Managing compliance is a challenge--always has been and always will be. But now, with a new regulatory player in the game, things are even more challenging. It isn't enough for banks to juggle multiple bank regulators. Now they have to toss CFPB into the mix.
The change isn't limited to the large banks that will be examined for compliance by the CFPB. Smaller banks will be affected by the very presence of CFPB and its role in consumer protection.
Statutory changes mark key change
One significant shift is the movement of responsibility for regulations from the Federal Reserve to the new Consumer Financial Protection Bureau.
At the Fed, the rules were written by staff who worked side by side with staff responsible for operations and for safety and soundness. Every consumer protection rule proposed was considered in the context of the industry and how it functioned.
While banks protest about the burden of consumer protection regulations, there were many instances when the Federal Reserve concluded, after analysis of comments, that a proposed protection would be too expensive to carry out or would have problematic effects on other functions.
At CFPB, the team and the considerations are different.
Consumer protection rules are written with the primary goal of protecting consumers. The focus is on stopping or correcting both known and imagined harm.
This means that, for those creating and revising regulations, the starting point is consumer protection.
How and whether a requirement will work is secondary.
If you want support for this point, just look at the recent revisions to Regulation E regarding remittances. There are lots of built-in consumer protections, but not a lot of analysis given to how a financial institution will be able to determine fees and taxes charged at the receiving end.
Functioning in the new world
The CFPB approach means several things for banks.
• First, bank size doesn't matter.
Banks of all sizes will be affected by CFPB's new regulations, even when the CFPB does not conduct their compliance exam. The CFPB issues the consumer financial protection regulations with the emphasis on their mission: consumer protection. The rules are the same for banks of all sizes.
• Second, commenting on CFPB proposals is vital.
It is the only way to be heard because there are not people in the bureau who have responsibilities for anything other than consumer protections. Having access to examiners to discuss regulation ideas brings a safety and soundness and business function perspective to rulemaking.
Without that, business issues must be raised by comments from the regulated industry.
Now, regarding what you say ...
Comments should avoid the "what on earth were you thinking" approach.
Instead they should focus on how something will be done and why complying is difficult --or impossible. Information is the most effective way of influencing a regulator.
If banks don't participate in the comment process, those writing regulations are freed up from addressing mundane issues such as how computers work--or don't work.
• Finally, to ensure compliance--and to prevent more regulations--make customer service, including the best interests of consumers, a priority in the bank's culture.
Attention to the bottom line is critical--it's all about staying in business--but to emphasize the bottom line while ignoring the interests of consumers is to court disaster--and more compliance regulations.
Competitive exams: Being the toughest cop
It doesn't stop with regulations. Banks are feeling the difference in the examination process. The prudential regulators are still smarting under the allegations that they weren't doing enough to examine for compliance and enforce consumer protection regulations.
When criticized for weakness, it is only natural to want to show how tough you really are. Kids do it on the playground. Grownups do it in meeting rooms.
Right now, the prudential agencies are busy proving they can do and were doing the job, while the CFPB folks are trying to prove the reverse.
Both sides make their point by finding problems and taking enforcement action in situations that were handled before with warnings or advice.
Managing compliance effectively and successfully is now more important than ever.
Here again, size doesn't matter.
Prudential regulators are getting tougher on everyone.
Besides, the only enforcement activity that will be credited to the prudential regulators involves smaller banks. When a big bank is involved, all credit for helping consumers goes to the CFPB.
We have seen this happen in the recent UDAP cases, most of which were actually uncovered by the prudential agencies who gracefully stepped aside and allowed the CFPB to tout its accomplishments.
Coordination and influence: Not the old reality
The prudential regulators have long been members of the Federal Financial Institutions Examination Council and are used to the process of coordinating with each other. In fact, they had a system for coordinating issues long before the Exam Council was created.
While not perfect, this coordination works relatively well.
It works relatively well because these agencies work relatively well together.
They share common purposes and responsibilities.
Officially, CFPB participates in the FFIEC.
In reality, the agency has a relatively narrow focus--consumer financial protection--compared to the much broader supervisory mandate of the Exam Council.
Many activities of the Council, such as examination procedures and training for safety and soundness issues, are simply not relevant to the Bureau. But when consumer issues are involved, CFPB can make the argument that it should be the lead agency, jumping from a non-participant status to directing the conversation.
The result, so far, is a not-very-effective system of coordination.
Under the current regime, if the CFPB takes a different stand on an issue than a prudential regulator, guess who wins?
What this means is that all banks, not only the large banks officially regulated by CFPB, must follow developments at CFPB closely and take note of emerging issues.
When it comes to compliance, there is now not one regulator but one more regulator.
- Dancing With the SARs
- Global Political Corruption and Kleptocrats: How can we protect our U.S. financial institutions?
- Fintech and Brexit: The Future Impact on Ecommerce
- IBM, Thomson Reuters Team Up to Provide Regtech Solution
- Banking Compliance Index Remains Steady in Q1 but Individual Executives Face Responsibility