Having a proactive compliance system can protect a company. Not having one leaves a firm exposed.
Having a proactive compliance system can protect a company. Not having one leaves a firm exposed. Fotolia

Last week, the Consumer Financial Protection Bureau entered into a consent decree with Wells Fargo for over $34 million as well as a consent decree with Chase for nearly $1 million. This arose out of an alleged illegal kickback scheme where the banks’ loan officers purportedly received money and other benefits for steering customers to a specific title company.

What is particularly noteworthy about the case is that the CFPB fined a specific loan officer and banned him from the industry for 24 months, for allegedly participating in this kickback scheme by receiving payments through his then-girlfriend. Moreover, while the alleged kickback in question appeared to have been somewhat isolated to a relatively limited number of Wells’ and Chase’s loan officers, the CFPB levied fines because the banks “failed to take action to stop the practices and did not have an adequate system in place to identify these violations.” In contrast, an unnamed institution—who also had loan officers participating in this alleged kick-back scheme—self-identified the practices and terminated the loan officers involved.  That institution was not penalized despite the actions of its loan officers.

This case underscores the importance of training, practices, policies, supervision and most importantly implementation. The CFPB does understand that employees will act independently, and that institutions cannot always control their behavior. However, having appropriate compliance controls in place to avoid, identify and when necessary remediate compliance violations can and will make a major difference in any potential regulatory response. The CFPB has made this clear from the issuance of its first compliance manual and continues to demonstrate this philosophy in the consent decrees issued (and not issued) last week.