The CFPB published its Fall Supervisory Highlightslast week, highlighting its examination observations across various financial products for examinations conducted between May and August 2016. The Report highlights key findings made by the CFPB and provides insight into the current focus of the examiners. The current edition of Highlights reveals a heavy focus on compliance management systems across product types. Because of the volume of information in the Report, we will break down the Report over several blog posts in the coming week.
There’s a country song that says “it’s all about that bass”. In the case of regulatory compliance, it’s all about that compliance management system. Nowhere is that more evident than in this issue of the CFPB’s Supervisory Highlights. Throughout the report, the CFPB highlights and defines what constitutes a strong compliance management system (“CMS”) and what does not. It is clear that the CFPB is honing in on a theme which has become prevalent throughout many of its enforcement actions: “beneficial practices centered on good compliance management systems” go a long way.
To that end, the Report provides insight into what constitutes a strong CMS. Particularly, the Reports singles out the qualities of strong compliance management systems in automobile finance, debt collection, mortgage and fair lending. Generally, what constitutes a compliance management system is dependent upon the size of the business, its risk profile and its operational complexity. The Report noted, however, that that a strong compliance management system generally reflects:
- Strong and active boards and management oversight. The Report set forth the expectation that boards and management:
- Demonstrate clear expectations about compliance;
- Have an adequate compliance audit program;
- Adopt clear policy statements regarding consumer compliance; and
- Ensure that compliance-related issues are raised to the board of directors or management.
- Policies and procedures to address compliance with all applicable consumer financial laws relating to the product;
- Current and complete compliance training designed to reinforce policies and procedures that is tailored to job functions and updated as needed;
- Adaptive internal controls and monitoring processes which provide for timely corrective actions where appropriate;
- Policies and procedures setting forth clear expectations for timely handling and resolution of complaints;
- Processes for appropriately escalating and resolving consumer complaints including analysis for root causes, patterns or trends;
- Processes for escalating identified violation trends to management for proposed changes to policies and procedures;
- Comprehensive audit programs that are independent of the compliance program and business functions; and
- Strong oversight of service providers commensurate with the risk and complexity of the processes or services provided.
Institutions need to view their compliance management system as part of an eco-system that is always changing. Compliance management systems should be reviewed on an ongoing basis and remain adaptive. While a strong compliance management system may not prevent violations and regulatory irregularities, it certainly can mitigate the damage and the most recent Supervisory Highlights makes clear that the CFPB continues to make them a point of emphasis.