Stephanie Eidelman

Stephanie Eidelman

At a recent industry conference, I sat in on a really straightforward and well-organized presentation covering the main components of a solid Compliance Management System (CMS) by Chip Hellman of Ontario Systems. He explained that every CMS must incorporate the following:

  1. Oversight
  2. Compliance Program
  3. Customer Complaint Response
  4. Compliance Audits

Oversight

It’s not sufficient to hire or designate a compliance person, expect that they will take care of compliance, and Board members need not be involved. I’ve heard again and again that CFPB examiners want to see evidence of compliance oversight from the top. Your oversight program must include the ability to demonstrate that the Board and senior management are engaged, that there is a compliance committee, that all staff members are involved on a regular basis, and that there is a process to continually revise the compliance program.

Compliance Program

Your program starts – but doesn’t end – with written policies and procedures. It includes:

  • a critical document repository
  • a method of regular review and incorporation of consumer financial laws and regulatory requirements
  • a compensation plan that incorporates compliance
  • a vendor and service provider oversight program
  • consistency of process throughout all of your branches and business units
  • an ongoing training and testing program
  • an effective process of monitoring and corrective action

Customer Complaint Response

You need to be able to demonstrate that your complaint response program is comprehensive and connected to the business, not just a stand-alone function with complaints on a spreadsheet.  The program should cover the CFPB complaint portal – as well as other sources of complaints such as your own website, the Better Business Bureau, and state regulators. All relevant staff must understand your policy and procedure on both verbal and written complaints. You must be able to demonstrate timely response. And you should be able to produce evidence that you aggregate data, analyze patterns, and make proactive adjustments to business practices as needed.

Compliance Audits

It’s no longer enough to have all of the above in place. You have to test yourself on a regular basis. This includes:

  • Ongoing internal assessments
  • Annual external audits
  • Call auditing tools and scorecards
  • Audit results that get reported to the Board and management

In short, regulators – and therefore clients – are looking for a full and closed loop compliance system. Policies and procedures aren’t good enough. You must demonstrate engagement at all levels and through all departments of the company.

Overwhelmed? If you are a compliance officer and looking for a way to connect and share best practices with your peers on a regular basis, you may wish to consider joining an insideARM compliance Peer Group.


Next Article: What's Working in Account Receivables Webinar

Advertisement