How to Prepare Your Compliance Management System for CFPB Supervision

Are you successfully growing your assets and coming under CFPB supervision? Now is the time to assess your Compliance Management System (CMS) effectiveness and exam readiness. We’ll show you how to adequately prepare your CMS to meet the CFPB’s regulatory compliance expectations.

As a financial institution approaching $10 billion in assets, you should be laser focused on compliance examination readiness. How do you prepare your compliance management system (CMS) for CFPB supervision? Start by understanding the required capabilities of a CMS. Then, figure out where your operational gaps exist. Build a business case to get executive buy-in, and finally, use what you’ve learned about your CMS to ensure its effectiveness.

Required Elements of a Compliance Management System

The regulatory focus after hitting the $10 billion mark is all about how well your financial institution has adapted its CMS to serve its business strategy and operations. Your CMS must:

• Confidently comply with new and existing federal laws and regulations from each reviewing agency
• Respond to increasingly active State Attorneys General and examination teams
• Leverage technology and process improvement for increased efficiency and effectiveness
• Heed the calls of federal regulators and legislators to:
  • Reach the under- and un-banked through prudent small-dollar and short-term lending
  • Provide service to diverse communities
  • Partner with fintechs to accelerate technological advancement in banking

Determine Your Operational Gaps to Prepare the Compliance Management System for Updates

Can your CMS do all of the above? Dissect your current operational environment to confidently know where you may be falling short. How many of these statements are true for you:

• You have a culture of compliance and ownership of compliance is viewed as everyone’s job.
• Key departments (e.g. IT, Finance, Risk, Operations) act in close coordination to ensure smooth operations in times of economic stress.
• Regular monitoring and testing of policies and procedures reflect they are comprehensive, current and demonstrate a strong adherence by staff.
• Internal risk assessments serve as a health check to proactively identify inherent risks, controls and residual risks to support your CMS.
• You see clear evidence of consistent refinement of preventive and detective methods that both identify control opportunities for compliance with federal laws and risk reduction of consumer harm.
• You manage vendor activities as rigorously as internal activities to mitigate risk exposure and drive necessary accountability.
• Your reporting suite is robust and provides the traceability required for exams.

Putting Together a Business Case to be Compliance Exam-ready is Time Well-spent!

CMS effectiveness and exam readiness helps you:

1. Ensure awareness into the consistency across your entities and LOBs
2. Abide by the heightened standards and expectations that come with CFPB oversight
3. Respond to increasingly aggressive State Attorneys General and examination teams, rapidly becoming “mini-CFPBs”
4. Confidently comply with federal regulations
5. Mitigate other critical risks such as those presented by the increased use of third parties

Find the time to worry about exam readiness because:

1. Exam preparation and execution are time consuming, so investing time up front with the organization can pay huge dividends
2. Findings are a distraction and drain on resources to effectively manage your business
3. Preparation, findings and fines detract from critical merger activities:
   • Business integration and optimization
   • Cost and other resource reduction
   • Revenue and portfolio growth

A successful CMS has two interdependent control components:

1. A board of directors and senior management oversight process; and
2. A compliance program with three lines of defense (LOD).

How to Gauge your Compliance Management Systems’ Effectiveness

The CMS should ensure awareness of compliance efforts and responsibilities for the financial institution; provide formal documentation to set expectations; and use a robust testing environment to monitor adherence and support remediation.

Conduct a Risk Assessment to understand how much more needs to be done to your compliance management program at the $10B milestone

• Do you have a clear line of sight into how products, services and associated processes are integrated into the overall framework of the product lifecycle?
• Have you identified applicable rules and regulations?
• Have you assessed associated risks and internal controls?

Use Ongoing Prevention to maintain readiness

• Do your policies and procedures address compliance requirements and business practices to fulfill them?
• Do you have an employee training program in place to ensure that everyone understands what’s expected?

Leverage Detection and Corrective Action to mitigate risks

• Do you have testing, monitoring and reporting in place to ensure that what’s expected is actually being done?
• When exceptions are identified, are they communicated, analyzed and remediated to the root cause efficiently?
• Do you have regulatory and business change management disciplines in place?

Use Governance as the barometer for sustainable compliance

• Is the risk culture genuine? What evidence can you reference to support a “yes” answer?
• Have you defined formal roles, responsibilities and accountability? (Within CMS, do you have clear 3 lines of defense?)
• Are you maintaining open and constant communication across the lines of defense to address issues, risks and drive collaborative change to improve?

Be Confident in Your CMS as you Reach $10 Billion

Our experienced team can quickly and efficiently assess your CMS to give you confidence in your readiness as you approach the $10 billion milestone.

We work with financial institutions just like yours that are on a trajectory to (or have recently) come under CFPB supervision. We help these financial institutions assess their CFPB exam readiness and the strength of their current Compliance Management Systems. Our assessments result in a prioritized list of high-value enhancements along with a risk-based implementation plan.

Contact us today to discuss how we can help shore up your CMS.