On May 2, the Federal Financial Institutions Examination Council (FFIEC) proposed revisions to the current Uniform Interagency Consumer Compliance Rating System (CC Rating System). The revisions are intended to reflect the regulatory, supervisory, technological and market changes that have occurred in the years since the CC Rating System was established. The purpose of the new CC Rating System is to ensure that all regulated financial institutions, as defined in 12 U.S.C. §3302(3), are evaluated in a comprehensive and consistent manner, and that regulators’ resources and attention are appropriately allocated to the institutions demonstrating the highest risk of consumer harm. One key change is that the new CC Rating System has shifted from assessing risk through transaction testing to a more comprehensive risk-based supervision that mainly focuses on the institution’s compliance management systems (CMS).
The new CC Rating System would retain the 1-to-5 rating scale, with an increasing order of supervisory concern, and uses three broad categories to evaluate an institution’s risk of consumer harm: (1) Board and Management Oversight, (2) Compliance Program, and (3) Violations of Law and Consumer Harm. The first two categories are used to assess a financial institution’s CMS. The required sophistication and formality of the CMS will typically increase with the institution’s size, complexity and risk profile. When evaluating the third category, Violations of Law and Consumer Harm, the examiners will evaluate the scope of any identified violation or consumer harm. Examiners also will consider self-identification and prompt correction of legal violations to be strengths of an institution’s CMS.
When evaluating the performance of an institution under the new CC Rating System, an examiner will consider the institution’s performance under each of the assessment factors, but the evaluation will not be based on any quantitative average of the different factors. Moreover, the relative importance of each category or assessment factor may differ based on the size, complexity and risk profile of the institution. Examiners also will place greater weight on the institution’s management of material products with significant potential consumer compliance risk.
The 28-page proposal is available here. Comments are due 60 days after publication in the Federal Register.