The CFPB continues to emphasize the importance of adopting a compliance management system.   Put simply, all consumer finance companies, large and small, need to have a good compliance management system in place.  The CFPB Supervision and Examination Manual explains, “[T]he CFPB expects every regulated entity under its supervision and enforcement authority to have an effective compliance management system adapted to its business strategy and operations.”

As we have discussed in a previous post, an effective compliance management system needs to include four key components: 1) board of directors and management oversight, 2) a comprehensive written compliance program, 3) a consumer complaint response protocol, and 4) a compliance audit.  In today’s post, we discuss the fourth component—the compliance audit function.

Periodically, a finance company needs to conduct a compliance audit.  The CFPB Manual explains that the purpose of a compliance audit is to “review an institution’s compliance with Federal consumer financial laws and adherence to internal policies and procedures.”  The audit function should allow the board of directors or senior management to determine whether policies and procedures are sufficient to comply with Federal laws and protect consumers, and whether the company is actually complying with the policies and procedures that are in place.

The frequency and scope of the audit will depend on the size and complexity of the particular company.  Smaller companies with limited products will generally undertake an internal audit and/or work with company counsel, while larger, more complex companies should consider undertaking an external audit conducted by a compliance expert.

Additionally, the audit must be sufficiently “independent of both the compliance program and business functions that include customer sales or service.”  In other words, whether the audit is conducted internally or by a third party, it needs to take an objective look at the company’s compliance efforts.

Once the audit is complete, the results must be shared with the board of directors, senior management and other appropriate compliance staff.  If the audit reveals deficiencies in the company’s compliance efforts or gaps in policies and procedures, appropriate changes must be implemented in a timely manner.

The primary goal of a compliance audit should be to ensure compliance with the law—and, of course, to catch problems before the CFPB does.