Required Consumer Compliance Policies and Procedures
Consumer Affairs Update - October 2018
Published October 15, 2018 | October 2018 issue
Do you know that some consumer protection acts and regulations require banks to have policies and procedures? Policies are one way that management communicates its commitment and expectations related to compliance, while procedures provide personnel with guidance on how to complete transactions or other processes. Generally, banks should adopt and implement policies and procedures that are appropriate for managing their risks. In addition, an act or regulation might specifically require the bank to adopt certain policies and procedures, as shown in the table below.
Examiners have identified some findings relating to these types of regulatory requirements. This article discusses violations of two regulations, their root causes, and key takeaways.
What are the regulatory requirements? As stated in Regulation V (12 C.F.R. 1022.42), banks must establish and implement reasonable written policies and procedures regarding the accuracy and integrity of consumer information furnished to credit bureaus.1 The regulation also states that the policies and procedures must be appropriate to the nature, size, complexity, and scope of the bank’s activities. These policies and procedures must be periodically reviewed and updated as necessary. In an appendix, the regulation states guidelines that banks should consider when developing their policies and procedures.
What factors contributed to the violations? Violations resulted from gaps in change management processes, periodic policy and procedure reviews, and training. For example, a bank’s change management process might not be sufficiently comprehensive in tracking changes or updates to regulations. Also, a bank’s periodic policy and procedure review processes might not be sufficiently comprehensive and detailed. Lastly, the bank might fail to comply with policy and procedure requirements if the person (or persons) responsible for creating or maintaining policies or procedures is not sufficiently trained.
What are the regulatory requirements? Regulation Z (12 C.F.R. 1026.36(j)), requires written policies and procedures covering a variety of topics: loan originator compensation practices, steering, loan originator registration, and identification requirements.2 The policies and procedures must be designed to ensure and monitor compliance. They also must be commensurate with the nature, complexity, size, and scope of the bank’s mortgage lending activities.
What factor led to the violations? Violations typically result from misunderstanding of the regulatory requirement in terms of the bank’s compensation practices. As an example, some banks pay their loan originators’ salaries but do not pay any incentives or commissions. In such cases, the bank might not realize that the bank is still required to have loan originator compensation or steering policies and procedures, often because the person responsible for the bank’s policies and procedures is not familiar with this requirement.
To help ensure compliance, bank management should consider reviewing the bank’s compliance risk management system and addressing any gaps that have resulted or could result in the bank violating policy and procedure requirements stated in consumer protection acts or regulations.