With the recess appointment of the director of the Consumer Financial Protection Bureau, the agency is becoming even more active and issues are coming into focus. Financial institutions subject to its jurisdiction should pay attention to its Supervision and Examination Manual published in late 2011.
Having started my career in consumer protection at the Office of the Comptroller of the Currency when many of the current consumer protection regulations were promulgated, it is clear to me that the focus of this agency will differ from that which most financial institutions are accustomed to. One need look no further than the fact that the agency was given not only administrative enforcement authority, but also, in stark contrast to the federal banking agencies, the right to bring civil litigation in court, to understand the focus that the agency brings to consumer protection.
The cost to companies can be very significant when they run afoul of consumer protection laws. Yes, there is the cost of defending multi-party and multi-jurisdiction enforcement actions brought by federal and state regulators, as well as the potential payment of settlements, judgments and legal and consulting fees. Financial institutions involved in the current confrontations over robo-signing and related mortgage servicing issues need look no further than those situations when evaluating the hard costs.
But soft costs may be just as significant for companies that rely on the trust and confidence of consumers. The threat of a wide ranging action by the government against an institution for unfair and deceptive acts or practices, or discrimination in its lending policies or practices has proven to be one of the most potent weapons that the government can wield. Indeed, just about every modern-day fair lending prosecution has been settled, rather than challenged in court.
The very first section of the very first topic in the manual goes right to the heart of the matter: the compliance obligations and potential liabilities of the board of directors. "The board of directors is ultimately responsible for developing and administering a compliance management system that ensures compliance with Federal consumer financial laws and regulations and addresses and prevents associated risks of harm to consumers." (emphasis added) Most boards do not consider themselves insurers, nor do the common law principles that define the fiduciary obligations of directors require such a standard.
The manual points out that the effectiveness of any compliance program is grounded in the actions of the board. It effectively requires, by providing what examiners review in board and committee minutes, several important features to be made a part of a compliance program by the board of directors: clear expectations, policy statements and procedures about implementation, training and monitoring; a qualified chief compliance officer with independent access to the board; the allocation of resources commensurate with the size of the institution; and audit coverage and recurring compliance reports.
Much like the documentation that supports the safety and soundness of a lending decision, institutions should be prepared to produce documentation to CFPB examiners that compliance is consistent with board-approved policies, addresses the requirements of applicable federal consumer protection laws, and are maintained and retained an appropriate period of time. Compliance responsibility and documentation requirements should also be carefully maintained with regard to the use of third-party service providers that may not share the same view with regard to compliance as the institution or the CFPB.
A well functioning compliance program must have top to bottom training throughout the organization. Training must include the board of directors, management and the employees. And once again, documentation of that training will be required to be maintained so it can be monitored and audited.
Monitoring and testing of compliance should be regular and effective enough to expose deficiencies, escalate problems to appropriate management or the board of directors, and facilitate timely corrective action. CFPB examiners will be required to determine whether the CCO's role in compliance monitoring is adequate, evaluate whether the organization has adequate control over third-party providers that have contact with consumers, consider the adequacy and frequency of testing schedules and review all compliance monitoring, testing and corrective action reports.
Also fundamental to the CFPB's examination will be the company's responsiveness to consumer complaints, including the number and cataloguing of them, the institution's track record as seen from the perspective of its prudential regulator, and the practices of consumer response centers, whether controlled or third-party provided.
Finally, the manual indicates that the institution's audit function should review compliance with Federal consumer financial laws and adherence to internal policies and practices. In that regard, the audit function must be independent of both the compliance program and business function, which includes customer sales and service. The audit program should also report to the board of directors.
The bulk of the manual details how examiners will evaluate an institution from the vantage point of nine separate federal consumer financial laws: unfair, deceptive or abusive acts; equal credit and opportunity; truth in lending; RESPA; consumer leasing; fair credit reporting; electronic funds transfer; truth in savings; and privacy.
The CFPB brings a single-minded approach to consumer protection. Notwithstanding the serious mindset that the federal bank regulators had with regard to consumer protection, it is likely that the increased resources and spotlight on this topic will result in greater scrutiny and more frequent enforcement actions either by the CFPB alone, or in conjunction with other federal as well as state regulators and attorneys general.
The elixir for those ills is the development at the outset of a strong working relationship with the agency, an effective compliance program and clear documentation of programs, policies and procedures.
Thomas P. Vartanian is a partner resident in the Washington, D.C. office of the international law firm, Dechert LLP. He is the head of the firm's financial institutions transactions practice and the former general counsel and senior trial counsel of two federal banking agencies.