In this Compliance Clip (video), Adam explains how regulatory change management should fit within a compliance management system (CMS) of a financial institution. Specifically, Adam provides 3 (or 4) main ways a financial institution can keep up with regulatory changes (and one of them involves partnering with the Compliance Cohort).

Video Transcript

The following is a transcript of this video.

This Compliance clip is going to talk about regulatory change management and how you manage changes of regulatory nature in your organization. So what is regulatory change management? Well, I summed it up here, this isn't an actual definition, this is my definition of it. Regulatory change management is the process of identifying regulatory changes, evaluating if and how they apply to your financial institution, and then ensuring that applicable changes to policies and procedures occur, and really then to test to make sure that they actually happen, follow through to make sure all changes take place. That's what regulatory change management is. 

This is a big part of your CMS or your Compliance Management System. Each bank or credit union must have a Compliance Management System in place. This is really how you integrate compliance into your larger organization. One of those components under the Compliance Management System is regulatory change management. And as you can expect, this is a big deal because changes occur so fast. They occur almost on a daily basis, definitely on a weekly and monthly basis, but changes are happening so often and sometimes very difficult to keep up with. But this is definitely something that your examiners are looking at. Over the years, they actually turned their focus more and more towards looking at regulatory change management as part of the Compliance Management System. In fact, the CFPB examination procedures say a couple of things specific to regulatory change management.

First of all, one of the things they say is that examiners are to ensure that a bank or credit union responds promptly to changes in applicable federal consumer financial laws. The examination procedures from the CFPB go on to say that examiners should also assure the management reviews the changes after implementation to determine that the actions taken achieved the planned results. Essentially, what they're expecting you to do is to watch for changes, evaluate how those changes apply to you, if and how they apply to you, implement those changes and then follow through to make sure that those changes are not an issue going forward.

What I have seen over the years is that examiners are taking more and more of a risk-based approach, especially for the FDIC-regulated banks, where your examiners are really looking at your Compliance Management System. They want to see how well you're managing things, and if they don't have a comfort in your management, they will actually expand the hours that they allow for the examination period, up to some awful number of hours that they can dig into your organization to look for issues and make sure you are in compliance with applicable consumer rules and regulations.

Change management is very important and changes do occur all the time. How can you keep up with regulatory changes? There's a couple of ways you can do this. There's really three, three and a half, four ways that you can do this. First of all, you could wait for auditors and examiners to point it out. I remember early in my career talking to a couple of old compliance officers who were older and they're close to retirement, and they said that the way they used to do it is they would just wait for auditors and examiners to come in, point out the issues, they would gladly oblige, and then they would make the changes and the move on. That's how they dealt with regulatory changes. In fact, I even remember, there was this one point in the year, maybe 2008-2009 timeframe, I talked to a president/CEO. I asked them what they did for compliance and he said, well, we really just wait for examiners to come in and tell us what we need to change. Even in 2008, 2009, there really was not the best approach and that definitely can happen today. But that is one approach that you could take and management could choose to take, but of course, that would be problematic.

The second way to keep up with regulatory changes is to read the Federal Register each day. The Federal Register is a publication of all the laws and regulations that are changing, and it's a formal way that all the agencies have to submit the applicable changes in a public format to something that can be read. But there are a lot of different agencies that don’t apply to banking or finance that really don't apply to your institution. You have to sift through in order to find the rules that actually apply to you. And believe me,reading the Federal Register is not an exciting task, though it's something that I do dig into since I am quite the compliance nerd, and I sort of enjoy those things, especially when new rules come out. It's really sad. I need a hobby other than compliance. But that is one way to do it, to read the Federal Register for each day because if you miss a day, you may miss a change and that'd be a problem. So that's one way to do it.

Another way to do it is that most of the agencies make announcements. They don't make announcements of everything. Some things they just link through the Federal Register, but most of the agencies do make announcements. So you can sign up for alerts on those websites, all the primary regulators, you can sign up for those and get the FDIC, Federal reserve, the OCC. Even the Federal Reserve has multiple branches that you can sign up for their news releases and get news releases from them. You can sign up for FinCEN, can sign up for the FFIEC, which is the Federal Financial Institutions Examination Council, which is really all the regulators working together. And sign up for the Department of Justice, the FTC, OFAC. There are so many different places you can sign up to get these alerts and believe me, it does become overwhelming at times. But that is what you can do,  to sign up for these types of alerts.

You can also enroll in a curated program. That's another way that you could keep up on regulatory changes. And that's something that we do offer at Compliance Cohort, trying to make things easier for some of you, compliance professionals, so you don't have to spend hours upon hours to sift through the Federal Register, waiting for your auditors and examiners to tell you, you missed something, reading all the news releases that come out. What we do is each quarter, we have a Quarterly Compliance Update that we provide you. We sell this Quarterly Compliance Update either individually, so you can buy each quarter throughout the year, or we sell it in a package format where it's a Premium Membership. We do have two premium memberships, which both include four quarterly compliance updates. Now, if you were to purchase that premium program in January, you would get the first quarter, second quarter, third quarter and fourth quarter programs, or we do offer it also in July. We just offer it twice a year in July, you would get the third quarter, fourth quarter, and then first quarter, second quarter of the next year’s quarterly compliance updates. So we do offer that curated program, it includes our Compliance Management Systems class, where we take a deep dive into compliance management systems and what regulators expect. And if you sign up for our Premium Gold, where we have both Premiums Silver and Premium Gold, Premium Silver has just really the four quarterly updates with our CMS class. But our Premium Gold includes two additional classes. It’s really a bundled package where you get a huge discount by buying it as a bundled package. That’s something that is available for you. But keep in mind that there is a limited window of opportunity to sign up. We only do sign ups for Premium Memberships in January and July, so if you’re interested in that, take a look at that during those enrollment periods.

That is what regulatory change management is. There’s a lot of different ways to handle this. There’s some easy ways that will cost you a little bit of money, then there’s some hard ways that take a lot of time. Hopefully you find something that works for your organization. If you're strapped for time, maybe pay for a premium program. If you have plenty of time and resources, spend the time digging into looking at all those resources I talked to you about. But either way, you do need to have something that does an appropriate job of identifying the changes, determining if and how they apply to you and implementing those changes in your organization.

So that's all I have for you today in this Compliance Clip. I hope you found it beneficial.