When we first talk with a financial institution we find out certain key components that make up the FI's DNA. One of those is their 'culture of compliance'. And generally, within only a few minutes, we can tell how that FI feels about the compliance process. We are curious of things like, "Will they see value in what we provide?" "Are they able to handle the scope we work through?" "Is this a client we really want to work with or will it be a painful process for both sides?" You see we found that there are really two main profiles that we run across and here's a list of how each one will think:
The Penny Pinchers
Whatever it takes to get past the federal exam. Maybe we can get past without a 3rd party audit all together? Hmm...
Audit and compliance really only needs to be one persons responsibility.
What? The auditors want to use software to do their audits? Tell them to just make it work with M$ Office.
As long as we put a title on these policies and procedures we're good. We don't really need to follow them.
We don't care of the providers reputation, the scope of work, we just need it cheap.
The Continuously Compliant
We realize that an annual audit no longer makes sense in todays regulatory world. We want something consistent, scheduled, and based on risk.
We have turned our compliance reviews into a strategic advantage where we can make business decisions based off them.
Policies and procedures are documents that hold us as a staff accountable and helps ensure coverage in all areas of the FI.
We believe technology for technology sake isn't necessarily the answer but something that is simple, collaboration, and standard across the FI enables us to see the reviews we do at the enterprise level.
If we use a third party vendor, we want to understand the differences other than just the price. What's the scope of work? How are the deliverables different? What are the qualifications of their staff?
Now my only question is, which one are you?
