With the new year, you may reflect upon how things are going within your bank or credit union's third party risk management program. Make sure your team is on the same page.
I was recently at a conference sponsored and hosted by The Wall Street Journal on the financial services regulatory environment. It was a really good conference, featuring senior government officials from many of the major regulatory agencies. And, I noticed a theme, particularly from the Department of Justice - creating a culture of compliance.
Culture of Compliance
The Wells Fargo crisis was an easy example where they “talked the talk" (even committed it to writing about compliance expectations) but failed to "walk the walk”.
While being careful to edge around whether an actual crime occurred or if a criminal case is forthcoming, the officials openly asked when was management aware of the practices and what did they do to curtail it.
Having a culture of compliance would ensure everyone involved with third party risk management is working together with the same key points of knowledge.
How to Create It
Creating a culture of compliance requires:
1. Making sure that every person – yes, every single person – understands they have a role in making sure the institution plays by the rules
2. Everyone understanding that there are real consequences for violating the rules
3. Senior management setting “tone from the top” – hammering home the expectations that compliance risk is every bit as important as credit risk and operational risk
To learn more about the need to create a culture of compliance, I highly recommend the book “The New Era of Regulatory Enforcement” by Richard Girgenti and Timothy Hedley. It’s an excellent resource, particularly chapter 2 on “Raising the Bar,” on what it means to have a fully functioning compliance program. I use it often.
Having strict rules and abiding by them carefully take real work but it’s vital to the success of the institution and the right thing to do for the consumers.
Along with having a good culture for third party risk management, make sure your team is also doing these 10 best practices.