(OnlineEd – September 26, 2012) Compliance management requirements for all non-banks have reached a new level with the new Consumer Financial Protection Bureau (CFPB) Examination Manual. According to the CFPB’s Web site:
“The CFPB’s approach to non-bank examination will be the same as its approach to bank examination. It may include a combination of any of the following tools: requiring nonbanks to file certain reports, reviewing the materials the companies
actually use to offer those products and services, reviewing their compliance systems and procedures, and reviewing what they promised consumers. In general, we will notify a nonbank in advance of an upcoming examination.”
While the CFPB has not specified just how much notice they will provide prior to an exam, some non-bank companies have been warned of a CFPB audit up to three weeks in advance. That is an improvement over some state audit notifications, which are often no more than a couple of days. However, given the magnitude and uncertainty regarding what they will be looking for, three weeks seems hardly long enough to prepare. One comprehensive area of CFPB compliance review that is new to most non-banks is policies, procedures and training. It is important for all non-banks to pay attention to this new requirement, as non-compliance can have a pronounced negative effect on the outcome of the exam.
CFPB Examination Procedures
First, let’s review the purpose of the CFPB examination. The CFPB Supervision and Examination Manual is a guide demonstrating how the CFPB will supervise and examine consumer financial service providers under its jurisdiction for compliance with federal consumer financial law. Completing the examination modules allows examiners to develop a thorough understanding of mortgage loan originators’ and lenders’ practices and operations.
Understanding the Compliance Management Review
General Principles and Introduction
The CFPB refers to those under its supervision as “Supervised Entities.” Supervised entities within the scope of CFPB’s supervision and enforcement authority include both depository institutions and nondepository consumer financial services companies. According to the CFPB, the goal of the supervised entity is to maintain legal compliance. A supervised entity must develop and maintain a sound compliance management system that is integrated into the overall framework for product design, delivery and administration. Supervised entities are also expected to manage relationships with thirdparty service providers to ensure that these providers effectively manage compliance with federal consumer financial laws applicable to the product or service being provided. The CFPB expects every regulated entity under its supervision and enforcement authority to have an effective compliance management system adapted to its business strategy and operations. Each CFPB examination will include review and testing of components of the supervised entity’s compliance management system. The initial review will help determine the scope and intensity of an examination. The findings of more detailed reviews and transaction testing will determine the effectiveness of the compliance management system and whether enhancements or corrective actions are appropriate. Compliance may be managed on a firm or an enterprise-wide basis, and supervised entities may engage outside firms to assist with compliance management. However an entity chooses to manage compliance they are expected to comply with federal consumer financial laws and appropriately address and prevent violations of law and associated harms to consumers through its compliance management process. The CFPB expects that compliance management activities will be organized within a firm, legal entity, division, or business unit in the way that is most effective for the supervised entity.
What are the components of an effective compliance management system?
The CFPB advises in its Manual that “A sound compliance program is essential to the efficient and successful operation of the supervised entity, much as business plan.” A compliance program includes several components, two that many organizations are not prepared for include:
- Policies & Procedures
The CFPB outlines that a supervised entity should establish a formal, written compliance program. This program should be a planned and organized effort to guide the entity’s compliance activities. There should be a written program that represents an essential source document that may serve as a training and reference tool for employees. The CFPB cites that “A well-planned, implemented, and maintained compliance program will prevent or reduce regulatory violations, protect consumers from non-compliance and associated harms, and help align business strategies with outcomes.”
All non-banks must have a compliance program in place
The examination objectives and procedures for the compliance program of the supervised entity are outlined in the Manual. Below we will review two elements of the compliance program which include policies and procedures and training.
Policies and procedures – Examination objectives
The CFPB expects that compliance policies and procedures be documented and in sufficient detail to implement the boardapproved policy documents. Examiners will request and review compliance policies and procedures. They will discuss elements with compliance officers or other responsible officers and employees of the supervised entity. Here is a short list of what examiners will look for:
- Request and review policies and procedures related to consumer compliance, including federal consumer financial laws and policies and procedures related to offering consumer financial products and services.
- Review policies and procedures to determine whether and how they address new or amended federal consumer financial laws and regulations since the preceding examination or since the most recent consumer compliance examination by a state or prudential regulator, if applicable, if this is CFPB’s first examination.
- Request and review policies and procedures to determine whether they cover consumer financial products or services introduced since the preceding examination or since the most recent consumer compliance examination by a state or prudential regulator, if applicable, if this is CFPB’s first examination.
- Review policies and procedures relating to compliance with specific regulatory requirements (such as the privacy of consumer financial information) and their implementing procedures.
- Review policies and procedures for products in which employee compensation structures, pricing or underwriting discretion, or other features may pose heightened risk of unlawful discrimination.
- Review policies and procedures designed to ensure that the entity’s third-party service providers comply with legal obligations applicable to the product or service of the examined entity and the provider.
- Review policies and procedures for record retention and destruction timeframes to ensure compliance with legal requirements.
- If compliance procedures are embedded in automated tools or business unit procedures, determine that a qualified compliance officer or contractor reviewed these tools for consistency with policies and procedures and compliance with applicable federal consumer laws and approved them for the purpose for which they are utilized.
What examiners will be looking for in your training program:
The CFPB notes that education is essential to maintaining an effective compliance program. They note that all executives should receive sufficient information to enable them to understand the entity’s responsibilities and the commensurate resource requirements. Management and staff should receive specific, comprehensive training that reinforces and helps implement written policies and procedures. The company should also include requirements for compliance with federal consumer financial laws. This includes prohibitions against unlawful discrimination and unfair, deceptive and abusive acts and practices.
Examiners will be looking to see that the following is being met in a company’s training program:
- Compliance training is current, complete, directed to appropriate individuals based on their roles, effective, and commensurate with the size of the entity and nature and risks to consumers presented by its activities.
- Training is consistent with policies and procedures and designed to reinforce those policies and procedures.
- Compliance professionals have access to training that is necessary to administer a compliance program that is appropriate for that supervised entity and its business strategy and operations.
Training – Examination procedures
Examiners will request and review training records and interview management and staff to evaluate this portion of the compliance program. Examiners will be looking to the following for training compliance:
- Request and review the schedule, record of completion, and materials for recent compliance training of board members and executive officers.
- Determine the involvement of compliance officer(s) in selecting, reviewing, or delivering training content.
- Request and review policies, standards, schedules, and records of completion for compliance-specific training of compliance professionals, managers, and staff, and documents demonstrating that third-party service providers who have consumer contact or compliance responsibilities are appropriately trained.
- Request and review samples of the content of training materials and comprehension tests, including training related to new regulatory requirements, new products or channels of distribution, and marketing (including scripts).
- Request and review training developed as a result of management commitments to address monitoring, audit, or examination findings and recommendations or issues raised in consumer complaints and inquiries.
- Determine whether the program is designed to provide training about the specific regulatory requirements relevant to the functions of particular positions, such as the Truth-in-Lending Act (TILA) for loan officers, Fair Lending, Equal Credit Opportunity Act (ECOA), Home Mortgage Disclosure Act (HMDA), etc.
- Review records of follow-up, escalation, and enforcement for units with training completion rates that do not meet the supervised entity’s standards or deadlines.
- Request and review the supervised entity’s plans for additions, deletions, or modifications to compliance training over the next 12 months and any plans for changes to the overall training resources and compare actual training activities to prior plans.
- Draw preliminary conclusions about the strength, adequacy, or weakness of the training element of the compliance program, and select lines of business, organizational units, or other areas for more detailed review and testing.
This means that companies will need to have a complete and comprehensive training program in place that not only delivers training but also provides for the accountability to show Examiners content delivered in training programs, who attended and how often training is received.
What steps should you take NOW in order to prepare?
- Review and update your policies, procedures and compliance manual. If you do not have policies and procedures, get them now!
- Develop your training program for your staff. If you do not have a training program get signed up for one and make certain it provides your company with the ability to offer all the training you will need.
- Keep records of your training. This includes material, testing and tracking of all staff. This is more than just your Nationwide Mortgage Licensing System & Registry (NMLS) Continuing Education.
- Size is not important. You may be a one person Mortgage Broker, but in the eyes of the CFPB, you are a “Supervised Entity” and expected to abide by the rules, regulations and compliance requirements just like the “Big Banks.”
The Dodd-Frank Act, when fully implemented, will help to promote consumer education and financial literacy. The longterm goal is to provide education for home buyers entering into the housing market and protect them from loans that are not fair or would not be in their best interest. With an increased knowledge of the risks associated with financing the purchase or refinance of a residential property home buyers will be able to make more education decisions. The best advice in understanding, complying with and implementing the changes that we will be seeing in the coming years is to be ready. This is REALLY important. It is no longer what you say, but what your customers understand. The best way to succeed with the Consumer Financial Protection Bureau is to be proactive.