Consumer Protections, Personal Liability for Executives and More – Our June Compliance Podcast Is Here

By Steven Stachowicz, Managing Director
Risk and Compliance




This month’s roundup of compliance news includes two CFPB-related articles – on the Bureau’s efforts to collect information on small and minority business lending with the purpose of rulemaking in that area, and its focus on consumer reporting and improving the completeness and accuracy of data provided to consumer reporting agencies by various entities. We also discuss the most recent, $250,000 penalty on an individual in a corporate BSA/AML compliance matter. The June issue of Compliance Insights, wraps up with an update on OCC procedures related to violations of OCC laws and regulations.

Listen to our podcast below. Transcript of the conversation follows.


In-Depth Interview, Compliance Insights [transcript]

June 28, 2017

Kevin Donahue: Hello, this is Kevin Donahue, Senior Director with Protiviti, welcoming you to a new installment of Powerful Insights. I’m speaking today with Steven Stachowicz, a Managing Director with Protiviti and a leader within the firm’s Risk and Compliance practice. Protiviti recently published the June edition of Compliance Insights and I’m going to talk to Steve a little bit about some of the highlights from that newsletter. Steve, thanks for joining me today. Continue reading

What’s the Latest on Fintech Charters and What About That Russian Laundry?

In the April edition of Compliance Insights, we discuss the Office of the Comptroller of the Currency’s draft supplement, released in March, which further outlines the application guidelines for fintech bank charters (covered previously in our January issue). We also lay out previously unknown details of the “Russian Laundromat” money laundering scheme, as reported by the Organized Crime and Corruption Reporting Project, and we touch on the CFPB’s latest, $1.75 million enforcement action. Listen to our interview with Steven Stachowicz, Managing Director with Protiviti’s Risk and Compliance practice, at the audio link below. Full transcript of the conversation follows.


In-Depth Interview, Compliance Insights [transcript]

April 24, 2017

 Kevin Donahue: Hello. This is Kevin Donahue, Senior Director with Protiviti, welcoming you to a new installment of Powerful Insights. I’m talking today with Steven Stachowicz, a Managing Director and leader with Protiviti’s Risk and Compliance practice, and we’re going to be covering just some of the highlights from the April edition of Protiviti’s Compliance Insights newsletter. Steven, as always, thanks for joining me.

Steven Stachowicz: Hi, Kevin. Thanks for having me today.

Kevin Donahue: Steve, to start off, in the lead article of this month’s newsletter, we summarize a new licensing manual supplement from the OCC that applies to fintechs seeking a special-purpose national bank charter. Steven, what are some of the notable points in the OCC’s draft supplement?

Continue reading

Compliance News Roundup: The Clearing House AML Recommendations, CFPB on Alternative Data and More

Protiviti published its March issue of Compliance Insights this week. We sat down with Steven Stachowicz, Managing Director with Protiviti’s Risk and Compliance practice, to discuss some of the highlights. Listen to our podcast below, or click on the “Continue Reading” link to read the interview.


In-Depth Interview, Compliance Insights [transcript] Continue reading

Regulatory Activity Unabated Despite Uncertain Regulatory Outlook

Steve StachowiczBy Steven Stachowicz, Managing Director
Risk & Compliance




A month into the new U.S. administration, it’s clear that the political landscape is shifting. The administration has issued executive orders calling for a review of existing laws and regulations based on how they promote certain “core principles” related to the regulation of the U.S. financial system; a review of the Department of Labor’s Fiduciary Rule scheduled to take effect later in 2017; and an “implement one, repeal two” standard for the issuance of new regulations. Talk abounds about congressional actions aimed at actual or possible legislation, such as the TAILOR Act and the Financial CHOICE Act, which would affect the current regulatory structure as well.

The long-term ramifications of these actions for financial services regulation, supervision and enforcement are still unknown, and it may be some time before we have a clear view of what the future will look like. Meanwhile, financial institutions must still contend with the regulatory structure that exists today. Regulatory or self-regulatory agencies at the state, federal and even international levels are continuing to move forward with their existing supervisory and regulatory responsibilities. We address these in the February edition of Compliance Insights.

  • In the anti-money laundering (AML) space, we note that the Conference of State Bank Supervisors released a Bank Secrecy Act/AML Self-Assessment Tool to help financial institutions better manage money laundering risk. Risk assessments are top of mind for regulators, who consider logical, well-balanced and robust assessments the focal point of a sound risk management program. The self-assessment tool was issued not only to help provide transparency into how risks are assessed, monitored and communicated within an institution, but also to promote greater transparency among institutions to benefit the broader financial services industry.
  • Within the securities space, the Financial Industry Regulatory Authority (FINRA) published its Regulatory and Examination Priorities Letter for 2017, which identifies known and potential risks facing broker-dealers, investor relationship management and market operations. FINRA uses the annual priorities letter to communicate areas of focus for its information requests and examinations for the upcoming year. The 2017 letter highlights the “blocking and tackling” roles of compliance, supervision and risk management through FINRA’s focus on reviewing firms’ business models, internal control systems and client relationship management. Priorities identified for 2017 include: monitoring brokers with a history of disciplinary actions or complaints; sales practices; financial risk management and liquidity; operational risks; and market integrity.
  • Privacy concerns are atop the agenda for the European Commission (EC), which published the draft text of a proposed e-privacy regulation that, if adopted, would replace the EC’s current ePrivacy Directive with a more expansive regulation. Data privacy is a top priority for the EC, which seeks to establish a new privacy legal framework for electronic communications as part of a digital single market. The proposed regulation was developed with the intent to create better access for consumers and businesses to digital goods and services, level the playing field for digital networks, facilitate development of innovative services, and increase the growth potential of the digital economy.
  • Finally, the Consumer Financial Protection Bureau (CFPB) recently sued a bank for apparent unfair and deceptive practices related to enrolling customers into overdraft protection services. The suit contends that the bank violated the CFPB provision for implementing the Electronic Funds Transfer Act by misleading customers that overdraft protection was mandatory, concealing fees, deceptively seeking consent, and pushing back against customers who questioned the opt-in requests. Notably, the CFPB cites that the bank’s employee incentive program likely contributed to these issues, further highlighting the attention that the regulatory agencies are placing on sales practices and incentive compensation programs.

Even as Washington sorts itself out, financial institutions cannot lose sight of regulatory obligations and expectations that exist at the local, state, federal or even international level. The regulatory environment is likely to be quite dynamic in the foreseeable future, and financial institutions will remain challenged to manage their risks in this environment and not relax their compliance efforts.

Continue to follow our monthly roundups of compliance news here and on our site. The February issue is available here.


Compliance Issue Resolution: Responsible Business Conduct in Financial Services

Steve StachowiczBy Steven Stachowicz, Managing Director
Risk and Compliance Practice



In April, I joined several of my Protiviti colleagues on a webinar hosted by The IIA’s Financial Services Audit Center. The two-hour session, titled Hot Topics in Compliance: Consumer Protection and Compliance Governance, focused on recent regulatory developments in consumer protection reforms related to the Dodd-Frank Act, including mortgage lending disclosures and debt collection practices.

It was a great session, packed with valuable information, especially Tom Giltrow’s take on the evolution of the Fair Debt Collection Practices Act, or FDCPA, and Todd Eaton’s explanation of the new consolidated mortgage loan disclosures (known as TILA-RESPA Integrated Disclosures, or TRID) that have replaced the familiar Truth in Lending and Good Faith Estimates and HUD Settlement Statement forms for consumer real estate loans.

My bit, the subject of this post, covered compliance issue resolution, and the heightened expectations financial regulators have regarding compliance management systems and consumer remediation.

I’ll say up front, as I said in the webinar, that regulatory compliance is an all-in responsibility that requires the engagement of all three lines of defense. Without standards and direction at the enterprise level, compliance management and consumer remediation tend to occur ad hoc, within individual business units or departments, which can result in inconsistent and potentially inadequate corrective and remedial actions.

In 2013, the Consumer Financial Protection Bureau (CFPB) published a bulletin outlining four expectations for what it calls “responsible business conduct”:

  • Self-policing – Robust self-monitoring mechanisms are needed to detect violations. From quality control, compliance monitoring and testing, to compliance reviews, complaint response and internal audit, as issues are identified, steps should be taken to evaluate root causes and what corrective actions and remediation might be necessary.
  • Self-reporting – Once an issue has been identified and internally evaluated or vetted by the organization, the CFPB expects that institutions self-report the issues, particularly for significant issues involving potential violations and consumer harm. Self-reporting is a difficult task for many institutions, but it is an important part of being transparent with the institution’s regulators when issues do arise.
  • Remediation – Institutions should take timely steps to detect and correct compliance issues, with an eye toward the implementation of robust, longer-term corrective actions. Consumers impacted negatively by an issue, whether financially or non-financially, should be remediated, and the redress should reasonably “make the customer whole.” This is also a difficult task, because the exact form of redress is often dictated by the circumstances rather than a clear legal or regulatory requirement. The appropriate course of action is often benchmarked against precedent, such as through public enforcement actions.
  • Cooperation – When it comes time to determine what actions, if any, to take against an institution, regulators have made it clear that affirmative credit will be reserved for those institutions that are forthcoming and transparent in working with them and law enforcement. The CFPB has stated that self-reporting and cooperation do not guarantee that the agency will not take action against an institution, but that the cooperative behavior will be viewed positively when a regulatory action does arise. Public CFPB enforcement actions have indeed borne this out.

Ultimately, the message here is that an institution’s response to a compliance issue or an adverse consumer issue can be more important than the issue itself. By focusing on root causes and timely corrective actions to address operational and technological deficiencies, and not getting bogged down in the specifics of an individual mistake or violation, organizations, with the help of their internal audit functions, can vastly improve issue resolution and governance, and possibly qualify for affirmative credit.

Our webinar was focused on internal audit and the implications of regulatory expectations and changes to compliance requirements on the internal audit function and on financial institutions broadly. Internal audit’s role in compliance issue resolution is varied – from, at minimum, ensuring that internal audit issues are tracked and resolved appropriately by the institution, to providing credible challenge to management’s overall compliance issue identification and resolution processes. Credible challenge might include review and validation of the effectiveness of the implemented corrective actions as well as the remediation provided to impacted consumers.

That’s plenty to think about for now. I hope you’ll join the conversation by sharing your thoughts in the comment section below.

Reflecting on the Fourth Anniversary of the Dodd-Frank Act

Carol Beaumier - Protiviti EVP - NY

Carol M. Beaumier, Executive Vice President, Protiviti


Protiviti’s quarterly financial services industry newsletter, FS Insights, has tracked the progress and reflected on the merits of the Dodd-Frank Act since its passage four years ago. After four years, we remain left with more questions than answers. Nearly half of the required rules still are not final.  Debate continues about the impact of the law.

In our latest issue, we look at notable regulatory developments, such as the Federal Reserve’s approval of a final rule implementing the enhanced prudential supervision standards of the Dodd-Frank Act and the Office of the Comptroller of the Currency’s proposed guidelines for heightened governance standards for banks with assets greater than $50 billion. We posit whether the regulators might have been able to effect significant change without Dodd-Frank, since most would agree that financial institutions with strong risk management, adequate capital and sufficient liquidity are not likely to fail.

You’ll find the newsletter and the Protiviti Dodd-Frank diagnostic tool on our website. This complimentary online tool helps banking, broker-dealer and mortgage companies to identify quickly the parts of the Dodd-Frank Act that are most relevant to their business. I encourage you to subscribe to the newsletter, check out our diagnostic tool, and provide any comments or responses here.