Knowledge and Insights

7 Ways to Enhance Your Compliance Function

Ensuring your bank’s compliance function is effective and meeting expectations is of the utmost importance to regulators. This is evident through the design of the examination process and creation of a standalone regulatory agency focused on consumer compliance, in addition to an increasing number of regulatory changes and enforcement actions in recent years. With that being said, nothing can fall through the cracks. The challenge is community banks often struggle with managing a robust compliance function due to limited resources.


As with many other roles at community banks, compliance officers are required to wear multiple hats in their position. If you take a look at a list of compliance officers within any given state, you will find that they typically also hold other titles such as CRA Officer, Fair Lending Officer, and/or Head of Risk Management, among other roles. This diverse set of responsibilities requires a balance between being a second-line function as well as an active member of the bank management team.

In addition, prior studies performed by the Federal Reserve Bank of St. Louis noted that the cost of compliance in relation to total noninterest expense increased substantially in relation to the decrease in the size of the bank. This is primarily due to the ability to spread the costs more effectively across larger banks than it is across small ones.  For example, the study noted that banks with assets of $1 billion to $10 billion reported an average compliance cost of 2.9 percent of their noninterest income compared to 8.7 percent in banks with less than $100 million in assets.


With all the responsibilities on a compliance officer’s plate in conjunction with the strain of compliance costs on community banks, it is imperative that your bank’s compliance function is designed to be effective and efficient. Below are seven steps you can take to help ensure this:

  1. Evaluate the structure of your compliance oversight model. Although the Board of Directors has direct oversight of the compliance function, management of the function is typically designated to the compliance officer. However, the compliance officer should not be the only individual responsible for compliance at your bank. You should determine if your bank’s compliance officer is supported by management-level committees that can share the burden of managing the bank’s compliance program. Compliance is everyone’s responsibility and shouldn’t fall on the shoulders of just one person.
  2. Ensure that your compliance management program is risk-based. A compliance risk assessment that evaluates your specific products and services, applicable regulations and your customer profile is the best tool you can use to ensure that the compliance function is focused on compliance risk specific to your bank.
  3. Customize your compliance training program. Staff should be provided with tools to identify compliance risk at your bank with real world examples of what can go wrong and how to avoid compliance pitfalls on a regular basis.
  4. Develop effective lines of communication. Your bank should encourage employees to communicate when things go wrong and identify when they need additional guidance related to compliance topics.
  5. Implement a three lines of defense model. If you haven’t already implemented a three lines of defense model, your bank should develop a formal process that includes reporting and remediation of issues so that everyone at your institution can provide a level of protection when it comes to compliance risk. Business line management should monitor compliance risk as part of their day-to-day activities. Second line (compliance and risk) functions should have a compliance monitoring program that reviews policies and procedures, transaction activity, complaints and other business line functions for possible compliance concerns. Lastly, internal audit will provide a final set of eyes over various compliance requirements to provide the bank the opportunity to remediate any deficiencies as timely as possible.
  6. Reengineer your bank’s business and compliance processes. When possible, management should reduce the burden of labor-intensive processes with automated controls that provide the same or better level of prevention and detection. In addition, when control breakdowns occur, you should look for alternative ways to design compliance processes to ensure lasting remediation.
  7. Track and manage issue remediation. The purpose of compliance monitoring is to identify potential process breakdowns or regulatory violations, but if issues are not tracked and remediated, the function’s value is lost.


Mercadien’s Financial Institutions Services Group is comprised of industry experts that can help you evaluate your bank’s compliance function and offer suggestions for enhancements to help ensure that it is operating in an effective and efficient way, along with meeting regulatory expectations. Our team works with banks of all sizes across the nation in the areas of compliance, risk management, BSA/AML, audit and validations. Contact us today to learn more.