Guidance is nice. Sure...but do we have to follow it?
Written by Anthony Demangone
Chances are, most members of a credit union's executive team did not come up the ranks of the credit union's compliance or audit teams. Â
Thoughts of the Code of Federal Regulations or legal citations might give you chills. Â While that may be, I'd bet that you still respect the fact that there are rules to be followed.Â
But that begs the question. Â Are all rules the same? Â More specifically, what should we do with guidance? Regulatory guidance is all of the "stuff" that regulators issue that tells you what you "should" do. Â Legal opinion letters. Â Letters to credit unions. Â The Bank Secrecy Act manual. Â
That "stuff" is not law. Â It is not regulation. Â So what exactly are you to do with it?
Enter the Bank Lawyer's Blog, written by Kevin Funnell. Kevin is a man I respect, and he is even more snarky than me on occasion. Â He wrote about the difference between regulation and guidance recently, and it should be required reading for credit union managers.Â
Kevin first quotes an FDIC official who helped write the FFIEC's proposed guidance on social media. The official was quick to point out that guidance is not mandatory.
"It doesn't create any new obligations or burdens," Khalil says. "To create any new obligations we would have to issue a regulation. We can't impose new obligations through the guidance. That's important to emphasize, because a lot of people have been referring to this document as a regulation or as rules, and that is not correct."
A bank's examiners could not cite violations of the guidance, she says. "You can't technically violate guidance. You can violate the laws and regulation referred to in the guidance, but not the guidance itself."
That should make you feel safe. Almost warm and fuzzy. Â But Kevin tells the rest of the story from his point of view.
Don't believe it. While it is true that guidance is not regulation, and a "violation" of "guidance" should not have the same effect as the violation of a formally adopted "regulation," a number of bank lawyers who have reviewed a client's report of examination in the years 2007 through 2012 and saw a Matter Requiring Attention, or reviewed a "15-day Letter" from a regulatory agency threatening a potential enforcement action against a bank's current or former officers and directors, saw among the laundry list of alleged "violations" an item that alleged that the bank violated the Statement of Policy on Concentrations in Commercial Real Estate Lending, Sound Risk Management Practice. That "Statement of Policy" specifically states that it is "guidance," yet alleged violations of it are cited as forming the basis for regulatory sanctions, including enforcement action. If violations of guidance can't be cited by an examiner in a report of examination, then what are citations of such violations that I and others have seen with our own eyes in examination reports doing there? I'm speaking of examinations done by the FDIC, by the way.
I have always understood such guidance as providing "rules of the road" that financial institutions should follow if they want to be in conformance with safety and soundness principles. Violating "safety and soundness" standards is a basis for regulatory action against the institution. Thus, I think that, notwithstanding Ms. Khalil's dismissal of the guidance as not rising to level of a "regulation," any financial institution would be foolish not to treat it seriously.
I couldn't have said it better myself. Â
***
If this was useful, you might consider the following:
- 7 Compliance Rules for Non-Compliance Managers (Musings)
- Managing Exams in Challenging Times (AKA, what do do when you don't agree with an examiner)
- The Musings from the CU Suite Facebook Page. Consider becoming a fan of the page. Or not. Â
- I'm on Twitter. Â Still not sure how I feel about that.Â
- It is only 109 days until NAFCU's Management and Leadership Institute!