On October 14, 2011, the Consumer Financial Protection Bureau (CFPB) issued its Supervision and Examination Manual – Version 1.0 (Manual), which provides the first insight into the procedures the CFPB will use in examining the depository institutions and non-depository consumer financial services companies under its jurisdiction. The complete Manual can be found at http://www.consumerfinance.gov/guidance/supervision/manual /.
The Dodd-Frank Wall Street Reform and Consumer Protection Act provides that the CFPB is responsible for enforcing "federal consumer financial law." To that end, the Manual builds upon examination procedures for certain consumer financial laws, including, among others, the Home Mortgage Disclosure Act, Truth in Lending Act, Real Estate Settlement Procedures Act, Fair Credit Reporting Act, Fair Debt Collection Practices Act, and Gramm-Leach-Bliley Act. It also details its examination procedures for detecting unfair, deceptive, or abusive acts or practices and for assessing whether mortgage servicing complies with all applicable consumer laws.
The Manual is structured in three parts. Part I describes the supervision and examination process. Part II details the examination procedures. Part III consists of templates of documents that the CFPB will use in examining the entities under its jurisdiction. Part II, the "Examination Procedures," is probably the most helpful guide for entities that are supervised by the CFPB, as it provides a "road map" of the factors upon which the CFPB will focus in compliance examinations.
Prior to examining large depository institutions and their affiliates, the CFPB will prepare a Risk Assessment that will be the foundation for an institution's (and its affiliates') custom "Supervision Plan." A sample Risk Assessment is provided in Part III of the Manual. As explained in the Manual:
CFPB's Risk Assessment is designed to evaluate on a consistent basis the extent of risk to consumers arising from the activities of a supervised entity or particular lines of business within it and to identify the sources of that risk. "Risk to consumers" for the purpose of the CFPB Risk Assessment is the potential for consumers to suffer economic loss or other legally-cognizable injury (e.g., invasion of privacy) from a violation of Federal consumer financial law. The risk assessment includes factors related particularly to the potential for unfair, deceptive or abusive practices, or discrimination. Two sets of factors interact to result in a finding that the overall risk in a business or entity is low, moderate, or high. The first set of factors relate to the inherent risk in the particular line of business or the entity overall. The second set of factors is the quality of controls that manage and mitigate that risk. The Risk Assessment also includes a judgment, based on current or recent information, about the expected change in the overall risk: decreasing, increasing, or unchanged.
Utilizing the Risk Assessment, the CFPB will prepare a unique Examination Scope Summary that will dictate how the CFPB will review an institution's compliance with consumer financial laws.
The Manual includes many consumer financial law-specific sections that, among other things, provide background about the law, compliance, and specific examination procedures. For example, the Fair Credit Reporting Act section provides information related to obtaining consumer reports, sharing information among affiliates, disclosing information, etc. In addition, some sections include CFPB examination checklists, providing a useful guide for internal review of regulatory compliance.
The Manual makes explicit the CFPB expectation that every regulated entity will have an effective compliance management system adapted to its business strategy and operations. The CFPB will review and test the effectiveness of compliance management systems, focusing on: (i) board and management oversight; (ii) the compliance program; (iii) responses to consumer complaints; and (iv) compliance audits. The CFPB will review each of those elements to assess the overall quality of an entity's compliance management system.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
