Compliance management is no joke. From the day-to-day work of making sure everyone is following policies and procedures to training staff to tracking, understanding, and implementing new regulations and predicting the impact of proposed rules, it’s a Herculean exercise in organization and education.
That’s why federal regulators require financial institutions to have a compliance management system (CMS). A CMS is how a financial institution learns about its compliance responsibilities, incorporates them into business policies, ensures employees understand them and carry them out, and takes corrective action as needed.
Regulators give institutions a large amount of flexibility in how they structure their CMSs as long as they include board and management oversight, a compliance program, and a compliance audit.
To meet these requirements, an increasing number of FIs are turning to CMS software as they recognize the shortcoming of spreadsheets and manual processes for managing compliance. But with so much variability in CMS programs, how does an institution find CMS software that will best support its needs?
Look for a solution with these seven key features:
Regulators aren’t always thrilled with out-of-the-box solutions, especially when it comes to a CMS. Federal regulatory guidance says that a CMS should be tailored to fit the size, complexity, and level of risk of the FI. It should also take into account the unique products, services and profile of your institution.
Out-of-the box solutions don’t always provide this kind of flexibility. They expect FIs to bend to meet the needs of their system, instead of working to meet the FI's needs.
Avoid this problem by making sure you understand the special compliance challenges your FI faces before meeting with CMS vendors. Make sure the vendor’s system is capable of meeting your needs now—and in the future. It will need to be adaptable to changes in strategic direction that impact compliance, whether it’s new products and services, new markets, or an acquisition.
If it’s a choice between the software provider’s way or the highway, take the highway and find someone else.
It should go without saying that a CMS product should simplify your day-to-day. If the software is hard to understand and manage, you are less likely to use it—and the rest of the FI’s staff will feel the same way.
Instead of using your new software, people will be tempted to revert to manual processes like Excel spreadsheets, re-introducing the problems you were seeking to avoid.
Take the time to dig into the usability of any CMS you are considering to determine how intuitive and organized it is. Does it make sense to you? If it doesn’t, you won’t want to use it.
There were 365 proposed and final rules issued by federal regulators in just the first six months of 2019. The CMS you select needs to help you keep up with them.
Changes to regulation and guidance should be communicated to the users as quickly as possible to allow for planning and collaboration. Ask how often updates will be made, how quickly you can expect the CMS software to alert you to changes, and what form those updates will take.
Some CMS products believe the only rules you need to worry about are those that have been finalized. Don’t fall into this trap. Knowing about potential changes to regulation can help your FI’s strategic planning.
For example, if management is considering introducing a new product or service, but there is a potential regulatory change on the horizon that could impact how you would offer that product or service, it’s important to be aware and communicate it to management.
In addition, some FIs want the ability to provide comments on proposed regulations. If CMS software is only communicating final rules, you’ll miss half the story.
Compliance isn’t a black box activity. Regulators expect you to show your work.
A CMS should make it easy to demonstrate to examiners and auditors what you are doing to stay compliant. From who did what and when to why you made the decision that you did, a CMS should make it easy to document compliance-related activities.
Look at the type of tracking and logging a CMS offers to determine if it seems complete enough to satisfy your examiners and auditors.
Read also: What Does the FDIC Look for in a CMS?
Compliance is the responsibility of every single employee and board member of the financial institution. A CMS needs to make it easy to communicate compliance requirements across business units and manage the policy review process.
The policy review process generally requires the collaboration of the policy owner, policy review committee, senior management, and the board. Having a system that allows all individuals that need to be involved will cut down on the need to send and track countless emails.
Investigate the mechanisms a potential CMS uses for communicating compliance information with staff, management, and the board.
Compliance management is a never-ending parade of policies, procedures and documents. Compliance officers need the ability to retrieve important documents quickly for examinations, audits, and internal processes. There is nothing more frustrating than spending hours looking for a document or having to reproduce it because it is not in its right place.
A CMS solution should make it easy to store and find the most current and up-to-date version of these documents so they are accessible and available when you need them.
Don’t waste time and money on a CMS solution that doesn’t provide these seven key features. Make sure to ask how any potential CMSs will satisfy these needs.