Implications of the Regulatory Environment on Board Governance


- By Kevin Kane, President & Owner, Financial Regulatory Consulting Inc.

One of the most important aspects of the current regulatory environment is keeping abreast of the fast paced changes. The Board of Directors for your institution also needs to be informed and be trained. Board governance is not only keeping informed of the changes but also having a positive attitude towards compliance.

This article will focus in three areas:



Dodd-Frank Wall Street Reform and Consumer Protection Act

  • New risk-based approach to financial services regulations
  • Increased bank supervision
  • Heightened focus on consumer protection
  • Heightened regulation of mortgages

Regulatory Changes

Regulation Z
• Rule prohibiting mortgage brokers and mortgage loan officers from receiving compensation that is based on the terms or conditions of a mortgage loan other than the loan amount – Effective April 1, 2011

• Rule requiring purchaser or assignee of a mortgage loan to provide the consumer with notice in writing within 30 days of their mortgage loan being sold, transferred or assigned – Effective date January 1, 2011
• Interim Rule that requires creditors extending consumer credit secured by real property or a dwelling to disclose certain summary information about interest rates and payment changes in a tabular format – Effective January 30, 2011

• Requires any mortgage loan originator to register on Nationwide Mortgage Licensing System and Registry (NMLSR)
• Effective 180 days after Oct 1, 2010 and the registry is operational

FDIC Insurance
• On August 10, 2010, FDIC amended insurance regulations to permanently increase the standard maximum deposit insurance amount from $100,000 to $250,000

Unlawful Internet Gambling Enforcement Act
• New Examination Guidelines

Regulatory Focus

Fair Lending, Fair Lending, Fair Lending
Anything to do with Credit Cards and Mortgage Lending
New Good Faith Estimate and Settlement Statement required by RESPA
Flood Insurance
Regulation Z disclosures


“Why is regulatory compliance an important issue for this audience?”

In short it’s the Risk a bank takes in non-compliance. Webster’s dictionary defines risk as “the possibility of loss or injury, a dangerous element or factor; perils to the subject matter.” In order words, risk is the probability that non-performance could result in harm or financial loss. In the financial industry, risk cannot be totally eliminated; however, it can usually be identified, evaluated, prioritized, and to a certain extent controlled.

This part focuses on the following two areas:

  1. The identification of those compliance regulations that present the highest risk to banks. The “three R’s” of Risk; Reputational, Reimbursable, and Regulatory. The focus on the particular regulations that involve more than one category of risk such as the Bank Secrecy Act, Equal Credit Opportunity Act, Fair Lending Laws, and Privacy.
  2. The identification of the effective characteristics that help Boards identify, evaluates, prioritize and control compliance risk.


A. Compliance risk factors can be generally classified into one of the “three R’s.”

a. Reputational – This category deals with issues which could have long term adverse effects on the institution. No one can accurately predict the hidden cost to the institution if its reputation takes a hit because of negative publicity associated with regulatory actions or consumer complaints. The following regulations expose banks to the greatest reputational risks:

  1. Community Reinvestment Act
  2. Anti- Money Laundering/ Bank Secrecy Act
  3. Fair Lending Laws and Regulations
  4. Privacy of Consumer Financial Information
  5. Fair Credit Reporting Act

b. Reimbursable – This category deals with those tangible and quantifiable consequences of poor risk management: fines, penalties, reimbursements, and damages. These consequences impact the bottom line of the institution and, if large enough, could adversely affect the institution’s equity position. The following regulations expose banks to the greatest reimbursable risks:

  1. Anti-Money Laundering/Bank Secrecy Act
  2. Truth-in-Lending Act
  3. Equal Credit Opportunity Act
  4. Flood Disaster Protection Act
  5. Real Estate Settlement Procedures Act
  6. Insider Lending – Regulation O
  7. Fair Credit Reporting Act
  8. Fair Lending Laws

c. Regulatory – This category involves high profile topics which represent the current concerns of the regulatory agencies. The following regulations expose banks to the greatest regulatory risks:

  1. Anti-Money Laundering/Bank Secrecy Act
  2. Equal Credit Opportunity Act
  3. Flood Disaster Protection Act
  4. Home Mortgage Disclosure Act
  5. Fair Lending Laws

B. The three regulations causing the most industry concern and encompassing multiple risks include:

Flood Act – Flood Disaster Protection Act cuts across commercial and consumer credit products and thus is an area of high risk for banks. Recent issues leading to significant money penalties have involved commercial loans where commercial departments have been caught off guard by the regulatory focus.

Equal Credit Opportunity Act/Spousal Guarantees – An evolving industry issue concerning at least two and some times three of the risk issues are compliance with the Equal Credit Opportunity Act. In particular FRC has seen multiple instances where commercial banks have found themselves in trouble for their methodology of accepting spousal guarantees. Generally, Banks and their Board must concern themselves in obtaining spousal guarantees unnecessarily and without any documented credit underwriting process.

Fair Lending Laws/Subprime Lending – This is an issue that has occurred nationwide with the decline of the real estate market. Banks are faced with a three prong problem. First, the possibility of having to buy back loans that have become delinquent or have defaulted from secondary market investors. Second the decline of the subprime market as a viable profit center. Lastly, the reputational, regulatory and reimbursable risks for banks who engaged in subprime lending. Regulatory concerns about predatory lending had lessened over the last few years but with the rise of mortgage delinquencies and defaults the issue has reemerged as a primary fair lending matter.


This area focuses on the Board of Director’s role in controlling the identified risks. The responsibility for ensuring an institution is in compliance appropriately rests with the Board of Directors. Suggested actions to take by the Board and senior management include:

1. Demonstrating clear and unequivocal expectations about compliance – The attitude of the Board and senior management towards compliance responsibilities sets the tone for the entire institution. A strong attitude can be demonstrated by discussing compliance topics during Board meetings. The Board must communicate by example to all institutional personnel that they are expected to incorporate compliance in their daily operations.

2. Adopting clear policy statements – Policy statements on compliance topics provide a framework for the institution’s procedures and provide clear communication to management and employees of the Board’s intentions regarding compliance.

3. Appointing a Compliance Officer with authority and accountability -
One of the most important things a Board or senior management does in terms of providing for the administration of a compliance program is the designation of the Compliance Officer. To truly be effective, the regulators believe the Compliance Officer must be granted sufficient authority and independence to:

➢ Cross departmental lines
➢ Have access to all areas of an institution’s operations
➢ Effect corrective action when necessary.

The establishment of a Compliance Committee could be used to achieve the above three objectives. The Committee could help cut across departmental lines and gain access to all bank areas and thereby permit the adoption of corrective action plans by requiring representatives from different areas of the Bank to sit on the Committee and help with the management and implementation of the program. Notwithstanding, the Committee structure or role of the Compliance Officer, the overall responsibility remains with the Board.

The role of a Compliance Officer may vary according to the regulatory letter. Large banks may have a full-time Compliance Officer while smaller banks may address the position differently and have the responsibility distributed amongst various departments. According to the Financial Institution Letter the general responsibilities of a Compliance Officer are as follows:

➢ Develop compliance policies & procedures
➢ Establish training programs concentrating on applicable laws and regulations
➢ Review policies & procedures for updates and personnel changes
➢ Assess emerging issues
➢ Respond to consumer complaints
➢ Implement corrective action when necessary.

Note: A Compliance Officer is only as good as the support they receive from management and the Board.

4. Allocating resources to compliance functions commensurate with the level and complexity of the institution’s operations – A qualified Compliance Officer must have knowledge and understanding of all consumer protection laws and regulations that apply to the institution’s business operations. The Compliance Officer must also have general knowledge of the institution’s overall operations and interact with all departments and branches to keep apprised of changes in products, services, business practices, or personnel turnover that may require action.

The Board’s responsibility is to spend the money to hire a qualified Compliance Officer and provide the Compliance Officer with ongoing training and adequate resources to do the job including the assistance of third party service providers to help administer the compliance program or audit function.

5. Requiring the conduction of periodic compliance audit/reviews – An essential component of the Board’s oversight is the periodic delivery of compliance audit/reviews. Generally the compliance audit or review is delivered either to the Board Audit Committee directly or through the Compliance Officer. The difference between a compliance audit versus a compliance review is who receives the report initially. Generally, a compliance review is delivered to the Compliance Officer and then to the Board Audit Committee. Alternatively, a compliance audit is directly presented to the Board. The purpose of the audit/review is to provide the Board and senior management with an independent assessment of the institution’s compliance with consumer laws and regulations. The audit/review will also serve to ensure the Board of ongoing compliance, identify compliance risk conditions, and compliment the institution’s internal monitoring system.

The Board of Directors should help in determining the scope and frequency of the periodic audit/reviews. The scope and frequency should consider the following factors:

➢ The expertise and experience of institution personnel
➢ The organization and staffing of the compliance function
➢ Volume of transactions
➢ Complexity of products
➢ Number and type of consumer complaints
➢ Acquisition and opening of additional branches
➢ The institution’s size and organizational structure
➢ The magnitude and/or frequency of changes to any of the above.

6. Requiring the delivery of reports regarding the adequacy of the compliance program – Regardless of whether audits/reviews are conducted by bank personnel or by an outside source, the findings should be reported to the Board or a committee of the Board. A written compliance report should include:

➢ The scope of the audit/review, including the departments, branches, and product types reviewed
➢ Any deficiencies or modifications identified
➢ The number of transactions sampled by category of product type; and
➢ Descriptions of or suggestions for, corrective actions to be taken and time frames for correction.

Boards and senior management for that matter are often deficient in the follow-up to submitted reports or action plans. It is imperative that Boards follow up on areas identified as deficient to ensure that corrective action plans are put in place and deficiencies are corrected in a timely manner. FRC has had too many experiences where submitted reports are not responded to in a timely manner if at all. When this happens the reports create more problems than they solve because they establish a paper trail for examiners by identifying weaknesses without the accompanying benefit of correcting the problem. When this occurs it leaves management and the Board in a weak position because the appearance it generates is an institution unconcerned about its compliance responsibilities and compliance program.

7. Training – The final element of effective Board oversight is training. The training should not be just limited to employee personnel but Board members themselves. The education of the institution’s Board, management, and staff is essential to maintaining an effective compliance program. Line and staff should receive specific, comprehensive training in the laws and regulations that directly affect their jobs. An institution’s training program should encompass the following:

➢ New hires –with specific time frames before taking on new responsibilities

➢ New regulations/modification of existing regulations

➢ Existing personnel taking on new positions

➢ Audit/Examination findings

➢ Introduction of new products or services.

Finally, all directors should be trained on certain compliance related matters on an annual basis. What types should be covered depends on the particular characteristics of the institution as well as some the issues outlined above, but there are some regulations that all Boards should be trained on. These include:

➢ Anti-Money Laundering/Bank Secrecy Act

➢ Flood Disaster Protection Act

➢ Fair Lending Laws

➢ Insider Lending – Regulation O

➢ Privacy of Consumer Financial Information


This entry was posted on Wednesday, November 10th, 2010 at 10:34 pm and is filed under Articles, Board Training, Compliance - General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

  • « Older Entries
  • Newer Entries »