In the recently released CFPB enforcement guide, the newly formed agency clearly announced that it expected lenders to begin to institutionalize compliance to enhance monitoring, training and avoidance of errors and complaints. Federal agencies are already beginning to internalize this self-policing perspective.
I recently had an interaction with a regulator who detected a problem with some actions undertaken by a branch of a company.
Although the branch had clearly engaged in certain technical violations concerning its advertising, the company-upon being notified as such in connection with the audit-immediately took corrective action fully resolving the problem and disciplining the branch manager.
Given the nature of the violation and the prompt remedial action, I was surprised the auditor became so focused on how the violation had occurred and why it had not been previously detected. The auditor seemed less focused on the violation itself and much more concerned about the internal institutional failings that resulted in the violation and its non-detection.
The auditor was highly interested in the training of branch managers, internal monitoring of websites, and internal policies and procedures that, in her opinion, caused the violation and its non-detection. Indeed, it was the failings in this regard-manifested by a technical violation that had not harmed any consumer-which became the focal point of the audit.
Moving forward, I expect more auditors will begin to focus upon overall institutional compliance. Training, monitoring, developing policies and procedures, and maintenance of adequate compliance staff are becoming paramount in audits.
Lenders must recognize that it is no longer just a question of whether there are violations, but rather, the extent to which a lender has internal compliance procedures sufficient to prevent ad detect problems. This trend will continue and lenders should be taking a close look at institutional compliance before auditors undertake such examinations.
