Managing Risk of Change

Compliance Insight: One of the great things about SCA is the range of issues we get to see, and the wealth of knowledge we get to tap into while working with dozens of clients on a monthly basis. Today, we'll share some important compliance insight about managing the risk of change.

By Gregg Oberg:

To address the topic directly—you cannot eliminate risk of change.

You cannot eliminate any risk, for that matter. Change will ALWAYS be a high priority, high magnitude event that keeps you up at night. In compliance, we minimize the impact of events certain to occur at one point or another. Or we delay the occurrence of these events. But we do not eliminate risk, nor does anyone expect us to do so.

It’s often said that change is the only certainty. Or is it “death and taxes”? Either way, both maxims are applicable to the daily struggle of a Compliance Officer—trying to keep up with the changes specifically applicable to your operations.

Why I’m Worth Listening To:

Before becoming an attorney, I worked in the field of Competitive Intelligence (check out the Society of Competitive Intelligence Professionals (SCIP) or Special Librarians Associate (SLA) if this topic is intriguing, good groups and fun annual conferences), where I addressed this challenge in a broader sense. What I hope to do in the next 250 words is instill a mindset rather than an answer; “teach a man to fish” if you will.

Assessing the Root Cause:

Simplified, the challenge—which is compounded for smaller institutions—is to get the right info, to the right people, at (or before) the right time. If you’re taking time to read this, you’re probably the right person. One down.

The remaining factors are symptoms of the same problem: information overload. Solving the problem depends on three things:

1. Sources - where you get data;

2. Methods - how you aggregate, prioritize, and route data; and

3. Taxonomy - how you define a “relevant” data point.

Filtering the Noise:

If you’re a larger institution, invest in tools. I’m happy to advise, no interest in any provider. The rest of us, we need to realize there aren’t many cost-effective substitutes for knowledge and experience. Sure, you can use Google Alerts, RSS Feeds, etc., but that requires an extra layer of technical ability in the expert who analyzes the data.

Pick good SOURCES you already have (AllRegs, MBA, newsletters, etc.), and find free or cost-effective sources for information. Understand source choice is a trade-off. More sources = more time; fewer sources = increased error likelihood. There isn’t a right answer to monitoring, you’ll never be perfect. But pick a route and run it. How will you demonstrate you stayed up to date? Document your daily reading list and time spent; and include deliberative assessments of relevance for any updates.

Last note on Noise—if your institution name is a common term, good luck searching. You need a better filter, which is next up.

Search the Right Terms:

Whether you use an automated scanner or skim with you eyeballs, you’ll need to know what terms require further reading. Strong technological ability can come in handy (millennial here - when I say “strong” I mean “average employee over 40 years old”). Boolean Logic and database tools allow advanced filtering of data. The specificity of taxonomy and the breadth of sourcing are related—the better the search filter, the more data streams it can take in.

Pulling it Together:

What you’re trying to do is scan a functionally infinite number of locations for data which is relatively uninteresting to the internet. You need a manageable amount of info for a human to review and prioritize, and perhaps most importantly; WHATEVER process you choose, you need to demonstrate why you did it. Compliance is a sliding scale of complexity, size, sophistication, and risk. Nobody expects you to be perfect, they just expect you to show that you tried.

Interested in the topic? Tweet me @GreggOberg. Looking forward to sharing more if people are interested.

Spillane Consulting Associates has served the residential mortgage lending business since 1991. We have specialized in mortgage banking consulting services and provided quality control reviews, risk management and process consulting and employee training to credit unions, community banks and non-depository institutions. We are a thought leader on the strategic growth of residential mortgage lending. You can learn more by visiting our website, or scheduling a meeting with me or one of my colleagues.

SCA Compliance Hotline: Need a question answered quick?

Email: Compliance-Question@scapartnering.com

Call: (781) 356-2772

Thanks so much for reading our weekly newsletters. We're not always going to be perfect, but because we always do our best and try not to overpromise, we hope that we're always going to be trustworthy. Your calls and e-mails are very helpful - please keep contributing.

**These are our opinions. We're not authorized, or willing, to express those of others.**