Many of today’s financial companies and professionals feel that they are drowning in a sea of new government regulations and policies. They struggle to keep their heads above water as the floodgates open with additional waves of new regulations.
As business requirements have changed, these financial companies have adopted a number of complex technologies and systems – hardware, middleware and software – to be able to efficiently and effectively service their customers. Today’s regulatory environment is compounding that complexity and now all the flaws in a company’s business process architecture are being revealed. Moreover, different agencies and state laws are dictating different (and sometimes conflicting) guidelines.
In January, the Consumer Financial Protection Bureau (CFPB) mandated that dual tracking of delinquent borrowers in loss mitigation and foreclosure is prohibited (even though Fannie and Freddie Mae require it). Companies with strong regulatory intake governance likely recognized this right away. These are the companies that are most likely to prevent complexity in the form of statutory or regulatory mandates from entering their process unnecessarily.
The takeaway here is that complexity breeds complexity and regulatory complexity exacerbates operational complexity. This complexity can take two forms: higher costs or more full time employees to support manual processes and workarounds.
New regulations are driving a strong demand for compliance personnel. Compliance teams are spending approximately eight hours a week simply updating policies and procedures to keep up with the new laws. Combine that with updating the Board of Directors and working with Risk and Legal Departments, and it isn’t a scalable function. The costs for compliance are increasing. However, the cost of noncompliance is 2.65 times higher than the cost of compliance.
The CFPB is done with the regulation frameworks, but they still need to promulgate these laws. Only three out of every eight laws have been implemented. In the meantime, companies have a choice… Do they want to continue down this manual workaround path or do they want to operationalize compliance?
How to Demonstrate Institutional Control
A critical component of a well-run financial institution is a robust and effective compliance management system (CMS). Introduced by the CFPB, a CMS is designed to ensure that the financial institution’s policies and practices are in full compliance with the requirements of the law.
A CMS is a network of information systems, business processes, and monitoring tools that enforce internal policies and regulatory requirements and provide evidence of compliance
The CFPB’s Supervision and Examination Manual, explicitly states that CMS shall be integrated into its overall framework, and applied to its entire product and service lifecycle. Without such a system, serious and systemic violations of federal consumer financial law are likely to occur.
One of the most important responsibilities of the CFPB supervisory program is assessing the quality of the CMS employed by the financial institutions. To do so, CFPB examiners consider whether financial institutions have effectively addressed internal controls and oversight, training, internal monitoring, consumer complaint response, independent testing and audit, recordkeeping, product development and business acquisition, and marketing practices.
Much of the regulatory focus is either on intent or outcomes and not the process itself, and that focus is key to finding the weak link in a CMS. The following are some key guiding principles in designing and identifying potential weaknesses in a Compliance Management System:
- Is the intent explicit? Tribal knowledge and the opportunity to exercise judgment that gets the attention of regulators frequently is tied to implicit intent.
- Does the intent meet regulatory guidelines? Many companies do not have a regulatory clearinghouse where they can determine if they are meeting state and federal policies.
- Does execution meet intent? Companies must have the right tools to allow them to verify this and also allow them to do exception reporting.
- Does the company have procedures, controls, and systems that enable intent and execution to be institutionalized in a compliant and effective manner? This is the engine that is needed for a Compliance Management System. It must be coupled with a training regimen that includes routine continuing education to keep it well lubricated.
Financial organizations have been drinking regulations out of a fire hose for the last four years and have paid billions of dollars in penalties as a result of non-compliance. These companies had two options: either adopt IT solutions that reduce the cost of compliance and the cost of noncompliance, or find manual workarounds that must be reworked with each regulation. Those that chose the manual route probably feel like the last four years have been a lifetime.
The most effective and efficient way to ensure compliance is with a CMS that automates and monitors your process and your controls. There are many technology solutions that can help these businesses achieve these goals, and most of these solutions focus on the desktop. Why? Because the desktop is the single place where every transaction and interaction occurs. For example, desktop automation software allows companies to combine disparate applications and create a unified desktop that guides employees through every step required for compliance. There are also new advanced analytics tools that track every activity in every transaction. These technologies offer new insight into worker efficiency, quality and performance, and they can also be used to track regulatory compliance and measure process adherence.
Keeping up with the flood of new regulations hitting the financial industry is not an easy task. However, with the right plan, system and technologies, financial organizations can emerge from this hectic period unscathed.
J.C. Corrigan is chief analytical officer with Customer Analytics Consulting and Anna Convery is EVP, Strategy for OpenSpan