Rules, Regulations, And Relationships: How WSECU Spreads Compliance Management Across The Enterprise

Top-Level Takeaways

• WSECU created a consumer protection compliance committee in 2014 in response to Dodd-Frank changes to the regulatory landscape.

• Leaders from across the organization participate in the committee to provide transparency and awareness as products and services evolve.

CU QUICK FACTS

WSECU
Data as of 12.31.19

HQ: Olympia, WA
ASSETS: $3.3B
MEMBERS: 281,711
BRANCHES: 21
12-MO SHARE GROWTH: 11.8%
12-MO LOAN GROWTH: 9.3%
ROA: 1.01%

Every month, a group of senior leaders at WSECU ($3.3B, Olympia, WA) gather to review their organization’s appetite for risk, renew itsfocus on member protection, and break down silos that block the view of how compliance concerns are playing out across the enterprise.

WSECU created its consumer protection compliance committee in early 2014 in the wake of new Dodd-Frank mortgage rules and state examinations.About that time, Wilkes Hardin joined the Evergreen State cooperative as its vice president of lending compliance.

Our compliance world has become so much more complex in the past 10 years, Hardin says. Credit unions aren’t under the radar like we used to be. With the state and NCUA focus on safety and soundness, we’re in the crosshairsof compliance like never before.

To mount a formal response to the changes, the credit union created the committee to: provide oversight, guidance, and direction with respect to the credit union’s management of compliance, including oversight of the credit union’s compliance with state and federal laws, regulations, rules, interpretations, and regulatory guidance, including implementation of new or changed regulatory requirements, products, services or systems.

Here, Hardin details how the committee operates and the impact it’s had on products, processes, and people.

Every time one of the big banks or other FIs, or small ones for that matter, make the news for the wrong reasons, pay attention and evaluate your position on the subject. It’s foolish to be caught with your hand in the cookie jar when you knowthe baker is watching.

Who’s on WSECU’s consumer protection compliance committee, and how do you chose participants?

Wilkes Hardin: The committee is chaired by the vice president of lending compliance and includes the vice president of information security, the vice president of operations support and payment services, and the BSA and deposit compliancemanager. Our VP of audit is a non-voting member, and, on occasion, we’ve engaged outside counsel.

The composition reflects ownership of the clear areas of compliance responsibility. They’re the credit union compliance officers. As compliance is de-centralized in our credit union, this kind of structure is necessary to ensure all areas of consumerprotection compliance are adequately represented.

What challenges and opportunities do the committee address, and how is it a mission fit?

Wilkes Hardin, Vice President of Lending Compliance, WSECU

WH: It addresses complexity and control. The need for a clear and organized structure for managing compliance has been evident in the financial institution space for some time. With differing state and federal rules, regulations, laws,and guidance, it’s often too much for any one functional area to effectively manage and understand.

Regular meetings and feedback with organizational compliance stakeholders allows for a consistent application of our compliance and risk management principles, according to the letter of the law and our board of directors’ stated appetite for compliancerisk.

Managing to the appropriate risk level allows our credit union to champion our members’ financial well-being, making their lives easier and our communities stronger.

How often does the committee meet, and what happens at those meetings?

WH: We meet monthly and talk about things that have come up in audits, incidents, and regulatory changes, as well as exam preparation and the staff training and resources that will require. We also review new products and services. Really,anything that consumer protection touches.

How does the committee share its work with others?

WH: The senior team receives an annual state of compliance report of the year’s activities and business. The supervisory committee receives the results of the quarterly complaint reviews. The committee’s management of organizationalcompliance is reported quarterly to the board of directors on a risk dashboard.

What changes have resulted from the committee’s recommendations?

WH: The committee has shaped the development of the organizational compliance management program, including the compliance training program, the Fair Lending program, the employee loan program, and the member complaint management program.Our compliance officers also actively participate in our enterprise risk management program.

How does the committee work with credit union stakeholders outside your meetings?

WH: Since the committee has an executive sponsor our chief administrative officer representation of committee business at the senior team level is embedded. And, the committee members each work closely with their directsupervisors, all but one of whom is a senior vice president, to address compliance issues in their respective lines of business.

Our board has made it clear to the entire organization that compliance takes priority, which translates into collective ownership of compliance. The VPs, particularly the ones on this committee, are empowered to make operational compliance decisions inaccordance with that stated vision and risk appetite from the board.

How does the committee keep up with state and federal regulations?

WH: CUNA resources, BankersOnline, listservs, compliance networks, automatic alerting from regulatory agencies, compliance workshops and conferences, networking.

Like everyone else, we go to the internet, and generally, we keep our fingers all over the pulse of the industry to make sure we don’t miss things. Of course, we still do sometimes. Compliance is such a moving target.

Somewhere along the way I picked up the slogan, Rules and regulations without relationships equals rebellion and resentment.’ I believe that’s true. It can’t be us versus them.

The committee also participates in advocacy work through comment calls on regulatory changes and initiatives.

What specific regulations are of most concern to the committee right now? And how are you dealing with them?

WH: UDAAP, ADA litigation that continues in changing forms, payday lending rules that are perpetually pending, TCPA cellphone rules ambiguity, privacy and cybersecurity laws, constantly changing BSA rules. The list goes on. CECL’s another one although it keeps getting kicked down the road.

What other issues that might not be so tightly regulated right now are of concern? For example, does the committee work on cannabis banking?

WH: Should our board indicate interest in serving legal MRBs [marijuana-related businesses] in Washington, the committee would be involved in regulatory compliance and any risk considerations.

Are new products vetted through the committee?

WH: Well, consumer compliance committee members are often embedded in project and product work, but the compliance piece there is more indirect. Items of concern may be brought to the committee for discussion and potential action.

There hasn’t been a lot of new product development in the past, but that’s changing as the credit union works to stay relevant. There will likely be more formal integration of the compliance management program into the development of productsand services as we evolve.

What has been the impact of the committee, overall?

WH: The committee has allowed for inclusion and line of sight for organizational compliance stakeholders in areas traditionally separated into silos. We now see a broader, more holistic view of the organizational compliance program thanbefore. These unobstructed views foster and enhance our risk management abilities and understanding of issues impacting the cooperative.

Read More Best Practices From WSECU

• Iterate Then Do It Again For Better Project Management

• 3 Branch Models, $75 Million In Savings

• Encouraging Employees To Get Up To Some Good

What advice do you have for credit unions interested in creating a compliance culture and committee like yours.

WH: Well, compliance is part of your GRC [governance, risk, and compliance] program. As such, you should ensure the work of the committee is risk-based and you understand your board’s appetite for compliance risk.

Then, learn from others’ mistakes. Every time one of the big banks or other FIs, or small ones for that matter, make the news for the wrong reasons, pay attention and evaluate your position on the subject. It’s foolish to be caught with yourhand in the cookie jar when you know the baker is watching.

Also, forge working relationships with the folks in your credit union responsible for making compliance a priority in practice you really become effective when the operators in the system advocate for your efforts. Somewhere along the way I pickedup the slogan, Rules and regulations without relationships equals rebellion and resentment. I believe that’s true. It can’t be us versus them.

Compliance is about protecting the cooperative, not stifling innovation and new ideas. We must overcome the stigma attached to compliance officers by sharing a purpose with our co-workers and working toward constructive outcomes for all. At the end ofthe day, it’s simply the right thing to do.

This interview has been edited and condensed.