The Buck Stops Here: Executive Oversight
Just how important is your board of directors, or your executive team if you don’t have a board? According to Luis A. Aguilar, former commissioner for the Securities and Exchange Commission, your board has enough power to help bring about or put an end to an economic recession.
Having served the SEC during the 2008 financial crisis, Aguilar saw firsthand how the men and women with a fiduciary duty to shareholders must bear the weight of potentially globally disruptive decisions. In a speech delivered shortly after the end of his term, he commented on how the people at the top of financial institutions—global and regional, large and small—have a level of responsibility few of us can imagine: “Clearly, the way you collectively exercise corporate governance over the management and operations of your companies has an enormous impact on the way the capital markets function.”
And Aguilar was quick to point out how much corporate directors have to lose:
“Moreover, in today’s litigious society, you fulfill your responsibilities with the threat of lawsuits hanging over your head. As you well know, it is not uncommon for shareholders to file suit against corporate directors for alleged failures to uphold their responsibilities as fiduciaries of the companies’ assets.”
These facts hold true for board members at organizations of all sizes. Consumer finance is an interconnected industry, where every governing decision can have immense ramifications.
Long story short, your board has an extraordinary amount to be stressed about—like the collapse of markets around the world, or the danger of placing their families’ financial security in jeopardy. It’s no surprise that your board has lots of other things they would rather be doing than focusing on compliance. In fact, in a recent BDO USA survey (PDF), compliance ranked last on boards’ lists of priorities:
- 47% of directors surveyed would prefer to spend more board time on succession planning,
- 45% wanted to spend more time studying industry competitors,
- 38% wanted to prioritize risk management,
- 32% thought they should focus on evaluating management performance,
- …but only 16% (1 in 6) reported that they wanted to spend more time on compliance.
It’s Time to Redefine Your Board’s Compliance Obligations
Don’t confuse lack of enthusiasm for lack of responsibility. Despite their feelings on the subject, the directors on your board need to spend some of their time and energy on compliance. Regulators such as the Consumer Financial Protection Bureau require it, your capital partners require it, and, ultimately, it makes good business sense.
In order to bring all these parties into alignment, an organization shouldn’t minimize its compliance program, but redefine it, emphasizing the inherent link between compliance and business objectives such as leadership continuity, risk management, employee retention, and maintaining a competitive edge.
What your board, business, bank, and regulators are all looking for—what they can all agree on—isn’t more compliance, but better compliance.
Let’s start with the CFPB.
What Regulators Are Looking for in Board of Director Oversight
The CFPB spells out its reasoning on boards of directors rather clearly:
“The board of directors is ultimately responsible for developing and administering a compliance management system that ensures compliance with Federal consumer financial laws and regulations and addresses and prevents associated risks of harm to consumers.”
In other words, the CFPB holds your board accountable for your organization’s overall compliance. The agency believes the effectiveness of a compliance management system is grounded in the actions taken by its board and senior management. Here’s what that means in practice:
- Your board needs to demonstrate clear expectations about compliance, not only within your organization but also to your service providers.
- Your board should adopt clear policy statements regarding consumer compliance.
- Your board must appoint a qualified and experienced chief compliance officer who can hold other compliance officers accountable. Note that the CFPB recognizes that “[i]n smaller or less complex entities where staffing is limited, a full-time compliance officer may not be necessary,” but, nonetheless, “management should have clear responsibility for compliance management and compliance staff should be assigned to carry out this function in a manner commensurate with the size of the entity and the nature and risks of its activities.”
- Your board should ensure that your organization manages its compliance policies, procedures, and standards, through an established compliance function.
- Your board needs to assess the compliance function to make sure your organization is mitigating potential consumer harm associated with violations of consumer financial laws and regulations, and allocate resources appropriately.
- Your board needs to evaluate product development, marketing, account administration, and the way you handle consumer complaints for potential violations and risks to consumers.
- Your board must mandate and review your organization’s regularly performed compliance audits.
- Your board, or a designated committee of the board, should collect and analyze recurring reports of your organization’s compliance risks and issues, and how those risks and issues have been resolved.
That’s a long list of demands from the CFPB, isn’t it? Actually, many of the obligations detailed above are a natural outcome of using an automated CMS. Check back soon for the second part of this article, in which we’ll walk you through workforce compliance automation, explore how culture is a reflection of senior leadership, and provide you with a few best practices for compliance monitoring and reporting.
But if you’d rather not wait until then, why not take a look at Compligo, our automated workforce compliance solution? Click here to see a demo and schedule some time with a compliance expert.