Compliance has never been a one-person job, especially not in the current compliance environment. Credit unions manage compliance differently, depending on size and complexity, and sometimes as a result of “the way things have always been.”
For example, small credit unions might have a compliance officer. Some large credit unions might not, and they might manage compliance “by committee.” This means every department is responsible for compliance. Other large credit unions might have several compliance officers in addition to a general counsel for legal matters. Regardless of your structure, your compliance program should have at least two elements:
1. A compliance quarterback; and
2. A game plan.
The compliance quarterback is the person who identifies compliance issues and follows through on implementation or resolution. This person coordinates among departments and manages the personnel involved in the compliance issue. It could even be an outside third party that helps create the game plan, ensures implementation, and reviews whether you are in compliance.
Without someone to coordinate efforts, your credit card application disclosure handled by the marketing department in-house might not be consistent with your credit card account-opening disclosures handled by an outside vendor and the lending department. Or, what about the advertisement issued by the marketing department for a home equity line of credit? Who has reviewed it for the proper disclosures?
You must create and implement a game plan. Ideally, your credit union takes a proactive approach to compliance rather than a reactive one. A game plan helps keep you moving forward and is generally built around compliance deadlines. When new or amended regulations are issued, ask the following questions: What regulation is it? Does it apply to the credit union? What are the requirements? Which of the credit union’s products/services are affected? What are any financial effects, and how will you address them? Who will make the required changes: a vendor, the credit union, or both? Which departments of the credit union are affected, and who needs to be involved? How are members affected?
Once you have these answers, narrow down your “plays” or the actions you’ll take. Some actions include creating a timeline to meet the mandatory compliance date; identifying who needs to complete the action (i.e. vendor, lending department, marketing department) and the actual costs involved; considering outside resources; and deciding staff training needs and/or membership notifications. Your game plan also should include a review of the compliance (or noncompliance) risks.
Understand that actions may change based on subsequent amendments to regulations (the amendments to the open-end provisions of Regulation Z were changed numerous times in the past four years). Your compliance quarterback should be aware of subsequent changes and ensure you adjust your plan accordingly. The game plan is an active document your compliance quarterback monitors and implements.
And after you’ve implemented the plan, watch the game film. In the compliance world, this means review all the actions taken and ensure that you’ve properly implemented all the changes.
Having a compliance quarterback and a game plan doesn’t always ensure a compliance victory. But it will give you some tools to be proactive and prepare for the numerous changes that are occurring.