When “should” becomes “shall”
Rethinking compliance management for banks
In the world of banking supervision and regulation, there is a familiar, longstanding cadence to the issuance of new guidance: regulators issue new guidance; banks parse and interpret it, set a strategy for compliance, begin operationalising it, and press forward with the knowledge that most new guidance is simply a set of expectations rather than hard-and-fast requirements. In today’s environment, the assumption that guidance is just an expectation, not required, is no longer acceptable. A strategy for how a bank assesses its compliance with applicable guidance and then enhances its enterprise compliance management programme is of the utmost importance.
Over the past few years, a new wrinkle has emerged, hinging on one small word: “should.” Historically, regulatory guidance was delivered in the context of “should.” As in, banks should do x, y, or z. Recent developments make it clear “should” is increasingly being interpreted as “shall,” at least for larger organizations. New and existing regulatory bodies such as the Consumer Financial Protection Bureau (CFPB), Federal Deposit Insurance Corporation (FDIC), Board of Governors of the Federal Reserve (FRB), the Basel Committee on Banking Supervision, and Office of the Comptroller of the Currency (OCC) are leading the charge on this front, examining banks against compliance risk management guidance, and in some cases bringing enforcement actions for an underlying weakness if it rises to an unsafe or unsound condition or practice and/or a regulatory violation. And, as discussed further below, the OCC’s recently proposed rulemaking titled “Heightened Expectations” provides a minimum baseline for effective compliance and risk management.
Download the attachment to read more.