In the wake of the global financial crisis of 2007-2009, Congress introduced the Dodd–Frank Wall Street Reform and Consumer Protection Act. This new sweeping legislation was created to improve the regulation of financial markets and established the Consumer Financial Protection Bureau (CFPB), the mission of which is to: “make markets for consumer financial products and services work for Americans — whether they are applying for a mortgage, choosing among credit cards, or using any number of other consumer financial products.” The CFPB is intended to provide a single point of accountability for consumer financial protection, a role previously shared by seven — that’s right, seven! — federal agencies.
The CFPB went live on July 21, 2011. Since that day, the bureau has been steeped in controversy, from its mission to its leadership and governance to its public and highly publicized web-based complaint systems. At the end of March, the CFPB announced that its database of 90,000 searchable complaints was available for public use. The complaints run the gamut of consumer financial products and services, including credit cards, mortgages, student loans, deposit accounts, auto loans, credit reporting and money transfers.
The CFPB maintains that programs, such as the consumer complaint database, provide a level of protection and recourse never before available to the individual consumer. The CFPB points to statistics (i.e., one in five Americans over the age of 65 report being scammed) and assures consumers that the CFPB will “protect all consumers from unscrupulous practices at the hands of financial services providers.”
For companies in the financial services market, the CFPB is yet another layer of regulatory oversight in one of the most highly regulated industries. Banks with more than $10 billion in assets, as well as non-banks that offer consumer financial services products, are now regulated by the CFPB.
According to the Federal Register, the CFPB has published more than 125 regulations or notices, which equates to $1 billion in costs and more than 37 million paperwork hours. In and of itself, the impact of this new regulatory body on affected companies is significant. However, the true implications must be viewed in light of the current regulatory environment.
In a 2012 congressional hearing of the Independent Community Bankers of America, presenters cited 921 documented compliance changes in four years, leading senior executives to spend about 80 percent of work time on compliance-related issues, compared with 20 percent three years ago. Loan originators spend 30-35 percent of their time per file on compliance, compared with 5-10 percent in the past.
The costs of compliance should also be viewed in terms of regulatory penalties and the impact on the customer’s experience. The first several enforcement actions of the CFPB amounted to fines of $101.5 million with an additional $435 million in restitution costs.
The CFPB is forcing regulated entities to review or rewrite their compliance policies and procedures. Specifically, it is requiring them to understand which of their suppliers (as well as second and third tier sub-contractors) come into direct or indirect contact with consumers. A supplier who may have represented little or no risk from the perspective of another regulatory body, such as the Office of the Comptroller of the Currency, may now represent significant risk in the context of the CFPB. The challenge for regulated entities is how to implement risk management programs that appropriately assess and manage the same suppliers against very different regulatory needs.
Technology, while not the whole solution, must be part of the solution. The complexity of today’s regulatory environment within the financial services sector, as well as the hard and soft costs of managing regulations through an organization, cannot be addressed without appropriate policies and technology to automate and manage those policies intelligently.
Software built to address the issue allows an organization to manage regulatory risk management for the same supplier across different regulations, as well as understand which suppliers affect which customer-facing products and services.
For instance, suppliers delivering social media services for the organization’s marketing teams may appear to be low risk in terms of overall spend, but may be high risk from a CFPB perspective as they have access to customer data. Similarly, technology can provide insights into sub-contractor risk, specifically understanding which sub-contractors support which suppliers and, ultimately, which customer-facing products are affected by this chain. Technology is essential to assess supplier risk in holistic way: a single supplier may be delivering multiple services (i.e. the company that staffs your internal IT help desk may also be staffing your customer-facing call center). With technology, individual as well as aggregate risks can be understood, enabling the type of granularity required to assess across a number of risk dimensions, versus assessing supplier risk within a narrow scope.
In the same way that companies are using analytics tools to understand and model portfolio risks, software is available to model “what if” scenarios associated with supplier risk. Technology also creates a way for companies to show a consistent, documented and transparent approach to supplier risk management, which is required by the CFPB. The compliance process can then be clearly demonstrated to stakeholders such as regulators, auditors and boards of directors.
The CFPB intends to take a “zero tolerance” stance with banks and other financial services companies and the stakes for those who do not comply are high. Intelligent technology—implemented appropriately to automate and enforce policies, ensure consistency and objectivity, and remove the probability of human error—considerably reduces an organization’s risk and costs for regulatory compliance.