Be careful what you ask for, sages warn. For decades Compliance has agitated for a seat at the table, for the right to be heard before the bank ventures into products and services that may cause compliance headaches or worse, violations and reputation damage.
As told by compliance chiefs from three megabanks speaking at ABA's Regulatory Compliance Conference, the Dodd-Frank Act and its implementing regulations and enhanced regulatory apparatus have brought the wished-for about-in spades. Expanded expectations will increasingly force Compliance out of the regulatory reading room and into the trenches.
And the flip side is, business units, boards, and management at those banks also face increased expectations and higher stakes. As a result, they not only want more input from Compliance, but expect Compliance to be an active advisor and guardian of the bank's interests.
As one speaker pointed out, top management and the board used to have the attitude, "Here's money, resources, and authority--keep us out of trouble and spare us the details."
Now, they want the full picture.
"Business unit leaders are eager to understand, in the post Dodd-Frank world, how they can operate and make a profit while being compliant," said speaker Paula Dominick, chief compliance officer, Bank of America. "They call me all the time."
Merely understanding and interpreting fine print has become only part of the job. Getting out to communicate duties, help make risk-based decisions, and provide continual feedback for improvement go with the job now. Compliance will increasingly find itself part of the process of enforcing accountability for errors in detail and errors in judgment, too.
Conference attendees heard from compliance heads at Bank of America; Citibank, NA; and Wells Fargo, with Lyn Farrell, managing director at Treliant Risk Advisors, moderating a description of changing times that will surely trickle down to many other institutions.
The discussion covered increased regulatory expectations; the need for Compliance to get tough and to back that up with knowledge beyond traditional spheres; how bank culture is evolving; how bank leadership's attitude towards compliance has changed; how the customer is becoming the focal point of compliance results; and what business units want Compliance to deliver, on demand.
For the career compliance cadre, there was even discussion on how job advancement has evolved.
Age of "credible challenge"
Speakers talked about the need for "credible challenge" in banking today. Those players whose job it is to set and enforce tone and behavior must question and constructively criticize. But to do so goes beyond asking lots of questions--a longstanding duty.
"It starts at the board level," said Kathryn Reimann, chief compliance officer and managing director, global consumer businesses, at Citibank, NA. "Our regulators are looking to our boards to present a credible challenge to business units. And in order for the board to credibly challenge management, they need information."
Merely miring directors in reams of compliance background and burying them in tracking and monitoring reports fails to help, said Reimann.
"It's not the board's job to manage things," she said. Cutting to the chase, getting at the spirit of what laws and regulations require, is what directors need to hear, she explained.
Further, Compliance's assistance to the board increasingly will be in helping directors look forward to future challenges, said Bank of America's Dominick. Traditional roles had bank compliance teams giving boards a rear-view mirror, recounting what had already occurred. That won't be good enough anymore, according to Dominick.
To credibly challenge proposed future strategies, boards must be helped see what is over the horizon, and to see how lessons learned from past experience and errors can be applied to improve the future, according to Yvette Hollingsworth, executive vice-president and chief compliance officer at Wells Fargo.
But the concept of credible challenge also falls squarely on the shoulders of Compliance, speakers said, and this calls for a change in attitude.
Now you're at the table
Longtime observers of the compliance profession have heard the gripe about arrogant marketers who "damn the torpedoes" and move ahead without vetting their ideas. They've heard the compliance corps poke fun at boards for being more interested in golf tee times than exam result reports.
The speakers made it clear that increasingly boards "get it." But now they have to step up to an audience that has come to appreciate Compliance's role more.
"You"-the compliance leader-"have to be able to stand up to the business units and say, ‘Don't tell me that I don't know what it is you do'," said Dominick. "I know your business in such detail, and your process in so much detail, that I can push back and tell you to take a different route'."
Being able to credibly push back "takes a different skill set," said Dominick. "The business of compliance is completely different than it was five years ago.
Goal: To evangelize compliance
The mission is not to breed Compliance attack dogs, but, over time, to push "credible challenge" out to every banking business unit.
Dominick said that to the extent that Compliance can get business unit employees to challenge themselves, that will evolve bank culture to where it needs to be to meet regulatory expectations.
In the short term, sending the compliance message up, down, and across the corporate org chart means getting people's attention.
"Being scary works," said Dominick. Telling board members and business unit members alike about the potential for fines and other costs of not complying in a particular area grabs their attention, she said.
However, moderation continues to be necessary, so Compliance can build its relationship with units and maintain a seat at the table.
"I won't have to be the tough cop on the beat if you let me in while the product is being designed, right at the beginning," is a message Dominick wants business units to hear.
One challenge that Compliance faces may prove even harder than facing up to revenue-generating business units: Matching a growing expectation.
Citi's Reimann put it succinctly: More and more, Compliance needs to not only cope with today's challenges, but to look far enough down the road to be able to reliably predict "the next big thing."
Compliance becomes customer-centered
Wells Fargo's Hollingsworth pointed out that the goal of much of the compliance challenge has moved away from solely meeting technical requirements to the bottom line of the customer's treatment.
Compliance leaders--and compliance savvy bankers elsewhere--increasingly need to ask, "Is this a good experience?" from the customer perspective, said Hollingsworth.
Making this significant mental gearshift is reflected in the compliance profession's increasing focus on customer complaints, which occurs as the Consumer Financial Protection Bureau increasingly puts complaints on the record and on center stage.
Hollingsworth said that while many banks have mission statements, value philosophies, and such guidelines, their employees need to ask periodically if what's delivered to customers comes close to those ideals. And, where they don't, they need to be sure that complaints are used to guide remediation.
Saying "put yourself in the customers shoes" is easy. Doing so can be difficult. That's because customers use many different banking services.
"Much of a bank's ‘plumbing' is based around dissimilar product areas," said BofA's Dominick. "Bank customers are customers using multiple products. There are very few places where the bank gets a total view of that customer."
Banks that can gain such perspective could benefit. "It's a very different--and very transformational--way of looking at our industry," said Dominick.
Stopping cracks from spreading
Citi's Reimann said that accountability, increased across the breadth of an organization, applies just as much to Compliance in regard to the customer relationship. She said compliance officers can no longer play a numbers game, figuring that if 99% of customers' experiences go right or can be fixed to come right, the bank has done OK.
In the wake of Dodd-Frank and UDAAP, said Reimann, "now we need to be able to answer for every customer."
The importance of this goes beyond that customer--it's a matter of fixing possible cracks before they grow.
When one is dealing with a Citi, a BofA, or a Wells, said Reimann, littles can become big. "How do you fix the 0.25% issue before it becomes a problem?"
One benefit of size and geographic breadth, Dominick acknowledged, is that some of what American compliance officers are adapting to--principles-based regulation, rather than rules-based regulation--has already been experienced by international banks.
"In Europe and some parts of Asia, principles-based regulation is the norm," said Dominick. Reimann suggested that banks to which this is new can think in terms of the way they have tried to apply their own internal codes of conduct. Sometimes it will be helpful to spell things out, in plain English, to employees, so they see where management wants principles-based regulatory compliance--such as with UDAAP--to come out.
Close cousins: Compliance and risk management
Compliance often lives under Risk Management, in a large organization. In practice, risk management discussions beget the issue of "risk appetite." That's something that Dominick admitted to having some difficulty with.
"What is the risk appetite for compliance?" asked Dominick rhetorically. "Most places don't have such an appetite--they don't have a tolerance for violations."
In this regard, then, the key lies in going back over situations that turned out badly, and finding the root causes, according to Reimann.
This ties in, she said, with a shift under Dodd-Frank to looking at how banks compensate and discipline bankers for risks taken. This is ushering in an age, she said, where there will be accountability for "taking a flyer with risks that should never have happened."
A gray area is "creep."
Dominick pointed out that problems can arise for bank products in the post-introduction stage. A new product or account can be vetted thoroughly at the beginning, she said, and Compliance may have its full say at that stage.
However, people make adjustments and tweak offerings. What began as a compliant product may evolve into trouble.
Moving up in compliance today
So, the job of the compliance officer, especially in such large organizations, has been changing. Moderator Lyn Farrell pointed out that historically the way for a compliance banker to move up was to acquire increasingly specialized skills, as a subject matter expert. A generalist might concentrate in one slice of compliance, and then, in a large enough organization, concentrate on a slice of a slice. Farrell asked the compliance chiefs what kinds of people they are looking for today.
Citi's Reimann said subject matter experts remain important, as well. She said her list includes bankers with project management experience and training. More generally, she reflected that today's compliance banker needs to be more proactive--simply being a diligent expert off in a corner won't cut it anymore.
Flexibility, rather than an annual check-the-boxes mentality, also counts. "I tell new hires that they will have to reprioritize their tasks on an almost daily basis," said Reimann. Good communications skills grow increasingly important, as the compliance function has to deliver more messages to business units.
Wells Fargo's Hollingsworth said that "business talent is very important to me." And she said that she tries to think more broadly than her own people when approaching a task.
For example, there are the bank's "quants," in some of the more arcane banking functions of her organization. They have the skills and talents that could help Compliance with some of the advanced analytics that have become required.