However, the credit union's board must never underestimate its accountability in keeping the institution compliant with new and existing regulations, Perdue said. The board also must make sure the credit union can demonstrate its compliance management system to examiners.

Board responsibilities include making sure the credit union maintains an effective compliance structure either through the efforts of a compliance officer or a compliance committee, both charged with keeping the credit union on track. In both cases, the officer or committee must be effective in the execution of duties, and be able to prove that effectiveness when asked, Perdue stressed.

“The days of the board rubber-stamping a decision are gone,” Perdue said. “We're increasingly seeing expectations for a more formulaic approach to compliance, and in 2014 and beyond it will be very important to have the proper due-diligence procedures and documentation.”

When it comes to establishing a compliance culture, it's often a matter of “the tone at the top,” Perdue told webinar participants. The board has a distinct responsibility to adopt a clear compliance policy statement, demonstrate compliance expectations internally and to third parties, allocate the necessary resources for compliance management and required periodic compliance updates.

All board discussions and actions regarding compliance should be reflected in board meeting minutes, a responsibility that's growing more critical over time, Perdue said. Those minutes should include both discussions and decisions, especially as they relate to compliance issues.

“My favorite examiner phrase is, 'If it isn't documented, it didn't happen,'” Perdue said. “The board is ultimately responsible to make sure credit union risk is controlled.”

Controlling risk requires the board to identify areas of risk, monitor and measure risk exposure, and adjust credit union strategies as necessary to match the institution's appetite for risk. The first measurement may well be a formal risk assessment of the board itself to determine whether its members understand what's expected of them and can perform the tasks necessary to reduce risk for the credit union, Perdue said.

The most common risks stem from too little effort made to manage risk, Perdue said. This includes supporting an ineffective compliance officer or committee, devoting insufficient resources to compliance management, accepting inadequate risk monitoring and/or incomplete compliance audit coverage, Perdue said. The board is responsible for making sure the necessary resources support the right risk management structure to reduce threats to the credit union and keep it compliance with regulations.

The compliance burden isn't lessening; if anything, It is on pace for continued rapid increases, Perdue said. Utilizing data gleaned for four major financial regulatory bodies including the NCUA, the consultant showed that compliance burden continues to increase.

During the first quarter of 2014, regulators issued roughly 3,200 pages of new regulations and instituted 165 enforcement actions, a figure up from 152 actions during first quarter 2013. The incremental cost of compliance for the first quarter 2014 was $37,621 per institution per quarter, slightly up from $37,140 for the same period during the previous year.

“Currently 10% of financial institutions are under some form of enforcement action of some kind, a level we haven't seen since the S&L crisis,” Perdue said. “In fact, the FDIC has begun to issue enforcement actions to institutions that don't have a demonstrable compliance management system.”

Examiner expectations, according to guidelines from the CFPB, demonstrate clear expectations about compliance management, not only within the financial institutions themselves, but also extending to service providers with which the institutions work.

CFPB guidance requires the adoption and application of clear compliance guidance by the institution, and a compliance function that is set to recognized and accepted policies, procedures and standards. The allocation of appropriate resources should commensurate with the size and complexity of the entity's operations and practices and the laws to which the institution is subject also are critical factors.

The regs also require audit coverage of compliance matters and the results of periodic compliance audits. The institution must also provide for recurring reports of compliance risks, issues and resolution through a committee structure or to the board.

“The questions to ask yourselves are, 'Did you cover it all and can you prove it?'” Perdue said. “Saying 'yes' to those questions means you're on your way to establishing an effective compliance management system.”

Perdue also noted the increasing number of times boards of directors and their responsibilities are mentioned in regulatory compliance guides. In the NCUA's Consumer Compliance Self Assessment Guide, boards are mentioned 18 times, less than in compliance guides for other financial entities, but still a telling number when it comes to illustrating how board responsibilities have only increased over time.

“It doesn't get easier, you just get stronger,” Perdue said, citing an aphorism she attributed to the fitness industry. “I think that applies boards of directors as well.”