The Three C's of Compliance
  • Insights

  • The Three C's of Compliance

    by Barbara Boccia, CRCM, MBA, JD Senior Director, Regulatory Compliance

    Published August 21, 2018

    Engage our consultants to review your compliance program.


    Compliance Management as a Strategic Advantage

    As the regulatory environment has become more complex, there are increasing expectations for bank directors to manage their responsibilities for compliance oversight. Financial institutions that can find ways to transform compliance management from a burden to a benefit can successfully elevate compliance to be a strategic advantage.

    How can an institution successfully elevate compliance management to be a competitive advantage?  

    Initially, to successfully elevate compliance management to be a strategic advantage, compliance must be embedded within an institutions’ culture from the top down into everyday activities. Core values can be articulated into practical considerations, like “fairness”, and directors can lead by example with credible challenges for better or more information. 

    What key factors drive a culture of compliance?

    Within the overall framework of a compliance management system, consider the 3 C’s that support the core elements of a strong compliance culture:  communication, confirmation, and correction. To be successful, these 3 C’s need to be embedded throughout the institution:

    There needs to be robust and informative communication tailored across all 3 lines of defense and up to senior management and the board;

    • Preventive and detective controls, manual or automated need to be working effectively to confirm that risks are being mitigated and managed correctly; and
    • There should be timely action plans put in place at the root cause of issues to ensure any problems are promptly and fully corrected.

    Do you have any tips for integrating these elements within the institution?

    Yes. Initially, consider distinguishing between compliance activities that are done for good business reasons regardless of regulations; and those done only because of regulations.   There may be a different approach used between these two groups.

    Can you provide an example of the first group – compliance activities that are done for good business reasons?

    Your complaint management program is a good example of a compliance activity that makes good business sense, regardless of regulations. Information gleaned from monitoring complaints can be useful to many areas of the bank by presenting opportunities for improvement and increased customer satisfaction. How involved are your lines of business in collaborating with compliance in managing complaints?  Are there opportunities to be innovative, strategic, and more creative in communicating with your customers than the approach you are taking today?

    Do you have any suggestions for compliance activities that are done only because of regulations?  

    There are many instances where regulations mandate activity, such as certain notices or disclosures.  However even in these instances, compliance can be a trusted partner in supporting fresh ideas and new initiatives by communicating early and helping business partners stay within the lines as new products or services are being rolled out.  For example, in developing marketing materials, it is both efficient and effective for compliance to be part of the creative process early to identify trigger terms or misleading statements.  It gets more costly and disruptive if compliance is brought in only at the end of a creative process.

    Do you have any additional suggestions to help elevate compliance management to be a strategic advantage?

    Overall, compliance talent focused a lot on regulatory knowledge - there may be an opportunity to help compliance develop their “soft skills” to provide support, energy and excitement for new ideas and growth strategies. Too often in the past compliance may have said “no” before considering ways to say “yes.”

    With that, compliance should be invited to have a “seat at the table” and an opportunity to help support strategic initiatives at every level of decision-making. Having a knowledgeable, enthusiastic partner will help to integrate compliance considerations as a normal way to do business. 

    After all, successful compliance management is an essential element in maintaining trust between a financial institution and its customers. There are some prominent examples out there right now that illustrate what can happen to an institution’s reputation, brand and stock price when that trust is breached.  Having a strong compliance culture built-in as a way of doing business will go a long way in helping bank directors do their job in compliance oversight while supporting long-term strategic initiatives.


    Barbara Boccia, CRCM, MBA, JD
    Senior Director, U. S. Advisory Services and Regulatory Relations
    Wolters Kluwer 

    Boccia brings more than 30 years of professional experience to the Advisory Services Team. She has a broad range of expertise leading strategic and technical regulatory compliance engagements relating to the broad array of consumer protection regulations within the financial services sector.

    Prior to joining Wolters Kluwer, she served as a regional director at a national consulting firm, where she managed a variety of compliance engagements with financial institutions of all sizes. Prior to consulting, she developed deep, practical skills and experience in Compliance through various positions held at financial institutions, as well as fintech experience with emerging technologies from her work in Silicon Valley.

    Her expertise includes the development and assessment of Compliance Management Systems (CMS), Compliance Risk Assessments (including fair lending, UDAAP), compliance monitoring and testing, control processes, Complaint Management Programs, and Third-Party Vendor Management Programs. She also understands the interplay across CRA, fair lending, UDAAP, complaints and data collection, particularly HMDA and small business. Her work includes preparing clients for regulatory exams before CFPB, FRB, OCC, FDIC, and NCUA, resolving regulatory enforcement actions, and assisting with remediation efforts. Her focus includes change management, whether change is occurring due to organic growth, mergers and acquisitions, or as a proactive response to new regulations.

    Prior to working in the financial services sector, she worked as a senior trial attorney in the insurance sector in San Francisco. Boccia is a graduate of the University of Tennessee (BS), San Francisco State University (MBA), McGeorge School of Law (JD). She attended the American Bankers Association National Graduate Compliance School and is a Certified Regulatory Compliance Manager (CRCM).

  • Please take a moment and tell us what you think of our content.