The Federal Financial Institutions Examination Council (FFIEC), whose members include the CFPB, is proposing a new uniform interagency consumer compliance rating system to reflect changes in consumer compliance supervision since the current rating system was adopted in 1980. The other FFIEC members are the Fed, FDIC, NCUA, OCC and State Liaison Committee. The FFIEC states that the proposed revisions “were not developed to set new or higher supervisory expectations for financial institutions and their adoption will represent no additional regulatory burden.” Comments on the proposal are due on or before July 5, 2016.
The rating system uses a scale of 1 through 5, with 1 representing the highest rating and lowest degree of supervisory concern and 5 representing the lowest rating and most critically deficient level of performance and thus the highest degree of supervisory concern. In the proposal’s Supplementary Information, the FFIEC observes that when the current system was adopted, examinations focused more on transaction testing for regulatory compliance rather than on an institution’s compliance management system (CMS) to ensure compliance with regulatory requirements and prevent consumer harm. The proposed changes to the rating system “are designed to more fully align” the rating system with the risk-based approach to consumer compliance examinations that the FFIEC agencies have adopted over the intervening years.
The proposed rating system would include three categories of assessment factors: board and management oversight, compliance program, and violations of law and consumer harm. The assessment factors in the three categories would consist of the following:
- To assess an institution’s board and management oversight, examiners would consider: oversight and commitment to the institution’s CMS; effectiveness of the institution’s change management process; comprehension, identification and management of risks arising from the institution’s products, services, and activities; and any corrective action undertaken as consumer compliance issues are identified.
- To assess an institution’s compliance program, examiners would consider: whether the institution’s policies and procedures are appropriate to the risk in the institution’s products, services, and activities; the degree to which compliance training is current and tailored to risk and staff responsibilities; the sufficiency of monitoring, and if applicable, auditing, to encompass compliance risks; and the responsiveness and effectiveness of the consumer complaint resolution process.
- To assess an institution’s violations of law and consumer harm, examiners would consider: the root causes of any violations identified during examinations; the severity of any consumer harm resulting from the violations; the duration of time over which the violations occurred; and the pervasiveness of the violations. The rating system would include incentives for self-identification and prompt correction of violations.
An institution’s overall rating under the proposed system is intended to reflect a comprehensive evaluation of the institution’s performance under the rating system by considering the categories and assessment factors in the context of the institution’s size, complexity, and risk profile. The proposed system would not assign specific numeric ratings to any of the above assessment factors and an institution’s rating would not be based on a numeric average or any other quantitative calculation. As a result, an institution would not have to receive a satisfactory rating in all categories to receive an overall satisfactory rating. Conversely, even if some assessments are rated as satisfactory, an institution can still receive an overall less than satisfactory rating.
On May 25, 2016, from 12:00 PM to 1:00 PM ET, Ballard Spahr attorneys will conduct a webinar on “How to Ace Your CFPB Exam.” A link to register is available here.