Compliance Blog

Towards the end of last month, the Federal Reserve published their latest Consumer Compliance Outlook. This issue of the publication includes articles on change management and vendor management relating to flood insurance as well as some recent news and court decisions. Today’s blog provides a summary of the article on change management.

In 2016, NCUA signed on to an updated version of the FFIEC’s Uniform Interagency Consumer Compliance Rating System (rating system). Effective March 31, 2017, the rating system is designed to evaluate compliance with the various consumer protection laws and regulations. The FFIEC includes change management as one factor in the rating system and urges examiners to evaluate the “effectiveness of the institution’s change management processes, including responding timely and satisfactorily to any variety of change.”

Considering this factor of the FFIEC’s rating system, the Compliance Outlook article explains “changes from external and internal sources are inevitable, and creating a change-resilient compliance management program is critical to success.” The article goes on to identify three examples of external and internal change that require implementation of effective change management:

• Legal changes, including adopting new regulations, changing existing regulations and publishing supervisory guidance;
• Products and services changes, including updating current products and implementing new ones; and
• Technology changes, including system conversions, updating technology and engaging new information technology vendors.

Whichever of these, or other, areas give rise to change within your credit union, the article advocates a five step process to effectively assess the change and implement a “timely and adequate” response.

1. Identify changes. As the guardians of the credit union, the board of directors is responsible for understanding the nature and scope of any change and its impact on the credit union. For example, when a regulatory change occurs, the board is responsible for ensuring compliance with the change and senior management and staff may be responsible for carrying out the actions necessary to implement that change based on the impacted business units and compliance obligations. When new products are being contemplated, the board may consider how the product fits within the organization’s strategic plan, whether additional expertise is needed and the impact of the change on members.
2. Establish responsible parties. Which parties within the credit union will be responsible for aspects of implementing the change will depend on the size of the credit union as well as what is being changed. A plan for how the change will be managed across the credit union and by whom can be drafted and approved by the board. While they may not be identified as a responsible party, staff from all affected functions should be involved in implementing the change.
3. Create action items. Responsible parties identified in step two can develop a timeline and action items for staff. One key action item should be testing the implemented change before it is effective to ensure all systems and functions are working as expected. Responsible parties may also want to secure proper budget and staffing to complete all action items according to the stated timeline.
4. Track due dates and report to management. To promote staff accountability, responsible parties should identify due dates in advance and note when reports will be provided to senior management and the board.
5. Evaluate effectiveness of changes. The change management process does not end with implementation. Responsible parties and staff should monitor the changes after implementation and gauge any weakness that should be resolved. Internal or external auditors can help assess the effectiveness of a change.

The article explains these five steps form the basis of any change management process, which should be tailored to the particular change and the size and complexity of the credit union. The change management process should also be structured in a manner that is easily repeatable. For further illustration of the process, the article provides a helpful example of how to apply these five steps to a particular change.