REGULATORY HOT TOPICS FOR FINANCIAL SERVICES INTERNAL AUDITORS: CFPB UPDATE MICHAEL BRAUNEIS MANAGING DIRECTOR, PROTIVITI

Transcription

1 REGULATORY HOT TOPICS FOR FINANCIAL SERVICES INTERNAL AUDITORS: CFPB UPDATE MICHAEL BRAUNEIS MANAGING DIRECTOR, PROTIVITI March 7, 2012

2 Today s Presenter Michael Brauneis, Managing Director, Protiviti Michael Brauneis is a Managing Director in Protiviti s Chicago office and one of the leaders of their national Regulatory Risk Consulting practice. He is a member of Protiviti s global Regulatory Reform and national Privacy and Information Security leadership teams, and is regularly consulted as a compliance subject matter expert by leading national media outlets, including the Wall Street Journal, the Associated Press, Reuters, the Chicago Tribune, and the American Banker, among many others. Prior to joining Protiviti in January of 2004, Mike held a compliance management position with a top-10 US bank holding company. Mike holds the Certified Regulatory Compliance Manager ( CRCM ) designation from the American Bankers Association s Institute of Certified Bankers. michael.brauneis@protiviti.com 2

3 Agenda CFPB s Recent Areas of Focus A Deeper Look Student Lending and Vendor Management CFPB Examinations Challenges for Internal Audit Q&A 3

4 CFPB FOCUS AREAS 4

5 The CFPB: An Overview CFPB assumed transitional authority on July 21, 2011, the first year anniversary of DFA. Mission: Conduct rule-making, supervision, and enforcement for federal consumer financial protection laws Restrict unfair, deceptive, or abusive acts or practices Take consumer complaints Promote financial education Research consumer behavior Monitor financial markets for new risks to consumers Enforce laws that outlaw discrimination and other unfair treatment in consumer finance CFPB Authority is Unprecedented Rulemaking Annual and Special Reporting Enforcement: up to $1 million per day civil penalties Examination and Supervision Priorities Consumer Disclosures Consumer Complaint Intake and Resolution Unfair, Deceptive or Abusive Acts or Practices (UDAAP) Specific Activities, Business and Practice 5

6 CFPB Main Themes Credit and Reporting Evaluation Exam procedures to verify that credit reporting companies are following the law (Sept. 2012) Study on comparing credit scores sold to creditors and those sold to consumers (Dec. 2012) Accepting consumer complaints about credit reporting, and issued report detailing how the nation s largest credit bureaus manage consumer data (Oct. 2012) Partnerships and Advisory Councils Appointed 25 consumer experts from outside the federal government to Consumer Advisory Board and created three additional advisory councils: the Credit Union Advisory Council (CUAC), the Community Banks Advisory Council (CBAC), and the Academic Research Council (Sept. 2012) Established various partnerships (Department of Defense; FHFA; Department of Justice; Newark, NJ 4311 hotline) Consumer Credit Card Lending Proposed updates to existing regulations to make it easier for spouses or partners who do not work outside the home to qualify for credit cards (Oct. 2012) Announced seeking public comment on how the Credit Card Accountability Responsibility and Disclosure Act of 2009 impacted consumers and the credit card market. (Dec. 2012) 6

7 CFPB Main Themes (continued) Mortgage Servicing Rules Finalized January 14, 2013, with a compliance date of January 10, 2014 Cover nine (9) key areas, including: 1) Periodic billing statements 2) Interest-rate adjustment notices for ARMs 3) Prompt payment crediting and payoff statements 4) Force-placed insurance 5) Error resolution and information requests 6) General servicing policies, procedures and requirements 7) Early intervention with delinquent borrowers 8) Continuity of contact with delinquent borrowers 9) Loss mitigation procedures Generally apply to the entire servicing industry, with limited carve-out for companies that self-service 5,000 loans or fewer. Broadly beef up existing rules under Regs. Z and X, and continue to develop and broaden the applicability of standards first established by the federal banking agencies in their April 2011 consent orders, and National Mortgage Settlement of February

8 CFPB Main Themes (continued) Enforcement Actions and Warnings Action against The Gordon Law Firm and the National Legal Help Center for allegedly conducting loan modification scams (December 11 th, 2012) Three American Express subsidiaries to pay $85 million related to various credit card practices (Oct. 2012) Capital One: $140 million in customer restitution, $25 million in CMPs to CFPB, $35 million in CMPs to OCC related to marketing practices (July 2012) Discover: pay $200 million consumer refund related to marketing (Sept. 2012) Issued warning letters to approximately 12 mortgage lenders advising them to revise potentially misleading advertisements targeted towards veterans and older Americans (Nov. 2012) Released bulletin to nationwide specialty consumer reporting agencies regarding their obligation under the law to provide a streamlined process for consumers to request a free annual consumer report under the Fair Credit Reporting Act (Nov. 2012) 8

9 CFPB Main Themes (continued) Confirmation Hearings January 2013 appeals court ruling invalidated recess appointments made to the National Labor Relations Board Ruling potentially significant for financial services industry as CFPB Director Cordray was appointed under the same process If invalidated, certain of CFPB s authorities especially related to non-bank supervision and new rulemakings would be called into question Ultimate impact of ruling still uncertain; case could go to the Supreme Court for a final decision, or Congress and Obama administration could reach compromise allowing Director Cordray to be confirmed by the Senate, bypassing the recess question altogether 9

10 Polling Question #1 Which area of CFPB focus will have the greatest impact on your organization? Consumer reporting standards Credit card rulemakings Increased possibility of UDAAP enforcement actions Mortgage servicing standards Unsure / Not applicable 10

11 A Deeper Look Student Lending and Vendor Management 11

12 A Deeper Look Private Student Loans and Campus Financial Products Student Loan report three major findings (October 16 th, 2012) Surprises cause borrower confusion Borrowers report getting the runaround from servicers Borrowers faced refinancing dead-ends Service members have difficulties accessing student loan benefits and protections granted to them under federal rules (October 18 th, 2012) Servicemembers Civil Relief Act (SCRA) gives interest rate and payment benefits to the military Exam procedures for student loans to verify that lenders are complying with requirements of federal consumer financial law (December 17 th, 2012) including Using accurate, non-discriminatory advertising or marketing Making appropriate disclosures Providing borrowers with accurate account information Handling borrower inquiries and complaints Inquiry on the impact of financial products marketed to students through colleges and universities (January 31 st, 2013) 12

13 A Deeper Look Vendor Management Guidance Clarifying Bulletin issued April 2012 CFPB reiterates its authority to examine service providers directly Covered banks and non-banks expected to: Conduct thorough due diligence to validate that service provider is capable of complying with applicable consumer laws; Obtain and review service providers policies, procedures, and other control documentation; Obtain appropriate contractual commitments; Establish controls and monitoring to verify compliance; Promptly and fully resolve any issues, including terminating the relationship if necessary. Although concepts are broadly similar to prior federal banking agency guidelines, specific focus on independent P&P reviews and active monitoring is creating significant concerns for industry Firms struggling to capture and isolate inventories of their CFPB vendors and evaluate how to address these challenges in a risk-focused manner 13

14 CFPB EXAMINATIONS 14

15 Supervision and Examination Principles 1 Focus on consumers 2 Data driven 3 Consistency 15

16 The Supervision and Examination Cycle From: CFPB Supervision and Examination Manual Version 2, October,

17 Best practices Manage Regulatory Examinations Financial institutions should establish a formal process to manage regulatory examinations and other requests from / interaction with their supervisory agencies. A central point of contact for regulatory examiners is formally identified When requests for information, exam first day letters, and similar correspondence is received, ownership of and a due date for each item is assigned and tracked by the central point of contact A process exists to validate the accuracy and completeness of all requested information before providing it to examiners The company tracks and is able to reproduce all information provided to examiners Controls exist to ensure that examiners are directed to the appropriate process owners and / or subject matter experts for each process within the scope of their reviews A documented process exists to document and track the progress of commitments made to regulators 17

18 Best practices Remediate Identified Compliance Deficiencies Management should establish processes to manage internal and external regulatory reviews, audits and examinations. Management should coordinate these activities and track compliance-related findings and ensure appropriate, sufficient, timely and complete corrective action. Responsibility for managing compliance-related regulatory examinations is formally assigned Compliance-related examination and self-identified findings and deficiencies, and associated action plans, are tracked centrally Timely resolution of noted findings and deficiencies is monitored and past due action plans are escalated appropriately to senior management Status of outstanding compliance issues is furnished periodically to senior management and management and Board committees Issues and management responses are tracked and action plans tested for effectiveness 18

19 Important Dynamics To Be Aware Of: The PHH Case The CFPB has clarified that a Civil Investigative Demand (CID) from the Bureau may be challenged by the recipient and that the Director of the Bureau can respond in the following ways: 1. Reaffirm the CFPB s decision to obtain the information 2. Modify the demand 3. Not move forward with the demand Early in 2012, the CFPB launched an investigation of alleged kickbacks paid to private mortgage lender and servicer PHH Corp. PHH Corp. challenged the CID from the CFPB and requested further clarification on the nature of the request. The CFPB Director responded to the challenge by ordering the organization to comply with the CID within 21 days and made the challenge and the response a public record. The CFPB has since clarified that challenges to CIDs as well as the CFPB Director s response will generally be treated as a matter of public record and will be posted on the CFPB website. 19

20 Polling Question #2 Which of the following elements are part of the CFPB s Supervision and Examination Cycle? (Select all that apply) Pre-examination and Scoping Communicate conclusions and corrective actions Monitoring None of the above 20

21 Challenges for Internal Audit 21

22 Challenges for Internal Audit We ve noted certain common challenges that the creation of CFPB has generated for Audit functions, including: Understanding Unfair, Deceptive or Abusive Acts and Practices (UDAAPs) Addressing skills gaps Line of defense discussions A different auditing mindset Understanding and adapting to the CFPB s point of view (different from the perspective of legacy regulators): the CFPB is more concerned with considerations that extend beyond the specific technical requirements of the regulations, e.g.: Interest in the extent to which customers understand the products and services a bank offers Effective processes to see things from consumer perspective >> is anyone in the business empowered to act as the voice of the customer? Responsibility for third-party vendors >> vendor risk management 22

23 Understanding UDAAP Top priority for Internal Audit Potential risk in virtually every practice associated with consumer financial products and services. Challenge: unlike typical consumer protection laws, standards for identifying and avoiding UDAAPs are subjective, and not always easy to tie to a single process owner. Need: Internal Audit to be more proactive, creative, and willing to have tough discussions with management about avoiding UDAAPs with consumers. UDAAP enforcement actions to-date show that how a product operates in practice is at least as important as how it was designed to operate. Deep understanding of process and technology controls throughout the product s lifecycle (marketing > origination > servicing) is critical. 23

24 Addressing Skills Gaps Expectation to take a much more technically sophisticated approach to consumerrelated Internal Audit work E.g. examination of regression-based statistical analysis used to monitor actual lending data for anti-discriminatory practices Examiners increasingly focused on/critical of skills of third-party outsourced and co-sourced providers Challenges: Few Internal Audit departments have these highly technical skill sets Increased competition and cost for specialized expertise Need: Creative leveraging of skill sets across the IA function (e.g., IT, Basel, etc.) More thoughtful strategies and robust methodologies for selecting and actively managing external partners. 24

25 Line of Defense Discussions CFPB s examination model increasing pressure on firms to build more effective first and second lines of defense. Banks: Debates about how or whether monitoring activities across the three lines of defense should be coordinated Howls of protest from process owners about need to support continuous reviews/audits/exams from multiple parties Resource competition internally and from a hiring perspective for compliance SMEs Non-banks: in many cases, non-banks are having to formalize first-line activities that previously had been undocumented spot check exercises, and consider creating a dedicated second line of defense. 25

26 A Different Auditing Mindset Challenge: Examinations beyond the technical boundaries of rules scrutinizing intent and even behaviors + More CFPB rules underway = Internal Audit to adjust its own perspective and behavior Needs: View on effectiveness of relevant processes Proactive behavior Customer protection perspective Be able to hold tougher discussions with process owners 26

27 Polling Question #3 How has the creation of CFPB impacted your IA function? (Select all that apply) Increased hours dedicated to consumer regs New horizontal audits, e.g., UDAAP Increased headcount among consumer audit SMEs No impact Unsure / Not applicable 27

28 Q & A Download presentation slides and resources: 28

29 Resources Refer to Protiviti s website for more resources related to Dodd-Frank and other regulatory reforms: Protiviti ( The Solvency Modernization Initiative Reviewing Key Changes from Recent NAIC Working Groups White paper Executive Perspectives on Top Risks for 2013 Survey results Implementing AML Transaction Monitoring Systems: Critical Considerations Key Challenges Facing Financial Services in 2013 Setting the 2013 Audit Committee Agenda Protiviti s Guide to U.S. Anti-Money Laundering Requirements: Frequently Asked Questions, Fifth Edition Deriving Value from Mandated Stress Testing Three Notices of Proposed Rulemaking: 1. Proposal on Regulatory Capital and Implementation of Basel III 2. Proposal on Advanced Approaches on Market Risk and Risk-Based Capital Rule 3. Proposal on the Standardized Approach for Risk-Weighted Assets Point of View FS Insights (Volume 4, Issue 2) The Bulletin (Volume 5, Issue 1) Resource Guide FS Insights (Volume 4, Issue 1) Point of View Download presentation slides and resources: Also look for our quarterly Compliance Corner on the IIA s FSA Times site ( 29

30 THANK YOU! 30