Marie Blake, Executive Vice President, Chief Compliance Officer, BankUnited, N.A. Blake has over 16 years of banking and senior management experience, with an extensive background in banking compliance, risk control and risk management. Previously, Blake held several senior risk and compliance positons, including Senior Vice President, Risk Management Manager at Wells Fargo. In her role at BankUnited, Blake is responsible for regulatory compliance, developing strong compliance risk management programs, driving metric and key risk indicator development, relationship management, vendor compliance management, UDAAP, and fair and responsible business practices, among others.
Recently, Blake spoke to Ethisphere’s Aarti Maharaj about why it is important for the Board and companies to build and maintain transparent relationships with regulators.
Why is this topic of importance/ relevant to you?
Developing strong relationships with regulators has been an important element of my success as a Chief Compliance Officer, as well as my success in other risk and compliance roles throughout my career. The strength of those relationships is built upon transparency. I have found that in any environment, establishing trust with regulators is important. If they believe in the program you built, that can go a long way because they know if something goes wrong, you will identify and fix the problem. Building that rapport with regulators is critical to any successful program. As well, companies may find themselves in hot water with regulators if they neglect to address an issue in a timely and transparent manner.
What are some of the reasons why companies scramble (or fail) when it comes to building a transparent relationship with industry watchdogs?
I think company culture has a lot to do with transparency. Transparency often involves admitting self-identified mistakes. In a culture where admitting mistakes is not embraced as a positive event it is difficult to promote transparency. I have often told business partners that self-identification of issues and full transparency is an opportunity to fix something that is broken before it is pointed out by internal/external auditors or during a regulatory exam. Sometimes, business partners see transparency as admitting failures. However, I believe promoting a corporate culture of transparency has to begin at the top, so that business lines are more apt to self-identify and report issues. In some corporate cultures, receiving an internal or external audit report with issues identified within may be seen as a weakness that occurred under the manager’s span of control, and because of this, individuals may be reluctant to come forward with self-identified risks or issues going forward.
An example of a good culture: You are applauded for risk identification and subsequent issue resolution rather than being penalized for having brought the risk to the surface. In effect, you want to build a proactive risk culture and this will help in building and maintaining a transparent relationship with regulators.
The general rule of thumb is that once an issue has been identified, you need to take steps to fix it—especially if there is consumer/customer harm or the potential for harm. Be sure that as part of your healthy compliance risk culture, you account for the appropriate number of resources to fix issues that are self-identified. If all project resources are dedicated to planned internal projects and there are no resources allotted for unplanned issue resolution, a backlog may occur which may negatively affect the company’s risk culture. As well, issue resolution backlogs and the length of time taken to resolve issues will likely be evaluated by your regulators.
And when should companies start building relationships with regulators?
All in all, there should always be a focus on developing relationships with regulators. It’s never too early or too late to start.
How can building highly motivated and effective compliance teams enhance a company’s relationship with regulators?
When your regulators believe in your compliance program and employees executing that program, the relationship with the regulators is on track. It’s important that compliance team staff members understand the important role that they play, and that every employee is a representative of the compliance program. When you have an exemplary team executing a solid program, the regulators know the company is trying to do the right thing and is committed to a culture of compliance.
The regulators point of view: Based on your experience, what do regulators want from compliance officers and how can they support them?
Point blank, they prefer not to have the kitchen sink thrown at them. What I mean by this is that some companies overwhelm the regulators with documentation and information particularly during exams. I do not find that strategy to be successful, nor does it promote a positive relationship with regulators. We go out of our way to make examinations easy on regulators. We provide organized indexed information that specifically addresses their questions and/or request. I have found this to be a contributor to a positive regulatory relationship. If you are doing the right thing as a company, showcase it.
Given your area of expertise, can you provide some best practices or advice that the Board/ compliance officers should follow?
I have built numerous risk and compliance programs over the course of my career, and there are some common threads. First, risk resides in the areas that are blind spots. So, ensure that your compliance program covers all areas and all facets of compliance including things like complaint analysis and UDAAP risk assessments. Secondly, encourage routines for your team members. As there are many aspects to managing a risk or compliance program, ensure that things don’t fall through the cracks. One way to keep on top of things is to manage against periodic routines and milestones that are established for execution of key compliance program elements. Lastly, develop solid reporting for your compliance program. Reporting should include performance and risk metrics.
Why “keeping a distance from regulators” is not a good thing.
In my experience, keeping a distance from regulators is not a good thing. If your compliance program is good, it is being executed robustly, and there is a positive culture of compliance within your organization, having a good relationship with regulatory partners should naturally follow.
Regulators have a job to do. Keeping a distance from them, placing them in dark dingy spaces during an exam, or making it difficult for them to find the information they have requested or need to complete an exam is not a good approach. Such practices are not likely to promote a positive or transparent relationship with your regulators.
