The Consumer Financial Protection Bureau (CFPB) has issued the first edition, or “Version 1.0,” of its Supervision and Examination Manual. The manual will be used in CFPB examinations of insured depository institutions and credit unions with more than $10 billion in assets and their affiliates.
Part I. The first of the manual’s three parts contains an overview of the CFPB’s supervision and examination process. According to the manual, the CFPB’s supervision process will (1) focus on an institution’s ability to detect, prevent, and correct practices that present a significant risk of violating the law and causing consumer harm, (2) be driven by data on the activities of entities the CFPB supervises, the markets in which such entities operate, and the risks their activities present for consumers in those market, and (3) apply consistent standards to the supervision of bank and non-bank entities to the extent possible.
This part of the manual also reveals more about the examination process itself. The CFPB states that it will schedule examinations of large banks and their affiliates based on an assessment of consumer risk and the Dodd-Frank Act’s requirement that the CFPB coordinate its examinations with those of federal prudential regulators and state regulators. Supervised entities, it says, “will generally” receive advance notice of an upcoming examination and, in addition to regularly scheduled examinations, the CFPB expects to conduct target and horizontal reviews. In a target review, the CFPB will look at one entity that is the subject of a significant volume of complaints or another particular concern, while in a horizontal review, the CFPB will look at multiple entities to examine issues arising from particular products or practices.
As for examination results, the manual states that whether the CFPB will address negative examination findings through informal supervisory measures or formal enforcement action will depend on the problem found and the severity of consumer harm, with self-correction to be encouraged when appropriate. In addition to using the examination procedures of the Federal Financial Institutions Examinations Council for specific federal consumer financial protection laws, the CFPB intends to assign compliance ratings using the FFIEC’s Uniform Consumer Compliance Rating System.
Part II. The manual’s second part details procedures for examining an entity’s compliance management system as well as its compliance with specific federal consumer financial protection laws and regulations. Among such “laws and regulations” is the Dodd-Frank Act’s prohibition of “unfair, deceptive or abusive” acts or practices. In setting forth the standards for such acts or practices, the manual tracks the language of the Dodd-Frank Act. The guidance the manual provides to examiners for identifying such acts or practices includes examples of enforcement actions brought by other regulators and states that such examples “may inform [the] CFPB’s determinations.”
Also included in the manual’s second part are mortgage servicing examination procedures, which were the subject of a prior legal alert. They represent the first of the examination procedures “organized by product and line of business” that the CFPB intends to include in the manual. Presumably, those procedures will be added once a director is confirmed and the CFPB can exercise its supervisory authority over various non-bank consumer financial service providers such as payday and private student loan lenders and providers considered to be “a larger participant of a market for other consumer financial products or services.” (Click here for our prior legal alert on the markets the CFPB has identified for purposes of determining the “larger participants” it will supervise.)
Part III. The third part of the manual contains templates for an institution profile, a risk assessment, an examination scope summary, a supervision plan, and an examination report. The risk assessment is to be used in pre-examination planning. It lists various factors that increase the (1) risk that unfair, deceptive, or abusive acts or practices, discrimination, or other violations of consumer financial protection laws will occur, or (2) difficulty of managing compliance in an entity. Examiners are instructed to rate each factor and comment on the basis for the rating assigned. Examiners are similarly instructed to provide ratings and comments for various considerations bearing on the quality of an entity’s consumer compliance risk controls and mitigation.