By Edmund A. Greene
Today’s banking compliance professional has evolved from the pariah that loan officers and business line managers avoided into an integral part of a financial institution’s leadership. The modern banking compliance professional is necessarily educated and adept at navigating the complex and disjointed array of regulations and risks, including the Dodd-Frank Act, the Bank Secrecy Act (BSA) and anti-money laundering (AML) schemes. The modern banking compliance professional also embraces the need for profitability and new technology, and is no longer the naysayer of risk.
Technology, terrorist attacks and the near-collapse of the entire financial system have forever changed the landscape of banking compliance. Banking compliance is vastly different than it was just five years ago – and new regulations and technology are responsible for the changes. Twitter, LinkedIn, Facebook, smartphones, virtual offices and BYOD are now the norm. In 2010, the Dodd-Frank Act had just passed, and cybersecurity was in its infancy. Today, there is a recognized need from both government agencies and financial institutions for compliance specialists in Dodd-Frank, BSA, AML and cybersecurity. Recently, state and federal government agencies announced they will hire IT specialists to train their own IT examiners.
The Dodd-Frank Act and its over 2,000 pages of new regulations became banking compliance professionals’ top priority – and their greatest source of angst – from its passage in 2010 to the present. Many of the act’s rules became effective in January 2014. The act is one of the most sweeping regulatory changes to the banking industry since the Great Depression and was promulgated in response to the mortgage crisis beginning in 2007. In sum, the act requires banks to implement numerous new consumer protection policies and procedures and authorizes the formation of a new agency – the Consumer Financial Protection Bureau. Big banks have dedicated mortgage compliance specialists to tackle their new mortgage regulatory obligations, while for smaller community banks, it is one of many regulations for the compliance officer to manage.
While BSA and AML regulations now have a long history, it is extremely noteworthy that the federal government just updated its BSA Manual comprised of 440 pages. Big bank BSA and AML violations have been headline grabbers over the last couple years, virtually displacing Dodd-Frank from the banking lexicon. BSA and AML violations pinnacled in January 2014 when JPMorgan paid fines and forfeited monies combining $2.05 billion ($1.7 billion forfeiture for Bernie Madoff’s Ponzi scheme victims). While BSA and AML are also complex and involved regulations, what is far more concerning to financial institutions is the magnitude of fines and the loss of reputation violations bring. Due to the significance, BSA and AML have now become a thriving area of specialty compliance. Most big banks have hired a veritable army of BSA and AML personnel both to vigilantly combat crime and to remain compliant. Both big and small banks now rely on technology to assist them with BSA and AML compliance. The scope, administration, parameter and reports that BSA and AML software provide are also part of a regulator’s examination.
Inarguably cybersecurity is the “hottest” compliance risk today due to the sensitivity of consumers’ person information. In fact, the Justice Department is expected to announce on Dec. 4, 2014, the creation of a cybersecurity unit. That same week Sony Pictures’ internal computer systems were hacked and disabled. The hackers were able to obtain and publish an abundance of personal information, including salaries, health care records and performance reviews.
With the advance of technology follows the advance of cyberattacks. Distributed denial of service (DDoS) attacks have become the latest type of cyberattack in which a skilled hacker “smokescreens” a bank. Smokescreening is when cybercriminals tie up IT personnel, who focus on the disruption. Meanwhile, while all focus is on the disruption, the cybercriminal will infiltrate the network to steal money, personal customer data and intellectual property. These events cost organizations large sums of money in the form of service-level agreements, service interruptions, and credit protection for clients affected by the attack. Cybersecurity compliance and specialists in this risk area are quickly becoming the top priority of regulators and financial institutions.
Managing the myriad of regulations and growing risk from technological advances is daunting for the most seasoned banking professional. Consequently, banking professionals continue to supplement their knowledge with industry recognized certifications. Many compliance officers are lawyers, finance and MBA graduates – and now, IT specialists. With consumers relying on banks to keep their money and identities safe, the modern banking compliance professional must be a champion of cutting-edge technology and a key participant in business strategies and risk management at the C-level.
Edmund A. Greene, Esq., LL.M. banking and financial law, ARM, CRCM, is president of Greene Consulting Group Inc., a consulting and legal-based firm providing bank compliance and legal services. He may be reached at email@example.com or (781) 254 2346.