By: Timothy Stokes, CRCM, Managing Director
Many Chief Compliance Officers have heard, or even said the phrase “If you think compliance is expensive, you should see the cost of non-compliance.” The importance of the role of the CCO cannot be overstated, as the position can have a significant impact on an organization. CCOs are often unsung heroes operating behind the scenes. If you know the name of the CCO of an organization, it can often mean that something negative happened. If the job of the CCO is done properly, they are likely not being featured prominently in headlines and news articles, which is an indicator of success!
A CCO’s role can oftentimes feel like a juggler with a lot of balls in the air. There is interaction with stakeholders from all three lines of defense, business unit executives, Boards of Directors, regulatory agencies, and, at times, customers. A change in administration seems to add another ball requiring us to take a step back, look at what may be changing and what may stay the same, and ensure our efforts and priorities align. A new administration brings a different set of priorities and focus to our industry; however, the difference this time is the speed with which change is occurring. The reality is, with the changes that have occurred (and those that have not yet), there will be another ball or two to incorporate into the CCO’s repertoire. As our industry attempts to adapt, here are some ways to ensure organizations stay focused and understand that the CCO’s role is now more important than ever.
Understand what is changing…and what is not
The Consumer Financial Protection Bureau (CFPB) has changed focus, which makes regulatory risk different, but not absent. Even if priorities shift amongst federal regulators, compliance requirements do not go in or out of fashion based on these changes nor are they dependent upon who is in the White House. It may be difficult to know what to do in this swirl of uncertainty, but a lack of consistent compliance management program will certainly cause problems. The statements and actions of the CFPB has clearly indicated that it is going to refocus its resources on banks once again, rather than non-banks. Furthermore, the CFPB has stated it is going to place more emphasis on identifying consumer harm resulting from fraud and providing redress based on actual damages. Specifically mentioned in the memo are mortgages, data furnishing to credit reporting agencies, debt collection, and controls to protect consumer information. Also of note, the CFPB mentioned increased focus on identifying and remediating harm to servicemembers and pursuing matters of racial discrimination where “maximum penalties will be sought.” Lastly, the CFPB is allowing more matters to be handled by the states, and has committed to less federal involvement where, in its opinion, the states should have more direct involvement. Interestingly, because of the changes in the CFPB’s priorities, we are seeing more states pass laws and regulations to fill any gaps as a result. These priorities mean that we cannot treat compliance as a trend but must stay the course and continue to effectively manage our programs. These programs need to be adaptable and resilient, a necessity highlighted in today’s dynamic environment. Cultivating and maintaining a culture of compliance is vital for the long-term viability and strength of a compliance program, which requires consistent support from all involved parties and appropriate financial backing.
Focus on the fundamentals
A rapidly changing environment necessitates the need for institutions to review their compliance program’s core elements. Now is the time to look at those fundamental parts and assess how they are functioning in this environment when regulatory focus and priorities are changing rapidly (sometimes daily). By understanding what is changing, we can assess critical parts of our program and make necessary enhancements. Policies and procedures should be reviewed and updated as necessary, and Boards should be made aware of these updates. It is likely that your regulatory change management processes are being tested now, so it is a good time to review the effectiveness of the process and whether improvements can be made. Now is also the time to review both your organization’s Risk and Control Self Assessments (RCSAs) and Compliance Risk Assessments to ensure they contemplate the CFPB’s new focus. If we assume an uptick in consumer remediation, financial institutions should also critically review their processes for lookbacks, calculations for damages, and the mechanics of providing redress to consumers (including communication and remediation payment processing). How your institution manages increased oversight by state agencies, and scrutiny from other key players, like consumer advocacy groups and private law firms seeking opportunities to take legal action, should also be reviewed and updated, as necessary. Finally, your organization should assess its fair lending program and how it meets the credit needs of the communities in which it operates. It is clear the CFPB will continue to place emphasis on racial discrimination.
Focus on the value compliance brings
Based on what needs to be done, our roles in compliance are critical. In addition to focusing on the fundamentals, organizations must keep in mind that the regulatory pendulum usually swings back, and taking a lax approach to any regulations now could have consequences in the future. Lookback periods extend well beyond the end of an administration’s term, and what we do now will be part of future regulatory review. Also, while the prudential regulators no longer contemplate reputational risk in examinations, the court of public opinion is always in session. With the proliferation of social media, consumers may become more aware of how refocused regulatory oversight and an institution’s operational changes impact them. Unfortunately, both information and misinformation will be readily available to consumers, which can sow confusion and uncertainty. Our role is critical in collaborating with other stakeholders to shape consumer sentiment about our institutions and effectively communicate with the public. Keep in mind that compliance can also be a competitive advantage. State agencies, consumer advocacy groups, law firms, and consumers themselves are watching everything, regardless of federal regulatory shifts in focus. When other companies are doing it wrong, customers may be drawn more to those that consistently do the right thing and maintain high ethical standards.
Focus on education
While it is true that we are seeing some refocus in federal regulations, mostly with newer rules, and interpretive guidance, we are also seeing states step in to fill the voids these changes are leaving. Additionally, the prudential regulators have something akin to an office of consumer protection that will likely become more active. It may be tempting to think that we are in an environment where regulatory oversight will be dramatically reduced or certain regulations will become completely irrelevant, but this is not the case. These laws are likely to remain in effect because it would take an act of Congress to completely remove them. Management needs to be educated on these concepts, so they are not focused only on the potential (perceived) benefits of what may be mistaken for decreasing federal oversight. They must also remain aware of the actions prudential and state regulators are taking as well as risks for an increase in class action lawsuits. Consider taking the approach of a teacher as well as a compliance partner. Keep all stakeholders informed about what is going on and project an unbiased approach when explaining what is changing as well as what remains consistent.
Conclusion
The need for CCOs to remain engaged is more important than ever. Indeed, we are seeing a few extra balls for us to juggle being tossed at us, and it is our responsibility to not only effectively incorporate them into our act, but also ensure stakeholders are engaged and informed about the changes. Successfully adapting to dynamic regulatory priorities will serve us well now and in the future by ensuring compliance today and tomorrow.