On November 28, 2016, the Consumer Financial Protection Bureau issued a compliance bulletin entitled "Detecting and Preventing Consumer Harm from Production Incentives."[i] The bulletin describes the "significant" harm to consumers posed by incentive programs for employees or service providers that tie compensation to various benchmarks. These benchmarks can include the following:
- sales goals, including "cross-selling" products or services to existing customers;
- sales at higher prices where pricing discretion exists;
- quotas of customer calls; and
- collections benchmarks.
As CFPB Director Richard Cordray stated in an accompanying press release, "Tying bonuses and job security to business goals that are unrealistic or not properly monitored can lead to illegal practices like unauthorized account openings and deceptive sales tactics."[ii]
The CFPB bulletin describes the role of incentive programs in prior CFPB enforcement actions, including the recent Wells Fargo consent order. There, the CFPB imposed a $100 million penalty for "unfair" and "abusive" practices involving allegations that thousands of bank employees opened deposit accounts and issued credit cards without consumers' knowledge or consent so that the employees could satisfy sales goals and earn financial rewards.[iii]
The CFPB's bulletin describes the agency's expectation that companies using incentive programs institute effective controls and exercise oversight of employees and service providers. Below, we summarize the steps the CFPB has outlined for ensuring that a company's compliance management system (CMS) is "effective" with respect to incentives. We then discuss the implications of the bulletin and the Wells Fargo action for both financial services and other consumer-facing companies.
The CFPB's Expectations for Effective Compliance Oversight With Respect to Incentives
As the CFPB has "emphasized repeatedly," a robust compliance management system (CMS) is necessary to detect and prevent legal violations. With respect to incentives, the CFPB recognizes that a supervised entity's CMS should reflect the "risk, nature, and significance" of the incentive programs in place. The "strictest controls" will be necessary where incentives concern products or services "less likely to benefit consumers," reward outcomes "that do not necessarily align with consumer interests," or implicate a significant proportion of employee compensation.
The CFPB outlines the following steps that supervised entities may take (among others) to ensure their CMS is effective:
- Board of directors and management oversight
- The highest levels of corporate leadership should be committed to a culture of customer service and legal compliance with respect to incentives. The CFPB gives as an example "ensuring that consumers are only offered products likely to benefit their interests."
- Leadership should carefully consider any unintended consequences that might result from incentives structures and should empower compliance personnel to address these risks and provide them adequate resources for doing so.
- Leadership should set a "tone from the top" that encourages all employees to report problematic behavior without fear of retaliation.
- Compliance program
- Policies and procedures. Among other things, companies should ensure that any sales/collections quotas are "transparent to employees" and "reasonably attainable." They should implement "clear controls" for managing the risk of incentives at "each stage of the product life cycle," including marketing, sales (including account opening), servicing, and collections. Companies should also address "potential conflicts of interest" posed for supervisory personnel who are covered by incentives but also responsible for monitoring the quality of consumer treatment. Procedures should exist for reporting suspected improper behavior.
- Training. Companies should implement "comprehensive training" that addresses topics including: "expectations for incentives, including standards for ethical behavior," common risky behavior involving incentives, and regulatory and business requirements for obtaining and maintaining "evidence of consumer consent."
- Monitoring and corrective action. Companies should implement compliance monitoring programs that track specific metrics designed to flag improper behavior. For instance, monitoring trends in sales and incentive payouts could identity outliers worthy of further investigation. Companies should promptly implement corrective action to address incentive-related problems, including termination of employees, service providers, and managers, as necessary; changes to incentive structures; increased training; and consumer restitution. Corrective action should "ensure that root causes of deficiencies are identified and resolved."
- Consumer complaint management program. Companies should collect and analyze consumer complaints for indications that incentives are leading to legal violations or consumer harm.
- Independent compliance audit. Companies should schedule audits to address incentive issues across all products or services to which they apply. Audits should be "conducted independently of the both the compliance program and the business functions."
Following the CFPB's bulletin and the Wells Fargo action, banks and other consumer financial services companies should give serious consideration to engaging in a review of their incentive programs and related compliance programs. While not announcing any new elements, the CFPB's bulletin-both in tone and content-sets a demanding standard for such compliance programs. The standard also leaves much room for discretionary judgments as to which a regulator and a company may well disagree. For example, is a certain sales goal "reasonably attainable"? By what metric does a company determine that consumers are, in the CFPB's words, "only offered products likely to benefit their interests"? Unfortunately, the reasonableness of a company's programs will often be assessed in hindsight after legal violations have been discovered. Nevertheless, engaging in-and documenting-a formal review and enhancement of incentive programs and related compliance controls can strengthen a company's position in the face of regulatory scrutiny.
In addition to the CFPB's likely increased supervisory and enforcement focus on incentives,[iv] the federal banking agencies are likewise increasingly focused on this issue,[v] as is the New York Department of Financial Services (DFS). Indeed, the DFS recently issued guidance that warns its regulated banks that it will review incentive compensation arrangements as part of its regular examinations process, "including the review of processes in place in identifying and deterring misconduct, participation of frontline business units, effective risk management and internal audit, and effective oversight of the board of directors."[vi]
Finally, companies outside the financial services space should also consider reviewing their incentive programs and related compliance controls. As the CFPB bulletin notes, incentive programs are common in many industries and can lead to problems similar to those observed in the financial services sector, such as abusive debt collection practices and aggressive cross-selling of more expensive or add-on products to consumers for whom they offer little or no added value. The recent attention on this issue could well cause the Justice Department, the Federal Trade Commission, State Attorneys General, and other industry regulators to focus on sales and other incentives in consumer-facing businesses as potential progenitors of legal violations.
Associate Jessica Morton contributed to this client alert.