Banks and credit unions alike have grown accustomed to the frequent and often strenuous regulatory exams and audits that have become a large part of their day-to-day life. Perhaps not surprisingly, according to our third annual report, “2019 IT Outlook for Community Banking,” compliance issues remain a big concern for these institutions, especially in terms of meeting examiner expectations. Financial institutions continue to struggle across critical areas such as: vendor management, business continuity planning, cybersecurity, audits, and exams. Risk assessments, which according to survey results, is a big struggle as 65% of respondents claim it is currently their greatest IT challenge.
Continuously changing interpretations of guidance that is already in place, along with new guidance, has made the exam process — starting with the preparation all the way through to accurate documenting steps taken to remediate findings — an extremely time-consuming and stressful endeavor.
At the beginning of the exam process, the examiner typically sends a list of items they want to review; certain areas they plan to examine; and items they plan to discuss. This list normally includes a number of reports and documents the financial institution must prepare ahead of the review and subsequently provide to the reviewing agents before the on-site visit. While some exams only require a handful of reports to prepare up-front, others can request more than 60 different reports, including:
- Organizational Charts
- Financial Reports
- Business Continuity Plans
- Disaster Recover Plans and Test Results
- Vendor Management Policies
- Security Policies
In addition to gathering and preparing the reports and documents the examiner requests, there are certain steps banks and credit unions can do before the exams to help streamline the process, feel more confident and prepared, and better meet examiner expectations:
- Review All Relevant Guidance and Significant Changes
The management team and compliance officers should familiarize themselves with all relevant guidance for their institution, and make sure they are up-to-date on any changes that might affect them. In addition, they should review recent significant changes to internal technology infrastructure, risk assessments for customer or member facing electronic banking services and as well as the financial institution’s cyber risk appetite statement.
- Review Previous Examination Reports
Review the previous exam reports for any comments or matters that required attention. It is critical that all exam findings from previous examinations be addressed, with corrective actions documented.
- Review Any Non-Finding Comments (If There Have Been Any)
If the institution received any comments from the examiner that did not rise to the level of a finding, they should be prepared to discuss how (or if) the institution plans to address these items in the future. In some cases, management may decide these items do not require corrective actions. However, they should still be discussed, and any rationale (action or inaction) documented.
- Review the Compliance Plan
Each financial institution needs to be able to show examiners how they identify, track and respond to compliance issues. Often referred to as a Compliance Management System (CMS), this typically includes everything from how they introduce new initiatives and new vendors, how they implement and manage the initiatives, and how they respond and prepare for expansions and organizational changes, to how they track audit and exam findings.
- Automate Compliance Tasks
Finding the time to collect all the requested reports and adequately prepare for exams can be a challenge. In fact, 55% of survey respondents admit to struggling with finding the time to work and focus on compliance-related activities. This struggle has led banks and credit unions alike to search for a more efficient way to manage compliance tasks and leverage automation to manage compliance responsibilities. Approximately 33% of survey respondents outsource their compliance needs, and 59% have increased their compliance spending in the past 18 months.
Regardless of location and size, banks and credit unions are all subject to largely the same regulations. Working with a managed services provider who works exclusively with financial institutions and understands the unique challenges of the exam process, greatly increases the chances that you are not only prepared for an exam, but can confidently meet all examiner expectations both before, and after, the exam.
To gain more insights into the key challenges, goals and opportunities facing banks and credit unions today, please download the full report here.