Under the CFPB’s recently released enforcement guide, it explicitly requires that every lender have a chief compliance officer. This chief compliance officer does not necessarily need to be internal or full time. Rather, the chief compliance officer can be outsourced or part time, so long as the chief compliance officer is adequate and appropriate given the size and complexity of the institution’s operations and compliance needs.
Obviously, what is “adequate and appropriate” is a subjective determination, which will often be made in hindsight after a problem has arisen. Thus, retaining the services of a chief compliance officer with sufficient experience and training is a top priority for any lender. Of course, one mistake to avoid is to fill the position with existing staff that are either not competent to handle the role or do not have sufficient time to accomplish the requirements of the job. Also, it is critical that the chief compliance officer be free from conflicting job responsibilities and that their compensation not be tied to financial performance. Indeed, a chief compliance officer is expected to be able to self-identify problems and report those to management, along with recommendations for corrective action. Placing an employee who does not have sufficient aptitude to develop and present such a report to a board of directors and/or who might have conflicting duties or financial incentives excludes them from consideration for the role of chief compliance officer.
Lenders should understand that the chief compliance officer position is—especially for entities that engage in business practices that the CFPB has flagged—a critical position. Indeed, lenders with decentralized operations (such as branches), who purchase marketing leads, or who provide loan officers with any level of pricing discretion, among other things, have to be cognizant to balance these practices/features of their business with a compliance department that is able to monitor and anticipate problems and self-correct when necessary. Without a chief compliance officer who truly understands compliance obligations and can affirmatively anticipate compliance needs, it is unlikely an entity can avoid problems with regulators and investors.
Again, many lenders can achieve sufficient compliance without creating and highly compensated management position for a dedicated chief compliance officer whose one and only job is compliance. Capable outsourced compliance staff or a part time management level position coupled with the use of existing staff may very well satisfy a lender’s compliance needs. However, simply utilizing existing staff with a business as usual approach to compliance could well be a recipe for significant problems (and fines or losses) later. The bottom line is that the world of compliance has changed and every lender needs to carefully examine whether the structure it has in place meets these new demands.