This month’s roundup of compliance news includes two CFPB-related articles – on the Bureau’s efforts to collect information on small and minority business lending with the purpose of rulemaking in that area, and its focus on consumer reporting and improving the completeness and accuracy of data provided to consumer reporting agencies by various entities. We also discuss the most recent, $250,000 penalty on an individual in a corporate BSA/AML compliance matter. The June issue of Compliance Insights, wraps up with an update on OCC procedures related to violations of OCC laws and regulations.
Listen to our podcast below. Transcript of the conversation follows.
In-Depth Interview, Compliance Insights [transcript]
June 28, 2017
Kevin Donahue: Hello, this is Kevin Donahue, Senior Director with Protiviti, welcoming you to a new installment of Powerful Insights. I’m speaking today with Steven Stachowicz, a Managing Director with Protiviti and a leader within the firm’s Risk and Compliance practice. Protiviti recently published the June edition of Compliance Insights and I’m going to talk to Steve a little bit about some of the highlights from that newsletter. Steve, thanks for joining me today.
Steven Stachowicz: Hi, Kevin. It’s good to talk to you. Thank you.
Kevin Donahue: Steve, one of the articles addresses an issue with the Consumer Financial Protection Bureau. Why is the CFPB seeking to collect data on small business lending data? Then as a follow-up, what types of considerations are relevant to that from a lender’s perspective?
Steven Stachowicz: The Consumer Bureau’s current request for information stems from a provision of the Dodd-Frank Act that relates to the reporting of lending activities to small businesses, and in particular, women and minority-owned businesses. The small business lending has long been considered a critical driver of economic activity and growth, and is very much a focus in the political environment and, certainly, in a regulatory environment. That said, there hasn’t been the same transparency historically regarding the availability of credit and of lending activities in that particular space. We have a number of reporting constructs in the consumer space that are utilized for purposes of evaluating what’s referred to as fair lending and where creditors are making available credit by non-discriminatory mean. Not as much transparency has existed historically in the small business environment so Dodd-Frank attempted to address that.
The CFPB had been asked to write rules that would require reporting in that space. The request for information that had been published recently is their first foray into this particular requirement. They are looking and seeking to understand more about lending activities and get information from the industry about their concerns related to data collection. I think it’s important to understand what it is that the CFPB is asking in its request for information. Because again, it’s providing some degree of insight into where they might be going with respect to rule-writing down the road. It gives management a chance to evaluate how information is collected within their own environment on these loans and what sort of processes are going to be necessary for them to implement. From a consideration standpoint, your second question – the RFI is an opportunity to evaluate these processes now and get a head start in terms of what it might take to do this, but at the moment there’s not a regulatory requirement to do this reporting. The CFPB is really only just starting this process right now.
Kevin Donahue: Thanks, Steve. I next want to touch upon the article regarding the Bank Secrecy Act and AML compliance with regard to personal liability. Now this ties to the Yates Memorandum which the DOJ issued in late 2015, and it outlined the importance of individual accountability. Steve, why are the Yates Memo and the recent DOJ actions important for corporate executives and compliance officers?
Steven Stachowicz: They’re important because they underscore in a fairly significant way the fact that individuals can be held accountable in Department of Justice prosecutions related to the Bank Secrecy Act and anti-money laundering. Corporate executives and compliance officers can be held individually accountable for those failures just as much as the firm that they work for. You see in the most recent case that we’re highlighting here that this particular former chief compliance officer was held responsible, accountable for what had happened with his firm – ordered to pay a civil penalty of 250,000 and is barred now from working in a compliance function of a similar firm for three years.
Kevin Donahue: Steve, what are some of the things these executives and compliance officers should do to mitigate these risks?
Steven Stachowicz: That’s the 250,000 or more question that’s on the table for a lot of corporate executives and compliance officers, right? The answer is not exactly clear in that regard. In the cases that Yates Memo and this particular DOJ prosecution are underscoring, they’re underscoring some fairly egregious actions that are detailed in the particular case, whereby the firm certainly had BSA or AML issues but the corporate executives, the compliance officer in this case, didn’t do enough to address them timely and completely and adequately to comply with the requirements. That’s fairly egregious and that’s how it’s gotten to this point.
What compliance officers and corporate executives should be is go back to building a strong compliance management function that can timely detect and address deficiencies and issues as they come up; programs that fully consider all of the relevant AML and BSA requirements that are routinely tested and evaluated and fine-tuned to match the activities of the business as well as the regulatory requirements and the evolving money laundering and terrorist financing space. To really guard against personal liability exposure, these individuals have to take steps to make sure that there are appropriate governance and oversight mechanisms in place. It starts with tone at the top, it starts with compliance culture, but it also moves down more strategically into tactically building a compliance management system that has clearly documented accountabilities, robust oversight functions, and appropriate issue resolution and infinite response processes that are informed, substantiated and well-documented, just as we’ve outlined here in the Compliance Insights article.
Kevin Donahue: Thanks, Steve. Let’s close out our discussion today by circling back to the Consumer Financial Protection Bureau. As we detail in another article in this month’s newsletter, the Bureau also wants to improve the accuracy and handling of consumer data by credit reporting agencies. Who exactly are the data furnishers to these agencies and what should they do to improve their process?
Steven Stachowicz: Data furnishers are the broad set of entities that furnish information to the consumer reporting agencies. The one that comes to mind immediately are financial institutions. Banks and credit card issuers and home lenders are the types of firms that furnish information to the consumer reporting agencies on a pretty regular basis and are themselves consumers of consumer report information, but there’s any other number of entities that furnish information to the consumer reporting agencies as well. For instance, utilities, telephone companies, or electric companies are among the types of entities that may furnish information to the consumer reporting agencies. This isn’t something that consumers readily understand. The Consumer Bureau points out that consumer report information, consumer report data, have a pretty significant impact on the lives of consumers – their abilities to get and obtain credit or increase credit if they’ve got a credit card currently. It can certainly impact their ability to obtain insurance as well. In some cases, this information may also be used for employment purposes such as pre-employment screening when you’re obtaining a new job.
The CFPB has among its missions, at its core, to protect consumers and to help educate consumers on financial products and services. Consumer reports and consumer report information are among the important areas of their focus and is routinely an area of consumer confusion and consumer complaint. When you look at consumer disputes, it’s pretty clear that there is high volume, a lack of understanding of what’s being furnished and, arguably, a number of instances where information that is furnished by the financial institutions or other reporters to the agencies is inaccurate or is incomplete. Those inaccuracies and that incompleteness have a pretty negative effect on consumers. In its Supervisory Highlights, the CFPB is highlighting its activities with respect to evaluating the consumer reporting system, both the consumer reporting agencies themselves that receive and aggregate and produce consumer reports, but also the data furnishers that are providing information to them. They really do center around improving data accuracy and making sure that the data furnishers have established programs that ensure that the information that they do furnish about consumers on a regular basis, it’s accurate, it’s complete, has integrity; that they have testing and controls and monitoring around that.
When you think about data furnishers and financial institutions in particular, consumer reporting processes are not usually top of mind. They’re typically processes that are built into the technologies that are being used to serve loans, they’re behind the scenes, it’s a one-and-done technology implementation, oftentimes the responsibility of a third-party service provider. So they don’t get a great deal of attention but they need to.
Kevin Donahue: Steve, thanks for joining me again to discuss the latest issue of Compliance Insights. Those in our audience interested in more information and to read our newsletter can find it at protiviti.com.[End of Transcript]