They're Serious About This, Folks
As a youth, I could always tell when my dad was really serious about something versus when he was not. Some things he might say something about, but you knew he would let you slide. But with some things, there was no way he was going to let you slide. You knew if you crossed a certain line you were in major trouble. For example, in the warm weather months he might say something about coming in from playing ball by a certain time, but if you did not make that time exactly, it was not a big deal. Conversely, if I ever disrespected or talked back to anyone in authority, especially him, then sitting down might not be as comfortable for a while as it had been. He made a believer out of you.
Well, the regulators are pretty serious about a few things, too. They will make a believer out of you as well. Here are a few examples of areas the regulators are considering of importance. Regardless of your primary regulator, the areas listed below are indicative of what the regulators are considering areas of substantial risk consideration for financial institutions in 2018. We know this based on the frequency of which these areas are referenced.
- FinCen jointly announced with the Office of Comptroller of the Currency and the U. S. Department of the Justice, assessment of civil money penalties for violations of anti-money laundering laws against a well known financial institution on February 15, 2018. In the Office of the Controller of the Currency (OCC) Fall 2017 Semi-Annual Risk Perspective, one of the referenced areas was titled "New Technology Offerings and Evolving Criminal Methods Result in High BSA/AML Compliance Risk." Themes pulled out of these two regulatory documents include "risk management," "failing to establish an adequate anti-money laundering program," "failing to report suspicious activity," "inadequate amount of resources to its AML program," and "inadequate process to handle high-risk customers."
- Just the other day a BSA Officer was discussing BSA resource allocation with me. Have you asked your BSA Officer if he/she deems your BSA resource allocation adequate? If not, could be the regulators do on their next visit. Often you have heard me say that despite the small size of any financial institution, I think it would have an uphill battle saying a full time BSA Officer was not a necessity in today's BSA world.
- Speaking of BSA related items, how much have we heard over the past couple of years about Beneficial Ownership? We just received additional FinCEN Guidance dated April 3, 2018 in the form of FIN-2018-G001. Whether Beneficial Ownership is a potential 5th BSA Pillar or a part of the Internal Control Pillar, rest assured that Beneficial Ownership is a BSA related hot button.
- The credit side of the bank is gathering attention as well. Check out Financial Institution Letter FIL-5-2018 dated January 10, 2018. Highlights include "results suggest that credit risk and liquidity risk are increasing, as reflected in a higher frequency of surveys that report risks associated with loan growth, out-of-territory lending, and credit and funding concentrations" and information on how financial institutions can "strengthen credit MIS by incorporating forward-looking risk indicators and establishing a sound governance framework."
- Unless you have been asleep a long time, you knew Cyber Threats would make the list. In the Fall 2017 OCC Risk document referenced, consider "Operational Risk Remains Elevated Because of Increasing Cyber Threats and Use of Third-Party Service Providers."
- Speaking of third-party service providers, in that same document you find "Use of Third-Party Service Providers Is Increasing and Critical Operations Are Increasingly Concentrated in a Few Large Service Providers.
- Can we overlook Change Management? How about in the OCC Risk document "Amendments to Regulations Pose Challenges in Change Management?"
- Finally, bet you wouldn't believe it, but the OCC Risk document references Compliance Management Systems in "Some Compliance Management Systems Lag Behind Evolving Compliance Risks."
Thought about a vendor to assist your financial institution with risk management or hiring a chief risk officer, lately? Just like Dad was serious about some things, so are the regulators, and for that reason and others, financial institutions should be as well. We better get serious before a believer is made out of us one way or the other.