Why a Compliance Mindset is Hurting Community Banks

By Adam Mustafa

Community bank CEOs are wasting money on compliance. They are spending more than ever, hiring additional risk officers, internal auditors, compliance officers, vendors and consultants. They are checking every box and fulfilling every mandate.

And they are doing it all wrong.

A new study by the Federal Reserve Bank of St. Louis’ supervision division found that spending more on compliance isn’t leading to higher regulatory ratings for the smallest community banks. It isn’t elevating their managing scores, or positioning the bank for success.

And that’s because having a compliance mind-set is a recipe for mediocrity, no matter the size of the bank. The banks that will earn the most leeway with regulators—and maximize value for shareholders—will naturally implement and utilize the tools and processes that are a prerequisite for “compliance” as a critical function of their strategic and capital planning processes.

When that happens, compliance becomes a mere afterthought; something that is more icing on a cake that doesn’t need icing to begin with. This type of approach is actually easy to execute. You don’t need expensive, overrated and highly misleading black-box models and software. You don’t need an entire department dedicated toward enterprise risk management.

What you do need is a cultural mindset, which starts with the CEO. This mindset starts with an objective to use these tools to play offense by seeing problems before they materialize. The CEO then positions the bank to gain a competitive edge, while their competitors (from both an operational and capital markets perspective) get blindsided.

I participated in a panel this month with regulators from the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. at the New York Bankers Association Financial Services Forum. The topic was how best to manage commercial real estate concentrations.

Part of the discussion revolved around the role of stress testing, which can be critical to showing examiners that a bank has enough capital to handle a risky portfolio.

Stress testing is a great tool for the job, but it’s a tool, not the job. Banks that simply submit stress tests to regulators as evidence that they can manage a loan portfolio aren’t going to get what they want.

Instead of viewing stress tests as an end game, bank CEOs need to think of them as tools to provide insights. Reports must be discussed at the board level and understood by the highest levels of management. And then the bank must adjust its strategy if the tests show a potential problem.

The trick to compliance is to not treat it as a compliance exercise. A bank CEO must say, I am going to use this as a strategic planning tool. A CEO cannot give a stress test to the chief risk officer and say make the problem go away. CEOs must look at the results, understand them and use them to adjust their strategic thinking.   

A funny thing happened when I began talking about compliance on the New York Bankers Association panel. The regulators nodded their heads in agreement.