Question: What are the elements of an effective compliance management program?
Answer: An effective compliance management program includes policies, procedures and limits; sufficient training; sound risk monitoring and MIS reports; and effective internal controls.
Question: From a regulator’s perspective, what should senior management consider when deciding whether to outsource portions of the compliance management program.
Answer: Establishing and maintaining an effective compliance management program can be accomplished through the efforts of knowledgeable internal staff, or by outsourcing certain activities to a third party.
If the decision is made to establish and maintain the program internally, then senior management should ensure that staff members have the knowledge, resources and authority to fulfill their responsibilities.
Now, if the decision is made to outsource elements of the program, such as the audit function or staff training, senior management must still ensure that the outcome of these activities are aligned with the risk management profile of the bank.
Question: Could you elaborate on that point?
Answer: Sure, for example, if the bank offers a wide variety of consumer loan products, such as adjustable rate mortgages with private mortgage insurance, or construction loans, both of which typically pose a higher degree of consumer compliance risk, then the audit program developed and implemented by the third party vendor must contain reviews of a level and intensity that will effectively mitigate that risk.
Question: Does the bank’s board of directors play a different role if all or part of the compliance management program is outsourced?
Answer: The answer is no. Regardless of whether the function is staffed internally or outsourced, the board of directors is ultimately responsible for the bank’s compliance management program. This responsibility cannot be delegated to a third party.