The Consumer Financial Protection Bureau (CFPB) periodically publishes Supervisory Highlightsintended to disseminate information about the findings of its examinations. The Spring 2014 edition includes findings of supervision work completed between November 2013 and February 2014. In 2013, the CFPB conducted over 100 supervisory activities, including full scope reviews and follow-up examinations. They also plan to conduct approximately 150 supervisory activities in 2014. The CFPB reported that its supervisory work contributed to a public enforcement action against Bank of America and FIA Card Services, resulting in approximately $727 million in relief to consumers for illegal practices. The report also notes that recent nonpublic supervisory actions resulted in over $70 million in remediation for approximately 775,000 consumers.

The CFPB emphasizes in the report the importance of strong compliance management systems (CMS), which can mitigate potential risks to consumers and reduce potential violations of federal consumer financial law. Every CFPB examination must contain some level of CMS review, which aids an entity in the following: 1) establishing its compliance responsibilities; 2) communicating these responsibilities to employees; 3) ensuring that responsibilities are incorporated and met; and 4) ensuring corrective action is taken and systems and materials are updated as necessary. Although the CFPB does not mandate a particular CMS structure, it notes that effective CMS commonly includes: 1) board of directors and management oversight; 2) a compliance program; 3) a consumer complaint management program; and 4) an independent compliance audit. When the aforementioned four interdependent control components are strong and well-coordinated, the CFPB believes that a supervised entity is more likely to be successful at managing its compliance responsibilities and risks.

Recent examinations identified significant shortcomings in the CMS of some entities reviewed. One examination showed that the entity had inadequate written CMS policies and procedures, lacked sufficient board and management oversight of CMS, and lacked an effective compliance audit function. In another instance, examiners observed that a creditor that relied on a network of third party debt buyers to collect its debts failed to adequately assess the debt buyers' compliance with Federal consumer financial law. Consequently, CFPB examiners directed the creditor to take steps to ensure that its business arrangements with the debt buyers would not expose consumers to unwarranted risks.

The CFPB also examined several entities' compliance practices and found some violations of Federal consumer financial law. In one review, examiners reported that a debt collector that furnished information to consumer reporting agencies (CRA) failed to investigate disputed information, and instead directed the CRAs to delete the disputed accounts. The CFPB believes that debt collectors may be doing this because of an erroneous belief that this satisfies the investigation requirement, or alternatively, because furnishers assume that once the information is deleted, they are no longer furnishers with respect to the disputed information. Examiners directed the debt collector to investigate disputes it receives regarding the information that it has furnished. Several other examinations revealed that entities violated Regulation E when they failed to secure written authorization before initiating recurring electronic transfers from consumer's accounts. The CFPB's guidance emphasizes the importance of a reasonable investigation of disputed information to ensure the completeness and accuracy of the furnished information. The reasonability of an investigation will vary based upon the circumstances.

The report similarly found several violations of the Federal Debt Collection Practices Act (FDCPA) by one debt collector. The CFPB found that the debt collector engaged in repeated violations of the FDCPA by making approximately 17,000 calls to consumers outside of the appropriate calling times required by the FDCPA. The entity also violated the FDCPA when it repeatedly contacted more than 1,000 consumers; contacting some consumers as often as 20 times within two days. The CFPB also found that the same entity misled debtors by stating that it intended to prove the debt was owed in court, although the entity had no such intention. The CFPB found that in 70% of lawsuits initiated by the entity, when the consumer filed an answer, the entity would dismiss the suit due to a lack of documentation to support its claims.

It is imperative that industry participants become aware and have knowledge of the periodical reports released by the CFPB. This will help industry participants identify what is important to the CFPB, thus allowing them to adjust agency practices in accord with what the CFPB sets forth.