The Consumer Financial Protection Bureau has formalized a trend toward regulators holding the industry increasingly responsible for having a mechanism in place to police their own compliance, and they are nearing the point at which they might be starting to make sure the industry is in fact doing this.
"The entire way this industry is going to be regulated is going to change" as a result of the CFPB, attorney Ari Karen of Offit Kurman told this publication.
He said the 800-plus-page guide the CFPB released in March shows compliance is becoming "a fundamental aspect of the business" permeating through all aspects of operations up through the organization.
Management has to be aware and responsible for compliance, because it is now "incumbent on every individual to make sure that the entity is in compliance," he said, to the point where aware of compliance could become part of performance ratings and salary considerations.
No longer can companies use lack of awareness of a compliance issue or that they did not train their people to address it as an excuse, said Karen. Regulators, he said, "want this to be an affirmative duty" to the point of being proactive about finding and addressing online complaints and encouraging whistleblowers, for example.
"There are going to have to be transparent decisions made," Karen said.
He also noted that companies must have a sort of point person for compliance who can report to their boards.
This role can be filled by a third party or someone who works in-house, and they can be part time or full time.
Whoever takes on the role, they have to be responsible for quarterly audits of various systems in the company. They must be up on all the latest legal issues that affect the industry as well as long-standing rules, from fair lending and good-faith estimates to Gramm-Leach-Bliley, the Real Estate Settlement Procedures Act and rules governing affiliated business arrangements, Karen said.
He said this might be a particular challenge in terms of cost for small or midsized companies who have not had to had to have such a large and pro-active compliance operation until now.
It is a tough challenge, but one possible to address, Karen said.
"I don't think you should jump off a bridge" because of it, he said. But he suggested that companies start working sooner than later about "how to staff this."
While it is not required that companies hire a third party as their point person for compliance, needs to be a third party, he stressed that regulators are clear that "they want independence."
He said his law firm is helping small to midsized companies by charging a flat fee for a certain period of time to have a designated attorneys helps them to tap into economies of scale and talent they may not otherwise be able to access given the widespread need and competition to hire that has resulted due to the CFPB's legal changes.
Karen said he is concerned some in the industry are not getting the message yet about how proactive they should be. When it comes to the loan officer compensation rule, for example, he said there are still a lot of companies "doing it wrong" and not being strict enough about things like the line that needs to be drawn between "producing" and "nonproducing" branch managers.
He warned that examiners actions will not focus on whether a law was violated but whether or not companies did research to make sure their processes were compliant, something they are now required to do.
This is the case not only with the CFPB but also part of a widespread trend that has been spreading to other regulatory entities.
He cited the example of a HUD audit he was aware of where one branch used a particular trade while another used a different one for marketing reasons and they didn't demonstrate the link to underlying entity, so the website identifying them in this way had to be shut down.
Sanjeev Dahiwadkar, president and CEO of industry technology provider Indisoft, said as a result of the need to ensure processes incorporate demonstrable compliance quality assurance and workflow vendors like his company also have to ensure that their offerings are designed to educate and train users based on each company's rule set.
"Technology is not now limited to some software screen but it is helping the end-user comply," he said.
It can do this by walking the user through the process in such a way that those involved—from the servicer to auditors and regulatory agencies—are supported on a collaborative "need to know" basis.
Such technology, Dahiwadkar said, plays a particularly crucial role when it comes to the staff companies now must have to do they have to do their compliance reviews under the CFPB's guidance.
