The Fine Art of the Regulatory Compliance Review

April 11, 2022

The Japanese art of kintsugi repairs broken items by fusing the pieces back together with gold. The process restores the strength of the original, with added beauty. The “new” piece shines with the pride of conquered adversity.

There is a crack in everything. That is how the light gets in.” 1

Navigating changing economic and political environments, member needs and demands, and fulfilling your credit union’s core mission requires thoughtful and constant attention to strategy and execution. And then there is compliance. Just when everything is running smoothly…its supervisory exam time. Probing questions. Document reviews. Findings. Cracks. No credit union, no matter how large or small, has a perfect regulatory compliance program. The laws, rules, and regulations that govern our movement are legion, complex, and always changing. Perfection is not only impossible, but also the enemy of good.

Exams and audits have several things in common, not least of which is the fact that they are reactive. In addition, they happen on someone else’s schedule, not yours, so whatever you are planning takes a back seat to the needs of the examiner or auditor. A supervisory exam or even an external audit can feel invasive and punitive, even though federal and state regulators are invested in your credit union’s success and auditors that you hire are there to help ensure the health and viability of your institution. The programs, policies, and procedures you have worked so hard to build now may seem a little bruised, or even cracked. Sometimes it feels as if you are starting over. The information is good, but the process can be uncomfortable. There is a method to improve the outcomes and experiences of supervisory examinations and audits.

Compliance Reviews

A compliance review is conducted by in-house compliance teams or a trusted external partner. Generally, the review will take a holistic and proactive approach to a specific law or regulation and the credit union’s related compliance program. Reviews can be scheduled according to the credit union’s resource availability, strategic plan, and specific needs. A compliance review can be broad (such as the required annual BSA/AML program review) or focused (such as a review of the overdraft protection program). Unlike an exam or an audit, the findings and recommendations of a compliance review do not have to be addressed immediately or even on a schedule prescribed by the examining authority. A compliance review is tool, commissioned by and designed in concert with the Credit Union according to your specific needs. This allows for a more strategic and generative approach to compliance – instead of reacting to a finding in an examination you and your teams can take the time needed to address the finding in a way that supports the Credit Union’s mission.

Example 1 – Proactive Improvement

A routine review of compliance with the Equal Credit Opportunity Act and its implementing Regulation B may uncover that your Loan Origination System has not been appropriately dating adverse action notices sent to denied borrowers. Finding this on your own (that is, not by an examiner) gives you the time you need to set up a project team, contact the vendor, work with all internal stakeholders, and document the resolution – all on your own schedule. If this same issue is uncovered during a supervisory examination, management will be forced to deal with the situation immediately, the Board will be informed through the exit interview process, and the whole project will be scheduled regardless of other competing credit union mission needs.

Example 2 – Maintaining Excellence

Another example of the value and flexibility of compliance reviews is their ability to analyze the effectiveness of a specific strategic decision. Consider a credit union that has recently shifted debit card and other transaction disputes from the Member Services Department to the Accounting Team. A year or so after the shift, Management engages a trusted partner to conduct a Regulation E compliance review, specifically targeted at how existing policies and procedures are followed in the new department. Unlike an exam or perhaps even an audit, which may be either very broad in scope or narrowly focused only on transaction testing, this review looks at the policies, procedures, processes, and a sample of disputes to verify that everything is working as planned. Findings and recommendations are then used by Management to fine tune procedures, implement or improve quality control measures, and even enhance training.

Going for Gold

A regulatory compliance review can give you the gold you need to fill the spaces of your compliance programs, your policies, procedures, and your practices. When performed by the internal compliance team or a trusted external partner, the review will identify areas of opportunity to make good things better and enable you to address stress points before they become fractures. No compliance program is perfect, but regular reviews by competent professionals help to maintain strength, resilience, and beauty.

Interested in learning more about the benefits of outsourcing compliance? Read real stories from Aux’s credit union compliance clients at or visit Aux’s Compliance page at

Jason Clarke

Jason Clarke

Jason has over 20 years’ experience in the credit union movement, 15 of which have been in regulatory compliance, BSA/AML, risk management, and advocacy. In that time, he has obtained compliance and risk management certifications from both credit union trade associations and served on legislative and regulatory affairs committees for a credit union, the Virginia Credit Union League, and local Chamber of Commerce. Prior to joining Aux in December 2020, Jason spent 15 years developing, building, and maintaining the compliance and risk management program at a community credit union.

As an adult he fulfilled a life-long dream of attending and obtaining a degree (Bachelor of Interdisciplinary Studies – Social Science) from the University of Virginia.: HTTPS://AUXTEAM.COM

1Cohen, Leonard.“Anthem”. You wouldn’t expect a compliance blog post without a footnote, would you?!