CFPB audits--a hot topic.

Author:Fulmer, Ann

JAN. 10, 2014, IS A DATE THAT LOOMS LARGE for mortgage lenders--because that's when the Consumer Financial Protection Bureau's (CFPB's) Qualified Mortgage/ability-to-repay (QM/ATR) rule goes into effect. The details of that rule, its multiple tweaks, and the operational and technological challenges posed by its implementation have dominated industry attention for seemingly forever.

Yet there's another compliance issue that has received much less public attention, but which loomed large at the Mortgage Bankers Association's (MBA's) September Regulatory Compliance Conference in Washington, D.C. That issue was CFPB examinations.

Representatives of the CFPB, attorneys and compliance officers all hammered home the same message:

* One of the bureau's primary concerns in an examination is the strength and effectiveness of the entity's compliance management process.

* Simply abiding by all of the applicable rules and implementing regulations is not enough to escape corrective-action orders.

* Supervised entities must be able to prove that they have an actively managed compliance process that fosters, and achieves, an enterprisewide culture of compliance.

The "recipe" (as one speaker at MBA's Regulatory Compliance Conference termed it) for meeting the CFPB's expectations is found in Part II, Section A of the bureau's October 201.2 Supervision and Examination Manual, version 2 ( In the introduction to that section, the CFPB states that to maintain legal compliance, a supervised entity must develop and actively maintain a compliance management system (CMS) that covers the entire product and service life cycle.

This system should be part of the day-to-day responsibilities of management and employees; issues should be self-identified; and corrective action should be self-initiated. The CFPB also states that each examination will include review and testing of components of the supervised entity's CMS.

While the bureau recognizes that the size and complexity of an entity's operations must be taken into account in an exam, it believes that an entity's compliance responsibilities and risks can be effectively managed with a CMS that includes:

* management and oversight by the board of directors (defined as the actual board as well as any "other individual or group exercising similar oversight functions");

* a compliance program;

* response to consumer complaints; and


To continue reading