It is clear that the Consumer Finance Protection Bureau has made the mortgage industry a top priority and its supervised entities have had to fall in line with its expansive rules and regulations quickly. Ultimately, companies subject to this powerful agency's authority and enforcement powers must understand the gravity of the new regulatory landscape, or face the repercussions for noncompliance.
The truth is that the CFPB examinations can be daunting to those who are ill prepared and uninformed of the process. The following will provide insight of the methodology by which companies, partnered with third-party vendors, should approach the examination process and accumulate a better understanding of what is required of your organization to pass an exam with ease.
An Effective Compliance Management System Should Have an Independent Compliance Audit Component
The audit function for your compliance management system should be independent of the compliance program and business functions. Such an independent review program should exist to cover customer service and sales, and confirm compliance against the CFPB requirements. In addition, your company should engage in regular self-assessments or compliance audits. These audit results should be timely and accurately reported directly to the board of directors or senior management and should be indicative of whether policies and standards are being implemented effectively to deliver the level of compliance and consumer protection established by the company. The findings from compliance reviews and audits, controls, procedures, and etc. should be stored and easily accessible. Results should inform your company of compliance irregularities and should result in timely corrective action.
Satisfactorily Resolve All Issues Raised During Examinations Conducted By Other Regulators
The CFPB has access to information obtained on behalf of other agencies which relate to the CFPB's enforcement authority. Therefore, it is critical that your company resolves all issues raised during exams and inspections by other regulators because the CFPB will discover if you did not address a finding. In addition, evidence collected during a CFPB investigation of violations of consumer financial protection law which may be subject to criminal prosecution (such as fair lending violations) will be shared with state attorney generals and the Department of Justice.
Create an Examination Plan Immediately Upon Notice of an Exam
Appoint and prepare staff that will interface with the CFPB examiners (typically the compliance manager, general counsel, or outside counsel). Be prepared for extensive document and information requests from the CFPB. Determine who will be responsible for coordinating the collection and delivery of requested information and documentation. In addition, establish a strategy for dealing with any requests for privileged documents. Information should be well-organized and appropriately labeled, or otherwise identified. Reallocate personnel to assist with the examination process, including collection and distribution of documents and other required materials, demonstration of systems, and explanations of company policies and procedures. Additionally, prepare the premises. Determine how the examiners will gain access to physical buildings, which office space will be available, who will greet them, etc. The company should also be prepared to discuss issues such as building security and work space access.
Coordinate with CFPB to Schedule an Entrance or "Kick-Off" Meeting with Presentations and Executive Management
First impressions are always important, and this "kick-off" meeting serves as the perfect opportunity to begin the examination in a positive light. Your company's management should comprehensively explain the business model and demonstrate management's knowledge about and commitment to compliance. This first meeting also provides the examiners with the opportunity to explain the process and gives both sides the chance to ask general questions and address any concerns.
Conduct a Mock Exam or Self-Assessment to Self-Identify Any Areas of Weakness and to Remediate Them Before a Regulatory Examination Begins
Review the CFPB's examination manual. Utilizing a risk-based approach, focus on initial testing areas of high risk and then move on to areas of lower risk when feasible to do so. The CFPB has provided institutions with a readiness guide and examination procedures to assist companies in compliance with the new and evolving standards. Based on that guide and those procedures, the key areas to keep in mind are: process, people, controls and independent review.
The agency expects companies to have implemented an effective Compliance Management System in the normal course of their business, and will know right away if it has not. Do not wait until you are notified of an examination to begin preparation. These steps are not meant to be a crash course that can get you ready for a CFPB examination in two weeks, but should be carefully considered and executed through every day operations. These are steps every supervised entity should adopt before it is too late.
Deborah Hoffman is the chief legal officer at Digital Risk.