What’s on the minds of lenders these days? It’s a common question in these economically perilous times. For the past 10 years, Wolters Kluwer Compliance Solutions has surveyed lenders on their insights about risk- and regulatory-related concerns.
No matter the type or asset size of the financial institution in question, effective navigation of regulatory changes continues to lead the list of challenges facing compliance professionals at banks, credit unions and other lending organizations. Originators will want to understand how these concerns can impact the bottom line for their own companies and for their lending partners.
The Regulatory & Risk Management Indicator survey was first developed in 2013 to methodically collect key trend information on the breadth and depth of regulatory and risk concerns among lenders. The survey also identifies the areas needing attention in the coming year.
“Even though the main score is lower, this does not mean that regulators have been looking the other way or becoming less vigilant.”
As in past years, people responded from institutions of all sizes, although a majority (81%) in the most recent survey represent smaller banks and savings and loan institutions, followed by credit unions (18%). The nearly 330 people surveyed are primarily from bank management and executive levels, followed by those in compliance roles as well as those in lending functions.
The survey aims to take the pulse of compliance and risk officers for banks and other lenders. Over the years, it has also revealed where respondents believe their organizations currently stand, where they need to be and how they will go about addressing challenges.
The survey measures lender concerns about current regulatory and risk trends, along with anticipated impacts to an institution’s relative abilities to manage risk. It includes a “main score” that offers a snapshot of the risk and regulatory compliance landscape that lenders must navigate.
While the main score decreased from 128 points in 2021 to a score of 94 last year, which suggests an overall easing of concerns, these results are somewhat misleading. This is because two of the major drivers for the lower score included a reduction in the number of formal enforcement actions (down 18%) and the overall dollar volume of penalties and fines (down a whopping 94%) that were imposed as part of these enforcement actions. But there were several other factors that also reflect ongoing concerns, most notably involving an increase in the number of new major regulations.
Some of the reduction in the number of enforcement actions and the dollar amount of fines is simply attributable to timing. Developing an enforcement case is complicated and often plays out over a lengthy period. The survey period covered regulatory activities for the period from July 2021 to June 2022. Consider the $3.7 billion fine levied by the Consumer Financial Protection Bureau against Wells Fargo at the end of 2022. This large penalty did not take place during the most recent survey, but it will be reflected in next year’s overall survey score.
Also, even though the main score is lower, this does not mean that regulators have been looking the other way or becoming less vigilant. On the contrary, regulator examinations are just as rigorous as ever. No one should take the lower score to mean that risk and compliance management is getting any easier.
Change management was identified as the most pressing regulatory compliance challenge in the next 12 months by a majority of respondents. This shows that the ability to absorb the breadth and volume of regulatory change is an overwhelming and formidable challenge, regardless of a financial institution’s resources.
Complicating the implementation of these changes is the general business environment and its own set of challenges, especially in the present economic environment. It also suggests that institutions are feeling pressure from regulators, with several significant regulatory initiatives underway. Most notably, these include Community Reinvestment Act (CRA) modernization, small-business lending data-collection efforts via Section 1071 of the Dodd-Frank Act, and changes to the Bank Secrecy Act.
Survey respondents are anticipating challenges arising from the implementation of regulatory changes across their enterprises. The CRA rule changes and the 1071 regulations could hit at roughly the same time. Each are complicated and will require a consolidated effort across institutions to implement.
“Today’s environment is too complex to manage compliance without the help of technology and automated processes.”
These regulations have been on the horizon and in play for the past several years. For many banks, CRA changes will require new evaluation methods, new data to collect and a new examination process to adjust to, along with new approaches for working with their communities and business partners.
In some ways, CRA rules and Section 1071 are intertwined and have to sync up. Furthermore, the 1071 data will also be used for fair lending analyses. Lenders will have to implement a system for obtaining and reporting the data. They will also need to analyze and determine what the data shows about their lending patterns, especially in regard to the gender, race and ethnicity of small-business loan applicants. Sixty-eight percent of survey respondents are either “very concerned” or “somewhat concerned” about their ability to manage implementation of the forthcoming 1071 regulation.
Wolters Kluwer expected that more survey participants would report experiencing increased regulatory scrutiny on fair lending examinations. Sixteen percent of respondents indicated more scrutiny, only slightly higher than in 2021 and likely attributable to a higher regulatory focus on fair lending. It will be worth watching these results in the 2023 survey.
Climate-related financial-risk management is also an area to monitor. Only 27% indicated they were giving significant attention to climate-related risk management, with 23% giving it some consideration. These numbers are likely to rise as the approach by regulators on climate-related risk management becomes clearer and more developed.
The survey revealed a significant increase in concerns for managing risk across business lines. In fact, the 59% share was the highest for risk management in the past four years. There was also a significant increase for third-party risk management. This share went from 15% in the 2021 survey to 26% in 2022, reflecting the growth of third-party partnerships and increased regulator attention.
There were across-the-board increases in compliance management system investments. These included investments to strengthen risk management, update policies and procedures, manage regulatory content, improve quality assurance capabilities and bolster consumer complaint management.
Respondents are also giving considerable attention to interest rate increases, inflation, recession potential and ransomware attacks in their enterprise risk-planning efforts. Finally, and maybe not surprisingly, 83% indicated their belief that a reduction in overall regulatory burdens was either “somewhat unlikely” or “very unlikely” during the next two years.
The top three obstacles cited for implementing an effective compliance program included manual processes (54%), inadequate staffing (44%) and too many competing business priorities (38%). Let’s break these down a bit.
With manual processes, today’s environment is too complex to manage compliance without the help of technology and automated processes. Spreadsheets just don’t work. The share of those who expressed concern in this area jumped from 45% in 2021 to 54% in 2022. Manual processes lead to errors, inconsistencies and disconnects across the so-called three lines of defense. The three lines of defense start with operational management controls executed on a daily basis. That’s backed up by risk and compliance controls to ensure the first line of defense is properly designed and operating as intended. The last line of defense is an internal audit.
Inadequate staffing concerns saw an increase over the 2021 score of 41%. This modest jump could reflect a couple of things, ranging from the effects of the “Great Resignation” to the long-standing challenges of attracting and retaining talent. Another factor might be work-from-home practices. Anticipation about the future could play a role here as compliance officers look down the road and see a lot to do; their responses may suggest that future staffing is inadequate to handle the load.
Finally, having too many competing business priorities is a challenge that speaks for itself. There has been an emergence of anecdotal evidence of people having to take on more than one role, and the survey results reinforce this trend.
How might financial institutions overcome these obstacles? It appears that the potential answer lies in the appropriate deployment of technology. Regulators are expecting this, especially in an environment where many banks are under remote supervision. This means incorporation of technology into enterprise risk-management programs.
It also involves having a fully functioning compliance management system integrated with your institution’s three lines of defense. With these tools and the analytics they provide, one can build solid business cases for identifying and securing needed resources — including more team members — earlier on your lending institution’s journey to a more sound and effective compliance foundation. ●