Big Picture
Financial institutions are required by their regulators to have a Compliance Management System (CMS) that effectively manages consumer compliance related risks. An integral part of a CMS is the complaints management program, which defines how an institution identifies, investigates, and dispositions complaints received from consumers, consumer watchdog agencies, regulatory bodies, and other sources. Robust complaint management not only increases consumer awareness and satisfaction, but also informs institutions about the operational effectiveness of other CMS pillars and the organization as a whole.
Client Scenario
An OCC-regulated bank undertook major changes to its complaint management program, including creating new governance documentation and processes to support implementation of the policy. To best understand existing risks and controls, the Bank endeavored to perform a risk assessment of the new complaints program. Additionally, the bank sought testing of complaints received and dispositioned under the new program to identify the efficacy of the new processes put into place.
Asurity Solutions
Asurity Advisors was engaged by the bank to perform the risk assessment and testing. Asurity Advisors leveraged domain expertise in operationalizing and executing risk assessments to evaluate inherent risk, mitigating controls, and residual risk. Specifically, Asurity Advisors developed unique inherent risk indicators based upon the bank’s size and risk profile and evaluated the complaints landscape both at the institution and in the market to determine the appropriate inherent risk rating. Asurity Advisors then performed a deep dive into the bank’s new processes to assess the control design, operating effectiveness, and sustainability. Using these factors, residual risk was calculated.
With respect to testing, Asurity Advisors performed judgmental sampling of complaints received during the scope period. Each complaint was tested for complaint classification, compliance with client’s complaint policies, processes, and procedures, and applicable federal regulatory requirements relative to consumer complaints. This testing provided the bank’s compliance department with actionable results that helped to refine the new processes further and ensure that the program met all objectives.