In the wake of the global financial crisis of 2007-2009, Congress introduced the Dodd–Frank Wall Street Reform and Consumer Protection Act. This new sweeping legislation was created to improve the regulation of financial markets and established the Consumer Financial Protection Bureau (CFPB), the mission of which is to: “make markets for consumer financial products and services work for Americans — whether they are applying for a mortgage, choosing among credit cards, or using any number of other consumer financial products.” The CFPB is intended to provide a single point of accountability for consumer financial protection, a role previously shared by seven — that’s right, seven! — federal agencies.
The CFPB went live on July 21, 2011. Since that day, the bureau has been steeped in controversy, from its mission to its leadership and governance to its public and highly publicized web-based complaint systems. At the end of March, the CFPB announced that its database of 90,000 searchable complaints was available for public use. The complaints run the gamut of consumer financial products and services, including credit cards, mortgages, student loans, deposit accounts, auto loans, credit reporting and money transfers.
The CFPB is forcing regulated entities to review or rewrite their compliance policies and procedures. Specifically, it is requiring them to understand which of their suppliers (as well as second and third tier sub-contractors) come into direct or indirect contact with consumers. A supplier who may have represented little or no risk from the perspective of another regulatory body, such as the Office of the Comptroller of the Currency, may now represent significant risk in the context of the CFPB. The challenge for regulated entities is how to implement risk management programs that appropriately assess and manage the same suppliers against very different regulatory needs.
Technology, while not the whole solution, must be part of the solution. The complexity of today’s regulatory environment within the financial services sector, as well as the hard and soft costs of managing regulations through an organization, cannot be addressed without appropriate policies and technology to automate and manage those policies intelligently.