Compliance Management Programs

Every CU should have a system to define compliance roles and responsibilities.

November 19, 2012

Before the Consumer Financial Protection Bureau (CFPB) took office, both the Federal Reserve and the Basel Committee on Bank Supervision issued guidance on compliance management programs.

This guidance stated that large, complex banking organizations (generally those with more than $50 billion in assets) should implement an organization-wide compliance program, and it identified key elements of such a program.

The CFPB has taken the Federal Reserve and Basel guidance and integrated it into its examination procedures. 

This means that credit unions with more than $10 billion in assets, which are subject to CFPB examination, must have comprehensive compliance management programs.

The vast majority of readers will never—under current laws—be subject to CFPB supervision. But you still should implement an organization-wide compliance management program. An effective program tailored to your credit union can help you deal with compliance more effectively and efficiently. Every credit union—regardless of size—should have one. 

The CFPB Examination Manual states a compliance management program:

  • Establishes compliance responsibilities;
  • Communicates those responsibilities to employees;
  • Ensures that you incorporate into business processes responsibilities for meeting legal requirements and internal policies;
  • Reviews operations to ensure staff carry out their responsibilities and meet legal requirements; and
  • Takes corrective action and updates tools, systems, and materials as necessary.

Your credit union should be doing all of these things. So, what’s the purpose of a compliance management program? It provides a formal framework for compliance that clearly defines roles and expectations.

A good compliance management program isn’t a stale policy collecting dust on your shelf—it’s integrated into day-to-day operations and is a part of the credit union’s culture. 

The CFPB Examination Manual has four categories for a compliance program: boardand senior management oversight; the compliance program (including policies, procedures, training, monitoring, and corrective action); consumer complaint response; and compliance audit. 

Within these four categories, you can map out a structure and flow for compliance processes.

Is the board apprised of the nature of compliance risks? Has senior management demonstrated clear expectations about compliance? What’s the reporting structure for compliance issues? Is there an independent compliance function that provides a check and balance on the compliance activities? How do you consistently monitor compliance?

Your compliance management program should answer questions like these. 

Your credit union might not be a large, complex entity, as the Federal Reserve and the Basel Committee on Bank Supervision envisioned. And you might not have the complexities of a $10 billion asset institution like the CFPB supervises. But you’re generally subject to the same complex laws and regulations as these entities.

Without a plan in place, new regulations can create “who’s on first?” scenarios. An effective compliance management policy could save you time and immediately position everyone with clearly-defined roles on the compliance playing field. Instead of “who’s on first?” you can respond with “Helen’s on first with the Truth in Lending Act/Real Estate Settlement and Procedures Act rules, she’s getting support from Abbott, and she’ll report her progress to Costello and the rest of the compliance committee.”

Different credit unions have different internal structures and operations depending on size, risk assessments, and culture. But despite these differences, all credit unions should have a process for how compliance responsibilities flow from the board to the front-line staff—and everyone in between.

JEFF ANDERSEN is regulatory counsel for PolicyWorks LLC. Contact him at or at


The services provided by PolicyWorks shouldn’t be construed as legal services, legal advice, or in any way establish an attorney-client relationship.