Sometimes things change in Washington, D.C., and sometimes they don’t. For all the recent talk about gridlock and nothing getting done in the nation’s capital, there are some extremely broad-reaching changes in the works for any business that offers a financial product or service to a consumer.
If you’ve been doing a ‘Rip Van Winkle’ for the past few years, and you just woke up, you’ll find that the regulatory scenery has been drastically altered. Dominating the scene is the Consumer Financial Protection Bureau, a creation of the Dodd-Frank Act.
The CFPB, created in 2010, actually came into being in July of 2011. The young agency is beginning to make some waves. As it does, we’re beginning to see how this new sheriff thinks.
I’ve been slow to recognize one of the biggest changes from the previous federal regulatory regime. It has only dawned on me in the last few weeks (as I have spoken to several industry groups about how they need to prepare themselves for a visit from the new sheriff) that it is no longer enough for a creditor or lessor to say, “I have not violated the law.” For the last several decades, a creditor or lessor that had not violated the law had little to worry about from federal or state regulators.
Those days are over. Gone like yesterday.
Now, a creditor or lessor must be able to demonstrate that it is not violating the law – but that will be just the first step in satisfying the new Bureau. The Bureau’s response to your “I’m not violating the law” statement will be something like, “That’s interesting, but show us how you go about making sure that you don’t violate the law.”
It’s a bit like being stopped by a traffic cop when you were not speeding and receiving a ticket for not having a recent eye examination or not reading the car’s owner’s manual.
The Bureau’s early examination efforts have created a phrase that we didn’t have before. The Bureau expects to see a “Compliance Management System” in place. That CMS, as we’ll call it, will be your evidence that your company is taking active steps to identify all the laws and regulations that apply to it and is conforming its operations to comply with them. The Bureau is also very keen on evaluating the risk of harm that creditors and lessors pose to consumers. The Bureau sees a well-done and well-run CMS as a means of reducing the risk of harm to consumers.
A CMS will have several key elements. First, a CMS will be the subject of board and senior management oversight. This isn’t one of those pesky chores you can push down the chain of command in hopes that you don’t hear about it again.
The CMS will revolve around a written compliance program that will cover the financial products that you offer from product design through the final contact with the customer. The CMS will incorporate a robust complaint resolution program designed to identify problem areas and satisfy consumer complaints. The company will be expected to have auditable compliance processes and procedures to reduce or eliminate harm to consumers and to frequently conduct compliance audits to determine if those processes and procedures are working as designed. The CMS will also incorporate risk management measures to identify and reduce or eliminate the risk of compliance violations.
A year ago, I don’t think I had ever heard the term “compliance management system.” Now I’m telling clients who are or may soon be subject to the CFPB’s supervisory authority that they need to have a CMS in place sooner rather than later. And I’m telling clients who aren’t subject to the Bureau’s supervisory authority that a CMS is now an industry “best practice.”
The country voted for “change.” Looks like we got some.
Thomas B. Hudson is a partner in the Hanover, MD office of Hudson Cook, LLP. Tom can be reached at 410-865-5411 or by email at thudson@hudco.com.
Copyright © 2024 CounselorLibrary.com, LLC. All rights reserved.