The federal bank and credit union regulatory agencies (including the Consumer Financial Protection Bureau (CFPB)), acting through the Federal Financial Institutions Examination Council (FFIEC), have substantially revised the Uniform Interagency Consumer Compliance Rating System (Rating System). The new Rating System substantially reconfigures the legacy ratings system for consumer compliance, which is a standardized system used by federal and state bank supervisors to assess and rate the level and quality of a regulated financial institution’s compliance with consumer laws and regulations (not including the Community Reinvestment Act, which is separately reviewed and evaluated).
The new Ratings System, which was previously proposed for comment in May 2016, takes effect on March 31, 2017. It will apply to all banks and credit unions that are federally regulated as well as all firms that are subject to CFPB regulation and supervision. The Rating System also will be used by state bank regulatory agencies, consistent with individual states’ examination and supervision policies and practices.
Consistent with the current regulatory movement towards risk-based supervision, the new Ratings System is primarily risk-based, with a materially greater emphasis placed on the quality of a financial institution’s compliance management systems (CMS). The new Ratings System, like the prior system, is based on a numeric scale of 1 to 5, with 1 being the highest rating.
The Rating System is comprised of three elements or components:
- Board and Management Oversight
- Compliance Program
- Violations of Law and Consumer Harm
In turn, each element contains 4 assessment factors (12 in total) that will be used to evaluate each element, but specific numeric ratings will not be assigned to any of the 12 assessment factors. The first two elements will be used to assess a financial institution’s CMS, commensurate with the financial institution's size, complexity, and risk profile. The third element (Violations of Law and Consumer Harm) will be evaluated by examiners by reference to four assessment factors: root cause, severity, duration, and pervasiveness of violations of consumer laws and regulations.
In general, the numeric ratings assigned to a financial institution are a function of the strength of the institution’s CMS, and the institution’s ability to prevent or limit violations of law. Ratings of 1 or 2 will represent satisfactory or better performance, whereas ratings of 3, 4, or 5 will indicate performance that is less than satisfactory. The Rating System, however, will be a qualitative system that is not based on a numeric average, and a financial institution need not achieve a satisfactory assessment in all elements or assessment categories in order to be assigned an overall satisfactory rating. At the same time, a financial institution may receive a less than satisfactory rating even if some of its assessments are satisfactory.
The Ratings System’s assessment factors place significant emphasis on board and senior management accountability for the financial institution’s CMS, as well as on self-identification of consumer compliance issues. They also assess the financial institution’s policies and procedures, training, and effectiveness of consumer complaint response management. Notably, the Ratings System also will “require examiners to review a financial institution’s management of third-party relationships and servicers as part of its overall consumer compliance program,” consistent with agency-specific guidance on third-party relationship management guidance.
The new Rating System should be carefully reviewed by all affected financial institutions, because it is the new “road map” that agency examiners will use to assess and rate a financial institution’s consumer compliance.