “7 Components of an Effective Compliance Management System,” is available here.