CFPB Provides Guidance on Effective Compliance Management Systems
By: Jonathan D. Jaffe , Amanda D. Gossai
Last week, the Consumer Financial Protection Bureau (the “CFPB”) released its first Supervisory Highlights report, featuring issues that CFPB examiners discovered in the supervision period between July 21, 2011 and September 30, 2012. One issue upon which the CFPB focused was effective compliance management systems (“CMS”). This is not surprising given the CFPB’s focus since its inception on CMSs.
In its review, the CFPB evaluated the quality of policies and practices, or lack thereof, implemented by a number of financial institutions the CFPB examined. The examiners considered a wide range of the financial institution’s policies and practices, including internal controls and oversight, training, internal monitoring, consumer complaint response, independent testing and audit, and third-party service provider oversight.
The CFPB emphasized that one of the key components to a well-run financial institution is an effective CMS, which should be integrated into the institution’s overall framework and designed to ensure compliance with federal consumer financial law. The CFPB noted that compliance management should be a top priority for all supervised entities, while also acknowledging that the characteristics and manner of organization will vary between large, complex financial institutions and smaller financial institutions.
The CFPB highlighted in the report several areas of concern with CMSs it observed in the course of its examinations:
• Comprehensive CMS deficiencies: The CFPB found some instances in which a financial institution failed to implement an effective CMS across its entire portfolio or failed to adopt and follow comprehensive internal policies and procedures. The CFPB emphasized that an institution’s policies and procedures should be: (1) clearly communicated to employees, (2) fully implemented, and (3) consistently followed. Financial institutions may also consider “proper monitoring of business activities and prompt identification of potential risks to consumers.”
• Failure to adequately oversee affiliate and third-party service providers: The CFPB noted instances where financial institutions did not establish an appropriate CMS, resulting in a failure to properly oversee their affiliate and third-party service providers or vendors (“service providers”). The CFPB noted one instance in which the financial institution and service provider did not adequately coordinate their correspondence with consumers. This eventually resulted in Truth in Lending Act violations due to conflicting interest rates being sent to consumers and improper penalty rates being applied to delinquent credit card holders. The CFPB emphasizes that oversight of service providers is one of the key components of an effective CMS, particularly because legal responsibility for a service provider’s violations in certain cases may be allocated to the financial institution as well. It expects that supervised entities that operate through or retain service providers have a process in place which will effectively manage the risks of those relationships. The CFPB recommends developing risk-based procedures governing the retention and monitoring of service provider relationships, as well as testing and implementing compliance programs to ensure that the service providers are acting in accordance with federal consumer financial law.
• Deficient fair lending compliance programs: The CFPB also found instances where financial institutions failed to implement a formal fair lending compliance system. In other cases, financial institutions implemented a fair lending compliance system with respect to some product lines, but excluded others. To avoid potential fair lending compliance problems, the CFPB recommends that every financial institution establish fair lending policies, procedures, and internal controls that are in compliance with the Equal Credit Opportunity Act and its implementing regulation, Regulation B. The CFPB highlighted some of the key components of good fair lending compliance programs, such as a current fair lending policy statement, regular fair lending policy training for employees, and ongoing monitoring for compliance. For more suggestions on maintaining an effective fair lending compliance program, please see K&L Gates’ previous blog post entitled “Regulators Highlight Topics in Fair Lending: Are You Ready?”