I was so lucky to have the Dad I did growing up. I did not always think it at the time, but now appreciate him, though it has been years since I could tell him so. Dad expected you to learn by doing, but he always got to the bottom line in terms of making things simplistic. It was not just learning to drive, it was learning to maintenance your car. I remember his saying "you have to watch the water and oil, but the gas will take care of itself". Because of him teaching me maintenance, all these years later that first car still sits in my garage and I can drive it.
We spend a lot of time talking about risk in banks. One of our recent newsletters and presentations covered compliance related risk assessment. Yet, although all that material is good and needed, certain considerations to your overall Risk Focused Compliance Monitoring Program should keep you driving that car.
You should count on from your compliance related risk assessment, these areas ranking at your highest risk level, assuming yourself to be a community bank of say an Intermediate Small Bank CRA status:
- HMDA and CRA - The 2018 HMDA changes bring numerous data fields creating more opportunities for error as well as issues regarding getting the data information (especially where applicable for business loans). For an Intermediate Small Bank, the bulk of the exam grade is Community Development Qualifying Loans, Services, and Investments.
- BSA/OFAC/USA Patriot Act and Customer Due Diligence (Beneficial Ownership) - Your institution needs to have the resources dedicated to BSA/AML analysis and understand the mechanics of Beneficial Ownership as related to the loan and deposit side and updating certifications at significant events/new account opening.
- Fair Credit Reporting Act - There is huge regulatory emphasis on this area currently and severe implications for improper or inaccurate reporting of your customer’s information.
- Third Party Vendor Management - You are responsible for the actions of your third party vendors, compliant monitoring relative to their actions, and for ensuring in due diligence that these vendors have been provided certain regulatory training (as applicable to the particular vendor).
- TRID - No matter what financial institution you are with, you need to survey the lenders and see how many can define a TRID loan, a full two years plus after inception. How can proper disclosures be delivered within the appropriate time frames if lenders do not understand when they have a TRID loan?
Regardless of the bank, the above are your "oil and water issues". Surely automation has assisted with areas like Truth In Savings and Regulation CC. If so, these should take care of themselves. So be it training, monitoring, independent review, check that oil and water often!!!