QUESTION
I hope you can help us. We are a bank in the southwest. I am the
compliance manager. Recently, we were notified that the FDIC took issue with
our compliance management system. I am not making excuses, but we do not have
much staff here – really, it’s mostly me! – and providing everything the
regulator is asking of us is kind of overwhelming. The CFPB also advised that
we show “significant weaknesses” in our compliance management. All of this has
to do with our readiness and overall compliance program. I have two questions.
First, I heard that you offer an inexpensive review of the compliance
management system. Can you please tell me about it and send me information?
And, secondly, I need to know what to read and how to get our compliance
program in shape. Where do I start? Our next review is in 90 days, and I want
to be ready. Any feedback you offer will be appreciated!
ANSWER
I understand your situation. We received your inquiry a few days ago and, considering the urgency, I have prioritized it for this week's FAQ. The CFPB has spent considerable resources
in the enforcement and examination of a financial institution’s Compliance Management
System (“CMS”). The Bureau has certainly gotten people’s attention with a
myriad of highly publicized consent orders. Since it began issuing such orders
in 2011, the CFPB has often used the “significant weaknesses” terminology to describe
the integrity of a compliance program, notwithstanding that these findings are
usually accompanied by alleged violations of certain federal consumer financial
laws. You do not mention a specific area, department, or function, but
deficiencies regularly are cited against entities engaged in credit card
lending, mortgage lending, auto lending, payday lending, check cashing
services, payment processing, collections, and other financial activities.
It can seem at times overwhelming, and even exasperating, to be sure
that your firm meets all the CMS compliance requirements – especially if
staffing, resources, and research depth may limit the fulfillment of the
regulator’s expectations. Whatever the case, you need to be ready to evaluate
three interdependent elements: Board and management oversight; the compliance
program itself; and the auditing of the compliance program.
So, to your first question about getting prepared for the CMS
examination, that is why we developed the CMS Tune-up!™ We pioneered this approach
because (1) it is cost-effective, (2) it provides actionable findings, and (3)
it is conducted quickly and concisely. You receive a report, with findings and
a risk rating. In fact, the CMS Tune-up!™ is designed to act like an actual
examination. This means you prepare for the forthcoming examination effectively.
Download the presentation for the CMS Tune-up!™ HERE or download it from the
sidebar on the right.
Indeed, considering the urgency, please schedule an appointment with me
HERE.
Or, send me an email HERE. Please do
not delay.
Your financial institution should establish a formal, written, ratified
compliance program, if you have not already done so. In addition to being a
planned and organized effort to guide compliance activities, the written
program represents an essential source document that serves as a training and
reference tool for all employees. A well-planned, implemented, and maintained
compliance program may prevent or at least reduce regulatory violations and
provide cost efficiencies. In any event, it is mandatory for safety and
soundness.
To be ready for the examination, you must be sure that you meet the examination
guidelines for policies and procedures, training, monitoring, and consumer
complaint response. The following questions should be at the forefront of your self-assessment.
Policies and Procedures
-Are you including goals and procedures for meeting those goals?
-Are you including all the information needed for personnel to perform a
business transaction?
-Are you reviewing and updating the business and regulatory environment
changes in real time?
-Have you covered all the regulations that are relevant to your products
and services?
Training
-Are you properly training the Board, management, and staff on maintaining
an effective compliance program?
-Are you providing and documenting the training on products and services
and business operations?
-Do you train on consumer protection laws and regulations, internal
policies, and procedures?
-Are you tracking emerging issues in the public domain and providing
adequate training for them?
Monitoring
-Do you regularly review disclosures and calculations for various
product offerings?
-What are the filing and retention procedures for ratified documents?
-How do you post notices and guidelines for market literature, advertising,
and social media?
-Are you continuously looking out for any updates to consumer protection
laws and regulations?
-Do you actively monitor third-party service providers, such as vendors, and closing agents?
-Do you periodically monitor and closely scrutinize your third-party
originators?
-How are you controlling the internal, compliance-related, communication
systems, notifying management and staff about revisions to applicable laws and
regulations?
Consumer Complaint Response
-What is the written, ratified, and documented procedures for promptly
handling consumer complaints?
-Have you established procedures for addressing complaints as well as
designated individuals or departments responsible for handling them?
-Have you notified all affected employees about the procedures to
respond to consumer complaints?
-Have you ratified and given a responsibility matrix of individuals and departments
responsible for handling complaints?
-Is there a compliance officer actively ensuring oversight of consumer
complaint response for timely resolution?
-Have you developed a list of trends to identify systemic compliance
problems?
Concerning the second question about where to start, I want to offer
some suggestions. Here are some issuances that will help you to get started. They are
available from the agencies’ websites.
-Compliance Examination Manual (FDIC)
-Overview of Compliance Examinations (FDIC)
-Compliance Management Systems (FDIC)
-Consumer Compliance Rating System (FDIC)
-Examination Procedures-Compliance Management (CFPB) (August
2017)
-Examination Report (August 2017)
-Supervisory Letter (CFPB) (Updated August 2017)
-Supervision and Examination Manual (CFPB) (Updated April 2019)
Preparation for this examination is essential. It is a complex audit,
as it takes into consideration five distinct examination protocols or modules:
Board and management oversight; the compliance program; service provider
oversight; violations of law and harm; and the examiners’ conclusions.
If you want to get the CMS Tune-up!™ started, I suggest you contact me immediately,
because our schedule is very active and, given your circumstances, I want to
get you scheduled soon. There is no time to lose. Good luck!
Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group
