The Consumer Financial Protection Bureau (“CFPB”) has published its Supervision and Examination Manual – Version 1.0 (“Manual”) to serve as a guide for CFPB staff in supervising and examining consumer financial services companies under the jurisdiction of the CFPB for compliance with the federal consumer financial protection laws enforced by the CFPB. The CFPB has indicated that the Manual is a work in process. The guidance will continually be refined in subsequent editions based on feedback from the examination staff at the CFPB, banking industry, non-depository financial services companies (“NDFSCs”), federal and state agencies, consumer advocates, and others.
Some of this will be familiar to you, since the Manual incorporates many of the examination procedures previously developed by the Federal Financial Institutions Examination Council (“FFIEC”) and adopts the same compliance risk management approach embodied in the compliance procedures previously used by the federal bank regulatory agencies, including the explicit adoption of the Uniform Consumer Compliance Rating System. The Manual is not, however, a carbon copy of prior examination guidance. The CFPB has clearly identified “risk to consumers” as the primary focus of its regulatory supervision, enforcement policy, and actions. The heightened attention to unfair, deceptive, or abusive practices and fair lending compliance is also evident in the Manual.
The Manual includes specific examination procedures for reviewing mortgage servicing practices. Although this is the only unique business line addressed in the first edition of the Manual, the CFPB intends to add examination procedures organized by other product and business lines in subsequent editions of the Manual.
The Manual is divided into three parts that address the supervision and examination process, outline the examination procedures, and provide templates for documenting compliance examinations.
Part I - Compliance Supervision and Examination
The CFPB has indicated the following main principles will guide its examination processes: (1) focus on consumers, (2) data driven, and (3) consistency. Although the first principle should come as no surprise to the industry, the repeated recitation of this core principle throughout the Manual serves to highlight this new overarching “tone at the top” at the CFPB.
The CFPB has indicated its examinations will focus on an institution’s ability to detect, prevent, and correct practices that present a significant risk of causing harm to consumers or that violate the law. The CFPB has defined “risk to consumers” as “the potential for consumers to suffer economic loss or other legally-cognizable injury (e.g., invasion of privacy) from a violation of Federal consumer financial law.”
This “potential” for risk to consumers will be evaluated based on the risk of unfair, deceptive, or abusive acts or practices, discrimination, or other violations of federal consumer financial laws inherent in a particular line of business or in the entity as a whole. This inherent risk may arise from one or more the following factors:
- Nature and structure of the products offered;
- Consumers to whom products are offered;
- Marketing methods and sales organization;
- Ongoing customer relationship management;
- Complexity of organization; or
- Other factors that generally increase the difficulty of managing compliance in an organization
The assessment will assign a rating of “low,” “moderate,” or “high” to each of these categories and these ratings will be used in determining the “Risk Summary” for an entity. The Risk Assessment Template included in Part III of the Manual outlines the specific factors that will be reviewed under each of these six categories. For example, the following factors, among others, will be considered in assigning a risk rating under the first category above:
- Whether the profitability of the product is dependent upon penalty fees;
- Whether the terms of the product are subject to change at the discretion of the entity (and the entity has frequently changed the terms);
- Whether the pricing structure and other features and terms are combined in a manner that is likely to make the total cost of the product difficult for consumers to understand; and
- Whether credit decision-makers have wide discretion is setting terms and features of products
The CFPB and its examiners will also evaluate the level of risk to consumers based on the quality of controls available to an entity to manage and mitigate these inherent risks and the direction of and expected changes in such risks within a particular company and industry. The overall risk assigned to an entity will be determined based on the identified inherent risks as mitigated or increased by the strengths and weaknesses of the internal controls to address those risks.
To add to the less-than-clear standard of “potential” risk to consumers, the CFPB will also evaluate an unusual and amorphous factor: the risk that a supervised financial institution will not comply with consumer financial services laws. The CFPB does not outline the methods it intends to use to identify and quantify this risk factor in its assessments.
NDFSCs will be identified for examination based on their risk rating under a system referred to as the “Nonbank Supervision Risk Analytic and Monitoring” system (“RAM”). This system will rank the risk of each NDFSC based on the first main principle, “risk to consumers.” Although the CFPB has identified other factors that may be evaluated in identifying target NDFSCs, such as a company’s asset size and volume of consumer financial transactions, and the extent of current state oversight; these other factors appear to be relevant only to the extent that they further define the level of risk to consumers. NDFSC examinations will be conducted using the same ratings and general examination processes, including the preparation of a Risk Assessment and Examination Scope Summary, used for all other supervised entities. A Supervision Plan template, as described in Part III of the Manual, will not be used for NDFSCs.
The timing of regular examinations for large depository institutions and affiliates will be determined based on two considerations: (1) an assessment of the risks to consumers and (2) the maintenance of consistency with the examination schedules of other regulatory agencies.
The CFPB has noted that every examination will include a review of compliance management; any potential unfair, deceptive, or abusive practices; and regulatory compliance matters presenting risks to consumers. Every examination of lending will also include a review for discrimination issues.
In addition to regularly scheduled examinations, the CFPB intends to conduct targeted reviews focusing on a single entity and a particular situation that may be of concern due to the number of consumer complaints to the CFPB, for example. The CFPB will also conduct horizontal reviews across multiple entities to review issues arising from particular product offerings or business practices.
Parts II and III - Examination Procedures and Templates
Part II of the Manual includes separate sections addressing the following: Unfair, Deceptive, or Abusive Acts or Practices; Equal Credit Opportunity Act; Home Mortgage Disclosure Act; Truth in Lending Act; Real Estate Settlement Procedures Act; Homeowner’s Protection Act; Consumer Leasing Act; Fair Credit Reporting Act; Electronic Fund Transfer Act; Truth in Savings Act; Privacy of Consumer Financial Information; and Mortgage Servicing Examination Procedures. Part III of the Manual includes a Risk Assessment template, Examination Scope Summary template, and a sample Examination Report. Three of the substantive areas addressed under Part II of the Manual are highlighted in this summary.
Unfair, Deceptive, or Abusive Acts
The Manual includes examples of unfair, deceptive, or abusive acts or practices. Unfortunately, the examples provided reflect specific fact patterns from prior enforcement actions by the Federal Trade Commission and the federal bank regulatory agencies so the guidance does not shed new light on the CFPB’s view of these practices and its new rulemaking, supervisory, and enforcement authority in this area.
Equal Credit Opportunity Act
The CFPB has temporarily adopted the FFIEC Interagency Fair Lending Examination Procedures to serve at its guide in examining institutions for compliance with the Equal Credit Opportunity Act (“ECOA”). The CFPB will, however, modify those procedures as needed to reflect that the CFPB does not have supervisory authority for Fair Housing Act compliance issues.
Mortgage Servicing Examination Procedures
The Manual outlines specific procedures CFPB examiners will use in reviewing the mortgage servicing practices of any entity, whether acting on its own behalf, for an affiliate, or for others. The examination procedures are divided into nine modules addressing the servicing life cycle from transfers to foreclosures. The underlying themes of unfair, deceptive, and abusive acts and practices and fair lending permeate the procedures. For example, the CFPB intends to look for fair lending concerns in connection with the sale of optional products, such as debt cancellation, dept suspension, or other similar products or services. Examiners are, among other things, instructed to determine whether such products are marketed to target groups, such as minorities. The CFPB also intends to review the loss mitigation activities of servicers to determine whether such activities may raise concerns of disparate impact or disparate treatment of consumers in violation of the ECOA.
The Manual was published on October 13, 2011. Suggestions regarding the Manual may be sent to CFPB_Supervision@cfpb.gov. Since the Manual will be updated periodically, comments may be submitted at any time. A copy of the Manual is available at http://www.consumerfinance.gov/guidance/supervision/manual/.