By ABA's Rich Riese, SVP, Center for Regulatory Compliance
Rules, rules, rules. They come from laws, agency pronouncements and even internal policies. Managing to get through the day without an infraction is a challenge for any organization. Mistakes happen.
We are human after all. We can and do err.
This is true even when as humans we are employed by our government to protect the national security while abiding by the protections for our civil liberties. Last week a NSA official remarked to The Washington Post on the results of an internal audit revealing 2,776 infractions of NSA procedures: “We're a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line…. You look at a number in absolute terms that looks big, and when you look at it in relative terms, it looks a little different.”
Does this sound like a familiar lament? Bank compliance professionals also work in a complex environment, tasked with managing a number of different regulatory regimes. They strive to ensure their organizations deliver products, services and transactions right the first time, every time. But organizations are not run by automatons. As much as technology is applied to the execution of operations, the goal of zero defects is beyond the collective reach of real men and women in any organization. What does risk-based compliance management mean if it doesn’t recognize that some violations vary in significance from one another? In other terms, what grade does a 1% error rate merit? As the NSA spokesman suggests, all compliance performance is relative.
Yet, recent CFPB guidance on “responsible conduct” expects more than legal compliance to avoid putative enforcement measures. It seems that the Bureau’s attitude may be that to err is human, to be forgiven is near impossible.
On the other hand, the Bureau itself in not without its own mistakes: A confidential IG report found numerous information security and other deficiencies in its consumer response program. We are all human-run agencies. Our common failure to grasp infallibility should spur our aspirations for better performance and, at the same time, humble us in our judgment of others.