Compliance monitoring is the continued self-assessment and adherence to policies, procedures, and processes within the compliance program. Due to increased regulatory scrutiny this role is expanding throughout the financial institution industry. Specifically, compliance monitoring is a designated role to review, sample, and identify control issues within a compliance program. The value of the role is to provide oversight of the current program and demonstrates controls. Finally, presented is a potential organizational structure for small institutions.
Consider the position Lobue (2002) demonstrated:
“If an individual manager is going to affect performance in the business process and learning and growth categories favorably, he/she must first, identify those areas that are producing less than expected results and then second, implement changes that result directly in the improved performance. This responsibility falls classically under the fundamental management function of control.” (p. 287)
This is telling because he is presenting that it is in controls and understanding that improvements are made. This directly correlates to compliance monitoring and your understanding of the current state of affairs.
Position
The role is responsible for internal department, compliance. The purpose of the role is to provide ongoing monitoring and focused sampling of processes to validate policies and procedures are complied with. This is not a function of Audit. It is a documented formal compliance monitoring of the Bank Secrecy Act (BSA)\Anti-Money Laundering (AML) OFAC department. This is done to avoid discovery of issues during annual audit reviews. The compliance monitoring position could provide the Bank Secrecy Act (BSA)\Anti-Money Laundering (AML) OFAC document control on policies and procedures in a smaller institution. One example responsibility would be to review a number of loan documents to validate all of the data has been entered correctly, completely, and in accordance with policies and procedures. The exercise may be completed a number of time per month or quarter. 
Examples of monitoring activities:
- Reconciliation;
- new product offer;
- new service offer;
- new transaction code;
- KYC data collection process;
- log file reviews; or
- system controls.
Qualified candidates would be five to ten years of the Bank Secrecy Act (BSA)\Anti-Money Laundering (AML) and\or OFAC compliance monitoring, either technical\system side and\or compliance analyst side both would be best, and\or 5 – 10 years of audit compliance, documentation experience such as policies and procedures. The larger the department the more specialized the position can be or the deeper the skill sets. The smaller the institutions the broader the skill sets (many hats) sacrificing length of experience.
Value
The continuous monitoring scenarios are the strength of the position. These documented scenarios and result sets are demonstration of the status of the overall the Bank Secrecy Act (BSA)\Anti-Money Laundering (AML) program. By identifying challenges or issue early management can quickly close the GAP on the exceptions. This direct access to senior management presents a clear picture of the status of the compliance function.
The role can add value to the department through communication, efficiency improvements, manual workflow issues or work-around. This activity can be directly correlated to the cost of compliance and staffing improvements.
The value of this role is to detect and identify issues that the different departments are following polices and procedure, developed by compliance, through compliance monitoring with the detail of a compliance professional. This is the greatest value and the largest GAP is created when operational functions are relied upon for managing ongoing compliance. In this scenarios issues are only discover annually by audit or worse examiners when this role does not exist in the organization.
Organizational Structure
This position would report into the Bank Secrecy Act (BSA)\OFAC Officer or Chief Compliance Officer directly. This effectively segregates their duties from operational functions. Please example see chart:
Conclusion
Compliance monitor can provide a significant advantage in regulatory reviews providing a real-time view into the quality and compliance of the compliance program. This role can decrease institutional risk by identifying and presenting open issue and non-compliance before they achieve financial concern. We continue to see this role in some institutions and how this role is under-utilized in other institutions.
If you would like to know more about ARC Risk and Compliance, and our approach to compliance monitoring or our ARC Test ManagerTM software to assist you in your compliance monitoring program, please contact us.
