In September 2022, Cross River Bank entered into a consent order with the FDIC due to concerns about unsafe and unsound fair lending compliance practices. The order required three immediate changes: Strengthening of lending and third-party compliance controls, compliance with credit product and third-party disclosure processes, including seeking FDIC approval for new credit products or partnerships, and preparation of assessments and reports by independent third parties to evaluate fair lending compliance among third parties offering Cross River Bank’s credit products. This suggests heightened FDIC scrutiny of bank-fintech partnerships.
However, a risk-based approach to IT governance can benefit community banks, helping them build trust with regulators and master regulatory challenges.
Navigating the Regulatory Landscape
Community banks face the challenge of adhering to strict regulatory requirements, including the Dodd-Frank Act, which emphasizes transparency, the Bank Secrecy Act (BSA) which addresses money laundering, and the Community Reinvestment Act aimed at meeting the community’s needs. Financial institutions must not only keep up with mounting standards but also regularly evolving banking laws. Neglecting these responsibilities can impact the bank’s reputation, operations, and profit. Regulators, such as the Federal Deposit Insurance Corporation (FDIC), Office of the Comptrollers (OCC), and State Banking Regulators are constantly screening even the smallest of community banks against compliance risk management policies. In several cases, regulators have initiated compliance actions for seemingly minor non-compliance issues. According to the FDIC 2020 Community Banking Study, the complexity of these regulations has forced some smaller banks with limited compliance resources to exit the industry.
The Role of IT Governance in Compliance
Community banks routinely gather diverse types of financial data and community statistics to gain valuable insights into customer behavior and market trends to benefit their clients. This data analysis typically includes:
- Transaction histories
- Customer demographics
- Market research studies
- Community economic indicators
Safeguarding this data is paramount, but as the volume of data grows, the management, storage, and protection of it become increasingly complex. Simultaneously, the expanding IT environments, and the rising sophistication of cyber threats make this data more vulnerable. In order to adhere to standards such as the Bank Secrecy Act and data protection regulations, banks must establish strong IT governance frameworks. IT governance is the set of processes and standards used to ensure the effective and efficient use of IT in enabling an organization to achieve its goals. Such goals include mitigating IT- and cybersecurity-related risks to strengthen the bank’s compliance posture.
Overcoming Challenges and Risks through Proper IT Governance
An emerging best-practice IT model for compliance in community banking emphasizes the shift from compliance departments merely advising on how to comply to actively managing and monitoring risk. Leaders should design key risk indicators (KRI) to proactively identify potential compliance gaps and implement IT policies and procedures to ensure continuous monitoring of sensitive customer data.
Roman Dróżdż, IT process manager of ING, underscores the significance of robust IT governance, which revolves around establishing a uniform procedure encompassing development, operation, and automation. Among other measures, Dróżdż implemented dual control for stored credit data, mandatory input validation to ensure only authentic data enters the bank’s records, and improved scan configurations to identify system vulnerabilities. This level of expertise and implementation highlights the importance of strong IT governance in banks. However, not all banks have the same level of internal expertise as ING, which is where partnerships can help bolster their IT governance programs. This allows banks to leverage the expertise and resources of their partners to strengthen their overall compliance posture. As Dróżdż points out, “state governance today is almost always a software issue”, emphasizing the critical role of IT governance in modern banking operations.
Integrating IT Governance with Regulatory Compliance
According to research from Celent, community banks allocate significant financial resources towards meeting compliance requirements, with a clear emphasis on investments in IT. But budgetary investments alone are insufficient. Financial institutions need comprehensive IT governance frameworks to ensure they meet evolving regulations.
These compliance requirements encompass various aspects of data security, including data confidentiality, which is stipulated in regulations such as the California Consumer Privacy Act (CCPA), the ISO27001 Standards, and the SOC1 and SOC2 (Systems and Organization Controls). Additionally, it is crucial to stay aligned with the latest security testing standards for IT infrastructure.
In short, to survive in this complex and ever-evolving regulatory environment that places a premium on data safety, community banks must prioritize the establishment of proper IT governance within their organizations.
Ensuring a Secure and Compliant Future
In the period since 2009, regulatory fees have increased dramatically relative to banks’ earnings, with regulatory scrutiny targeting even small community banks. Banks are obligated to provide regulators with accurate reports demonstrating their adherence with ever-evolving financial reporting standards that include BSA, Anti-Money Laundering (AML) and Community Reinvestment Act.
The implementation of a best-practice IT governance program plays a pivotal role in ensuring regulators that your institution effectively safeguards consumer data with rigorous risk management and internal controls. Such programs not only save you money, but they build trust with regulatory bodies and enhance your bank’s reputation, among other benefits.
Partner with Hartman Executive Advisors for Robust IT Governance
At Hartman Executive Advisors, we understand the critical role of IT governance in mastering regulatory challenges. Our experienced team specializes in helping community banks establish robust IT governance frameworks that not only ensure compliance with evolving regulations but also enhance trust with regulators, fortify your institution’s reputation, and ultimately save you money.
Don’t navigate the complex regulatory terrain alone. Reach out to us today to learn how our IT governance expertise can help secure a compliant and prosperous future for your community bank. Your success is our priority.
