By W.B. King
Among offerings in the recently published book, The Upside of Compliance: Empowering Financial Institutions to Thrive, is that robust compliance programs and a strong culture of compliance can lead to better business decisions and growth.
This nuanced approach also fosters consumer trust and contributes to a sustainable competitive advantage that can result in better financial performance, Ncontracts Vice President of Compliance Stephanie Lyon, who coauthored the book with CEO Michael Berman, told Finopotamus.
“We were putting together a half-day workshop for compliance officers on the foundational pillars of an effective CMS [content management system] when it became clear that compliance officers needed more than a discussion of regulatory expectations,” said Lyon who was previously profiled in Finopotamus’ “Women in Technology” series.
“They needed a guide that would show them not just what a compliance program requires but how to be a compliance officer – how to have the biggest impact and work most effectively,” she said of the writing and research process. “Michael and I started brainstorming ways to bring together the theoretical and the practical and create an actionable guide covering the main responsibilities of a compliance officer – everything from how to create policies, procedures, and training programs to how to think creatively and build strong relationships and compliance buy-in throughout an institution.”
The Brentwood, Tenn.-based Ncontracts provides integrated risk, vendor and compliance management software to a rapidly expanding customer base of over 5,000 clients in the United States.
Responsible Innovation
Between current economic factors and the Consumer Financial Protection Bureau (CFPB) attempts to limit fees, Lyon said financial institutions (FIs) are facing tremendous pressures to be competitive and therefore need to leverage technology to be more “operationally resilient and efficient.” This approach, she noted, is essential for credit unions that want to provide members with the financial services they need.
“For instance, artificial intelligence and machine learning can quickly detect and prevent fraud, partnerships can automate underwriting processes, and implementing faster payments helps financial institutions keep pace with fintech competitors,” she said. “Yet technologies like these all bring new and heightened risk to an institution and that requires an investment in compliance risk management.”
Institutions that “leap forward” without ensuring compliance and risk management processes keep pace “rarely achieve their strategic initiatives” without facing regulatory consequences or a slowdown in business due to litigation, she added.
“This book shows how to strengthen your compliance program and work across the institution to create an environment where responsible innovation thrives and where compliance is a help and not a hindrance,” Lyon said.
Despite best intentions on behalf of credit union leaders, mistakes and unintended consequences do occur and can derail an institution's reputation, creating lasting harm to the communities the credit union serves, Lyon explained.
“A strong compliance program creates value, especially when preventing, detecting, and correcting member harm. It ensures employees follow policies and procedures and that member complaints are heard,” she continued. “It prevents lawsuits and reduces the risk of violations that can lead to expensive fines that cost members in the form of lower deposit rates and higher borrowing costs. It ensures transparency and fairness when dealing with members' financial needs.”
2025 Compliance Checklist
When Finopotamus asked Lyon to provide credit union leaders with a top five compliance checklist for 2025, she offered the following responses:
Risk-assess fee income. “The CFPB is rapidly expanding its definition of junk fees, looking to define them as fees that aren't in line with costs and surprise members. Credit unions need to risk-assess their fee income sources. Are the fees it charges members in line with what it costs to provide these services? Are these fees properly explained and understood by members? How would it impact the credit union if these fees were dramatically reduced or eliminated? These are questions every compliance department should be assessing.”
Consider practicing for 1071 with voluntary reporting. “Section 1071's (Dodd-Frank Wall Street Reform and Consumer Protection Act) small business data collection and reporting requirements will be a heavy lift and take time for credit unions to implement. The CFPB knows this, so it's allowing a trial run for covered lenders through voluntary reporting. Voluntary reporting gives covered credit unions an opportunity to collect, analyze, and report on 1071 data before they are required to do so. It gives you more time to prepare, smooth processes, and uncover potential issues. Take advantage of this opportunity.”
Revisit mortgage foreclosure policies and procedures. The CFPB is focusing on assisting members going through difficult financial situations leading to potential foreclosures with a proposed rule that would amend Regulation X (protecting consumers when they apply for and have mortgage loans). The proposal would require mortgage servicers to try to help borrowers who ask for help instead of focusing on expediting the foreclosure process. The takeaway: Whether your mortgage servicing is in-house or through a third-party vendor, make sure your credit union is following foreclosure laws, especially those focused on consumer protection.
Dynamic risk assessments for AML/CFT. “A proposed interagency rule that includes the NCUA is adding a sixth pillar to anti-money laundering/countering the financing of terrorism (AML/CFT) programs: dynamic risk assessments. Under a dynamic risk management (DRM) model, institutions update compliance risk assessments when regulations, products, processes, or the institution's risk tolerance change or control self-assessments, audits, and findings suggest controls aren't adequate. It includes both internal and external factors. While the rule isn't final and doesn't specify a timeframe defining how often risk assessments should happen, it's a signal that credit unions need to be actively monitoring their AML/CFT programs to ensure they are actively prioritizing risks and allocating resources. This proactive approach can help compliance officers feel more strategic and in control of their AML/CFT programs.”
Redlining Risk. Credit unions know they cannot use prohibited characteristics to make credit decisions. And for many years, credit unions have not been the target of community group lawsuits or regulators' enforcements. However, ever since the Department of Justice (DOJ) announced its Combatting Redlining Initiative, credit unions have been referred to the DOJ for investigation at higher levels. In addition, lending data has been used to accuse credit unions of not serving their communities fairly. Credit unions must strengthen their fair lending compliance programs, including understanding their lending data to ensure any disparate effects are properly analyzed, explained, and reduced. Otherwise, credit unions may join the long list of institutions subject to hefty settlements and litigation risk over something detrimental to a credit union's reputation.”
Clear and Helpful Messaging
When conceiving The Upside of Compliance: Empowering Financial Institutions to Thrive, Lyon and Berman set objectives for each chapter with the goal of ensuring they were providing "real value" to FIs seeking to understand risk and find creative ways to manage risks, while being more competitive.
“Michael’s first book [The Upside of Risk] is a foundational work of risk management. His experience as a leading authority on risk and third-party risk management (TPRM) helped define our chapters on compliance risk and TPRM,” Lyon said.
“I’ve worn many hats over my compliance career including AML, lending and general compliance, and risk management. It gave me the experience to outline chapters on practical elements of compliance, such as navigating change management, writing policies, remediating issues and training colleagues,” she continued. “We’d pass chapters back and forth and consult with other Ncontracts experts to make sure our message was clear and helpful.”