Adam talks about the core elements needed in a compliance management system including board of director oversight and the sub-elements of a compliance program.  This video outlines the expectations of a CMS as outlined by the CFPB and other regulatory agencies. A sister article to this video can be found here.

Video Transcript

The following is a transcript of this video.

My name is Adam Witmer and I'm your host here at compliancecohort.com. Today's topic is Compliance Management Systems. We’re going to talk about what a Compliance Management Systems is and what a compliance management system does.

First of all, what does a Compliance Management System do, or a CMS? Well, it does a number of things. First of all, it is how an institution establishes its compliance responsibilities. It outlines what is supposed to be done. It's also how an institution communicates those responsibilities to its employees. It is how it ensures responsibilities are incorporated into business processes. It's how an organization reviews operations to ensure responsibilities are carried out and legal requirements are met. And most importantly, I believe this final element is the key to a compliance management system, it is how an organization takes corrective action. It is how an organization or financial institution self-identifies issues and takes corrective action. I believe that is the key to a compliance management system.

Now, there are certain elements that go into a compliance management system and each regulator has a little bit different requirement, but it's essentially the same. The FDIC has language that's very similar to the CFPB, but they're organized a little differently, where the Federal Reserve uses more dialogue and less outlines and the OCC is more of a general statement of management. Regardless of who your regulator is, we can look at what the CFPB requires of a compliance management system or what their expectations are.

The CFPB has two main elements for a compliance management system. The first being board and management oversight and the second being a compliance program which has several sub-elements in it.

The first piece is board and management oversight. Well, the biggest piece to understand here is who is responsible for the oversight of the compliance management system. Of course, it is the board of directors. They are ultimately responsible for compliance, whether they like it or not, but they are, so there has to be some level of board and management oversight, and this can be done oftentimes by having a compliance officer have a dotted line, so to speak, going to the board of directors, or providing reports to the board of directors, some form of communication, and some form of updates on a regular basis so the board has oversight.

The second piece of a compliance manager's job management system is a compliance program. There are several sub-elements.

The first sub-element is policies and procedures. Financial institutions like banks and credit unions should have very detailed policies and procedures that outline their compliance responsibilities. So maybe a TRID policy or a flood policy or a fair lending policy or at least those elements incorporated to some degree inside a loan policy. Something that outlines what the organization is supposed to do in regards to consumer protection and consumer compliance.

The second piece of a compliance program is training. All employees of a financial institution should receive some level of training. But that training doesn't have to be super in-depth on every possible nook and cranny of compliance. It should be appropriate for the position that the training is going for. So tellers should know how to complete CTRs, I guess if you're talking about BSA, where a lender would not need to. But a lender needs to know fair lending laws where in fair lending laws, the teller needs are just very very small, there are some pieces they need to know but not nearly as much as what a lender needs to know. So the training should be appropriate for the job function.

The next piece of the compliance program is monitoring and/or audit. Monitoring and audit are two separate pieces but very similar. They both have the same goal of self identifying issues before an examiner comes in. The bottom line between monitoring and auditing is that you are trying to self identify compliance issues before an examiner comes in. Monitoring oftentimes is a lot less formal. You may not have reports to the board or you may not even have a formal report and oftentimes there's no independence because a manager may monitor their employees’ activities and that's okay because that's monitoring. On the other hand, an audit is going to be more formal. It is going to have independence. But each organization should have some combination of each of these and that combination is going to vary from one organization to the next.

The final element of a compliance program is consumer complaint response. And for the CFPB, this is one of the most important things: how you manage and monitor complaints. Complaints are a red flag for potential consumer harm because when somebody's upset about something there is a good possibility that the financial institution is violating consumer protection laws. Therefore, being able to monitor and manage your complaints is a key piece of your compliance management system. So again the first element is board of management oversight the second piece is a compliance program and that is a compliance management system.

Thank you for joining us today on this quick lesson on compliance management systems.