The CFPB expects that all companies will implement a comprehensive compliance management system (CMS), and a company’s CMS will be the first thing that the CFPB will want to see in an examination. In a previous post, we discussed the importance of adopting a CMS, and we summarized the general components that a CMS must include. Today, we delve deeper into one of the key components—board of directors and management oversight.
A central theme throughout the 924-page CFPB Supervision and Examination Manual is that all companies must implement a top-down compliance strategy. This means that a company’s board and/or senior management is ultimately responsible for the company’s compliance efforts. The CFPB Manual explains, “In a depository institution, the board of directors is ultimately responsible for developing and administering a compliance management system that ensures compliance with Federal consumer financial laws and regulations and addresses and prevents associated risks of harm to consumers. In a non-depository consumer financial services company, that ultimate responsibility may rest with a board of directors in the case of a corporation or with a controlling person or some other arrangement.”
To meet this obligation, the board and senior management must be involved with designing, implementing and administering the company’s CMS. For some companies this means appointing a qualified and experienced compliance officer who answers directly to the board or senior management.
Additionally, board and senior management oversight includes monitoring service providers, implementing appropriate training for employees, reviewing and managing consumer complaints, auditing and updating company compliance efforts from time to time, and requiring compliance reports at board meetings.
In the post-Dodd-Frank brave new world, finance companies need to seriously consider whether they are sufficiently staffing the compliance function. For larger finance companies that operate numerous branches under one corporate name or branches under different affiliated entities, a firm-wide dedicated full-time compliance officer is a necessity. For finance companies that operate a few or even just one location, a full-time compliance officer may not be feasible, but the board and/or senior management need to designate a person who is responsible for day-to-day compliance efforts. The bottom line is that the CFPB will want to see sufficient allocation of company resources based on the size and complexity of the company.
In sum, the CFPB expects to see a “culture of compliance” beginning with the board and senior management.