This past November, in the wake of the Wells Fargo debacle, the CFPB issued a Compliance Bulletin which addressed employee incentives and the consumer risks associated with them. CFPB Compliance Bulletins are non-binding general statements of CFPB policy. The Bulletin noted that while businesses and consumers alike may benefit from the use of incentives when properly implemented and monitored, incentives may also lead to significant consumer harm when adequate risk controls are not in place.
Key to the CFPB’s November Bulletin is the CFPB’s articulation of what constitutes an effective compliance management system for addressing employee incentives. While effective compliance management systems are not contemplated to be a one size fits all proposition, the CFPB stresses they should take into account the risk, nature, and significance of the incentive program. The Bulletin describes an effective compliance management system as generally addressing the following:
Board of Directors and Management Oversight. An effective compliance management system will foster strong customer service and should take into account the following components:
- Board members and senior management should take into account not only the outcomes their incentive programs seek to achieve but also how they may incentivize outcomes that are harmful to consumers;
- Board members and senior management should authorize compliance personnel to design and implement compliance management elements which anticipate both intended and unintended outcomes and provide compliance personnel with sufficient resources to do so; and
- Board members and senior management should foster an environment that empowers employees to report suspected improper behavior.
Policies and Procedures. The CFPB notes that policies and procedures regarding incentives should provide:
- Sales/collection quotas tied to employee incentives should be reasonably attainable and transparent;
- Clear controls managing the risk inherent in each cycle of a product’s life including marketing, opening of the account, servicing the account and collection of the account;
- Mechanisms to identify conflicts of interest presented by supervisory employees who are covered by incentives but tasked with monitoring the quality of consumer treatment and satisfaction; and
- Fair and independent processes for investigating issues of suspected improper behavior.
Training. Training should be implemented and should:
- Address the institution’s expectations for incentives;
- Address the institution’s expectations and standards of ethical behavior;
- Identify and address common risky behaviors;
- Foster a greater awareness of areas for risk;
- Educate employees and service providers as to the terms and conditions of the institution’s products and services;
- Address regulatory and business requirements, including requirements for documenting consent (a point of emphasis in the wake of the Wells Fargo enforcement action)
Monitoring. Overall monitoring systems should track key metrics and outliers that may be indicative of abuse. Examples provided by the CFPB include:
- Employee turnover;
- Employee complaint rates;
- Analysis of termination statistics for trends and root causes;
- Spikes or trends in sales associated with an individual, group or product;
- Financial incentive payouts;
- Account opening/enrollment statistics by group and individual; and
- Account closures/product cancellation by group and individual.
Corrective Action. The Compliance Management Systems should provide for the prompt identification and implementation of corrective actions addressing any areas of weakness. The CFPB expects corrective actions to include:
- Termination of bad actor-employees (including managers) and service providers;
- Changes in the structures of incentive programs and training of affected employees;
- Remediation in the form of refunds to affected consumers;
- Identification, analysis and resolution of root causes of deficiencies; and
- Escalation to the Board and Senior Management, particularly where there is risk of significant harm to consumers.
Consumer Complaint Management Program. As was noted in the Wells Fargo Order and confirmed by the Bulletin, the CFPB expects institutions to collect and analyze consumer complaints for indications that incentives are leading to consumer harm or violations of law in order to identify and resolve the root causes of any such issues.
Independent Compliance Audit. The CFPB expects Compliance Management Systems to provide for periodic independent compliance audits. Institutions’ Compliance Management Systems should, therefore:
- Provide for and schedule audits for all products subject to incentives. Audits should address incentives and potential consumer risks;
- Ensure audits are conducted independently of both the compliance program and business functions; and
- Ensure all necessary corrective actions are promptly implemented.
Financial institutions who use incentive programs should take some comfort in the fact that the CFPB acknowledges that incentive programs, when properly implemented, may be beneficial to the marketplace. At the same, time, financial institutions should be aware that incentive programs are being carefully scrutinized. It is, therefore, incumbent on financial institutions to carefully review their compliance management programs as to incentive programs. The level of specificity provided by the CFPB Bulletin suggests that this will likely be the measuring stick used in current and upcoming examinations and that incentive programs will be a point of emphasis by regulators in general.