This column is part of a series of articles on the new Consumer Financial Protection Bureau and the upcoming wave of regulations affecting the consumer financial industry.
With all of the changes underway in the regulation of the consumer financial services industry, not to mention all of those that are expected and can be predicted, it will be increasingly important in the post-Dodd-Frank era to keep a sharp focus on one key area of compliance: the board and management. Read the Dodd-Frank Act and the regulations it has spawned. Listen to the regulators from the Consumer Financial Protection Bureau and the other stalwart regulators. One of the hallmarks of the new world order will be accountability.
Who will these regulators look to for ultimate accountability? Without question, it will be the board and management. As outlined below, there are certain behaviors and characteristics boards can demonstrate to minimize compliance risk and several reporting techniques to ensure leadership stays informed about top compliance issues.
In its Supervision and Examination Manual, Version 1.0, the Bureau has made it perfectly clear one of the four components of an effective compliance management system is board and management oversight. The other three interrelated components are:
- A compliance program
- Response to consumer complaints
- Compliance audits
While Version 1.0 applies to only the largest financial institutions, it provides insight into the Bureau’s view on accountability in a broader sense, at least for now.
The Bureau looks at some very specific things in terms of oversight. Any consumer financial services enterprise, whether subject to supervision or not, should take note of the factors listed below that the Bureau has determined to be critical when it comes to providing proper oversight by a board or other key leadership and management.
Version 1.0 expressly provides that leadership and management must have:
- Demonstrated clear expectations about compliance, not only within the entity, but also to third-party service providers.
- Adopted clear policy statements regarding consumer compliance.
- Appointed an appropriately qualified and experienced chief compliance officer and provided for other compliance officers with authority and accountability. In smaller or less complex entities where staffing is limited, a full-time compliance officer may not be necessary. However, management should have clear responsibility for compliance management and compliance staff should be assigned to carry out this function in a manner commensurate with the size of the entity and the nature and risks of its activities.
- Established a compliance function to set policies, procedures and standards.
- Allocated resources to the compliance function commensurate with the size and complexity of the entity’s operations and practices, the federal consumer financial laws and regulations to which the entity is subject, and necessary to avoid the potential consumer harm associated with violations of such laws and regulations.
- Addressed consumer compliance issues and associated risks of harm to consumers throughout product development, marketing and account administration, and through the entity’s handling of consumer complaints and inquiries.
- Required audit coverage of compliance matters and reviewed the results of periodic compliance audits.
- Provided for recurring reports of compliance risks, issues and resolution through a committee structure or to the board.
The last factor, reporting, is the lynchpin for success in the entire oversight process. Poor reporting procedures and systems will undermine even the most generous allocation of resources to compliance. Here are three quick and elementary tips to help ensure your board gets the compliance information it needs and, most importantly, reads the reports.
- First, reports addressing compliance-related issues need to be written for the right audience. It is critical that writers understand the predisposition of their readers and give them the appropriate level of detail. If the board understands the underlying regulations, do not waste time belaboring those sorts of details. Conversely, if leadership does not know the regulations, it is incumbent upon the writer to educate them. If having the ability to drill down on data is essential to effectively analyze or understand the communicated conclusion, provide the data. If not, don’t.
- Second, report formats should be tailored to the audience. Does the board prefer hard copies or electronic documents? Does management want charts or narratives? The goal is to have leadership read the compliance reports they are given. The more readable the report, the more likely it is going to get read.
- Finally, get leadership to buy in and support key risk and performance indicators. When setting up a new or modifying an existing reporting system, get the support of the executive team. Provide them with options on how they receive data under the risk and performance indicators. Among many other benefits, it helps set their expectations.
These concepts, basic as they may be, can help compliance, legal, management and the board stay focused and informed as the regulatory environment in the consumer financial services industry grapples with a new consumer-centric regulator determined to hold leadership accountable for compliance failures.