Banks that lack a good compliance risk management system, or have one with material flaws, may be exposed to the following consequences:

  • Violations of banking laws or regulations.

  • Violations may be indicative of a pattern or practice and are considered potential areas of concern. The pattern or practice could lead to monetary penalties, supervisory actions, and/or reputational risk for bank management.

  • Monetary cost


    • This can come from employee time spent on file searches requested by regulators trying to determine the extent of a violation, or from hiring a consultant to fix a problem. Other monetary costs can include civil money penalties (CMP), reimbursements or restitutions, depending on the violation of law or regulation.

  • Enforcement supervisory actions

The Federal Reserve may choose to take actions to correct specific problems identified at a bank. Actions typically specify what the bank needs to do to correct identified problems, such as improving lending practices, instituting proper policies and procedures, or correcting specific violations of law.

These actions are documents designed to address specific, significant issues at a bank, such as violations of law, rules, or regulations, unsafe or unsound practices, breaches of fiduciary duty, and violations of final orders. They may be formal, meaning they are legally enforceable, or informal.

Formal enforcement supervisory actions include: cease and desist orders, written agreements, removal and prohibition orders, and civil money penalties against the bank, responsible staff, managers or directors.

Informal supervisory actions include commitment letters, board resolutions and memoranda of understanding.

  • Reputational risk/damaged reputation

Failure to comply with laws and regulations can affect a bank’s reputation in a couple of ways. First, violations often involve some kind of error requiring contact and disclosure with customers. If errors occur frequently, customers will soon have the word out to the community that the bank does not operate very effectively.

Second, if the violations necessitate the use of a formal enforcement action, those actions are public information, disseminated by the regulators and available on their respective regulatory websites. Again, news of a bank’s inefficient operations may be widely communicated and known to the public via customer word of mouth.