For more than a year now, ARM industry participants have been reading about initiatives by the Consumer Financial Protection Bureau to further regulate various aspects of the financial services industry. One of these initiatives was to create a new tool — an online complaint system — to gather consumer complaints arising from issues around mortgage lending, credit cards, bank accounts and service, consumer loan, student loans, and eventually debt collection.
I have often wondered how effective this type of online system was for consumers who had initiated a complaint. And once a complaint has been issued, just how responsive are the agency and the companies involved as the result of a consumer utilizing this system?
In June, I had the unfortunate opportunity to put the CFPB’s new complaint system to the test. As a result of fraudulent transactions on one of my business debit cards, I went into my local branch to have a temporary card reissued on my account. Upon the completion of this transaction, the customer service rep asked me if I would like to add a credit card to my business account. I politely declined, gave a detailed reason as to why and thanked her for her help in replacing my debit card.
The next day, I received an email alert from my credit monitoring service notifying me that a new credit card account had been opened in my name. Not only had this account been opened without my consent, but it was also opened while an active fraud alert, with my phone number listed, was also present on all three credit bureaus. No application was created on my part. I had declined the offer to open a card at the branch, and the account was opened anyway, without verification by me as required by the 90 day fraud alert present on all three credit reporting bureaus.
After numerous unsuccessful attempts to remove the account and hard inquiries from my credit reports by contacting the issuing bank, as well as the three bureaus, I decided to see just how effective the new CFPB complaint system was in a real world scenario. Honestly, I expected a cumbersome, timely and inefficient process of registering, explaining what happened and documenting the situation, but in reality my experience was unlike any other government run website I have had the displeasure of interacting with in the past.
The complaint section is prominently displayed on the front page of www.ConsumerFinance.gov and in the main navigation website and intuitively designed to make it easy for any consumer to enroll and provide the details of their complaint. Even more surprising was the regular automated notifications, personal follow up, chain of documentation and ongoing communication I received as a result of using the online complaint system. I received automated alerts from the CFPB complaint system anytime new information or responses were added to my complaint by the bank or the CFPB. Furthermore, I received regular telephone communications from a consumer advocate in the office of the President and CEO of the bank informing me as to the actions being taken and the status of my complaint. I was also provided a PDF letter from the bank outlining the details of my complaint, the actions taken to resolve my complaint and the documentation that all accounts and hard inquiries had been removed from all three credit bureaus.
After weeks of runaround, lame excuses, and broken promises from first line customer service reps at my bank, and a flat out denial from all three credit bureaus to address the hard inquiries placed on my credit files, the CFPB complaint system achieved the desired result in a timely and surprisingly efficient manner with little effort on my part.
So what are the lessons here for ARM industry participants?
First and foremost, you will be held accountable for the actions of your employees. In my case, a rogue employee slammed me into a credit card account even after I declined after being asked if I wanted one. Brazen to say the least. Make sure you know what your employees are doing on your network, how and with whom they share information and data, what sites your network provides access to and what types of oversight and control you have implemented in your security, compliance and training programs.
In reference to Lesson #1, develop and implement an effective training and management oversight program. Just saying you have a training program in place is not enough. Make sure your employees understand the organization’s policies and procedures and are strictly adhering to them. It is one thing to make sure your employees understand what is required of them in their position; it is another thing to make sure upper management has put in place the required oversight checks and balances to ensure employees are adhering to policies and procedures defined by management and the regulators.
Conduct regular internal audits of personnel and management to ensure compliance. Conducting routine internal audits for personnel and management processes and oversight ensures consistent adoption and implementation of policies and procedures across the organization.
Conduct an annual independent third party audit. In the current environment of regulatory compliance, utilizing the services of an independent third party provider to audit the organization provides the much needed independent review of the overall adherence to compliance required by regulators. Depending on the business operations, consider a SSAE 16 SOC1 or SOC2 audit and for service providers a similar audit or PCI-DSS certification where appropriate.
Audit to the standards outlined by the CFPB. Even if your organization will not likely fall under the minimum revenue requirements for the CFPB’s Supervision and Examination requirements, utilize the Bureau’s procedures outlined in the Supervision and Examination Manual as a benchmark for developing your own standards and compliance practices. This will ensure you comply with the new standard of care required by regulators.
Develop an internal system for acquiring and addressing complaints. One pillar of the CFPB’s audit and supervision process is the requirement of developing an effective system to gather and respond to consumer complaints. Take the time to develop and implement this system so that your system is the first approach the consumer takes to resolve their complaint. Failure to provide this channel to disgruntled consumers, or the inability to demonstrate that you have this type of system in place, will likely land you in hot water with a regulator eventually.
Address complaints quickly and thoroughly. Be responsive and diligent when receiving any consumer complaint. The one you don’t respond to in a timely manner or the complaint that goes unresolved may likely be the one that is escalated to the regulators through their online complaint system.
ARM industry participants today face these and many more challenges to operate in a professional, responsible and compliant manner. Who among us doesn’t cringe when we read a story on the pages of insideARM or a national media publication about another rogue collector or agency blatantly operating in defiance of the law? We all have the responsibility to do what is required of us to ensure these types of stories don’t continue to define our industry as they have in the past.
Jeff Dickey is the EVP of Marketing and Sales for Persolvo Data Systems in Irvine, CA. Persolvo is the largest aggregator of debt settlement account information of consumers enrolled in debt settlement programs. Persolvo’s web-based collection system, CONCERTO 3.0, allows creditors, collectors and debt buyers to locate, analyze and settle debts with hundreds of debt settlement companies in a secure, compliant manner.