Insights

Who Moved My Cheese? An Amazing Way to Deal with Change in Your Work and in Your Life is the title of a 1998 motivational book written by Spencer Johnson. The book deals with the reaction of the book’s characters, two mice and two miniature humans who live in a maze, to the disappearance of a supply of cheese that they had come to rely on for sustenance. It’s a parable that deals with change and the reaction that people have to change. One of my favorite points in the book occurs when one of the characters writes on the wall, “If You Do Not Change, You Can Become Extinct.”

I thought about cheese, change, and extinction as I pondered a recent release by the Consumer Financial Protection Bureau titled “Supervisory Highlights: Fall 2012.” It is evident from that document that the CFPB is involved in some pretty hefty cheese-moving. If you haven’t read the full report, you should, but I want to share with you a couple of particularly interesting parts.

The report announces that a “critical component of a well-run financial institution is a robust and effective compliance management system (CMS), designed to ensure that the financial institution’s policies and practices are in full compliance with the requirements of Federal consumer financial law.” The CFPB describes a CMS program as including internal controls and oversight, training, internal monitoring, consumer complaint response, independent testing and audit, third-party service provider oversight, recordkeeping, product development and business acquisition, and marketing practices.

It is clear that the CFPB is moving the compliance cheese. If it was ever sufficient for a creditor to simply avoid violating the law, it is clear that “non-violation” will no longer suffice. Now, an institution that is subject to the CFPB’s supervision will have to be able to demonstrate that:

• it has a compliance playbook subject to internal controls;
• its employees, officers, and directors understand the playbook, abide by it, and receive continuing training regarding its contents;
• the playbook is independently tested and audited;
• consumer complaint processes are in place and followed;
• there is third-party service provider oversight;it maintains appropriate recordkeeping; and
• it exercises appropriate consideration during product development, business acquisition, and marketing practices of compliance issues and ramifications.

The Bureau will require each entity it supervises to develop and maintain a sound CMS that is integrated into its overall framework and applied to its entire product and service lifecycle.

The CFPB says that it understands that compliance management will be handled differently by big and complex financial organizations at one end of the spectrum and by small entities with a narrow range of financial products and services at the other end. Whether or not the institution is big and complicated or small and focused does not matter; the CFPB expects compliance management activities to be a priority and to be appropriate for the nature, size, and complexity of the institution’s consumer business and expects the institution to establish an effective CMS to ensure legal compliance.

You’ll see some serious cheese-moving in 2013. Remember, “if you do not change, you can become extinct.”

Thomas B. Hudson is a partner in the Hanover, Maryland office of Hudson Cook, LLP. Tom can be reached at 410-865-5411 or by email at thudson@hudco.com.