Menu
Banking Exchange Magazine Logo
Menu

Surviving a CFPB exam

Preparation’s half the secret. Making your case early helps too

  • |
  • Written by  Jonathan Pompan, Andrew Bigart & Alexandra Megaris, Venable LLP
  • |
  • Comments:   DISQUS_COMMENTS
Surviving a CFPB exam

If you’re a compliance officer at a consumer financial services company, two words likely to keep you awake at night are “CFPB” and “examination.”

The five-year-old Consumer Financial Protection Bureau has settled into its role as the primary supervisor of consumer financial products and services. For compliance officers, the prospect of a CFPB examination can be daunting. An exam means voluminous document requests, several months of onsite visits, and the potential for remediation and penalties in the event of significant identified deficiencies.

Surviving a CFPB exam depends on careful preparation—preferably before the bureau targets your company for scrutiny. The companies in the best position to manage a CFPB exam are usually those that understand and follow applicable laws; have invested significant time and resources into building their compliance management programs; and have the capacity to make corrections when needed.

Understanding CFPB’s exam process

CFPB has authority over large banks, thrifts, and credit unions with over $10 billion in assets and their affiliates and service providers, as well as “larger participants” in markets for other consumer financial services, such as debt collection and credit reporting, among other activities.

In other words, there are entire industries now subject to CFPB examination that were previously unregulated at the federal level, including nonbank financial services providers, debt collectors, small dollar lenders, debt relief companies, and auto dealers, to name just a few. Banks that were accustomed to prudential regulators’ compliance exams nonetheless have found their experience with the bureau to be different. [Editor’s note: For more on this, read “CFPB: 4 years in”]

The purpose of CFPB’s exam process is to assess a company’s compliance with federal consumer financial laws; obtain information about the company’s activities and compliance systems or procedures; and detect and assess risks to consumers and markets for consumer financial products and services.

CFPB identifies an entity for examination based on an assessment of its risk to consumers, including its size, volume of consumer financial transactions, and volume of complaints in CFPB’s consumer complaint database. CFPB usually provides an entity with 30 to 60 days’ advance notice of an examination.

How CFPB exams are scoped

Depending on the nature of the examinee’s operations, CFPB will generally engage in the following during an exam:

Collecting and reviewing available information, from within CFPB, from other federal and state regulators, and from public sources.

Requesting and reviewing documents and information from the entity, including, for example, compliance policies and procedures, training materials, contracts, and audit findings.

Going onsite to observe, conduct interviews, and review documents and information.

Drawing preliminary conclusions about the regulated entity’s compliance management and its statutory and regulatory compliance.

Drafting the exam report.

· Finalizing and transmitting the report to the supervised entity, after final internal clearance.

What happens after the exam

CFPB has adopted the Federal Financial Institutions Examination Council Uniform Consumer Compliance Rating System, through which the bureau will assign a confidential consumer compliance rating to an entity as part of the exam.

The rating system evaluates an entity’s compliance with federal consumer financial law and the adequacy of its compliance systems. The rating is based on a scale of 1-5, with “1” representing the highest rating and lowest level of supervisory concern, and “5” representing need for “the strongest supervisory attention.”

CFPB will generally close an exam by providing the examinee with a report setting forth a compliance rating and any identified supervisory concerns. The report will provide a detailed summary of the exam, a discussion of areas of concern, and potential deficiencies and action items for remediation. (The latter are known as “matters requiring attention.”)

CFPB encourages proactive self-correction, but some circumstances may nevertheless be sufficiently serious to warrant a public enforcement action.

If an exam matter is referred for enforcement, CFPB has authority to bring an administrative proceeding or file a civil complaint in federal district court. The bureau can obtain legal or equitable relief for violations of federal consumer financial law, including, but not limited to, equitable monetary relief (e.g., restitution) and civil monetary penalties. (Civil money penalties range, depending on the severity of the challenged conduct, from $5,437 to $1,087,450 for each day during which a violation continues.)

Managing a CFPB exam

If the best offense is a good defense, then the best way to prepare for a CFPB examination is to conduct a detailed internal review of your bank’s compliance operations prior to a formal examination. This effort can identify potential weaknesses or other areas that might draw examiners’ attention.

This exercise means more than buttoning up areas of potential weakness before an examination. The bank should also train staff on how to respond to requests for information, interviews, and other exam activities in a timely and professional manner.

Once an examination notice is received, there are a number of steps that can help ensure a smooth process, and hopefully, a positive outcome:

· Appoint a central CFPB point of contact. Designate an employee (preferably within the legal or compliance functions) to serve as the point of contact for the CFPB examination team and the document collection and production process.

Prepare and train staff who will likely interface with CFPB examiners.

Set up an initial meeting with examiners to explain the company’s business model and set appropriate expectations.

The beginning of the exam is the best opportunity to demonstrate your “culture of compliance” and educate examiners on the company’s structure and operations. This may include preparing briefings on the company’s organizational structure and compliance framework.

Set aside dedicated office and workspace for CFPB examiners onsite.

Serve as exam liaison. Respond in a timely manner to examiner requests and work with examiners to identify their key areas of interest and how best the company can provide the requested information.

At the same time it is important to manage examiner expectations and maintain clear lines of communication. Establishing boundaries early in the process can help conserve your staff’s resources and ensure that you provide accurate and clear information.

Work with counsel to review all submissions to CFPB for responsiveness, privilege, and consistency.

Most importantly, if examiners identify areas of concern, work with counsel to assess the preliminary findings, and “self-correct” or resolve the issues prior to the CFPB’s issuance of a final examination report (as appropriate).

In this regard, CFPB enforcement attorneys play an important and active role in the exam process. Their duties include helping frame the scope of individual exam to drafting and presenting the final report of examination. [Editor’s note: Read “Inside CFPB’s exam mindset,” based on an interview with senior CRPG official Peggy Twohig, for more on this.]

Most importantly, CFPB enforcement attorneys help determine whether a potential violation of law identified during an examination should be resolved through the confidential supervisory process or through a formal and public enforcement action.

Handling post-exam challenges

The exam process has led to or supported several recent public enforcement actions, resulting in multi-millions in consumer remediation and other payments, and over millions in civil money penalties.

So it is critical to attempt to resolve examiner concerns before they snowball into a bigger problem. Document the steps you take and then provide a copy to the examiners to ensure that your company’s commitment to compliance is included as part of the exam record. Taking steps to resolve examiner concerns in advance can result in a final report with a better rating (meaning less future scrutiny), and in cases of serious identified deficiencies, limiting damages to a “matter requiring attention” instead of an “enforcement action.”

However, your bank may not succeed in addressing the bureau’s concerns. If so, your company will likely receive a Potential Action and Request for Response (PARR) letter. This communication will list the bureau’s preliminary findings of alleged violations and inform your company that the bureau is considering an enforcement action.

Providing a strong written response to the PARR letter is the last, best chance to avoid an adverse examination report or enforcement action. To be effective, the written response should aggressively argue the supporting facts and legal arguments. The response should highlight the steps taken to self-correct, and explain why an enforcement action is unnecessary.

Finally, adverse examination findings or a less than satisfactory compliance rating (a 3, 4, or 5) may be appealed following the CFPB’s appeal process, which establishes strict timeframes, requires that submissions be in writing, and puts CFPB staff in the role of final arbiter of the appeal.

Note this: The appeals process does not allow appeals of findings that have been recommended for an enforcement action. This underscores the importance of challenging adverse findings as early as possible in the examination process.

Matters that are good candidates for appeal are those that are based on specific established facts and disputed interpretations of law that have been developed and preserved through the examination process.

Thus, having a strong record of factual findings, including efforts to correct such findings, as needed, can be critical. The process is often difficult, but well worth it for supervised entities that are seeking to push back against CFPB and preserve their ability to challenge findings in court.

Preparing and responding to a CFPB examination can be a daunting process. The key to surviving an examination is to understand and follow applicable laws, invest time and resources into your compliance management system and staff, and to work closely with examiners to ensure a fair and accurate process.

For more on post-exam matters, see the authors’ earlier article, “Can banks fight CFPB?

About the authors

Jonathan L. Pompan, partner and co-chair of Venable LLP’s CFPB Task Force; Andrew E. Bigart, counsel, and Alexandra Megaris, associate, advise on consumer financial services matters and represent clients in exams, investigations, and enforcement actions brought by CFPB, FTC, state attorneys general, and regulatory agencies.

back to top

Sections

About Us

Connect With Us

Resources

Adaptive Authentication:

Superior User Experience and Growth through Intelligent Security

Banks and financial institutions find themselves trying to satisfy competing priorities. Fraud continues to grow at an alarming pace and in sophistication year-over-year.

Intelligent adaptive authentication is a new approach to combating fraud that solves this problem and achieves the twin goals of reducing fraud and delighting the customer.

DOWNLOAD THE GUIDE

OneSpan logo