CFPB Officially Mandates Compliance Infrastructure
The Consumer Financial Protection Bureau recently released examination procedures. As opposed to the examination guidelines, these are mandatory procedures that will be utilized both by federal and state regulators to evaluate the compliance of lenders. Literally, the procedures start with the following objective: “To appraise the quality of the financial institution's compliance management system ”
Indeed, the beginning section of the procedure mentions that auditors will interview management and organizational charts to “determine whether the financial institution's internal controls are adequate to ensure compliance.” Regulators will also review compliance and audit work-papers to ensure that significant deficiencies and root causes are identified and reported to management, and that corrective actions are promptly undertaken. The CFPB’s procedures will focus on determining an institution’s ability to identify the adequacy of systems used “daily” to detect compliance problems and initiate prompt corrective actions. In short, the initial focus of audits will be the institution’s compliance infrastructure.
In addition the procedures institute requirements for determining compliance with new loan officer compensation laws and adherence to ability to repay standards, focusing on the availability of documentation confirming adherence to these new laws. As such, a key understanding to what is and is not permissible and appropriate record keeping are now an essential audit focus in these areas.
Lenders must understand that the world has now “officially” changed. Instituting a compliance management system is truly inevitable and essential to continued business operation. Lenders whose compliance is generally limited to loan level evaluation should immediately take steps to augment their compliance to ensure it is sufficient to meet the standards that have now become law. Not only will poor audit findings result in fines and increased future scrutiny, but more importantly they will impede business relationships with potential or existing partners wishing to avoid the possibility of horizontal audits and/or inquiries relating to failed third party due diligence.