Consumer Compliance Outlook: Second Issue 2018

How Should Financial Institutions Prepare for a Consumer Compliance Examination?

By Scott Sonbuchner, Examiner, Federal Reserve Bank of Minneapolis

Abraham Lincoln famously said: “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.” For financial institutions undergoing a compliance examination, the wisdom of these words is especially true because preparing for the examination will reduce stress levels, help the examination run smoothly and efficiently, and allow financial institutions to manage the demands placed on compliance staff, management, and other staff in the organization.

For many institutions, preparing for examinations is more challenging because of significant changes in consumer protection regulations and supervision following the financial crisis. In 2010, Congress passed the Dodd–Frank Wall Street Reform and Consumer Protection Act, and in 2013, the Board of Governors of the Federal Reserve System issued an updated risk-focused supervisory program that emphasizes tailoring examinations to a bank's risk profile.2 Then in 2017, the Federal Financial Institutions Examination Council updated the Uniform Interagency Consumer Compliance Rating System to revise the framework examiners use for evaluating an institution's compliance management system. With all these significant changes, even tenured compliance officers are likely to ask a critical question: How can my institution better prepare for its upcoming consumer compliance examination?

This article discusses the Federal Reserve's typical examination process to provide insights into the purpose of each stage and the work involved. The article also provides specific suggestions about how financial institution managers and compliance officers can prepare for their next consumer compliance examination. By reviewing and understanding the examination process, financial institutions can appropriately budget time and resources, and compliance officers will be better equipped to facilitate an efficient and effective examination.

Review of the Examination Process3

The First-Request Letter

The first-request letter is a detailed questionnaire that requests specific documents and asks questions about the institution's compliance management program and factors that contribute to the bank's inherent consumer compliance risk. Examiners pair the bank's first-request letter responses with interviews about the bank's compliance program and business line controls. Examiners use this information during the scoping and risk assessment phase to develop the bank's detailed risk profile.

Risk Assessment and Scoping

Before the Federal Reserve implemented risk-focused examinations in 2013, the traditional compliance examination often involved reviewing all products, services, and activities at each financial institution. This approach meant that examiners developed a less-detailed institutional profile before visiting the financial institution, and the examination scope was virtually unchanged from institution to institution. In contrast, risk-focused examinations consider the institution's risk profile, including the inherent consumer compliance risk associated with its products and services and how effectively it identifies and manages this risk. To effectively scope a risk-focused examination before arriving onsite, examiners create a more detailed institutional profile to understand the unique characteristics of each institution and perform a thorough risk assessment of its products and services. This additional work on the front end of the examination process streamlines the overall assessment by focusing exam activities on the areas of highest risk.

Risk-focused examinations align examination activities with the residual risk of an institution's products, services, and activities. Higher-residual risk areas receive higher-intensity reviews, and lower residual risk areas receive lower-intensity reviews or no review at all. Transaction testing (i.e., reviewing a sample of consumer transactions to verify compliance) is associated with a higher-intensity review, whereas interviews of key institution staff may be sufficient for a lower-intensity review. Transaction testing may also involve either a full or a targeted review of prior transactions for compliance with regulatory requirements. Financial institution managers and compliance officers should be able to discern the areas that the examiner-in-charge (EIC) deems to be higher risk, based on the files and documents requested in the second-request letter and the interviews that the EIC schedules during the examination.

The Second-Request Letter

As part of a risk-focused approach, some Reserve Banks may use a second- request letter. While the first-request letter typically asks for a broad range of documents and information, the second-request letter is a tailored document that focuses on the institution's higher-risk areas. The documents requested in the second-request letter generally reflect the EIC's scoping decisions, and they will be the focus of the majority of the onsite examination. Examiners usually perform transaction testing on documents requested in the second- request letter.

Onsite Examination

Once onsite, examiners will continue the examination by conducting transaction testing, interviewing staff, and investigating possible violations. How much time examiners spend onsite will vary, depending on the size, complexity, and risk profile of the institution.

Closing meetings summarize examiner findings from the scoping and examination process. Ideally, these meetings do not surprise financial institution management or compliance officers because examiners are expected to discuss issues with the institution's management during the examination. Examiners will review any identified violations and provide observations about the effectiveness of the bank's compliance management program. Additionally, if examiners identify notices of “Matters Requiring Attention” or “Matters Requiring Immediate Attention,” they will also discuss these topics at the closing meetings. Reserve Banks will issue the final report no later than 60 days after the examination closing date.

Preparing for the Examination Process

How can a financial institution's management and compliance staff prepare for an upcoming consumer compliance examination? The following sections group preparation practices in relation to the examination process. The first section offers suggestions appropriate for banks that have not yet received their first-request letter and therefore have more time to deliberate and research before their next examination. When a bank receives its first-request letter, it shifts to a tactical response. Finally, when a bank receives its second-request letter, the focus turns to practical advice for managing the remainder of the process.

Before the Examination Process Begins

To maintain an effective compliance program, institutions often review relevant federal guidance, previous examination results, and their own processes. These ongoing procedures can help institutions prepare for the next examination. But once an examination begins, institutions typically have limited time to dedicate to these tasks, so early planning can have long-term benefits. To prepare, institutions may consider the following suggestions:

During the Examination Process

Once an institution receives a first-request letter, it will begin to gather documents and oversee the examination process. To manage the document-gathering process for examiners, many financial institutions appoint a central point of contact, who is often the compliance officer. Here are some suggestions on how to be strategic with bank resources and manage examiner expectations once the examination begins.

After scoping the examination, the EIC should have an understanding of how many examiners will visit the financial institution and the extent of their stay. It won't be long before the second-request letter arrives, and the institution should start planning to have examiners in the building. Here are some practical suggestions for managing the process:


With a better understanding of the mechanics of consumer compliance examinations, bankers can reduce examination stress levels and perhaps even anticipate what to expect at different stages of the examination process. Financial institution management and compliance officers can prepare for their next consumer compliance examination, which can help limit the number of surprises during the examination and help examiners reach their conclusions efficiently. For specific questions about your next examination, state member banks should contact their Reserve Bank consumer compliance team.


1 This article specifically addresses the consumer compliance examination process for state-chartered banks that are members of the Federal Reserve System. While we believe many of the practices are generally applicable to financial institutions, readers should establish examination expectations with their institution's specific regulator.

2 Consumer Compliance Outlook reviewed the new program in 2014; Jeffrey Drum, “Risk-Focused Consumer Compliance Supervision Program for Community Banks,” Consumer Compliance Outlook (Second Quarter 2014). This program applies to state-chartered banks that are members of the Federal Reserve System.

3 The processes described are typical, but financial institution management may experience some differences. For example, you may interact with a variety of Reserve Bank examination staff throughout the examination preparation and scoping processes. In addition, the timing or sequence of certain events could vary.

4 The Federal Reserve's collection of CA Letters is available at

5 See CA Letter 13-19, “Community Bank Risk-Focused Consumer Compliance Supervision Program,” November 18, 2013, available at

6 See CA Letter 16-8, “Uniform Interagency Consumer Compliance Rating System,” November 22, 2016, available at

7 For a more in-depth discussion of the factors that comprise the new consumer compliance rating system, see Lanette Meister, “Implementing the New Uniform Interagency Consume Compliance Rating System,” Consumer Compliance Outlook (First Issue 2017).