7 minutes
This summer, Australian credit unions unveiled a Customer-Owned Banking Code of Practice, setting out “10 key promises,” including pledges to be fair and ethical, focus on customers, provide clear information about products and services, lend responsibly, and comply with all legal and industry obligations.
A few weeks later, executives for the U.S. banking giant Wells Fargo admitted that they had fired 5,300 employees who were found, under pressure to meet sales goals, to have opened 1.5 million unauthorized deposit accounts and 500,000 credit cards.
These two snapshots could not be farther apart, both ethically and geographically. How can CUs steer their staff toward the example set by their counterparts down under and away from the one set at Wells Fargo? Providing adequate training on ethics and compliance and maintaining the right “tone at the top” are necessary elements, but “when it comes to compliance, you get not what you expect, but what you inspect,” says Sean Cronin, president of ProcessUnity, Concord, Mass.
CUs may have a head start on maintaining a culture of compliance, given their mission to serve members by offering them the best products that serve their needs. If you’re committed to that, ethical business practices naturally follow, Cronin says.
“But vigilance is required to ensure that the letter of the law is being adhered to at every level, so that every decision is examined through the lens of compliance,” he adds.
Sharing Responsibility
$1.3 billion CoVantage Credit Union tackles this challenge by managing compliance within departments, so that the consumer lending department is responsible for ensuring that all staff adhere to lending regulations and the mortgage team takes charge of compliance in that area, for example, explains Dianne Noskowiak, VP/internal services for the Antigo, Wis., credit union.
A separate compliance department tracks new and upcoming changes to rules and regulations, ensures that managers are well informed of new and revised rules, and tracks timelines and assists with implementation, Noskowiak explains. The compliance department also conducts reviews throughout the year to pinpoint weaknesses or redundant processes and to confirm that compliance efforts are meeting their objectives.
“We define our culture of compliance as a strong team effort,” she says. “Everyone from senior management to tellers are aware of the importance of regulations, policies and procedures. For us, it works to have the managers of each department responsible for their own areas, which includes ensuring policies and procedures are up to date, knowing the risks of non-compliance and training staff on any changes.”
Some regulatory changes are especially hard to manage and burdensome in terms of deadlines, staff time and vendor expenses, Noskowiak says. For example, implementing the recent rule about TILA-RESPA Integrated Disclosures involved several departments and vendors, each with its own obstacles to overcome. A team approach was required.
“At CoVantage, I would say we have a ‘mission culture’ rather than a ‘sales culture,’” she adds. “We look for opportunities to live our mission, which is to welcome all, regardless of wealth, and provide outstanding value and exceptional service to our members.”
Not ‘One and Done’
CUs have achieved a culture of compliance when “all employees understand what their responsibilities are related to regulatory compliance in their everyday activities,” says Cindy Williams, VP/regulatory compliance for PolicyWorks, Des Moines, Iowa. “This is the Holy Grail of compliance, something that everyone wants to do, but it can be very challenging.”
Success calls for starting at the top, with the board and executive team in agreement that operationalizing compliance is a priority and a responsibility shared by all. Ensuring that all employees understand their roles in this “has to be an ongoing process,” Williams says. “It’s not a one and done, where you roll out some information and say, ‘Here you go. Let’s make this happen.’”
Compliance has to be talked about regularly, and information about the regulations that guide every department, process and procedure has to be readily accessible and translated in a way that makes it easy to do.
“Compliance can be scary and intimidating,” she notes. “If you can create a regular newsletter that shares information in a simple, even fun, way, it sinks in over a period of time. I know it sounds simplistic, but I’ve found it to be very effective.”
A combination of written resources and regular training on pertinent regulations can help employees understand how those rules apply to them and what’s at stake if they’re not followed. “Compliance is not just concepts and ethereal ideas,” Williams says. “The more it is applied to their everyday activities, the more it will resonate with employees.”
“So many things can go wrong if a culture of compliance is not instilled at a credit union. Every employee presents a risk,” she adds.
Joining Forces
Three Alberta CUs are combining their compliance efforts through InStride Resources Ltd., a subsidiary company that is owned by and provides support services to $583 million Mountain View Credit Union, in Olds; $451 million 1st Choice Savings and Credit Union in Lethbridge; and $614 million Lakeland Credit Union in Bonnyville.
The CUs pooled their compliance operations through InStride in September 2015, recognizing the need for a more concerted and dedicated approach to compliance policymaking, training and support, says InStride’s VP/Compliance Dale Scott, CCE, based in Olds. Previously, these tasks were a part-time responsibility of staff members in finance, operations or risk management.
Scott’s job focuses on policymaking and training, and working with the boards, executive teams and staff to develop and maintain a compliance regime across all three credit unions and to conduct audits and risk assessments. He also supervises two compliance specialists who focus on daily anti-money laundering reporting and issues and fraud cases, working with CU staff and members.
“A key part of the culture of compliance goes beyond training staff on tasks and responsibilities to answer the question of why,” he notes. “Why are there all these rules, and why do we have to follow them? Especially in the area of anti-money laundering regulations, why do we need to ask members questions they may find intrusive?”
Those kinds of questions are much more prevalent among longer-term employees who’ve seen a shift in operations. “We’ve been making a lot of changes in terms of forms, processes and procedures, so those questions have been coming up. It’s important to help them understand why this is important as well as what they need to do,” Scott says. “We try to convey the message that these rules are designed to protect members and the credit union.”
AML compliance has resulted in significant changes in routine interactions and required employees to ask all members for additional details about transactions that seem unusual. That’s been a challenge in training employees at small branches where they tend to know their members, he says. “They need to look at each transaction even if they know the member well. If it’s an unusual transaction for that member, they may need to ask more questions and maybe even file a report.”
In terms of integrating compliance into operations, it may help to recognize that many of these processes and procedures are not at odds with strategy and the goals of member service. “It certainly fits within the member experience that we’re asking questions to try to understand members’ needs so we can give proper advice and supply the products and services they need,” Scott notes.
In addition, asking questions about unusual transactions occasionally identifies possible fraud, he says. In that regard, “AML and fraud prevention work hand in hand.”
Overt Mission
Control mechanisms are most effective when they’re overt. Cronin borrows an example from military defense—the deterrent effect of large and visible armed forces, weapons and warships.
In the same way, training programs need to be backed up with spot checks and procedures to correct noncompliant behaviors and share the learning with employees.
“The message needs to be loud and clear: If we find minor problems, we’re just going to use them as training opportunities,” he says. “But if there’s a major violation or fraudulent activity, there could be more significant actions, all the way up through termination. That kind of clarity can permeate the culture by letting people know we’re serious.”
In technology systems, some controls function largely “undercover,” ferreting out potential fraud or errors after the fact. But other controls are more upfront, like big dialog boxes that appear on screen with preventive alerts and warnings. The latter are the types of controls that credit unions can emulate in creating and maintaining a culture of compliance, Cronin suggests.
Upfront controls (dialog boxes being one example) “let people know, ‘This is important, and we’re watching,’” he says. “Some people might have philosophical issues with that, but it does reinforce expectations, and that’s part of the culture of compliance as well: ‘We expect you to be on your best behavior, but we’re not just going to trust you on this. Occasionally we’re going to be checking.’”
Karen Bankston is a longtime contributor to Credit Union Management and writes about credit unions, membership growth, marketing, operations and technology. She is the proprietor of Precision Prose, Portland, Ore.