Culture and ethics are important in financial services; this much has always been clear to anyone working in the industry. Consumers and businesses alike place a great deal of trust in the system, and continue to hold it in high regard even in light of recent scandals and events that have highlighted certain questionable practices, testing this trust. But culture and ethics are much more than empty statements printed on a poster or in an employee bulletin and posted in the breakroom – a financial institution must take tangible steps to instill in its employees the values it declares publicly. Risks and rewards should be managed in a manner consistent with these values, as well as applicable legal and regulatory requirements and expectations and the best interests of the institution’s customers. In our most recent edition of Compliance Insights, we share the latest public statements from the Consumer Financial Protection Bureau (CFPB) and the Federal Reserve Bank of New York related to these topics.
In November 2016, the CFPB issued a bulletin regarding detecting and preventing consumer harm from sales and production incentives (we provide examples of such incentives in our current edition). The CFPB stresses the importance of proper oversight of employee incentives, particularly those that may pose potential harm to consumers if not designed and monitored appropriately. The CFPB expects financial institutions that employ incentive compensation programs to implement effective controls and risk management oversight of both employees and service providers participating in the programs. The CFPB reminds institutions of its expectations that they establish strong compliance management systems that detect violations of Federal consumer financial laws and, in particular, prevent unfair, deceptive or abusive acts or practices (UDAAP). The CFPB makes clear that compliance departments have an important role to play in managing the risks associated with these programs.
The CFPB bulletin was issued a month after William Dudley, president and CEO of the Federal Reserve Bank of New York, called for increased regulatory oversight to ensure accountability for misconduct and lapses of ethical judgment at financial institutions. Among his suggestions, Mr. Dudley articulated the need for tangible regulatory requirements rather than principled high-level statements. He proposed certain solutions, such as a database of banker misconduct and an annual, industry-wide culture survey. However – and clear to anyone involved in financial services – the responsibility for reforming culture ultimately lies with the banking and financial services industry itself, and financial institutions must make coherent, comprehensive efforts to correct any cultural and ethical weaknesses.
In other compliance news, the Financial Crimes Enforcement Network (FinCEN), in coordination with the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS), issued an advisory in September to help financial institutions identify and prevent the growing number of e-mail compromise fraud schemes.
The advisory includes a list of relevant red flags and detailed scenarios related to e-mail fraud schemes, and highlights the growing trend of cyber-enabled criminal activity. According to FinCEN, there have been approximately 22,000 reported cases of e-mail compromise fraud involving $3.1 billion in losses since 2013.
Finally, a study by the Global Association of Risk Professionals found that only half of the banks that were required to comply with Basel 239 risk data aggregation and reporting requirements by January 1, 2016 are in compliance. Risk data aggregation refers to a bank’s ability to consolidate various sources of risk data, such as loan default or derivative exposure across various business units.
For a more in-depth analysis of December’s compliance topics, you can read the full insights report here. We look forward to following and sharing more financial services compliance news with you in 2017. Happy New Year!