Like companies in many industries, banks are having a difficult time finding and retaining qualified compliance staffers. In fact, recruiting good compliance professionals has gotten so hard that the U.S. Office of the Comptroller of Currency (OCC) says that it has become a top risk for financial firms, especially regional banks and small lenders.
In its semi-annual report, Risk Perspectives, Spring 2019, banking regulator OCC says new technologies and compliance laws have increased complexity in banking and financial compliance and that banks have found it difficult to staff up to address the added needs. “Attracting and retaining competent staff to manage compliance operations and risks remain a challenge, particularly at smaller regional and community banks,” the OCC said in the report.
The regular also warned banks to use cation when pursuing solutions around the compliance hiring conundrum. “Some banks use third parties to supplement and support existing compliance operations. Such practices should be accompanied by initial and ongoing due diligence and appropriate oversight,” the OCC said in the report.
The OCC is particularly concerned about staffing in the areas of compliance with anti-money laundering (AML) regulations, such as the Bank Secrecy Act (BSA), which requires banks to identify customers and report suspicious activities. The OCC identified three causes of deficiencies in BSA/AML, including inadequate customer due diligence, insufficient customer risk identification, and ineffective processes related to suspicious activity monitoring and reporting.
These deficiencies can be related, says the regulator, to insufficient compliance staffing. “Talent acquisition and staff retention to manage BSA/AML compliance programs and associated operations present ongoing challenges, particularly at smaller regional and community banks,” the report states.
Other Risks
In addition to compliance staffing, the OCC identified several other risk areas that can present a threat to the U.S. banking system. Those risks include:
- Operational risk is elevated as banks adapt to a changing and increasingly complex operating environment. Key drivers for operational risk include persistent cybersecurity threats as well as innovation in financial products and services, and increasing use of third parties to provide and support operations that are not effectively understood, implemented, and controlled.
- Interest rate risk and the related liquidity risk implications pose potential challenges to earnings given the uncertain rate environment, competitive pressures, changes in technology, and untested depositor behavior.
- Consumer compliance risk management concerns, due to weaknesses in change management processes. For example, some banks have failed to involve the compliance function when evaluating changes in, or additions to, products or services, which increases compliance risk.
Improvements in Compliance
The OCC report did suggest some improvements in compliance with banking regulations and in banking risk management. The number of enforcement actions, for example, continued to decline since hitting a high in 2010. Formal and informal enforcement actions by the OCC declined to just over 100 from a high of more than 900 in 2010.
“The number of enforcement actions outstanding against banks has steadily declined since peaking in 2010, reflecting improvement in banks’ risk management practices, recapitalization efforts, and other factors,” the OCC stated in its report.
Banks that are considered at high risk for failure and compliance problems, based on financial conditions, liquidity, management capability, and other factors are also on the decline. The number of OCC-supervised banks with composite ratings of 4 or 5 (considered high risk) has declined since year-end 2010 and is at the lowest level since 2005. The regulator says the decline results from a variety of factors that include recapitalizations, improvements in risk management, and merger and acquisition activity.