When it comes to the Consumer Financial Protection Bureau's
("CFPB" or the "Bureau") compliance
expectations, it is important to separate myth from fact.
These days, the CFPB is moving full-steam ahead on examining
non-banks and banks, dozens at a time, and is not leaving any stone
unturned for potential unfair, deceptive or abusive acts or
practices in violation of the Consumer Financial Protection Act or
other consumer financial laws that fall under its
scope.
Myth #1: Only large financial institutions
are subject to CFPB supervision and examination.
No provider of consumer financial products and services, or their
service providers, should assume they are beyond the reach of the
CFPB. The CFPB can examine any entity, regardless of size,
based on regulatory authority to supervise "risky"
financial products and services that it believes are causing harm
to consumers. This authority is in addition to the CFPB's
ability to supervise larger market participants in the debt
collection, credit reporting, and student loan servicing markets,
as well non-bank businesses in the private student loan, mortgage,
and small dollar loan markets. (The CFPB also supervises
banks with over $10 billion in assets).
Myth #2: An audit program is sufficient to
catch non-compliance.
The CFPB expects a proactive approach to compliance. This
means not only having a detailed audit program, but also a system
for proactively preventing and detecting potential non-compliance
with the law before a consumer harm occurs.
The CFPB examines: Board of Director and management
oversight; compliance programs; consumer complaint responses; and
compliance audits. In addition, the CFPB reviews such areas
as operations, marketing and lead generation, third party
relationships, internal controls, consumer interaction, information
sharing and privacy, and payment processing.
Myth #3: The CFPB only cares about policies
and procedures.
Wrong. The CFPB expects written policies and procedures that
institutions will design and offer consumer financial products in
accordance with federal consumer financial laws and maintain
effective systems and controls to manage compliance
responsibilities. This means the CFPB will focus both on
policies and procedures and actual acts and practices, including
consumer level transactions. The CFPB has released a
comprehensive Supervision and Examination Manual, and several
additional guidance documents and bulletins that shed light on all
of the different ways their examiners oversee companies.
Myth #4: Companies are not responsible for
the actions of their service providers.
As the CFPB stated in its Bulletin 2012-03, the CFPB expects
non-banks and banks to "oversee their business relationships
with their service providers in a manner that ensures compliance
with Federal consumer financial law." The CFPB considers
a "service provider" to be "any person that provides
a material service to a covered person in connection with the
offering or provision by such covered person of a consumer
financial product or service." For more information
about the CFPB expectations for effective vendor management, see
"
CFPB Warns of Service Provider Scrutiny."
Myth #5: The CFPB will give companies that
are supervised and licensed by other regulators a pass.
Wrong. All of the CFPB administrative proceedings brought
about by the CFPB to date have been against entities that were
already regulated on the Federal or state level prior to the
creation the Bureau. For example, the CFPB has entered into
consent orders with several banks regulated by the OCC, and
mortgage related providers regulated by states. In addition,
the CFPB has brought lawsuits against licensed attorneys, debt
relief providers, mortgage assistance relief service providers, and
others. The Bureau also has stated it is in the process of
investigating companies and service providers in virtually all
consumer product and service markets.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.