Regulatory compliance management of consumer laws involves implementing policies and procedures designed to ensure the financial institution understands and follows the laws in a manner that avoids, among other things, fines, lawsuits, and reputational issues. The Dodd-Frank Wall Street Reform and Consumer Protection Act established the Consumer Financial Protection Bureau (CFPB) that centralizes the monitoring and enforcement of consumer protection laws.
The CFPB issues regulations that institutions use to implement the laws that Congress passes. The risk institutions face is that these regulations will not be followed as intended. The implications that could result include specific administrative actions by the institution’s primary regulator, including fines, lawsuits, and various other types of risk. Therefore, it is essential to have a strong Consumer Compliance Management Program, usually called a Compliance Management Program (CMP) or Compliance Management System (CMS). The primary purpose of the CMS architecture is to oversee the institution’s compliance with applicable laws and regulations.
The tool we pioneered, the CMS Tune-up, is a mini-audit that provides a comprehensive review that highlights a financial institution’s regulatory strengths and weaknesses with respect to its CMS mandate. It is cost-effective and is completed in sixty days. The report and risk rating are results that help facilitate decisions throughout the company’s compliance infrastructure. If you’ve encountered substantive issues of Change Management, you should contact us to do a follow-on CMS Tune-up.
If you or anyone else wishes more information about the CMS Tune-up, contact us HERE.
Risk assessments of your company’s Compliance Management System are important to conduct periodically to evaluate the adequacy of your institution’s CMS efforts to protect the institution from the failure associated with compliance defects and risks. I will provide certain categories that you should include in your risk assessment protocol. Given the enormity of risk assessment development, my comments here can only be brief, cursory, and suggestive.