QUESTION
We have had several compliance
officers in the last few years. As the CEO of our company, I considered their
resumes, and some of them came with a long list of credentials.
In theory, they should have known what they’re doing. But they wound up having blind spots and, in one case, the compliance officer put us at considerable regulatory risk.
Of the three compliance officers, two were fired, and one resigned instead of being fired.
We plan to retain a firm such as yours to keep us stabilized and work with new compliance officers. So, please contact me.
I have put together a committee to review all candidates. They are asking for a high-level outline of what a compliance officer is required to know and do.
I am turning to you for some guidance. It will go a long way to helping us find a decent compliance officer.
What are some qualifications of a compliance officer?
ANSWER
I understand your situation. I
hear similar concerns all the time. Just because somebody has a long list of compliance-related
credentials does not mean it’s appropriate to give them the responsibility of a
compliance officer. I realize this seems counterintuitive. Due to the
pervasiveness of this issue, many years ago, I even speculated about
establishing a firm to vet potential compliance officers for clients. At least
it would reduce situations like you find yourself in. Although I thought such a
firm was needed, I felt that it was outside our mission. However, make no
mistake, credentials are not equivalent to competency and actual, hands-on
experience.
I’m glad you are considering a firm like ours. We provide independent support to the existing compliance function of virtually any mortgage banking firm – whether originating or servicing loans – irrespective of the size, risk profile, or complexity. We will enhance your compliance management. Compliance officers (viz., compliance managers) work closely with us on day-to-day regulatory issues. So, contact me HERE. I’ll get back to you promptly and we’ll talk. You do not need to jump through hoops to get this position filled.
Let’s start with the importance of finding a good fit for your organization. The compliance officer should have a strong positive attitude toward compliance. Avoid anyone who constantly complains about having to read all the regulatory information or is a bit too “flexible” when it comes to regulatory compliance. The attitude is a pivotal feature of the compliance officer’s effectiveness because the position requires a willingness and ability to work with departmental personnel on compliance issues.
A bad attitude or poor fit is detrimental. If a firm such as mine does an internal audit, we will pick up on this kind of personnel issue and report it in our evaluation of the risk rating. Just imagine what a regulatory agency’s examination report would say about such a situation!
A compliance officer must prioritize maintaining compliance within the financial institution to reduce or eliminate regulatory violations, costly penalties, and poor customer relations. The position should report directly to the company’s top management. Some companies put the compliance position under the legal department, but sometimes this results in important messages not getting adequately reported to the CEO or the Board of Directors. Mistakes get magnified when there are too many layers between the compliance officer and the CEO.
Thus, as a general proposition, for the compliance officer to succeed authoritatively, s/he should be recommended by executive management and approved by the Board of Directors. The individual appointed should have at least the following attributes:
(1) be a higher-level officer of the company,
(2) be familiar with all areas of mortgage banking,
(3) possess strong oral and written communication skills, and
(4) maintain a positive attitude toward compliance.
The Board’s involvement in the appointment is a strong indicator of its emphasis on and support of the compliance program. Board approval of the officer is also a positive signal to regulatory authorities of a company’s commitment to compliance.
What do I mean by a “higher-level officer?”
I mean that a compliance officer’s position must carry authority if s/he is going to accomplish the responsibilities determined by executive management effectively. To be sure, the compliance officer should be at least a first-level officer, depending on the organization's size. A large company may want the compliance officer to be at least at the vice president level; a small company may appoint a trusted individual who exhibits many essential requirements.
Understand that, as a CEO, the success of your company’s compliance program depends on the authority you have given to the compliance officer. The compliance function requires the authority to effectuate regulatory mandates, and that means s/he must have the respect of others in the organization and the support of management. If the individual lacks such respect or management support, the compliance program is in danger of failure.
I am not in favor of a part-time – or what amounts to a part-time – compliance officer. There should be no reason why you can’t promote somebody from within who can be trusted, assuming s/he has the essential experience and a willingness to receive appropriate compliance training, and, importantly, contribute substantially all of their time to compliance issues.
If you are a small company with only a few employees, you should still designate a compliance officer who will take on such responsibilities. Not every company has the budget to hire a compliance officer or sufficient human resources to promote from within. But you can always retain a firm such as mine to fill the gap temporarily, permanently, or continually as an adjunct to a compliance officer.
There’s really no excuse not to retain a firm such as mine since – at least in our case – the fees are very cost-effective, and you can ensure compliance guidance is prioritized. Compliance must be constantly monitored and maintained to ensure that problems or potential problems do not arise. Do not wait for a regulator to knock on your door before you pay attention to compliance requirements!
The compliance officer must communicate compliance initiatives to all affected employees. There are several ways that such communication of compliance information is customarily transmitted, such as:
- Training sessions;
- Periodic reports to executive management and the Board of Directors;
- Periodic reports to compliance committees;
- Individual meetings;
- Memos and reports; and,
- Newsletters.
Another communication responsibility of a compliance officer is providing guidance on proposed regulatory changes. For instance, to ensure that the compliance officer fulfills this obligation, my firm meets with the compliance officer of our clients regularly to discuss existing and proposed regulations to keep them current and anticipate future compliance demands. We also discuss how best to effectuate compliance mandates right now and implement expected directives in the days and months to come.
Given the foregoing criteria, I think you should search for a compliance professional who will be responsible for conveying all policy and procedural requirements imposed by the regulations, including information for and to executive management and appropriate personnel, regarding:
- Changes in current compliance requirements;
- New regulatory issues affecting the bank;
- The operation of the compliance program itself;
- Specific audit findings and suggestions for corrective action; and,
- Public comments or complaints.
Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group