September 26, 2013
Credit Union Management magazine’s Web-only “On Compliance” column runs the fourth Thursday of the month.
During a recent webinar hosted by CUES Supplier member The Members Group, De Moines, Iowa, Jeff Andersen described the recent and likely future changes in the regulatory situation for credit, debit and prepaid cards, as well as for mobile banking.
“There are a lot of unknowns out there,” said Andersen, regulatory counsel for PolicyWorks LLC. “We have potential changes in the credit card area. We don’t know what the heck is going on with interchange. How do you prepare for that when you don’t have actual proposed rules to look at?
“The important thing,” he emphasized, “is to have a good compliance management system.”
While financial institutions with less than $10 billion in assets do not have to abide by the letter of the Consumer Financial Protection Bureau’s guidance on managing compliance the agency’s compliance guide still “gives good guidance about what a solid compliance program looks like,” Andersen said. He also suggested that CUs look at the National Credit Union Administration’s Aires questionnaire from 2007, and its eight guiding questions.
“The idea behind a strong compliance management program is to address compliance efficiently,” Andersen emphasized, “so you have a structure in place, so when new products come aboard and new regulations come aboard, you address them efficiently, saving you time and money. If you’re doing that, that will, in turn, reduce your risks of potential violations.”
Andersen elaborated on CFPB’s four main components of a good compliance management system:
- Board and management oversight—All authority flows from the board, Andersen said. How is the board getting communications about compliance? How are they communicating about compliance? Is there a compliance policy? Who owns compliance? Are there adequate resources allocated to compliance?
- Compliance program meat and potatoes—According to Andersen, this includes policies, procedures, training, monitoring and corrective action. He recommended that CUs of all sizes ask themselves these sorts of questions: Are policy and procedures consistent? Do they cover the product and service lifecycle? Is there a training plan in place for the board, for management, and for staff? How are changes in the regulations communicated to everyone? How is everything in the program monitored day to day?
- Response to consumer complaints—For this element of CFPB’s guidance, the key questions to answer are: How are you monitoring consumer complaints? Are you tracking in a way that you can sort them sensibly later? Are complaints documented and resolved promptly? Are business practices and products reviewed and adjusted based on complaints?
- Compliance audit—This goes above and beyond day-to-day monitoring, Andersen said. It’s a regular review of your CU’s compliance with laws and regulations, as well as with internal policies and procedures. The compliance audit should be done by people who are independent of the CU’s day-to-day compliance program and business units. The compliance auditors should provide a report to your board or its designated committee, with copies to business units. Key questions to answer include: How frequently is the compliance audit performed? Is the scope adequate and appropriate to the size, products, services, and operations of the credit union? Does it identify compliance risk? Does it identify material compliance failures?
Andersen underscored the idea that, for most credit unions, following these CFPB guidelines is not a requirement. However, he believes that having a solid compliance structure plays into being able to do well in managing the current regulatory environment.
The bottom line, according to Andersen is: “Given the way you currently operate, what are some ways compliance can be made easier and more efficient and help avoid future compliance issues?”
Lisa Hochgraf is a CUES editor.