Enhancing the Compliance Management Program with Complaint Data
The purpose of a compliance management program is to identify, measure, monitor, and control the inherent compliance risks in a financial institution's products, services, business lines, and legal entities. While its sophistication and complexity will vary based on a financial institution's inherent risk factors, the program must be composed of the following key elements:
- Active board of directors and senior management oversight;
- Comprehensive policies, procedures, and training;
- Effective monitoring and testing; and
- Meaningful reporting.
This article focuses on the importance of integrating consumer complaint data into the key elements of a compliance management program. Some financial institutions use complaint data in a limited way by monitoring and reporting only total volumes; however, consumer complaints contain valuable information that can help an organization better understand its compliance risks and issues. Complaint data can be used to validate and strengthen controls and to identify high-frequency trends or individual complaints that may indicate significant compliance risk.
INTEGRATING CONSUMER COMPLAINT DATA INTO THE COMPLIANCE MANAGEMENT PROGRAM
Board and Senior Management Oversight
The board should exercise appropriate oversight of the financial institution's compliance management program and ensure that it is reasonably designed to prevent and detect compliance breaches and issues. The board should also oversee senior management's implementation of the program and appropriate and timely resolution of compliance issues. The board should exercise reasonable due diligence by reviewing reports on the effectiveness of the compliance management program.
Typically, the compliance officer is responsible for reporting on the effectiveness of the compliance management program. Compliance issues and risks derived from complaint analysis should be factored into the overall compliance assessment provided to the board.
The following example illustrates how omitting consumer complaint data can adversely affect the board's ability to provide adequate oversight of the compliance management program.
The financial institution's analysis of its consumer complaint data revealed that consumers had complaints about a product involving potentially unfair or deceptive acts or practices (UDAP); however, the institution continued to offer the product despite the complaints. When providing its compliance report to the board, the financial institution did not discuss the UDAP issue identified from the complaint analysis. During the next consumer compliance examination, examiners cited the UDAP issue. Ultimately, the financial institution was required to stop offering the product, and its compliance rating was downgraded. In addition, the financial institution was required to strengthen the board's oversight of the compliance management program.
In this scenario, the financial institution was analyzing its complaint data and identified the potential UDAP concern. However, the UDAP issue was not included as a significant compliance issue in the report to the board, and the institution failed to take appropriate action once the UDAP issue was identified. The institution's failure to recognize the importance of the issue resulted in a lower compliance rating, the inability to offer the product, and a directive from examiners to improve board oversight.
Policies, Procedures, and Training
An effective compliance management program has comprehensive policies, procedures, and training to ensure that all employees and third-party providers are aware of consumer protection laws and regulations and to deter or prevent compliance violations. Tracking and analyzing consumer complaint data can help a financial institution determine if its controls are effective and may highlight the need to conduct additional employee training.
The following example shows how a financial institution can use consumer complaints to validate the effectiveness of its compliance controls.
A financial institution received consumer complaints about branch employees' asking for the signature of an applicant's spouse when the applicant requested individual credit and individually met the creditworthiness standards. Through its research and analysis of the consumer complaints, the financial institution determined that the procedures and training materials used by its branches did not include the spousal signature requirements under Regulation B. To remedy the situation, the financial institution revised the branch procedures and training materials and provided targeted training on the spousal signature requirements to its branch employees. For its next examination involving Regulation B, it will be important for the financial institution to demonstrate to examiners how it used the consumer complaint data to identify and correct the weakness in controls in its compliance management program.
In this scenario, the financial institution effectively analyzed its complaint data and took action to correct the issues. The financial institution determined the root cause of the complaints and remedied the ineffective control. While the financial institution violated Regulation B, the institution self-identified the violation through complaint analysis and was able to strengthen its compliance controls.
Monitoring and Testing
Self-identification and prompt remediation of compliance violations are critical. Compliance monitoring and testing are necessary to ensure that key assumptions used to measure and monitor compliance risk are reliable. Analyzing complaint data can help a financial institution identify weaknesses in its controls, compliance violations, and the need for enhanced targeted compliance testing.
The following example illustrates how a financial institution can use consumer complaints to validate the effectiveness of its compliance monitoring and testing efforts.
Through its analysis of consumer complaints, a financial institution learned that consumers complained about not receiving an adverse action notice. The financial institution, which had used a third-party provider, found that the adverse action notices had not been mailed. The financial institution also realized that it lacked a control to monitor the mailing of adverse action notices by the third-party provider. To correct the control weakness, the financial institution implemented a reconcilement report to compare the volume of adverse action notices that should be mailed versus the actual notices mailed by the third-party provider. In its next examination involving Regulation B, the financial institution should explain how it used its consumer complaint data to identify the violation and missing control and how the regulatory requirement will be monitored going forward.
In this scenario, the financial institution effectively analyzed its complaints, from which it learned that customers were not receiving adverse action notices. The financial institution also realized that it did not have a control in place to ensure that its third-party provider was meeting the mandated timeliness requirement. Prompt action was taken to remedy the deficiency in controls. In addition, the financial institution can demonstrate that the violation was self-identified and how it will monitor compliance with its third-party provider.
Reporting
Consumer complaint data should be tracked, analyzed, and reported to communicate potential areas of concern to business lines and management. Financial institutions should develop a way to track important information that will enable analysis and identification of trends and high-risk issues.
Examples of complaint-tracking mechanisms range from basic spreadsheets to sophisticated databases. Complaint data can be tracked in various ways, such as (but not limited to) business line, legal entity, product type or service, complaint reason, law or regulation, and the disposition (i.e., violation, no violation). It is also important to note that even a single consumer complaint has the potential to lead to a broader review of certain products or practices. Financial institutions should also consider establishing a way to track and report complaints with serious allegations or high compliance risk, such as illegal credit discrimination, predatory lending, or unfair and deceptive acts or practices.
USING CONSUMER COMPLAINT DATA TO PREPARE FOR COMPLIANCE EXAMINATIONS
The Board of Governors of the Federal Reserve System (Board) considers complaint data to be a critical component of its risk-focused supervisory program and uses it as a risk factor to assess a financial institution's compliance with consumer regulations.
While consumers complain directly to financial institutions, they also file complaints with institutions' regulators. Consumer complaints filed against state member banks with assets of $10 billion or less, against bank holding companies, and against savings and loan holding companies1 are investigated by the 12 regional Federal Reserve Banks. If the investigation reveals that a federal law or regulation has been violated, the consumer is informed of the violation and the corrective action the financial institution has been directed to take specific to the consumer's situation. If a broader pattern or practice is identified while investigating a consumer complaint, the Reserve Bank does not share it with the consumer; however, the Reserve Bank can use its enforcement tools with the financial institution, ranging from nonpublic actions to public cease and desist orders, to ensure that the financial institution takes appropriate action to address the issue.
The Board tracks and analyzes the data from the consumer complaints received. Examiners regularly review complaint data to determine the areas on which they should focus during the next scheduled consumer compliance examination or if a targeted examination is warranted.
Financial institutions are encouraged to regularly analyze their consumer complaint data to anticipate areas of potential examination focus and to avoid any surprises from their regulators. In addition, financial institutions can also obtain complaint statistics in the banking regulators' annual reports to Congress. The Board's annual report to Congress can be found online.
RECOGNIZING THE RELATIONSHIP BETWEEN CONSUMER COMPLAINTS AND NEW REGULATIONS
It is important for financial institutions to recognize that data about consumer complaints are also used to determine the need for future regulations. The Dodd-Frank Wall Street Reform and Consumer Protection Act specifically provides that “in order to support its rulemaking and other functions, the [Consumer Financial Protection] Bureau shall monitor for risks to consumers in the offering or provision of consumer financial products or services, including developments in markets for such products or services.”2
To comply with new regulations, the financial institution must integrate the new requirements into all aspects of its compliance management program. By analyzing complaint data, financial institutions can use the results to inform their legislative initiatives and proactively address problems before new legal requirements are imposed.
In addition, some consumers will seek assistance from members of Congress when attempts to resolve complaints with financial institutions are unsuccessful. Consumer complaints filed with Congress are carefully reviewed and referred to the appropriate banking regulators for investigation. Financial institutions should be aware that a consumer complaint filed with Congress can quickly evolve into a broader inquiry of consumer protection practices. For example, consumers often complained about various credit card practices such as payment allocation, the number of fees assessed, and arbitrary increases in the annual percentage rate. In response, Congress passed the Credit Card Accountability Responsibility and Disclosure Act of 2009,3 which implemented the most sweeping changes to the credit card industry in over 40 years.
Another example that demonstrates the impact of consumer complaints involves a $5 monthly fee proposed by a large financial institution in late 2011 for customers using its debit card. A consumer who was upset with the fee organized an online petition to eliminate the fee. Over 300,000 people signed the petition, and Congress quickly responded. A member of Congress asked the U.S. attorney general to investigate whether banks have illegally conspired to raise fees charged to consumers for banking services. The financial institution ultimately decided to listen to the consumer complaints and cancelled the proposed fee. Regardless of the legality of charging the fee, one consumer complaint had significant influence and impact.
Regular analysis of consumer complaints can help a financial institution understand potential areas of scrutiny by banking regulators and Congress. If consumer complaints go unaddressed by financial institutions, the issues raised in the complaints may result in new laws, regulations, or guidance.
CONCLUSION
Analyzing consumer complaint data and appropriately addressing issues noted in complaints will enhance and strengthen a financial institution's compliance management program. A wealth of information can be found in consumer complaint data, and one complaint could be the catalyst for an examination or further review. By analyzing complaint data, a financial institution can use the findings to regularly assess its compliance risk, validate its compliance controls, and provide a comprehensive compliance assessment to its board. A financial institution can also leverage its complaints to proactively prepare for regulatory examinations and to anticipate potential areas of congressional focus for future regulation.
- 1 Effective July 21, 2011, the Consumer Financial Protection Bureau (CFPB) assumed supervisory authority, including investigating consumer complaints, for banks and affiliates with assets over $10 billion with respect to certain enumerated consumer protection laws and regulations.
- 2 Section 1022(c)(1) of the Dodd-Frank Act , Pub. L. 111-203, 2010 (codified at 12 U.S.C. §5512(c)(1))
- 3 Pub. L. 111-24 (2009)