Magazine article The RMA Journal

CFPB Stresses: Robust Compliance Management: In His Latest Update, RMA's Regulatory Affairs Liaison Hits the High Points of Recent Regulatory Actions and Statements from the Consumer Financial Protection Bureau and the OCC

Magazine article The RMA Journal

CFPB Stresses: Robust Compliance Management: In His Latest Update, RMA's Regulatory Affairs Liaison Hits the High Points of Recent Regulatory Actions and Statements from the Consumer Financial Protection Bureau and the OCC

Article excerpt

In the fourth edition of its Supervisory Highlights report series, the Consumer Financial Protection Bureau (CFPB) reiterated the importance of robust compliance management systems (CMS) and also shared recent observations regarding short-term and small-dollar lending, consumer reporting, debt collection, and fair lending activities.

The CFPB noted that a well-developed CMS lessens risks to consumers and reduces the potential for violations of federal consumer financial law. The CFPB has said that every examination it conducts will contain some level of CMS review. While a particular structure for the system is not required, the bureau's experience has shown that an effective CMS commonly has four interdependent control components:

1. Board of directors and management oversight.

2. A compliance program.

3. A consumer-complaint management program.

4. An independent compliance audit.

The report said a strong compliance program consists of adequate policies and procedures, training, monitoring, and corrective action. The policies and procedures should be consistent with one another, and they should be written, followed, and approved by the board and leadership.

In responding to consumer complaints, entities are expected not only to address potential consumer harm in a single instance, but to identify major issues and trends that may evidence broader concerns. Audit programs should include an audit plan that takes consumer compliance risks into consideration. Audits should also include a process by which the institution reports its findings to appropriate leadership, responds to exceptions, implements corrective action, and monitors the results.

The CFPB recognizes the importance of third-party service providers to the operations of supervised entities. However, it expects entities to select providers carefully and to monitor their work and any complaints about their work. Importantly, the CFPB emphasizes that use of service providers does not absolve the entity of responsibility for complying with federal consumer financial law.

The report noted several deficiencies the CFPB had found in various nonbank entities it has reviewed, including in the areas of consumer reporting, debt collection, and payday lending. These deficiencies (which do not relate to insured depository institutions) are detailed in the report.

In addition, the CFPB has observed instances in which financial institutions lack adequate policies and procedures for managing the fair lending risk that may arise when a lender makes exceptions to its established credit standards. While exceptions may be appropriate if fully justified, the CFPB stressed the importance of maintaining adequate documentation and oversight to avoid increasing fair lending risk under the Equal Credit Opportunity Act and Regulation B. The CFPB pointed out that a strong compliance management system can mitigate fair lending risk related to credit exceptions by adequately documenting the basis for the exception, monitoring and tracking exceptions activity, and controlling any resulting fair lending risk.

The CFPB suggested that a strong CMS often contains the following elements related to fair lending:

* Policies and procedures that specifically define circumstances when the institution will allow exceptions to be made to its credit standards.

* Policies and procedures requiring documentation appropriate to the specific exception so that compliance with the exceptions policies can be monitored effectively.

* Document-retention requirements that correspond with the record-retention obligations of Regulation B (generally 25 months).

* Regular monitoring of compliance with all exceptions policies.

* Periodic audits for compliance with exceptions policies and procedures.

* Appropriate corrective action for noncompliance.

* Training for all relevant individuals. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.