Protiviti published the August issue of Compliance Insights last week. In the podcast below, Managing Director Steven Stachowicz discusses two of the topics in this month’s newsletter: the much anticipated — and now final — arbitration rule by CFPB, and compliance risk management as highlighted in the OCC’s Semiannual Risk Perspective. Download the free newsletter for the full set of compliance news this month, and tune in below for Steven’s additional perspective on the highlighted issues.
In-Depth Interview Compliance Insights [transcript] August 22, 2017
Kevin Donahue: Hello, this is Kevin Donahue, Senior Director with Protiviti, welcoming you to a new installment of Powerful Insights. I’m joined today, again, by Steven Stachowicz, a Managing Director with Protiviti and a leader with our Risk and Compliance practice, and we’re going to be talking about some of the highlights from the August 2017 issue of Compliance Insights. Steven, thanks for joining me again.
Steven Stachowicz: Sure, anytime. Thanks, it’s good to talk to you today.
Kevin Donahue: First, Steven, let’s talk a little bit about the CFPB, which issued a rule limiting mandatory arbitration clauses. With regard to this rule, how much effort would be required on behalf of financial institutions to comply?
Steven Stachowicz: The long-awaited arbitration rule is finally upon us and there is a good deal of work that financial institutions, particularly the larger ones that offer a full suite of financial products and services to consumers, will have to undertake. If you think about it, the arbitration rule is generally built into the contractual arrangements that banks and other non-bank providers of financial products and services have with their customers. Whenever they’re signing up for a deposit account or for a loan or credit card account or something similar, there’s typically a contract involved in there, and that typically in many cases will have rules related to a predispute arbitration.
As part of the implementation of the rule, these institutions will need to evaluate all the various contracts that they have for each of their consumer financial products and services and make updates accordingly to the language – the language that specifically requires consumers to engage in predispute arbitration and limits their rights to engage in class action or group lawsuits. That language will be required to change and there’s language that is suggested for institutions to include, and there will also eventually be a requirement effective for these institutions to also submit to the CFPB copies of their consumer contract so that the CFPB can build an inventory of consumer contracts for financial products and services as well. There is a good deal of work involved in the implementation here.
Kevin Donahue: Steven, any chance the rule is going to be rescinded by the implementation date?
Steven Stachowicz: That’s a million dollar question, or a sixty-four thousand dollar question. It’s really tough to say, which of course is frustrating if you’re staring at the face of a final rule that needs to be implemented. There is a little bit of uncertainty, not that probably at this point should stop any financial institution from moving forward with what they might need to do here. But this particular rule more than many of the others that the CFPB has promulgated under the Dodd-Frank Act really has garnered a lot of attention from industry or lobby groups, from consumer advocacy groups and even Congress. Congress really has quite a bit of power to rescind rules under the Congressional Review Act, and there has been some activity that Congress has undertaken to potentially do that. As of the time that we’re talking here, it’s still “all sails up, full steam ahead” in terms of the implementation. There’s a chance, and I think that institutions, as with many of these rules, need to be diligent and vigilant in terms of keeping abreast of what’s happening in the regulatory environment and in Washington. For the moment, it’s a rule that institutions need to be working to figure out from an implementation standpoint.
Kevin Donahue: That’s understandable. I can’t imagine they can expect it to be rescinded even if there’s a slight chance. Next, let’s talk a little bit about the OCC, which issued some information around compliance risk management. I guess this was in their semi-annual risk perspective, and that indicated that the burden of managing compliance risk seems to be increasing. Steven, my question to you is, is compliance risk really increasing at an accelerated rate, or is what we’re seeing actually just a normal part of business?
Steven Stachowicz: It’s a bit of both, frankly. From the OCC’s perspective, compliance risk is among the top risks that most organizations face in the ordinary course of business. To some degree, it is, right? Compliance risk is an important thing for institutions to manage. It has been an increased risk for some time given a number of the industry events that have happened over the past eight to 10 years with the financial crisis and the implementation of Dodd-Frank. That said, I think the OCC sees that compliance risk is increasing at the moment for some of those same factors, and for others as well.
There are a number of rules and regulations that we see coming soon to be effective, in terms of the Home Mortgage Disclosure Act, for instance. x If you’re a national bank that’s also a mortgage lender, there’s a lot of new requirements that you’re going to be faced with from a data collection and reporting perspective beginning in January of 2018. There are rules around the Truth in Lending Act that we refer to as the TRID Rule in the Compliance Insights this month. There’s another rule that’s amending rules that were just recently implemented a couple of years ago that’s going to change some of those rules, and frankly, institutions are still struggling with the implementation from two years back. You see this also with the Military Lending Act and the Arbitration Rule which we just talked about. There’s a number of regulatory requirements that institutions are facing still that require significant operational, technological changes to implement, and coordination with third parties. I think the OCC sees some of the experience of the implementation of the Mortgage Servicing Rules from 2014 and the Mortgage Origination Rules from 2015 as being indicative of some of the challenges that banks are facing in terms of implementing some of these larger scale, more complicated changes.
In addition to change management, to some degree, there’s involvement of third parties and third-party risk management. The OCC sites that there are some concerns with AML still, so anti-money laundering is still a concern for the OCC and for many of its regulated national banks, many of which are under some form or another of an enforcement action or consent order or similar with respect to AML. AML is a pretty dynamic topic. We’ve talked about that in the Compliance Insights over the past couple of years. Any practitioner knows that it’s an evolving thing and even in this month’s Compliance Insights, we cover the idea that AML is a prevalent concern in the money services business virtual currency exchange environment where some financial institutions are starting to dabble or to consider how to address virtual currencies.
Traditional money laundering is already hard enough for banks to keep up with and now you have some emerging technologies in that space too, that increase the risk with respect to AML. Coupled with that, technologies lead to other types of concerns for national banks. Picking on, for a moment, marketplace lending and the concern that there are situations where national banks partner with non-bank fintech companies to offer various products to different markets, different types of customers, innovative type products. Those types of products bring with them increased fair lending risks. Just when you think you’ve got fair lending under control from your normal body of products and services, now many institutions are worrying about what are the fair lending risks associated with these partnerships they may be engaging with marketplace lenders with and how do they incorporate those into their programs.
You have this confluence of emerging technologies and new laws, regulations, regulatory guidance that need to be implemented from a change management, third-party risk management perspective, all sort of combining to cause the OCC to raise the concern that compliance risk management is of increased risk to national banks.
Kevin Donahue: Steven, I want to thank you very much for sharing your insights with us today about the August issue of Compliance Insights. As you mention, along with the articles we talked about, there’s another one on the new TRID Rule, or the finalization of the TRID Rule from the CFPB, as well as an article regarding AML and FinCEN, and new penalties that are being imposed. Again, for those in our audience interested in additional information, please visit Protiviti.com/compliance-insights.
[End of Transcript]