Regulators are scrutinizing financial institutions of all types in the wake of the economic meltdown. As the regulatory burden on credit unions grows, many are formalizing their compliance functions and are staffing up to handle the workload.
Save time and money
“The banking system collapse and the Great Recession made our industry very visible to consumers and legislators, and there’s a sense financial institutions—credit unions included—need to be fixed so it doesn’t happen again,” says Steve Post, president/CEO of $535 million asset Vermont State Employees Credit Union, Montpelier. “The fixes coming our way look like they’ll include many compliance-specific changes.”
The credit union’s compliance officer oversees and facilitates the work of a certified compliance manager, handles compliance details, and “carries the football for us on compliance,” says Post.
With the pace of regulatory changes—and technological innovations—it’s more efficient to have in-house compliance staff, he says. “We need quick access to the staff, and we need people who are intimately familiar with who we are and what we do.”
It’s vital, he adds, that compliance staff are integrally involved in all significant business initiatives early on. “If I’m developing a new product or changing our retail operations, compliance is engaged right away.
“I’ve had to spend time getting senior people accustomed to working with compliance,” Post adds, since sometimes it’s viewed as a hurdle. He’s had to help people see compliance as a valuable part of projects. “It saves us time and money on the back end,” he says.
After undergoing significant changes—for example, accommodating the Real Estate Settlement Procedures Act—the credit union’s internal auditor validates its compliance. “We give things a little time to settle, and then bring the auditor in,” Post says.
Vermont State Employees uses outside legal counsel when it needs legal interpretation, such as modifying legal documents. “We have a lawyer who’s very familiar with Vermont banking and finance laws,” says Post.
He expects to increase compliance staff in the coming months, probably adding one support position. “We’ll probably also invest in software to help manage some transactional compliance issues with things like the Bank Secrecy Act,” Post says. “We have some homegrown software, but we’ll likely acquire a more robust system.”
The compliance manager attends compliance conferences and training programs regularly, and networks with other professionals at financial institutions and information technology (IT) organizations. “The more she can learn and tie the knowledge directly into our product offerings and the way we do business, the better,” says Post. “That’s why I don’t outsource.”
Develop the expertise
Baxter Credit Union, Vernon Hills, Ill., with $1.5 billion in assets, also has an in-house compliance program. “When we started the program two or three years ago, we thought there would be a lot of regulatory changes coming, and it would be a good idea to develop that expertise,” says Michael Valentine, president/CEO.
His compliance staff includes a compliance manager, a coordinator who works on compliance and auditing, and a paralegal who spends about half her time on compliance. When hiring compliance staff, Valentine looks for people with technical knowledge of the regulatory environment, along with basics such as business acumen and leadership skills.
“Very strong interpersonal and communication skills are important,” he adds. “They deal with the entire credit union—from the front-line staff to the board.”
The credit union has used outside IT resources to help it comply with most new regulations—such as the Credit Card Accountability, Responsibility, and Disclosure Act of 2009. “Things are moving so fast that we needed outside expertise,” Valentine says. “We’re trying to hold the line on hiring, but if the speed of regulatory changes continues, we might have to look at what additional expertise we need to develop.”
For credit unions structuring their compliance functions, he advises, “Look at your individual needs and what you’re doing. We’re a high loan-to-share shop with a large credit card program, and with all the related regulations, we decided an in-house program worked best.”
Baxter outsourced its compliance function until about two years ago. “We looked at how much we were spending on it,” Valentine explains, “and we thought, why not spend the money to develop the expertise. We can now work with employees across the organization on a regular basis, which we couldn’t do as well before.”
Prepare for change
Dow Louisiana Federal Credit Union, Plaquemine, La., hired a compliance officer, LaToya Stewart, in May 2010. A support person assists with auditing completed projects.
Stewart handles compliance “from a strategic, forward-thinking direction, asking staff questions about changes they’re planning, and helping to interpret needed changes,” says Jeffrey Hendrickson, president/CEO of the $225 million asset credit union. “It’s not just auditing anymore,” he says, which is how staff handled compliance in the past.
The credit union also has an attorney on retainer. “He gives us a compliance calendar of changes coming due and what will be required of us,” Hendrickson says. “He’s dedicated to the credit union industry and has tremendous insight and expertise. He’s able to give good direction when regulations come out.”
The attorney’s expertise is at the industry level, and the compliance manager’s is specific to the credit union, says Hendrickson. “Before we had generic direction on the front end and specific direction on the back end; now it’s specific throughout.”
In-house compliance staff understand the credit union’s processes better, Hendrickson says. “They can answer detailed questions about any component of a new regulation. And after a change happens, they can keep auditing as processes evolve.”
Attorneys and auditors often make the best compliance officers, he says. They can interpret complex documents and determine needed changes.
The credit union probably will hire an in-house attorney in three to five years. “We’ll split the responsibilities into legal and compliance activities,” says Hendrickson. “That will give LaToya someone in-house who knows our operations and legal issues. The bigger we get, the higher the risks.”
To be successful, compliance officers must use all available resources, Stewart says. “If you don’t have access to legal counsel, reach out to other organizations that can help.
“I’m a member of the Institute of Internal Auditors and an association for credit union internal auditors,” she adds. “It’s all about knowing your credit union and its products and services, and making sure you have the resources you need to be compliant.”