I recently had the chance to visit with Koby Bambilia, Managing Director, at K2 Integrity. We discussed skills development and regulatory changes, together with tailored and risked based training. Bambilia has an interesting perspective on compliance training because of his unique background in the field. In addition to being a former compliance professional, he is also a former prosecutor. You do not often see that combination in a person specializing in compliance training. We started with the basic concept of training – in any regulatory guidance, both here in the US or abroad, which is always considered by the regulators as one of the pillars of Bank Secrecy Act (BSA) compliance program.
Skills Development and Meeting Regulatory Needs
Bambilia emphasized the regulators’ expectations for skills training. He has increasingly seen that “regulators are looking at the skills and career paths of bank employees. In other words, do the employees in their specific roles have the right set of knowledge, skills, and expertise to carry out their compliance responsibilities?” This has moved beyond strictly “compliance related roles but business-oriented roles as well.” He provided some examples such as private banking, loan officers, tellers, trade finance functions and correspondent banking departments. He stated, “The examiners will sample and check what experience and skills such employees have and what type of training they have received.” This led Bambilia to conclude, “thinking critically about whether the employees in key roles possess the right set of skills and expertise should guide institutions as they develop their training program, especially the long-term ones.”
I asked Bambilia if he could provide an example of such a situation. He recalled one institution where he worked which had more than 13,000 employees. As you might expect, there were multiple training requirements for employees. One of the challenges faced by the compliance function was how to verify all employees had completed the compliance training. Some 93% of employees completed compliance training so the challenge was to reach the remaining 7%. As Bambilia remarked, “We understood that it must be dealt with, and sometimes you have to take drastic measures to demonstrate that you are serious about compliance and serious when it comes addressing the regulatory expectations around compliance training.”
The compliance department went to the Board and proposed that any employee not completing their required compliance training would receive a 33.3% cut of the annual bonus. This stick approach worked and the completion numbers when up to 98%. What about the remaining 2%? They lost 33.3% of their annual discretionary bonus. The result was the next the completion rate for compliance training went up to 100%. But completion rates on employee compliance training are not enough as Bambilia said the regulators also want to see that the “compliance function has the right set of skills needed to perform their respective roles and duties. So, it’s something to think about and be prepared for before your next examination.”
We concluded our discussion by considering if finding solutions for compliance training “workarounds” or lack of employee participation has improved or dropped. Bambilia began by noting a very important aspect of compliance training, “with the right approach employees can be educated that training is not a form of punishment but actually a valuable tool which can help them do their job right. This is critical in keeping institutions “out of trouble.”” As Bambilia further explained, one of the functions of compliance is to “protect the Bank and the clients but it is also there to protect employees. And employees knowing through training what they have to do will keep them safe.”
Bambilia believes that now there are “better systems for e-learning and training solutions to ensure people are actually taking and completing these trainings. These systems can track, check the number of tries for passing the exam and even send the reminders.” Finally, institutions are moving toward more bite sized training (See: Espresso Training Shots). Bambilia explained that this can lead to not an entire day/week course but something that can fit within the regular workday; and this is even more applicable in today’s environment where most of us are working remotely, either in full or in hybrid mode.
Tailored and Risked Based Training
We next turned to why tailored and risked based training is so now critical. Getting ahead of regulators and ensuring your institution has skills-based trainings is critical. But more than this, regulators now want to see specific risk-based training, tailored to individual needs. This approach is not limited to financial institution regulators but the US Department of Justice (DOJ), Securities and Exchange Commission (SEC), FinCEN, Office of Foreign Asset Control (OFAC) also favor this approach. Initially, he noted that an institution cannot have a blanket training without follow-up trainings on specific job functions.
Some of the different needs for different employee classifications include bank tellers, who need to know more about cash transactions and regulatory requirements, such as Currency Transaction Report (CTR) and pouch activities. This is obviously different from private wealth managers. Employees in trade finance departments need to know more than others on sanctions and embargoes. Moving on to third party relationships, correspondent banking departments need to know, for example, the red flags for nested accounts. Private bankers, who are covered under the Foreign Account Tax Compliance Act (FATCA), must be trained on the law so they can be more vigilant and aware for detecting tax evasions.
The key is that each group requires its unique training and since every institution has a different set of risks, institutions should understand that one form of training cannot fit all situations. Tailored training is a key element and, as Bambilia noted, “a universal one, regardless of the institution’s size, risks, and resources. The example of the examiner saying training is like a burger…demonstrates the need to assure proper and tailored training throughout the institution.” The bottom line is that there is no one training model which will fit all your employees.
Training begins, literally at the beginning with the requirement that a compliance professional must know the risk-profile of an organization, where the blind spots may be, and what exposures may emerge. Obviously, the past year during Covid-19 brought new risks in the working from home environment and those risks are changing again as we return to work. Your risk profile would include the types of products and services the institution provides. If you do not have corresponding banking accounts and your bank does not provide banking services to other financial institutions – and in this case corresponding bank related training may not be relevant. Similarly, if you are a financial investment institution and do not deal with cash, you do not need to train on those requirements. Yet as risks change and new threats emerge, it is important to equip your operational teams on the front lines with the skills to manage these changes, which can be triggered either by a new regulation or by a new product or service your institution wants to provide going forward. A compliance professional must continually assess compliance risks. Here Bambilia recommends having regular ongoing communication with the ““field”, don’t just stay at the headquarters and send emails – go visit some of the branches, and some of the departments; you get valuable insights.”
Bambilia concluded that it “may feel like a heavy lift up front, it can pay its dividends – not just from a compliance perspective but also from an angle of operational efficiencies – you are assuring that your operation and IT staff know what to do going forward. If they know what to do – that will save a lot of pain and effort on their side, but also for you as a compliance officer.”
K2 Integrity has developed an online training platform and resource center, Dedicated Online Financial Integrity Network (DOLFIN), to help clients with their training requirements and provide more diverse options for training content and modalities. Find out more about DOLFIN here. For more information on K2 Integrity click here.