Compliance as dream, instead of nightmare

Editor’s Note: This is the second half of a two-part series in which Jo Ann Barefoot draws on her 35-plus years of private and public sector compliance work to consider how consumer financial protection regulation could be improved.

In Part 1 she argued that traditional rules-based regulations and mandatory disclosures have failed to produce adequate consumer protection, despite very high costs to the industry and ultimately to their customers. Part 1 discussed the many challenges arising as authorities here and in the UK seek to remedy such weaknesses by shifting to more  “principles-based” protections emphasizing subjective standards of “fairness.”  In Part 2 below, Barefoot offers a fanciful exploration of how a better regulatory approach might work.

Last night I had the weirdest dream.

Somehow, consumer financial protection regulation had transformed into being totally sensible.

Consumers were getting only fair products, good value, and usually good outcomes. They were choosing well from a wide array of options in a highly competitive market full of providers. The providers were passing along massive cost savings that the regulators had managed to free up by somehow reducing compliance costs and increasing regulatory clarity.

Amazingly, the whole financial industry knew what they were supposed to do and had learned to do it well. In fact, there had been an industry-wide revolution in how compliance was done, with a new obsession on zero-defect compliance quality by banks’ business lines, which had massively cut regulatory risks and costs.

Meanwhile, compliance standards were truly uniform—there was a level playing field. The former victims of bad actors—unsophisticated and financially marginal consumers—now had abundant good choices, partly thanks to a flowering of new technology and market innovation, and also because regulators allowed providers to charge the prices needed to cover any higher risk or cost that these customers presented.

Both industry and its critics agreed that race and sex discrimination were largely non-existent. And in my dream, consumers understood financial products better than they ever had in history.

I asked people how this happened …

The dream continues …

Someone explained that the regulators had somehow eliminated disclosure overload. Consumers now actually read the information they received about financial products. And they mostly understood it! 

Someone else said schools now taught basic financial education, and also that new phone apps now made it easy (even cool!) to check out financial products, like choosing restaurants on Yelp. People now routinely evaluated how products and providers had performed for other customers, and also used their phones to actively manage their financial lives.

Young people, especially, had grown smart about money, and of course were teaching the technology to the older people in their lives.

The part about eliminating disclosure overload was just too unexpected. It nearly woke me up. But then in my dream a bank president walked up to me. He asked how all this had happened, and I said the regulators must have made some changes. We decided to go find out what these were, and soon we found a regulator who looked very wise. We asked our question, and he unfurled a scroll.

How did this all come about?

“Here is what we did,” he said, and so, in this increasingly surreal dream, he read us the following list:

1. The regulators decided there were costly redundancies and potential tradeoffs between three types of tools they used to assure consumer protection: technical rules and disclosures; broad subjective fairness principles; and mandated, robust compliance management systems.

The financial crisis had prompted them to reemphasize all three. Thus the industry had to get the technical rules right, but even when they did, they were often still penalized for being “unfair or deceptive,” or for not having extensive systems for managing compliance. This need to strive for perfection in all three areas produced much low-value activity aimed at preventing problems that weren’t actually there.

Over time, the agencies decided to reduce regulatory costs by trying to select the best one, or sometimes two, of these tools to address a given issue, and then not  requiring more. Sometimes they even revised the regulations themselves.

In other cases, they used smart examination design that gave banks credit for getting to the right outcome, by whatever pathways worked.

The wise-looking regulator told us to keep this new insight in mind as he explained the other steps they took, below.

2. Congress and the regulators eliminated low-value technical rules and disclosures.

Both the industry and the consumer groups had resisted this. Both, from their own perspectives, feared that change might make things worse. Still, somehow the regulators had made a complete review and determined that almost half the technical rules that had accumulated over the past 40 years were either low-value, obsolete, redundant, and/or actually counterproductive—confusing consumers more than they helped them.

The agencies cleaned house, cutting 60% of compliance costs to the industry and left only brief, high-value disclosures that consumers actually found useful.

3. The regulators identified some key, high-value disclosures and certain types of product terms, and made them regulatory safe harbors.

Building on CFPB’s 2013 rules on qualified mortgages, they carved out certain disclosures and certain practices that, when faithfully followed, pretty much guaranteed that consumers would be treated well. For these areas, good technical compliance was now all that mattered.

This had eliminated redundant compliance costs and had also reduced banks’ fear of regulatory second-guessing, which brought more competitors back into product areas some providers had previously fled. Traditional community banks, in particular, had a new safe place where they could minimize compliance costs by keeping their products simple.

4. Regulators identified specific situations that create high consumer risk and crafted special protections to address them, while reducing compliance complexity for mainstream activities.

They estimated that 80% of serious consumer harm clustered in 20% of financial activities, in three categories: 

• Product type, such as insurance-type add-ons, since these were not the products the consumer had been seeking in coming to the provider.

• Late-phase penalties, since most consumers evaluate up-front product terms and pricing without considering what will happen if they make mistakes like missing payments or overdrawing accounts.

• Customer type, especially products with adverse terms targeted to vulnerable consumer segments.

On vulnerable customers, the regulators knew that “over-protecting” these groups would drive providers away, leaving the neediest with the fewest and worst choices. Accordingly, they crafted special compliance rules that were very clear and easy to follow.

5. Regulators defined clear standards for evaluating whether fair lending “disparate impacts” were justified, and this clarity in turn released a flow of good lending choices for minorities and women.  

For a long time, confusion on how to defend disparate impact patterns had limited competition for customers with high-risk credit profiles, including many minorities and lower-income people. The clarified standards reduced those fears and regulatory costs, and so expanded access.  

6. CFPB created a new type of high-tech examination that could find technical violations quickly and at low cost, which eventually revolutionized compliance.

The Bureau had needed to create this tool because its field examiner staff was relatively small. They either had to become mainly an enforcement agency or get efficient at doing examinations. The other agencies adopted similar tools, and everyone’s technical compliance costs came way down.

7. Regulators defined UDAAP performance standards and made them measurable.

For a long time, UDAAP had been too nebulous to implement. Some banks had therefore ignored it, waiting for regulatory clarity (much to their eventual regret). Others had tried to guess at what they should do. They knew, of course, that regulators had always made law through enforcement actions, especially in areas where standards were hard to define—fair lending had mostly evolved this way. In stable times this could work, as examiners and banks together accumulated a body of shared wisdom on how to view issues requiring subjective judgment. When the system hit the massive changes sparked by the financial crisis, however, the combination of new challenges, high discretion, and high penalties created widespread uncertainty and inconsistency.

For UDAAP, the agencies gradually built new, clear standards based on four principles. Whether products were understandable to the consumer; performing as promised; delivering reasonable value; and appropriate for their intended markets. Getting to these standards had been a long, painful process, but in the end, it worked better than the old system.

8. Regulators finished punishing pre-crisis problems and looked to the future, which meant the industry could too.

This had been a turning point, according to the wise-looking regulator. Heavy regulatory focus on “past sins” had gotten banks’ attention, but had also sucked up all the industry’s compliance resources and energy, especially at large banks that hired huge staffs and used lawyers and consultants to sort out their issues. Compliance staffs had burned out, frustrated and exhausted.

When the retroactive cleanup finally ran its course, the people still standing turned their eyes toward the future and invented better ways to regulate and better ways to comply.

9. Ultimately, regulators figured out how to measure actual consumers’ “outcomes” instead of compliance “inputs.” 

This was the big breakthrough—and much harder than finding technical non-compliance. Gradually, somehow, a consensus had emerged about what “fairness” should mean. That agreement then brought an epiphany:  If consumers had received good outcomes, it didn’t really matter how the provider produced them.

Some banks did it through strong management systems, some through very proactive cultures and incentive systems, and some by offering only simple products where little could go wrong. Large banks learned to use “big data” to analyze fairness patterns at low cost.  Banks with high non-compliance could mitigate penalties by demonstrating that the problems had occurred despite robust efforts to prevent them.

But good outcomes, well measured, were good enough in themselves.

10. The focus on outcomes sparked a revolution in how compliance was done.

The industry realized that the low-cost, low-burden path to low regulatory risk was more through culture, incentives, and quality than through traditional “compliance.”  Bank boards and top management forced enterprise-wide integration of efforts to assess and minimize risk to the consumer, rather than risk to the bank. Banks adopted a consumer-centric view of the customer experience across the whole product lifecycle, instead of by business line silo. They discovered that compliance and operational risk were inextricably intertwined and could be managed less expensively together.

Most critically, leading banks adopted zero-defect quality programs making the “first line of defense”—the business line—prevent nearly all compliance errors, drastically cutting compliance costs and risk. They realized that winning credibility with regulators—and the public—required much more than building “compliance programs.” 

The business side of the industry had to rethink a wide spectrum of products, practices, and pricing, and came out with less cost, less risk, and better returns

11. Eventually, the regulators created a formal compliance rating that relieved the highest-performing banks of even more compliance burden.

This took a long time. Initially, examiners didn’t trust the industry to “do the right thing” without pressure and scrutiny and fear of punishment. The whole bank regulatory system, in fact, had been built on the premise that financial companies will do whatever they can get away with, exploiting any gray space in the technical rules to maximize profits.

Still, the agencies had always prioritized examination time and scrutiny based on how well banks were managing themselves. When some banks genuinely won their confidence, the regulators formalized a new compliance category and markedly reduced their regulatory examinations and burdens. These high-performing banks still got checkups of course, including those prompted by consumer complaints.

Overall, though, these banks became much freer to run their businesses. Their compliance costs dropped, and they also enjoyed a market advantage in merger and acquisitions, while their low-performing competitors got mired down in regulatory delays and cleaning up problems.

12. Congress and the regulators did all this burden-reduction while preserving a core principle that all consumers should receive the same disclosures and have the same rights, regardless of provider.

The disclosures, of course, had now been simplified and were easier to produce. That had reduced the burden on community banks, as had the safe harbors for simple, straightforward products. Still, consumers getting similar products received the same disclosures and had the same rights, no matter the source.

Throughout all these changes, the regulators carefully avoided stifling innovations that would help consumers. They studied technology trends and formalized their own processes to evaluate potential unintended consequences that would chill pro-consumer change.

•   •   •

In my dream, a consumer advocate of the future had walked up to listen to the list. She said that technology had been the big key to doing things better.

“Technology changed all four things that impact consumers. It transformed consumer education and information. It transformed financial products and delivery systems. It transformed how the industry does compliance. And it transformed how the regulators examine for compliance.”  At every step, she said, information had improved, costs had fallen, and outcomes were better.

The regulator nodded. “We used to say that if both the banks and the consumer groups were mad at us, we’d probably gotten things right. Now, we sometimes find actual consensus.” 

This made the banker stroke his chin thoughtfully and say, “That would explain why the CFPB Director was nominated for the Nobel Peace Prize.”

On a note that bizarre, of course, the dream  faded and I woke.

What if I could have finished the chat?

In my imagination, I continued my discussion with the regulator, the banker, and the advocate.

I said to them, “Remember, there can never be a utopia in consumer financial services. Consumers will always find products confusing, and some providers will always take advantage of that. Some people will overextend on credit, and the regulators will both over- and under-regulate. Plus all these new solutions will inevitably bring a whole new set of problems.”

They all nodded. Then they all, simultaneously, said, “That’s true. Still, we can do better.”