5 Lessons from the CFPB's Supervisory Highlights Report

Brian Lane
Baker Tilly

We reviewed the 7 Supervisory Highlights (SH) reports issued by the CFPB since their inception in 2011 and analyzed the issues raised in the reports and offered some practical action steps.  SH reports generally summarize the non-public actions taken by the CFPB as part of their supervision process.  While the public actions of the CFPB have obviously received a great deal of media and political attention, we think the issues noted in these reports can be of value to ARM companies.   Our observations:

Contrary to many pundits, not everything that the CFPB does gets escalated into a federal case.  By our reading, the CFPB noted 138 individual issues, showing that they are using discretion in escalating issues when conducted on-site inspections of regulated entities.

We feel that the issues fell into 5 primary categories:

Foundational issues totaled approximately 27% of the total issues listed.  By foundational we mean the entity was missing some type of basic process such as:

• The lack of a compliance management system (CMS).  The CFPB has consistently noted that a CMS is a requirement for any regulated entity.
• The lack of a 3^rd party monitoring program.  The CFP and other regulators have called for strong vendor management programs.
• Of particular note for the debt collection industry, many of the foundational issues were related to the lack of an effective dispute or complaint management system.  Through their recent publishing of their consumer complaint log, it is clear that the CFPB expects regulated entities to have an effective process to; (1) centrally log all disputes, (2) track them throughout the resolution process, (3) expeditiously deal with any 3^rd parties involved, (4) have a clear audit trail. 

Practical Action Steps

Most of the foundational issues have a common denominator in that they are really change control processes.  For example, a CMS is the change control process that covers the entire life cycle of a regulation; impact analysis, planning, implementation, monitoring, testing.  Here we can borrow from our information technology brethren.  Most organizations have some type of structured process for system changes.  Sometimes called a system development life cycle (SDLC), the process is a structured means of managing a change from initial request through going live in a production environment.

Clarity concerns comprised 23% of the issues noted.  Almost all of the issues involved the CFPB’s perception of the lack of clarity of communication to consumers.  It is clear the CFPB is establishing a high standard for consumer communications, namely that if a reasonable reader could construe some type of harm to consumers, you may have an issue with your communications.  In addition, as many of these communications are on web sites, the CFPB can, and has, performed “sweeps” looking for potentially harmful consumer communications.

Practical Action Steps

Many regulated entities have a legal review step as part of their communications screening processes.  Perhaps it is time to borrow a process from our friends in the consumer goods industry and use focus groups as part of the compliance screening process for new documents and scripts that touch consumers.  Focus groups are sets of individuals from outside an organization who represent your general client base.  In the consumer goods world, focus groups provide companies with feedback on new or improved products.  For a regulated entity, they could play a role in providing feedback on the clarity and the perceptions on the receiving end of communications.

Timing or milestones issues where a regulated entity did not meet legally mandated deadlines for responding to , or acting on, a consumer priority, comprised 10% of the issues noted.  A significant  lesson is that the federal government now mandates that regulated entities take required actions based on very “hard” dates in the consumer transactions process.  For example, mortgage lenders have “x” number of days to request additional information after a mortgage application has been received.  Not having these dates clear, and being able to respond to them, is an indication of risk for the regulated entity.

Practical Action Steps

Catalogue every milestone date mandated by your regulators, ensure that all employees have a common understanding of the date, and ensure that you have “warning bells” if you are in danger of missing any of the dates.

Support for Adverse Actions – 15 % of the issues noted focused on situations where a regulated entity was found to have insufficient justification for taking an action that could be construed as detrimental to the consumer: declining a loan modification request, referring a debt to a collection agency, etc.

Practical Action Steps

Catalogue the potential detrimental actions that your organization can take against consumers, and establish common threads or paths that need to be taken to (1) gather the required information needed for a decision; (2) establish the right resources to make the decision, (3) document the decision.

Bright Lines or instances where regulated entities made clear mistakes such as errors in updating public records after investigations, or failing to consider public assistance income when considering a loan, were cited 14% of the time.  The remaining 10% of the issues noted were spread across a number of different issues.

Conclusion

The SH reports from the CFPB are a valuable resource for any regulated entity to determine trends and to derive valuable lessons.  Monitoring the CFPB’s website for this report and other similar communications can assist greatly with your compliance efforts.

Thanks to the Baker Tilly Consumer Compliance team of Heather Buss, Dave Fulton, Kristin Jolaoso, Andrew Litwin, and Ryan Tschanz for performing the analysis of the SH reports.

About Baker Tilly

Baker Tilly is 12^th largest accounting & advisory firm in the US, with 2,500 professionals and offices in many major cities.

Services for the ARM Industry:

• CFPB and other Reg Exam Preparation
• SOC 1 & 2 reports
• Financial statement audits/reviews
• Corporate tax preparation and advocacy services

About the Authors

Paul Becht is an audit partner at Baker Tilly in charge of the firm’s Debt Collection Services Group. Mr. Becht has over 15 years of experience in accounting and auditing debt buyers and debt collectors. He has helped clients assess their internal controls and satisfy their compliance requirements. He can be reached at paul.becht@bakertilly.com.

Brian Lane is a Partner at Baker Tilly with decades of experience assisting financial service organizations with internal control, governance, and regulatory compliance issues.  He can be reached at brian.lane@bakertilly.com.

The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. Tax information, if any, contained in this communication was not intended or written to be used by any person for the purpose of avoiding penalties, nor should such information be construed as an opinion upon which any person may rely. The intended recipients of this communication and any attachments are not subject to any limitation on the disclosure of the tax treatment or tax structure of any transaction or matter that is the subject of this communication and any attachments. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. © 2015 Baker Tilly Virchow Krause, LLP