2013 cfpb update for internal auditors in financial services

1,079 views
981 views

Published on

The Consumer Financial Protection Bureau (CFPB)- What Internal Auditors in Financial Services Should Know
March 2013 - a Protiviti presentation

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,079
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

2013 cfpb update for internal auditors in financial services

  1. 1. The Consumer Financial Protection Bureau (CFPB) What Internal Auditors in Financial Services Should Know March, 2013
  2. 2. Agenda CFPB’s Recent Areas of Focus A Deeper Look – Student Lending and Vendor Management CFPB Examinations Challenges for Internal Audit Q&A2 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  3. 3. CFPB Focus Areas
  4. 4. The CFPB: An Overview The Consumer Financial Protection Bureau (CFPB) assumed transitional authority on July 21, 2011, the first year anniversary of the Dodd-Frank Act (DFA). Mission: • Conduct rule-making, supervision, and enforcement for federal consumer financial protection laws • Restrict unfair, deceptive, or abusive acts or practices • Take consumer complaints • Promote financial education • Research consumer behavior • Monitor financial markets for new risks to consumers • Enforce laws that outlaw discrimination and other unfair treatment in consumer finance CFPB Authority is Unprecedented • Rulemaking • Annual and Special Reporting • Enforcement: up to $1 million per day civil penalties • Examination and Supervision Priorities • Consumer Disclosures • Consumer Complaint Intake and Resolution • Unfair, Deceptive or Abusive Acts or Practices (UDAAP) • Specific Activities, Business and Practice4 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  5. 5. CFPB – Main Themes Credit Reporting Evaluation • Exam procedures to verify that credit reporting companies are following the law (Sept. 2012) • Study on comparing credit scores sold to creditors and those sold to consumers (Dec. 2012) • Accepting consumer complaints about credit reporting, and issued report detailing how the nation’s largest credit bureaus manage consumer data (Oct. 2012) Partnerships and Advisory Councils • Appointed 25 consumer experts from outside the federal government to Consumer Advisory Board and created three additional advisory councils: the Credit Union Advisory Council (CUAC), the Community Banks Advisory Council (CBAC), and the Academic Research Council (Sept. 2012) • Established various partnerships (Department of Defense; FHFA; Department of Justice; Newark, NJ 4311 hotline) Consumer Credit Card Lending • Proposed updates to existing regulations to make it easier for spouses or partners who do not work outside the home to qualify for credit cards (Oct. 2012) • Announced seeking public comment on how the Credit Card Accountability Responsibility and Disclosure Act of 2009 impacted consumers and the credit card market. (Dec. 2012)5 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  6. 6. CFPB – Main Themes (Continued) Mortgage Servicing Rules • Finalized January 14, 2013, with a compliance date of January 10, 2014. • Cover nine (9) key areas, including: 1) Periodic billing statements 2) Interest-rate adjustment notices for ARMs 3) Prompt payment crediting and payoff statements 4) Force-placed insurance 5) Error resolution and information requests 6) General servicing policies, procedures and requirements 7) Early intervention with delinquent borrowers 8) Continuity of contact with delinquent borrowers 9) Loss mitigation procedures • Generally apply to the entire servicing industry, with limited carve-out for companies that “self-service” 5,000 loans or fewer. • Broadly “beef up” existing rules under Regs. Z and X, and continue to develop and broaden the applicability of standards first established by the federal banking agencies in their April 2011 consent orders, and National Mortgage Settlement of February 2012.6 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  7. 7. CFPB – Main Themes (Continued) Enforcement Actions and Warnings • Action against The Gordon Law Firm and the National Legal Help Center for allegedly conducting loan modification scams (December 11th, 2012) • Three American Express subsidiaries to pay $85 million related to various credit card practices (Oct. 2012) • Capital One: $140 million in customer restitution, $25 million in CMPs to CFPB, $35 million in CMPs to OCC related to marketing practices (July 2012) • Discover: pay $200 million consumer refund related to marketing (Sept. 2012) • Issued warning letters to approximately 12 mortgage lenders advising them to revise potentially misleading advertisements targeted towards veterans and older Americans (Nov. 2012) • Released bulletin to nationwide specialty consumer reporting agencies regarding their obligation under the law to provide a streamlined process for consumers to request a free annual consumer report under the Fair Credit Reporting Act (Nov. 2012)7 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  8. 8. CFPB – Main Themes (Continued) Confirmation Hearings • January 2013 appeals court ruling invalidated recess appointments made to the National Labor Relations Board • Ruling potentially significant for financial services industry as CFPB Director Cordray was appointed under the same process • If invalidated, certain of CFPB’s authorities – especially related to non-bank supervision and new rulemakings – would be called into question • Ultimate impact of ruling still uncertain; case could go to the Supreme Court for a final decision, or Congress and Obama administration could reach compromise allowing Director Cordray to be confirmed by the Senate, bypassing the recess question altogether8 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  9. 9. A Deeper Look – Student Lending and Vendor Management
  10. 10. A Deeper Look 1 Private Student Loans and Campus Financial Products • Student Loan report – three major findings (October 16th, 2012) ‒ Surprises cause borrower confusion ‒ Borrowers report getting the runaround from servicers ‒ Borrowers faced refinancing dead-ends • Service members have difficulties accessing student loan benefits and protections granted to them under federal rules (October 18th, 2012) ‒ Service members Civil Relief Act (SCRA) gives interest rate and payment benefits to the military • Exam procedures for student loans to verify that lenders are complying with requirements of federal consumer financial law (December 17th, 2012) including ‒ Using accurate, non-discriminatory advertising or marketing ‒ Making appropriate disclosures ‒ Providing borrowers with accurate account information ‒ Handling borrower inquiries and complaints • Inquiry on the impact of financial products marketed to students through colleges and universities (January 31st, 2013)10 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  11. 11. A Deeper Look (Continued) 2 Vendor Management Guidance • “Clarifying Bulletin” issued April 2012 • CFPB reiterates its authority to examine service providers directly • Covered banks and non-banks expected to: ‒ Conduct thorough due diligence to validate that service provider is capable of complying with applicable consumer laws; ‒ Obtain and review service providers’ policies, procedures, and other control documentation; ‒ Obtain appropriate contractual commitments; ‒ Establish controls and monitoring to verify compliance; ‒ Promptly and fully resolve any issues, including terminating the relationship if necessary. • Although concepts are broadly similar to prior federal banking agency guidelines, specific focus on independent P&P reviews and active monitoring is creating significant concerns for industry • Firms struggling to capture and isolate inventories of their “CFPB vendors” and evaluate how to address these challenges in a risk-focused manner11 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  12. 12. CFPB EXAMINATIONS
  13. 13. Supervision and Examination Principles 1 Focus on consumers 2 Data driven 3 Consistency13 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  14. 14. The Supervision and Examination Cycle From: CFPB Supervision and Examination Manual – Version 2, October, 201214 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  15. 15. Best Practices – Manage Regulatory Examinations Financial institutions should establish a formal process to manage regulatory examinations and other requests from/interaction with their supervisory agencies. A central point of contact for regulatory examiners is formally identified When requests for information, exam “first day” letters, and similar correspondence is received, ownership of and a due date for each item is assigned and tracked by the central point of contact A process exists to validate the accuracy and completeness of all requested information before providing it to examiners The company tracks and is able to reproduce all information provided to examiners Controls exist to ensure that examiners are directed to the appropriate process owners and/or subject matter experts for each process within the scope of their reviews A documented process exists to document and track the progress of commitments made to regulators15 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  16. 16. Best Practices – Remediate Identified Compliance Deficiencies Management should establish processes to manage internal and external regulatory reviews, audits and examinations. Management should coordinate these activities and track compliance-related findings and ensure appropriate, sufficient, timely and complete corrective action. Responsibility for managing compliance-related regulatory examinations is formally assigned Compliance-related examination and self-identified findings and deficiencies, and associated action plans, are tracked centrally Timely resolution of noted findings and deficiencies is monitored and past due action plans are escalated appropriately to senior management Status of outstanding compliance issues is furnished periodically to senior management and management and Board committees Issues and management responses are tracked and action plans tested for effectiveness16 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  17. 17. Important Dynamics to be Aware of: The PHH Case The CFPB has clarified that a Civil Investigative Demand (CID) from the Bureau may be challenged by the recipient and that the Director of the Bureau can respond in the following ways: 1. Reaffirm the CFPB’s decision to obtain the information 2. Modify the demand 3. Not move forward with the demand Early in 2012, the CFPB launched an investigation of alleged kickbacks paid to private mortgage lender and servicer PHH Corp. PHH Corp. challenged the CID from the CFPB and requested further clarification on the nature of the request. The CFPB Director responded to the challenge by ordering the organization to comply with the CID within 21 days and made the challenge and the response a public record. The CFPB has since clarified that challenges to CIDs as well as the CFPB Director’s response will generally be treated as a matter of public record and will be posted on the CFPB website.17 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  18. 18. Challenges for Internal Audit
  19. 19. Challenges for Internal Audit We’ve noted certain common challenges that the creation of CFPB has generated for Audit functions, including: • Understanding Unfair, Deceptive or Abusive Acts and Practices (UDAAPs) • Addressing skills gaps • Line of defense discussions • A different auditing mindset Understanding and adapting to the CFPB’s point of view (different from the perspective of legacy regulators): the CFPB is more concerned with considerations that extend beyond the specific technical requirements of the regulations, e.g.: • Interest in the extent to which customers understand the products and services a bank offers • Effective processes to see things from consumer perspective >> is anyone in the business empowered to act as the voice of the customer? • Responsibility for third-party vendors >> vendor risk management19 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  20. 20. Understanding UDAAP • Top priority for Internal Audit • Potential risk in virtually every practice associated with consumer financial products and services. • Challenge: unlike “typical” consumer protection laws, standards for identifying and avoiding UDAAPs are subjective, and not always easy to tie to a single process owner. • Need: Internal Audit to be more proactive, creative, and willing to have tough discussions with management about avoiding UDAAPs with consumers. ‒ UDAAP enforcement actions to-date show that how a product operates in practice is at least as important as how it was designed to operate. ‒ Deep understanding of process and technology controls throughout the product’s lifecycle (marketing > origination > servicing) is critical.20 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  21. 21. Addressing Skills Gaps • Expectation to take a much more technically sophisticated approach to consumer-related Internal Audit work • E.g. examination of regression-based statistical analysis used to monitor actual lending data for anti-discriminatory practices • Examiners increasingly focused on/critical of skills of third-party outsourced and co-sourced providers • Challenges: ‒ Few Internal Audit departments have these highly technical skill sets ‒ Increased competition and cost for specialized expertise • Need: ‒ Creative leveraging of skill sets across the IA function (e.g., IT, Basel, etc.) ‒ More thoughtful strategies and robust methodologies for selecting and actively managing external partners.21 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  22. 22. Line of Defense Discussions • CFPB’s examination model increasing pressure on firms to build more effective first and second lines of defense. • Banks: ‒ Debates about how or whether monitoring activities across the three lines of defense should be coordinated ‒ Howls of protest from process owners about need to support continuous reviews/audits/exams from multiple parties ‒ Resource competition internally and from a hiring perspective for compliance SMEs • Non-banks: in many cases, non-banks are having to formalize first-line activities that previously had been undocumented “spot check” exercises, and consider creating a dedicated second line of defense.22 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  23. 23. A Different Auditing Mindset Challenge Examinations beyond the technical boundaries More CFPB rules Internal Audit to adjust of rules scrutinizing intent and + underway = its own perspective and behavior even behaviors Needs • View on effectiveness of relevant processes • Proactive behavior • Customer protection perspective • Be able to hold tougher discussions with process owners23 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  24. 24. Q&A24 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  25. 25. Resources Refer to Protiviti’s website for more resources related to Dodd-Frank and other regulatory reforms: Protiviti (www.protiviti.com/regulatoryreform) The Solvency Modernization Initiative – Reviewing Key Changes from White paper [CLICK to DOWLOAD] Recent NAIC Working Groups Executive Perspectives on Top Risks for 2013 Survey results [CLICK to DOWLOAD] Implementing AML Transaction Monitoring Systems: Critical Considerations Point of View [CLICK to DOWLOAD] FS Insights Key Challenges Facing Financial Services in 2013 [CLICK to DOWLOAD] (Volume 4, Issue 2) The Bulletin Setting the 2013 Audit Committee Agenda [CLICK to DOWLOAD] (Volume 5, Issue 1) Protiviti’s Guide to U.S. Anti-Money Laundering Requirements: Frequently Resource Guide [CLICK to DOWNLOAD] Asked Questions, Fifth Edition FS Insights Deriving Value from Mandated Stress Testing [CLICK to DOWNLOAD] (Volume 4, Issue 1) Three Notices of Proposed Rulemaking: 1. Proposal on Regulatory Capital and Implementation of Basel III 2. Proposal on Advanced Approaches on Market Risk and Risk-Based Point of View [CLICK to DOWNLOAD] Capital Rule 3. Proposal on the Standardized Approach for Risk-Weighted Assets25 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  26. 26. Thank You!26 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.
  27. 27. Confidentiality Statement and Restriction for Use This document contains confidential material proprietary to Protiviti Inc. ("Protiviti"), a wholly-owned subsidiary of Robert Half International Inc. ("RHI"). RHI is a publicly-traded company and as such, the materials, information, ideas, and concepts contained herein are non-public, should be used solely and exclusively to evaluate the capabilities of Protiviti to provide assistance to your Company, and should not be used in any inappropriate manner or in violation of applicable securities laws. The contents are intended for the use of your Company and may not be distributed to third parties.27 © 2013 Protiviti Inc. CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to another third party.

×