Community Bank CEOs now joined at the hip with their Compliance Officers? Yep, and it happened on November 16, 2013.
That’s the day the Fed published its new consumer compliance “Risk-Focused Examination Program.” That would be RFEP to you. The ties became even snugger with arrival of the Q2 2014 issue of the Fed’s Consumer Compliance Outlook, with the lead article Risk-Focused Consumer Compliance Supervision Program for Community Banks.
What’s the first thing a smart CEO will do?
The net effect of this is smart CEOs (and Boards) are making sure Compliance Officers know what’s up with the bank, in advance. Far in advance. Far enough to know how to mitigate inherent risks of new products and services. Far enough to review the customer disclosures and fees, plus the vendor due diligence of any third parties involved. But that’s only the first phase of getting compliance people in the know.
This new “supervision program” involves a lot less transaction testing. Provided it lives like it reads, the bank’s exam starts weeks before the exam team goes boots on the ground. The examiner checklist is more detailed. The examiners will now develop a risk profile of the bank before they show up. When they do arrive, they’re going to be looking hard at your products and services, looking to verify how much risk your bank is taking on and how well you are “mitigating” it. Below is how the Fed describes this risk profile:
Specifically, examiners will develop an institution profile and a comprehensive risk assessment for the products, services, and activities that are material to the bank and evaluate the controls in place to manage those risks before an on-site examination is conducted…. This means that examiners will focus on areas where residual risk is elevated and not on areas where inherent risk is well controlled and residual risk is limited or low.
But the examiner’s risk profile isn’t all about the traditional regulatory compliance and the transaction testing that goes with it. Now, a significant part of the examiner’s focus has to do with potential or actual harm to the consumer. If that sounds like Fair Lending and UDAAP, you would be correct. According the Fed’s publication:
Because of the potential for significant consumer harm and the impact on legal, financial, and reputational risks, fair lending and unfair and deceptive practices will always be addressed in the risk assessment process.
What’s the second thing a smart CEO will do?
A smart CEO has a second reason to get cozy with the Compliance People: he is not going to be caught by the Feds with his Fair Lending/UDAAP pants down. He’s going charge the Compliance Officer with finding out, in advance, what the bank’s existing Risk Profile might be and where it’s deficient, he’s going to make sure it gets fixed. He’s going to require the Compliance Officer to go through every disclosure, agreement and fee it charges customers, on both sides of the ledger, and make sure those charges are
- within the limits of regulation, and on top of that, that
- those fees are not “unfair, deceptive and abusive,”
- nor do they have the effect of discrimination,
- nor do they case actual, or potential, harm to the consumer.
The third thing a smart CEO will do is to make sure
- the compliance person has the resources and management-backing to go do a thorough risk profile, and
- the Compliance Officer provides frequent feedback and measurable progress.
Does this sound a lot like a Risk Assessment to you?
It does to me. Except that the Fair Lending and UDAAP Risk Assessments are no longer separate exercises. They are now inextricably baked into the Consumer Compliance examination. They are the new pain points. (Probably this is the result of the unseemly political paranoia that gave birth to Dodd-Frank and thereby to the CFPB.) The silver lining here is that banks understand how to do Risk Assessments. The BSA people have been doing them for many years. So, it won’t be like starting over. Also, there are a number of companies, including mine, who do Fair Lending and UDAAP reviews that generate practical and plain-English action plans to mitigate potential compliance deficiencies.
Need help preparing a Risk Profile (Risk Assessment)?
It’s a close as your phone.
Our goal, like yours, is to get maximum compliance for the minimum dollars. We are experienced compliance management professionals. We provide as much or as little assistance as you need. Remember, sometimes the work gets done faster, and less expensively, if you have a professional playing on your team. Ready to talk about how this can work for you?
Call me, 828-230-5802
(Want to know how we work?)