March 28, 2007

Bank Compliance Focus Expands: Global Compliance Integration and the Federal Sentencing Guidelines Framework Are Becoming the Standard

Holland & Knight Alert
Christopher A. Myers

Since enactment of the USA PATRIOT Act, bank regulators have focused like a laser beam on Bank Secrecy Act/Anti-Money Laundering Compliance. The regulatory focus on BSA/AML compliance has evolved from ensuring the adoption of required policies and procedures and the appointment of a BSA compliance officer, to the implementation of those policies and procedures, to the auditing and monitoring of compliance with the policies and procedures, and ultimately to the effectiveness of the program’s implementation. While the evolution continues, BSA/AML compliance has become a primary element of the supervisory strategy and regulators’ expectations in bank examinations. Indeed, the publication of the Bank Secrecy Act Examination Manual institutionalizes this primary focus through its detailed, coordinated guidance, and by its emphasis on regular risk assessments.

The logical extension of the emphasis on thorough risk assessments is the expansion of supervisory attention to other regulatory compliance and financial risks. The Board of Governors of the Federal Reserve System has recognized this expansion. The Board’s Division of Banking Supervision and Regulation organizes its Risk Section to include compliance risk specifically and separately. Furthermore, compliance risk is divided between BSA/AML compliance risk and other compliance risk. For the latter, the focus is on broader compliance risks across the enterprise, including the coordination of different compliance functions, and best practices in compliance programs. In other words, the focus is on compliance matters other than just BSA/AML compliance.

So, what’s the big deal about a small compliance risk staff at the Board of Governors? Sources at the Board, various Federal Reserve Banks and other bank regulators confirm that the compliance focus is expanding to include all regulatory compliance. It seems that the current small staff is the beachhead for the expansion.

At a minimum, the Board expects banks to have effective comprehensive compliance and ethics programs as an essential component of the safety and soundness of their operations. These expectations are wholly consistent with guidance from other regulatory agencies, including the Securities and Exchange Commission (SEC), the Department of Justice, and, perhaps most important, the United States Sentencing Commission.

Creating an Effective Framework

Financial institutions, or any other heavily-regulated or complex organizations for that matter, need a comprehensive compliance framework to have comfort that they understand and are meeting their many regulatory compliance requirements, including BSA/AML. This is a framework into which all regulatory compliance issues should be organized and evaluated in order to ensure they are receiving appropriate attention. The framework must include policies, procedures and activities necessary for the compliance system to be effective.

The Sentencing Guidelines

The United States Sentencing Commission (the Commission) has issued guidance on the minimum components required for a compliance and ethics program to be effective. The guidance, which appears in The United States Sentencing Commission Guidelines Manual for 2006 in Chapter Eight (the Sentencing Guidelines), resulted from an extensive analysis and report on 10 years of history with compliance and ethics programs. The analysis was directed by the Commission and contains detailed descriptions of how a proper compliance and ethics program should work. The Sentencing Guidelines, therefore, provide an appropriate framework for a compliance and ethics program at a financial institution, or other heavily-regulated organization.

The Sentencing Guidelines and their underlying analysis are based, in part, on experiences in developing and implementing the USA PATRIOT Act, and the failures of Enron, MCI and other corporate scandals of the past several years, which led to the Sarbanes Oxley Act (SOX), and the related SEC regulations. The Sentencing Guidelines also took into account lessons learned over many years by the Department of Justice, other federal enforcement agencies and the companies they examined, audited and investigated. Thus, even though the Sentencing Guidelines arose in the context of criminal sentences, the principles they adopted are applicable universally to compliance and ethics programs, and frequently are used by enforcement and regulatory officials to evaluate such programs.

Emerging Best Practice

As bank regulators expand their focus on regulatory compliance, there is a natural convergence with meeting the Sentencing Guidelines’ requirements for an effective compliance and ethics program. In fact, our sources suggest a nexus point between bank regulatory compliance and the Sentencing Guidelines. This evolution strongly suggests that designing and implementing a compliance and ethics program – which includes regulatory compliance – within the framework of the Sentencing Guidelines is an emerging best practice for financial institutions. Accordingly, organizations that anticipate this convergence will be well-positioned to minimize regulatory and reputational risks, and succeed and prosper within the ever-expanding requirements of effective corporate governance. As a first step, forward-looking organizations should evaluate their programs within the framework of the Sentencing Guidelines, and then implement necessary and appropriate changes to reflect the practices outlined there.

Latest Insights