A Roadmap to Compliance Agility & Resilience for Financial Institutions

In the six months since the banking industry began facing unprecedented turmoil, U.S. financial regulatory leaders have been taking a hard look at the scope of risks tied to regional and small banks in an attempt to triage the credit tightening and liquidity that could leave its mark on the economy for months or years. While credit unions are not under the auspices of the same federal regulators, they are connected to the financial system and subject to the same contagions. A regulatory day of reckoning is coming for U.S. banks and credit unions, especially rules for small- and medium-sized institutions on liquidity risks. Since banks began borrowing at a record clip in spring, they are still scooping up Federal Reserve emergency loans from three programs at a rate of tens of billions each week.

As federal agencies move to scrutinize the regional banks, the NCUA and various state authorities are also reviewing their own policy frameworks to shore up protection of credit unions and their members, and ultimately to prevent systemic failures, with trade associations such as NAFCU advocating for changes that best meet credit unions’ needs. The FDIC and two other regulators recently unveiled new rules for larger banks’ capital requirements to address evolving international standards and the recent regional banking crisis. While nobody can predict when and what exact FDIC and NCUA rules will drop aimed at smaller institutions, financial institutions will need to be agile with change and have a confident mastery of risk management to be ready to comply. Consumers, regulators and investors alike will also be expecting demonstrable action and rapid operationalization of any new or amended regulations.

To meet these expectations, financial institutions will need to first take a very close look at where vulnerabilities lie within their organizations, how they are continuously assessing risk and how to close any resulting gaps.

Transparency With Cryptocurrencies

Credit unions can be held responsible for their fintech partners’ non-compliance with ESG standards, financial crime rules, data privacy and security laws, and cryptocurrency enforcements. Given the intense scrutiny and evolving oversight on digital assets, they will need to change the way they assess risk in regard to cryptocurrency and other blockchain products. They should notify their regulators if they plan to engage in cryptocurrency – transparency is key.

Resilient Cybersecurity Measures

Additionally, they need to assess how social media impacts risk, their resilience in regard to cybersecurity, their vulnerabilities if the institution grows too fast and if they are involved in lending to higher risk start-ups. Considering today’s unprecedented frequency and magnitude of risk incidences, financial institutions that can best manage risk and compliance stand to boost their value proposition. Advancing technology has produced a new generation of risks of money laundering, fraud, sanction violations, data privacy and cybercrime. Without integrated, robust AML and cybersecurity workflows, financial institutions will not set themselves apart from other firms in a sector currently viewed with suspicion.

Updated Compliance Systems, Integrating Additional Risk Vectors

Credit unions with a solid compliance foundation that are hoping to up their game can reassess the processes and systems with new risks in mind, and then fortify their compliance tech stacks and talent. Processes and tech stacks are demonstrable compliance assets, to both regulators and consumers. A balanced, tech-driven compliance program, while now becoming table stakes in managing these risks, boosts an institution’s value proposition – demonstrating transparent commitment to regulatory adherence and elevating its reputation among clients, regulators and the wider market.

CUs and Banks’ Most Valuable Currency Is Trust

Trust is not only the bedrock of our financial system, it can also be the differentiator for credit unions and community banks. Trust isn’t given. It is earned by going all out to protect their members and customers. Security and transparency are the basis of trust, but they can’t be the bare minimum to satisfy compliance rules, nor underestimated in terms of the strategic benefits. Further, financial institutions need to earn the trust of the regulatory agencies by explicitly demonstrating their capability to adapt to new rules and to be truly in control of their data, processes and risk exposure.

Tracy Moore is Director of Americas Strategy at Fenergo, a global fintech offering solutions to improve client lifecycle management (CLM) and support regulatory compliance.