It is clear that the Consumer Finance Protection Bureau has made the mortgage industry a top priority and its supervised entities have had to fall in line with its expansive rules and regulations quickly. Ultimately, companies subject to this agency’s authority and enforcement powers must understand the gravity of the new regulatory landscape, or face the repercussions for non-compliance. The truth is that the CFPB examinations can be daunting to those who are ill-prepared and uninformed of the process. The following provides insight of the methodology by which companies, partnered with third party vendors, should approach the examination process and better understand what is required of your organization to pass an exam with ease.
Implement an Effective Compliance Management Program
The CFPB’s top priority is compliance. During a CFPB examination, the agency will take an all-inclusive look at your business operations and activities, policies and procedures, compliance systems, results of examinations by other regulators, if any, consumer complaint history, and company response to complaints, to evaluate your commitment to consumer compliance. During such, examiners want to find evidence of sufficient board of directors or executive management oversight of the company’s compliance aspects. A "top-down" approach should be adopted, establishing a flow of communication from the board of directors or executive management to employees performing routine business functions, ensuring problems are identified and addressed quickly. Examiners want to be assured that board of directors and senior management are actively involved, in a documented way, in customer and consumer compliance. Therefore, best practices include having written minutes and supporting documents of the board of directors and committee meetings available to show involvement in consumer compliance issues. In addition, this formal, written compliance program should be administered by the chief compliance officer or another appointed official who can communicate the system to employees.
Ensure Third Parties Do Not Present Unwarranted Consumer Risks
The CFPB is specifically concerned when a company does not appropriately monitor third-party vendors; therefore, companies are required to do so using consistent risk-based procedures. It is essential to verify that your company conducts thorough due diligence to confirm the service provider understands and is capable of complying with the law. Request and review the third-party vendor’s policies, procedures, internal controls, and training materials to ensure proper compliance. Develop and maintain a close relationship with the third-party vendor to implement internal controls and on-going monitoring so as to determine their compliance and take prompt action to address any identified problems. In doing so, each entity ensures noncompliance issues do not "trickle up" or "trickle down" to one another. Moreover, these close relationships offer substantial benefits. Best practices are to review third party vendors’ compliance programs. Often, these third party independent providers have stronger compliance departments and may offer great insight of your company’s competitors’ practices.
Strictly Adhere to, Monitor and Document a Set of Customized Compliance Policies and Procedures
Overall the CFPB seeks to determine whether compliance policies and procedures are consistent with those approved by the senior management or board of directors, reflecting appropriate provisions and containing relevant disclosures required by new rules. They must also document the company’s actual practices, be reviewed by the board as appropriate, be maintained, modified and kept current, as well as account for all changes in the regulatory environment. Examiners will interview employees to assess whether the policies and procedures emulate company operations in reality. Therefore, it is prudent to make sure all employees are fully aware of policies and procedures and able to locate the most current versions of such documents.
Provide Frequent and Thorough Training for All Employees, Including Executives
The CFPB examiners will conduct interviews with employees to determine whether they have been trained adequately with CFPB requirements and regulatory laws, such as the Real Estate Settlement Procedures Act and the Truth in Lending Act. Compliance training must be current, complete, effective, directed to appropriate individuals based on roles, and commensurate with the size of the entity, as well as nature and risks to consumers presented by its activities. Training must be consistent with the company’s policies and procedures and be designed to reinforce them. Companies should ensure that documentation is readily available to examiners, evidencing ongoing training efforts. Examiners will request information such as: the training schedule, record of completion, and materials for compliance training of board members, executive officers, compliance professionals, managers and staff. Examiners may request and review samples of training materials and comprehension tests. Your company should be prepared to answer questions relating to changes in your training program, areas impacted by changes, who is responsible for developing course content, and what the consequences are for employees who do not complete training by assigned deadlines. The CFPB wants to see that risk-based periodic monitoring reviews are regularly scheduled and completed to identify procedural or training deficiencies within the business.
A Centralized Operation Handling Complaints Should Ensure Timely, Documented Responses to Them
Your company should establish channels through which customer complaints will be received and policies on how employees should report and resolve them. Since the CFPB’s focus is on the consumer experience, the agency will examine institutions’ customer treatment. It is vital for the company to track customer complaints in order to categorize and analyze the data, identify trends, and take action in response to those trends. Complaint trends, identified based on company specific and industry data, should be assessed and addressed. For instance, does your company offer employees incentive-based compensation programs for interacting with consumers? If not, it may be wise to implement such programs. After all, if a consumer’s complaint is not addressed properly by the company, the consumer may submit a complaint directly to the CFPB, which could place your company on the fast track to an examination.
Deborah Hoffman is the chief legal officer at Digital Risk.