QuestSoft Compliance Cafe Blog

Sign up to receive our monthly newsletter!

How to Create an Exceptional Compliance Program

Oct 24, 2017 by Brian Arnesen

Banks are under enormous pressure to generate new sources of revenue and increase their product offerings. While the results can be positive, many harmful business practices have emerged. These business practices not only harm consumers but force regulators to crack down and create new regulations.

HousingWire recently reported that Wells Fargo has appointed a new chief compliance officer to transform their compliance into an “industry-leading” program. This comes after multiple accusations of harmful business practices emerging over the past few years, including accusations of “forcing mortgage applicants to pay unwarranted fees” (Washington Post). This alone would make anyone even remotely familiar with TRID furrow their brow.

So, what does it take to make an exceptional compliance program? Well, it all starts at the top.


An organization’s culture greatly influences employees’ behaviors and actions. Culture is established from the top levels of executive management and trickles down to the front-line employees. Having an ethical culture greatly decreases the likelihood of risky behavior and practices throughout an organization. It’s not enough to state your values on your website or hang them on a wall — having an ethical culture is displayed through the actions of senior management. Senior level officers must be able to measure, monitor and mitigate risks to their institution.

One of the best ways to reduce risk is to create a “culture of compliance” where consumer compliance and daily operations are intertwined. Examiners will often audit an organization to see if an institution’s culture encourages risky practices or prevents them. At the end of the day, simply asking “Is this good for the consumer?” can prevent many harmful practices from occurring in the first place.

Internal Controls

Internal controls are put in place to mitigate risk and guide the day to day actions of departments to ensure safe practices. Internal controls consist of policies and procedures that allow institutions to detect problems with processes early before they become violations. According to the Basle Committee on Banking Supervision, there are five elements to internal controls:

1. Management oversight and the control culture

2. Risk recognition and assessment

3. Control activities and segregation of duties

4. Information and communication

5. Monitoring activities and correcting deficiencies

These internal controls should be reviewed periodically by senior management to ensure major risks are being identified and monitored. Compliance software is one of the most powerful tools used as an internal control and can help with everything from correcting deficiencies to assessing risk.

Policies and Procedures

A compliance program’s effectiveness is largely dependent on the policies and procedures set in place. Policies guide what an institution’s procedures are. Policies should not only be driven by risk avoidance, but by strong ethical principles.

“Wells Fargo was fined $185 million dollars by the CFPB and OCC over improper activities without customers’ consent,” according to an article by Forbes. Having well-defined, ethical policies and procedures clearly documented will help create a more effective compliance program.

One of the things evaluated by examiners is the ability of a compliance officer to affect change within an organization. This is a large part of transforming a compliance program into an exceptional program. A compliance officer is not effective if they cannot influence an institution’s policies.


A compliance program is only as strong as its weakest element. Having well-trained staff will increase the overall effectiveness of a compliance program. Resources should be allocated for routine staff training and continuing education pertaining to laws and regulations.  Effective compliance training should be adaptable to regulatory changes.

Compliance Audits

A compliance audit function must be included as a way to monitor a program’s effectiveness. A comprehensive compliance audit should be able to evaluate an institution’s products, services, departments, and operations. Large banks must be able to audit each of their locations to ensure consistency and standards are met. Fair Lending Services from QuestSoft can analyze an institution’s lending data and show patterns and areas for improvement.

You shouldn't wait for an examiner to come knocking on your door­­—analyze your compliance program for effectiveness and ensure that you have enough resources devoted to compliance. By using each of these strategies, you too can create exceptional compliance program.