Regulators Crack Down on Compliance in Financial Services

It’s a tough time to be a compliance professional in the financial services industry. A growing number of U.S. financial institutions have been hit hard with regulatory fines and lawsuits due to compliance failures. Meanwhile, federal regulators are imposing new rules on a level unseen in the past decade, underscoring the importance of guarding against non-compliance in financial services. Banks and credit unions need to double down on compliance management to protect their bottom line and reputation.

A look at recent headlines reveals both the prevalence of regulatory enforcement actions and the high costs of non-compliance. A recent analysis of 1,500 news reports related to bank risk events found that more than 600 referenced governance failings. Nearly half of those spotlighted regulatory fines.

“If a governance failing leads to significant reputational damage, or if it is symptomatic of more serious or widespread failings, negative [credit] rating actions could follow,” warned Fitch Ratings, which conducted the study.

Penalties skyrocket into the billions

Regulators aren’t shy about handing down big fines to penalize violations and incentivize compliance in financial services. Recent enforcement actions targeted banks like Wells Fargo and USAA and crytpo exchanges including Coinbase and Bittrex.

Wells Fargo

In December 2022, the Consumer Financial Protection Bureau (CFBP) imposed its largest fine ever — $3.7 billion — on Wells Fargo for an array of violations related to car loan servicing, mortgage loan servicing, and consumer deposit accounts.

Wells Fargo CEO Charlie Scharf commented in the company’s fourth-quarter earnings call, “While our risk and regulatory work hasn’t always followed a straight line and we have more to do, we have made significant progress, and are moving forward.”

Still, the bank felt the sting, reporting operating losses totaling $3.3 billion in the fourth quarter and $2 billion in the third quarter due primarily to litigation, regulatory, and customer remediation matters.

Coinbase

Cryptocurrency hasn’t escaped the attention of regulators. At the beginning of January, Coinbase reached a settlement with the New York Department of Financial Services. The department found deficiencies in the crypto exchange’s Know Your Customer (KYC) due diligence procedures, transaction monitoring system, anti-money laundering (AML) risk assessments, and Office of Foreign Assets Control (OFAC) screening program.

Coinbase has more than 100 million users worldwide. Its compliance system couldn’t keep up with growth and had a “substantial backlog of unreviewed transaction monitoring alerts, exposing its platform to risk of exploitation by criminals and other bad actors,” according to the consent decree.

Coinbase agreed to pay a $50 million fine, as well as an additional $50 million to revamp its compliance program.

As regulatory scrutiny intensifies on digital asset firms, many are investing in their compliance programs and implementing regulatory technology solutions, or “RegTech.”

“Compliance is critical to create trust among the industry, regulators, and customers,” Paul Grewal, Coinbase’s chief legal officer, told Axios. “Maintaining high compliance standards can also be a competitive advantage, allowing companies like Coinbase to obtain licenses and operate in highly regulated markets that are not open to our competitors.”

USAA Federal Savings Bank

USAA Federal Savings Bank agreed last year to pay $140 million for what the Financial Crimes Enforcement Network (FinCEN) described as willful violations of the Bank Secrecy Act. FinCEN’s settlement with the bank includes $80 million in civil fines and a $60 million penalty stemming from a similar case brought by the Office of the Comptroller of the Currency (OCC).

“As its customer base and revenue grew in recent years, USAA FSB willfully failed to ensure that its compliance program kept pace, resulting in millions of dollars in suspicious transactions flowing through the U.S. financial system without appropriate reporting,” said FinCEN’s Acting Director Himamauli Das. “USAA FSB also received ample notice and opportunity to remediate its inadequate AML program, but repeatedly failed to do so.”

“Today’s action signals that growth and compliance must be paired, and AML program deficiencies, especially deficiencies identified by federal regulators, must be promptly and effectively addressed,” Das added.

Related Reading | How GRC Can Improve Compliance with AML Regulations →

Tip of the Iceberg

Other organizations that have recently found themselves on the receiving end of regulatory enforcement for not meeting financial services compliance requirements include Bank of America, Regions Bank, and Bittrex.

Regulatory changes compound burden of compliance in financial services sector

With increased scrutiny and the surge in enforcement actions putting pressure on banks and credit unions to tighten the reigns on compliance, financial services organizations also must try to stay ahead of constantly shifting regulatory requirements.

The Securities and Exchange Commission (SEC) announced a record-breaking year for enforcement actions in 2022. Meanwhile, the agency has proposed a volume of new rules to improve risk management, oversight, and transparency. The SEC is not alone — numerous other government authorities are making regulatory changes that impact compliance in financial services.

These factors signal the mounting need for financial firms to be proactive. Keeping up with regulatory changes can weigh heavily on teams, systems, and processes. This can lead to increased compliance, operational, and financial risk exposure, along with the potential for reputational damage that ultimately places a company at a competitive disadvantage.

Technology key to effective and continuous compliance

When Wolters Kluwer surveyed leaders in the banking industry about their compliance challenges, their chief concerns were managing risk across all lines of business and maintaining compliance with changing regulations.

Related Reading | Risk & Compliance Concerns Remain High for Financial Institutions →

Based on similar findings from the previous year’s survey, Wolters Kluwer analysts developed a list of 10 critical compliance management considerations, as well as seven pillars of a compliance management program that illustrate the benefits of automation.

Technology-driven automation drives an effective compliance and ethics program, the analysts concluded:

“The strength of your compliance program, automated using technology, will determine how, and indeed if, your organization can withstand today’s onslaught of change and scrutiny.”

Organizations seeking to fortify their compliance function against this regulatory onslaught should look to a proven GRC technology leader. Quantivate Compliance Management enables teams to keep pace with regulatory change, centralize compliance management, and demonstrate proof of compliance. The software integrates with other solutions in the Quantivate GRC Suite, empowering financial insitutions to manage governance, risk, and compliance in one scalable system.

More on compliance in financial services:

• Building an Effective Compliance Program
• GRC Priorities in Banking & Financial Services