Those days, Perdue said, are over.

"Regulators from all agencies are showing an increased appetite for enforcement," said Perdue, a former regulator with the Federal Reserve. "It can happen to you and will only be prevented if you have a rock-solid compliance process already in place."

Based on third-quarter 2013 data, Perdue presented a compliance index that showed significant increases in the amount of resources now required to successfully manage compliance.

Using as her example a hypothetical $300 million community financial institution, Perdue estimated it now takes 2.34 full-time equivalent employees to manage an institution's compliance burden, up from 1.67 FTEs in third-quarter 2012. While compliance hours may have gone down, the corresponding quarterly cost per institution has increased to $43,493, up from $26,040 for the same period during the prior year.

"Right now, 11.9% of community financial institutions are dealing with regulatory enforcement actions," Perdue said. "That's a big number, with focal points all over the board."

The largest concentration of regulatory activity stretches in a diagonal band from Minneapolis to Miami, due in part to the high concentration and nature of credit unions and community banks located in that area. Corresponding third-quarter activity in the West, on the West Coast and in the Northeast has been relatively light by comparison, she said.

The FDIC showed the greatest spike in activity among regulators, and especially in comparison to the NCUA, whose activity was limited by comparison.

Overall, management issues attracted largest amount of activity at 30%, but Bank Secrecy Act violations ranked a close second. The third quarter saw cease-and-desist orders issued against two credit unions for BSA violations, a move Perdue said was very unusual.

Next Page: Two CUs Targeted

On Aug. 29, North Dade Community Development Federal Credit Union, located in Miami Gardens, Fla., signed a consent agreement with NCUA, neither admitting nor denying charges of alleged money laundering. The action prohibits the $6 million credit union for having any further business with money service bureaus not part of its field of membership.

On Sept. 24, Bagumbayan Credit Union in Chicago signed a similar consent agreement with the regulator, who found significant issues with the credit union's management. Specifically, the action barred unpaid and untrained individuals from acting on behalf of the tiny credit union, which has $84,000 in assets and one employee.

Both cases focus on very small institutions, supporting Perdue's assertion that size no longer matters, but adherence to formal compliance procedures does. What's more, all regulators offer fair warning when something isn't quite right with a financial institution's compliance methodology.

"It is never a surprise when an institution gets into trouble and enforcement actions are never sudden," said Perdue. "In more than 80% of all cases declining performance is known to an institution."

To avoid enforcement actions, financial institutions should focus on preventing, detecting and correcting those practices that could be problematic from a regulatory perspective," Perdue said.

"Those three steps are a like a three-legged stool, and when one leg is shorter than the others the situation gets a little wobbly," she added.

In terms of best compliance practices, Perdue suggested the following steps:

• Manage compliance holistically, rather than as individual tasks.

• Implement regulatory changes promptly and completely when they still fresh in your mind, but don't jump the gun on anticipating regulations.

• Execute compliance as an executive task, including articulately expectations, establishing reporting and accountability structures, gathering data for the proper decision making, and knowing what the process is costing the institution in time and resources.

• Share compliance knowledge appropriately with staff and board based on their levels of accountability.

• Remember that compliance happens when and where the work gets done, not in a corner office away from day-to-day activities.

• Maintain a formalized written compliance program that operates as a living document in guiding a financial institutions' daily operations.

"In the past, compliance officers used to behave like scribes and hoard information," Perdue said. "In the new world it's their job to get the information out there and share what's needed when it's needed."