I need people who understand technology and the business more than I need people who understand compliance. I can teach them compliance. I cannot teach them technology. I don't have that skill set. So I would say we are paying much more attention on what is going on in technology that never existed five, six years ago.
From the American bankers association, this is the ABA banking journal podcast. Welcome back. Today, we're going to continue with part two of our conversation with Greg Imm and David Kelly, who are the winners, respectively, of the ABA distinguished service awards for compliance and for risk. Greg is the recently retired chief compliance officer at M&T Bank. And David is the chief risk officer who's preparing to retire at FirstBank in the Denver area.
And so we're going to continue with this conversation and we'll pick up here and thanks to alchemy for sponsoring today's episode.
Yeah, I do want to kind of follow up on that, that a little bit because, you know, you've talked, Greg, you talked about, you know, you've worked at all a variety of different different institutions, you know, private equity owned bank bank going through going through a failure, you know, large banks, regulatory agencies, David, you've been in this in at First Bank for a long time.
What are some of the biggest challenges that you've had as a senior risk or compliance leader and that you've had, that you've faced at different stages in your, in your banking career and how did you have, how did you kind of navigate through those, through those difficulties?
I've been fortunate. This last year, I've been traveling around knowing my retirement was coming and I've been sitting in peer group meetings and hearing what is going on from a challenge perspective with with the associations trying to draw that out of individuals. And I sit there quietly, and finally, 1 of the people asked me, he said, well, what, you know, what, what are your challenges? And I said, well, I feel I feel I didn't want to take up any time because the biggest problem I have.
I had at the time is I have a new examiner who would like on the AML side who. One's very prescriptive, overly detailed narratives on everything we do in the area. And if that's the worst problem I have as an organization, I'm okay with that. We can deal with the personalities. We can get them to trust us over time to know that we are looking at everything and the like.
But I really haven't had a challenge from that side except for implementing everything from Dodd Frank and that's just taking everything together and trying to get it in. In a short period of time and putting all the stakeholders together and making sure we're doing it collaboratively. But that works out as well. You know, just as it is, I would say last year's.
Banking turmoil was a little bit of a challenge when you are in the midsize bank space, seeing what was going on during that time period. And COVID was another one that probably was a big challenge where we had to move everybody from an in-house environment to remote environment and very short period of time from a security perspective. What I would do was focus on what you can control. Don't focus on what you can't. So if you dwell on what you can't, you are going to lose.
It just expends energy and drain yourself and not make any progress. So focus on what you can control and then move forward and make reasonable, rational, and I would, I would call common sense decisions on how to make how to navigate what you're seeing today. Then the rest of it will help work itself out. That's how it did with all of those is that I would focus our teams and our leadership on focus on what you can control. Let's make sure we cover our bases and then move on from there.
I would say, you know, the last few years with COVID and, and then, the the Fed actions and then that banking turmoil probably have been the most challenging. Also a little bit the most rewarding when you see how things you put in place came out at the end, I go back and do some foundational work to make sure we've got the basics in there and then we run each of these as an incident and we've got a pretty smooth process where we have coordinators.
So decision makers don't have to worry about that aspect. They can just focus on what do we need to do? To get the information we need to make the decisions we may need. And that's been a very enjoyable for me to see how that has progressed over time. And if something arises it, we can go on a drop of a dime and just start that process. And it seems to work really well.
Yeah, I would say my challenges have been all externally generated. And that is extremely gratifying to me. I've had very lucky at Fifth Third, at WaMu and, and particularly at M&T to have a staff that is really good at broad scanning. They're, they join all the, the committees, the ABA committees that, you know, there, there's some really good, some peer groups and some really good, Folks that told me about something or at least brought it up. So that we could address it way in advance.
Just ask the question of, you know, the people that are running you know, recreational vehicle lending or whatever it happens to be or credit card. And it has, it is averted some pretty difficult conversations with our business lines just through little tweaks to the program, just in case it becomes a problem. And those are really, those are satisfying, and you get a phone call from the business side saying, thank you for telling us to do that a year and a half ago.
You know, it was a small change to us, but now we don't have this problem. But, I, my, the biggest challenge I get are the external ones that hit me from the side. And, and I will say, I, I agree that examiner individuality, I suppose there's maybe a way of putting this normally, you know, every once in a while you get it again. I was one of those guys. I hope I was never like this.
I don't think I was, but I didn't bring my personal vendetta that's a strong word, my, my personal views into an institution I was examining. I tried very, very hard to stick with the examination manual. Sometimes it didn't show, you know, we had to do our own interpretation, but, but some examiners go rogue. It's it's going to happen. And even years after this podcast is taken off the air, examiners are going to be going rogue. It's the same way you have employees that going rogue.
It's really no different. And you just have to be, you can't be prepared. You just have to have the skills to deal with that. Sometimes it requires escalation. Sometimes it requires long meetings explaining a process. But, but those are the biggest challenge and the rapid pace of change. Is utterly insurmountable. I at this point between now keep in mind. M&T is a state member bank. So we also have to apply to all the state laws in the states in which we do business.
So that is thousands of provisions for any particular, any particular product. The complicated ones, mortgages, for example, and auto lending. Those are, you know, it's a, it's a huge challenge. And sometimes we've had, we've had rules change that were retroactive.
Like, well, how many, I can't do anything about that, you know, and you, you have to, to some degree, resign yourself to the fact that you're going to do everything you can to get into compliance, but you're probably not going to make that date with new CRA coming along. I mean, you know, rule after rule, after rule, after rule and technology change after technology change and interpretation. After interpretation, it's not just the rules that change. Those you can kind of see coming.
It's the interpretation that, you know, David talked about the BSA, whoever the BSA person was, that was, that wanted a longer narrative. That, that, that happens. That happens. We call them more words MRAs. Just more words, more explanation. And I'm like, okay, alright. I'll take the more words, you know, to his point, I'll take the more words MRA over something material. My biggest challenge are external events that I did not foresee.
Speaking of other things that can be sometimes hard to foresee, you know, David, you talked a little bit earlier about these fundamental principles, the technology changes, but the fundamental principles stay the same. And I 100 percent agree with you about that. The at the same time. I think it's hard to deny that technology has not really dramatically shifted how bankers do manage risk and, and, and may ensure that they are staying compliant.
Can you both speak a little bit to how technology has how you've adapted with technology and how technology has shifted the, your professional practice over the, over the course of your careers?
Sure I can. David's gone first plenty of times. I will, I will say the one thing that really we have changed is is technology has become a separate pillar, separate risk management function within our organizations. We've got a we got a whole group of people that actually work for the risk organization. And then a couple people within compliance that do well. Actually, there's about six of us, six people within compliance to do nothing but engage with technology. What are you working on? What?
What is this going to do? What is that going to do and try and balance those projects? As best we can and be prepared ahead of time.
We never, at any of my earlier institutions, we didn't have somebody that was focused solely on the technology department and the technologies future state, current state, and, and so it's become so important that we've actually have specialists that devote themselves to understanding both technology and platforms as well as compliance compliance rules, but only Bye Only at the level where they can identify, hmm, this, this might be a problem, you know, and so then
they bring in the subject matter experts. So I need people who understand technology and the business more than I need people who understand compliance. I can teach them compliance. I cannot teach them technology. I don't have that skill set. So I would say we are paying much more attention on what is going on in technology that never existed five, six years ago.
Yeah, and, you know, from my perspective, I agree with all those those comments. You know, we've done our own and we've had our own technology team for quite some time. Our, our core systems are all homegrown back before when I even started with the organization. And so we can respond fairly quickly to those. But what we have done is we've embedded risk professionals.
At least in the process along the way through our project management office, whether that be compliance or risk management or credit where whoever needs to be, they have a set of standards that they will bring the stakeholders together just to identify do we need to be involved in this aspect from that perspective. And then what level go get more specific subject matter expert if you if you need to, or they can handle it themselves and they work collaboratively throughout the process.
As these projects move forward. The other thing we do as an organization is we don't give. Technology budgets to each of our divisions within the company. We have one collective technology budget that is overseen by a project portfolio management committee, which is comprised of myself and other senior leadership around the organization. We decide what projects we're going to be working on for out the organization.
And so I also carry the risk voice up there that when we need to do something and we're implementing a new AML system today. We ended up building a homegrown system a decade, a decade or so ago, which was the need because technology hadn't got to the level that they could handle our company to be quite honest, because we had 27 separate charters, but they were all managed the same way. And we just needed to build our own system.
Now we're migrating to another and it's important that we do it and we do it right. So I've got the right area to our right level to enhance or escalate. If I don't think things are progressing as they need to be, but it's also putting them in with the 3rd party risk management side. So when we're doing contract negotiations and the like, That these parties kind of have a stake in seeing all the vendors that might be coming along today and how they may need to operate with those things.
We may need to put in contracts. So we get our service level agreements and everything else early on 1 of the other things I've done over the last few years. Is well, I think about five years ago, we created our own internal AI framework because we knew AI was coming and we knew it didn't matter if we were going to use it ourselves or want to implement ourselves.
We're going to be impacted as an organization and so figuring out the ways that it's going to benefit the organization, managing those that are coming at us through vendors was very important again. It was through that senior leadership process where everybody buys in on the framework that we have established for that. So we could see that coming in. But within our teams, too, I have a specific data analytics area. That over I oversee as well.
And they help some of the business areas throughout the organization. But 1 of the focus is also on risk and the risk functions. And where can we use that technology to help us identify risk within whatever we might be reviewing with this system over here? That system over there audit has used it successfully in a number of engagements through this team to kind of look at 100 percent sample and find the outliers to go look and see.
And there's a balancing act there, too, because when you can look at 100 percent sample, you don't want to raise a big issue if it's like a half, one half of 1 percent finding there. You want to just say, is there something systemic that you need to address there? But it gives you a much better holistic look at what's going on. And as things change, these are going to be more critical skill sets that we need to be able to use. to sample and test over a period of time.
And we're doing this in our compliance area. We're looking at risk management area, our credit risk area, everywhere that we can use data analytics to help us be more efficient and effective at finding what we would consider higher, higher critical problems. Early on, that is helpful. And then if we can ask that along to the business, because we may only do it once a year or once every couple of years, according to our risk assessment.
But if we find it valuable now, instead of having an area doing their own testing and doing it manually and the like, we can pass. On one of these important analytics functions to them so that they can see the reports and work on it and identify it maybe sooner in the process. And that adds value to the business areas as well. And that's what we try to do through data analytics.
I'm going to take a moment here to thank our sponsor for this episode. This episode is presented by Alkami Your account holders deserve the best. Alkami empowers financial institutions with a single platform for marketing and retail and commercial banking solutions. Banks can accelerate their growth with financial services, marketing automation, transaction data cleansing, and artificial intelligence with digital banking. Visit Alkami com to learn more. That's Alkami com. A L K A M I dot com.
And thanks again to Alkami for sponsoring this episode. I'd love to kind of wrap things up here with a little bit of First of all, a message of thank you for all your service and involvement with ABA. I know, Greg, you've been involved with the conference, the compliance conference and the compliance schools.
And, and David, I know you are, you have a lot of involvement with our, with our professional certification and with and Selfishly, you're very generous with your time to the ABA banking journal and and our writers when we're looking for experts on bank risk issues. So can you speak, can you both speak a little bit to your involvement with with ABA and what, and the, you know, the value you've gotten out of that and the value you've been able to deliver to us?
This goes all the way back to when I was working for the federal reserve. I was the Fed's representative to the ABA compliance schools. And it goes all the way back to when there were individual representatives to, from each of the regulatory agencies. They would also help, help teach and they'd run breakout sessions for the compliance schools. So I was the, the Fed's guy for, you know, when we school, when the school was in Norman, Oklahoma that was a long time ago.
And then just kept up from with it. I, you know, I found the people, the, the ABA people to be incredibly engaging and very, very committed to training. I mean, it was, it really was a focus and, you know, I'm selfishly sitting there thinking, well, I need, I need compliance people that are trained you know, and, and this school is going to provide for that. And, and it really does it still does. And I just, I love teaching.
I just love teaching, even though I, I usually was assigned the, you know, most boring rigs, Home Mortgage Disclosure Act and well, I did get rig B a couple of times, but I, I really enjoyed the, the teaching part of it. And then later towards the end I got to teach compliance management.
The graduate school, I helped develop it with Meg Choba and, and it was and Benita Jones was there as well, and it was a lot of fun and, and I just love teaching, and I think people, I think Risk is one of those organizations that is not competitive, is one of the aspects of banking that is not competitive. We all want to do it right. I mean, to some degree, you have a competitive advantage if you're not under a consent order.
I get that part, but we're all here to help each other on the risk side. You know, how? How can you handle this? You want you want to help, particularly when we're talking about customer impact. You know, you don't want anybody. You know, most of us are fairly so social justice kind of pioneers, and we don't want anybody treated poorly. So we help each other, and I think the ABA is about that, bringing together the people to help each other.
And, and I, you know, that's it's been, it's been great for me. I absolutely loved working with the ABA for, what, 15, 20, 25 years, maybe? I don't even know what the date is.
Yeah. And for me even predates the ABA are our membership a little bit. I got involved with the Colorado Bankers Association here in the state of Colorado are also involved with the ABA and it was more on the legislative review side and the government affairs side and being able to provide perspective at the earliest point. And I think that's 1 of the things.
That I like about the ABA in addition to all the working groups and all that I've been fortunate to be involved with over over the years, but it's the advocacy side. And what I tell our people to is. Is get involved in advocacy, get involved at the earliest point. If you want to influence the outcome down the road, you have to start at the beginning. And therefore, you should be there. You should have a seat at the table. You should be bringing your voice.
And today, where they, they give you a huge proposed rule with 1000 different points, even if you, even if you focus on 234, that impact you as an organization, and you can tell them the impact your customers down the road do that 1st. And if you do that, at least your voice is heard. Hopefully they take it into consideration, depending on the agency or the people there, they do.
And sometimes they don't, but at least they address your points to being able to get involved with the ABA speaking at the regulatory compliance conference for, for a number of years. I then moved and was fortunate to chair the appraisal subcommittee for the ABA and serve as ABA's representative on the appraisal foundation. I have, I do have a little bit of an appraisal background from the credit side anyway. And so it was, it was fortunate to see and we were raising the voice early on.
This was over a decade ago about the coming impending personnel challenges that the appraisal industry was going to face. We had an aging population. We have high barriers to entry. How do we start the process to help change that? And we're seeing some, some things continue on through that process. And I've encouraged our people here to continue being involved in that aspect. And been fortunate to be on a number of the working groups.
I got started up the model risk, the 3rd party risk management, the enterprise risk management, and turning those over to people here who can continue to participate. And then I show up when I need to, to provide a certain perspective. more on the advocacy side these days than the actual nuts and bolts of some of that.
But just to make sure that we can carry the our message back to the legislators that's considering what the A. B. A. Would like and what the or or the regulators if we're meeting with the regulators from that perspective. And then, yes, as you mentioned, being as fortunate. To be involved with the certification and helping the CERP and get up and running the certified enterprise risk professional.
I should say it once before I just call it the CERP and the CRCM, which is much, much well known, better known today because it's been out there for as long. But even the risk management school, being able to serve on the advisory board, being a teacher there as well, it was very fulfilling for me for the, to end my career on which I am going to miss this year school, unfortunately. But it was a joy being involved with that over the time.
And I think the people that you guys have at the organization are fundamental and they're fantastic. They really care. And you can hear the passion in their voice with with what they do. And they listen. To the membership, and I always tell my people sometimes like, well, they're not doing what we want. It's like, well, they can't do what we want. They have a bunch of members. And so they have to take the perspectives. And I think they do balance that correctly to get to a right middle spot.
Sometimes we could disagree with that, but I think in most cases, you know, that that is it, but that's just 1 perspective. And we have to think about the whole membership. And so I always encourage. I introduced them. I get them involved as well in these working groups, because that's the way your voice gets heard.
That's the way you also get with the peer groups that that Greg mentioned, where you can also hear the challenges others may be seeing coming as you're implementing new rules or implementing new risk management practices and the like. So it's been it's been truly my honor and my privilege to have been involved with the organization.
Yeah, I do want to like, I just I know we have to close, but that that advocates part is so important. From my perspective, one of the most valuable aspects of. Of my bank's membership in the ABA was the ability to sit with your folks with the ABA's folks and have the, the the regulators come in a very, very direct and candid conversation with them about About implementation challenges about timing challenges, and I honestly believe they listen very carefully to what we have to say.
Now, do they do everything that we would like them to do? No. Do they certainly take back these messages? And does it work its way into the proposed rules or the proposed guidance or the proposed timeline? Absolutely. And I give a whole lot of credit. I mean, you know, the bankers are there and it's, it's great.
We're, you know, we're the ones that kind of bring the, the real knowledge, but the, the lawyers that I deal with and the people in the administration that I deal with in the compliance in the compliance department were absolutely fantastic. And they all have very long histories. They can remember why a rule happened. Some of them were the ones who actually wrote the rules. So the quality of the ABA staff, all I can really speak to is on the compliance side, is really phenomenal.
So I gotta, you know, hands out to the to the ABA compliance staff. Really, really great folks.
I always like to make sure we included include a little bit of an infomercial for my, my colleagues and the wonderful things that they're working on here. David and Greg, thank you so much for being on the show and congratulations on your, your recent or upcoming retirements and your careers in financial services.
Thank you, my pleasure.
Thanks very much
for our listeners, you can find this in previous episodes at aba. com slash banking journal podcast. You can also find us on any of your favorite podcast apps or platforms. Thanks so much for listening. Thanks again to Alkami for sponsoring this episode. We'll be back with you again very soon.