Financial institutions’ executives, individual directors, and boards hold the primary responsibility for ensuring the safe, sound, profitable, and compliant operation of their institution. While operational challenges that affect profitability are common, few issues cause as much concern for directors as receiving a notice of regulatory non-compliance. When such notices come from the institution’s primary regulator — whether advisory, informal, or formal — immediate attention and corrective action are necessary. Let’s explore the considerations and steps involved in addressing these notices effectively.

The Notice
Notices of regulatory concerns vary from informal discussions to formal actions requiring immediate attention from the institution’s executive officers and directors. Failure to address these notices satisfactorily can lead to regulatory sanctions, civil penalties, or even the suspension of the institution’s charter. Regardless of the severity of the notice, it is crucial for the board, directors, and executive management to take prompt action to resolve identified deficiencies.

Typically, notices of regulatory concerns are delivered to the institution’s CEO. Regardless of the perceived severity, specific notifications and acknowledgments are necessary:

  • The CEO must promptly acknowledge receipt of the notice to the issuing regulatory agency, including individual acknowledgments from each director if required. This acknowledgment should commit to delivering a board-approved plan to address the identified issues by a specific date, typically within 30 days.
  • The CEO must provide a copy of the notice to the entire board and each director, along with a commitment to assess the severity of the issues and provide a proposed corrective action plan to the board by a specified date.

Under the board’s direction, the institution’s executive team must thoroughly evaluate the notice’s findings and identify the causes of each cited element. Distinguishing violations from best practices or observations is crucial, with violations warranting particular attention. Once the executive team understands the requirements, they must develop a detailed action plan for board consideration and approval.

Once the executive team has achieved a confident understanding of the requirements of the notice, the CEO must direct the development of a specific action plan to address the findings and present them to the board for consideration and approval. The plan must consider the following:

  • Does the institution have incumbent staff with sufficient technical understanding of the identified issues to satisfactorily achieve compliance with applicable regulations? If not, the plan must include an element describing the process by which resources will be acquired. The plan may call for the hiring of additional qualified staff, re-assignment of incumbent staff, or engagement of external consultants.
  • Does the institution possess sufficient physical resources to successfully address the identified issues, e.g., information technology, office space to house staff, and access to external support such as accountants, attorneys, consultants, etc.? Are any additional physical resources required to successfully correct identified deficiencies?

The Plan
Once the executive team confirms sufficient resources to create, document, and implement necessary corrective action, a formal plan must be created and presented to the board for consideration and approval. The plan must include all the following elements:

  • Specific Actions. It must clearly state detailed and sequential actions to take to achieve the corrective action that addresses each specific finding.
  • Time Specific. Dates on which actions identified in the plan will be completed must be cited.
  • Schedule. Times for the internal process of reporting, including regularly scheduled management meetings, through which the executive team will be kept informed of progress toward compliance. The plan must include a description and example of the forms of reporting that will be consistently and regularly provided to the executive management team.
  • Fail Safe. The plan must include an option that will be implemented if executive management is for any reason unable to achieve compliance with the plan or if the implementation of the plan is in jeopardy of failure.
  • Reporting Process. The plan must include a description of the reporting processes that will be followed to ensure the board is consistently and fully informed of the institution’s progress toward achieving compliance with the objectives of the plan.
  • Tracking Information. The plan must also include a description of the process by which the institution’s primary regulator will be kept informed of the progress toward achievement of the objectives of the plan and the resulting compliance with the requirements of the notice.

Board Approval
Once completed and thoroughly vetted by the institution’s executive team, the CEO must present the fully documented corrective action to the board of directors. The board and individual directors bear specific responsibility to understand the deficiencies identified in the notice, to evaluate the executive team’s plans to implement corrective actions addressing those deficiencies, confirm that the institution either has or can acquire sufficient resources to implement the plan, agree that the planned actions can be completed within a time period satisfactory to the institutions’ regulators, and confirm that the plan fully addresses the issues identified by the institution’s regulators.

If the board does not affirmatively agree with any of these required elements, it must direct the executive team to address unsatisfactory elements of the plan and revise it to the board’s satisfaction.

The board must also make clear to the CEO and executive management team its expectation that the issues identified in the notice will be properly and timely remedied. The board must also make clear to the CEO that it stands ready to provide all resources reasonably required by the management team to achieve compliance with the notice.

Once the board reaches an agreement that the plan sufficiently addresses the issues identified in the regulatory notice, it must affirmatively approve the plan, document the approval of the plan in the minutes of the board, and include a copy of the plan in the institution’s board documents.

Regulatory Communication
Upon board approval, the CEO and designated board representative must provide the regulator with a detailed description of planned actions for compliance, including the board’s approval of the plan. Regular progress reports to the regulator are essential for transparent communication.

Receiving a notice of regulatory deficiency is unwelcome but not uncommon in the financial industry. A thorough and timely response can effectively address such deficiencies. However, it is essential to note that this blog does not replace clear communication with regulators, and any regulatory directions or requirements must be strictly followed.
This blog provides a comprehensive guide for financial institution boards and directors facing regulatory concerns, emphasizing the importance of prompt action and effective communication in resolving such issues. Further, we are here to help.

If you or your institution receives any notice of regulatory non-compliance, either formal or informal, feel free to contact me for assistance in responding effectively.

Contact Glen at or (913) 310-8480

Glen Terry – CFOs2GO Partner

Glen Terry is a seasoned executive with more than four decades of extensive experience in the banking sector, specializing in multi-bank executive management, de novo bank formation, capital markets, and regulatory order corrective action. With a proven track record of leading troubled banks to stability and profitability, negotiating successful M&A deals, and instilling a robust sales culture, Glen is a valuable asset for any organization seeking strategic guidance and operational expertise.