Preparing for a world of heightened oversight can be tricky. Here are four key areas where you should expect to be scrutinized by the Consumer Financial Protection Bureau.
Elvis was still a headliner when I was a rookie examiner with a federal regulatory agency, conducting a compliance examination of a mortgage department in a large bank. The work consisted of reviewing a stack of paper-based mortgage loan files for technical compliance with the Truth in Lending Act (TILA), Real Estate Settlement Procedures Act (RESPA) and the flood insurance regulations. [paragraph] We also looked at a sample of adverse action notices and advertisements to ensure compliance with Equal Credit Opportunity Act (ECOA), Fair Housing Act and Fair Credit Reporting Act (FCRA) requirements, and checked to see that required notices were posted in the bank's lobby. [paragraph] We gave bank executives an exception-based presentation of the results of our examination that offered no root cause analysis and did not invite any dialogue or provide any recommendations for how to prevent violations in the future.
The bank was asked to respond as to how it would correct the violations; supervisory follow-up ended when the regulator was satisfied the violations were being addressed. Two years later, we would be back to do the same thing.
Compared with today's examination experience, it was a simple exercise. The body of regulation was palpably smaller, the emphasis was on technical compliance rather than consumer protection, and little attention was given to the management or administration of the compliance function in the bank.
My, how times have changed.
Today's regulatory and supervisory environments expect considerably more from both examiners and regulated institutions. These heightened expectations are an outgrowth of the tumultuous effect of a number of serious breakdowns over the past several decades. These breakdowns culminated most recently in the subprime and ensuing mortgage foreclosure crises, and concomitant legislative solutions--principally the Dodd-Frank Wall Street Reform and Consumer Protection Act, which brought us the Consumer Financial Protection Bureau (CFPB), an agency with tremendous (and arguably unprecedented) authority, power and reach.
CFPB critics routinely voice their concerns about the agency, the regulations it issues and its approach to supervision. The agency is methodically taking on many of the consumer-protection issues that have languished in the lending business for the past 30 years. The CFPB has refocused attention on consumer rights and how consumer risk affects a financial institution.
Organizations that have never been subject to routine examination by a federal regulatory authority are flummoxed by an entirely new supervisory rubric. Yet so are many who have received examinations over the years.
Wolters Kluwer Financial Services issued its latest Regulatory & Risk Management Indicator report for the U.S. banking industry in March, which revealed 67 percent of the nearly 400 financial institutions surveyed were "concerned with the ability of their organization to keep track of changing regulations."
Sixty-nine percent of respondents were concerned with their ability to maintain compliance with changing regulations, while 66 percent lacked confidence in their ability to demonstrate compliance to regulators.
These results indicate a slight uptick in the levels of concern measured in the same survey a year ago. The industry is on alert, and the cascade of mortgage regulation in the past year is challenging to even those otherwise adept at regulatory change management.
So, what can an organization do to adapt to life under CFPB supervision, and even thrive in this brave new world of regulatory oversight?
One way is to take a closer look at four areas that the CFPB has given considerable attention to in public presentations, guidance documents and examination manuals. These are also the areas that most frequently arise in conversations with industry and trade group representatives about CFPB supervision.
I will examine these four areas and highlight lessons learned, explore CFPB management expectations regarding compliance responsibilities, and provide additional commentary and guidance.
The four areas are:
* compliance management systems (CMS);