Fsi Consumer Compliance Dbriefs 102808 Show

1,124 views
1,058 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,124
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Fsi Consumer Compliance Dbriefs 102808 Show

  1. 1. The Banking & Securities series presents: Consumer Compliance Lending: Do You Know Your ABCs? John Graetz, Tammy Milliken, Margo Hines October 28, 2008
  2. 2. Agenda • Consumer regulations overview • Regulatory review of compliance programs • Roles and responsibilities for management • Risk focused consumer compliance supervision framework Copyright © 2008 Deloitte Development LLC. All rights reserved.
  3. 3. Poll question #1 How much do you think the consumer protections laws impact your business? •Significantly •Moderately •Somewhat •Not at all •Not applicable Copyright © 2008 Deloitte Development LLC. All rights reserved.
  4. 4. Major rules and regulations Alphabet soup A B C D E F G H I J K L M N OPQR STUV W X Y Z AA BB CC DD EE FF • Fair Credit Reporting Act (FCRA) • FDIC's Amended Advertising Regs (Part 328) • FDIC's Deposit Insurance Regs (Part 330) • The John Warner National Defense Authorization Act (Talent Amendment) • Right to Financial Privacy Act (RFPA) • Servicemembers Civil Relief Act (SCRA) • Treasury's Bank Secrecy Regulation • Equal Credit Opportunity Act (ECOA) 1 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  5. 5. Regulators • Federal Trade Commission (FTC) • Federal Reserve • Office of the Comptroller of the Currency (OCC) • Federal Deposit Insurance Corporation (FDIC) • Securities & Exchange Commission (SEC) • Office of Thrift Supervision (OTS) • FINRA- Financial Industry Regulatory Authority (FINRA) • Financial Crimes Enforcement Network (FinCEN) • State regulators 2 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  6. 6. Applicable regulations and statutes • Credit/Collections-Related – Regulation C (Home Mortgage Disclosure) – Regulation H (Flood Insurance) – Regulation Z (Truth in Lending) – Fair Debt Collection Practices Act – Fair Credit Billing Act – Fair Credit Reporting Act (related amendments-Fair and Accurate Credit Transactions Act) – Homeowners Protection Act – Homeownership Counseling – Real Estate Settlement Procedures Act • The Servicemembers Civil Relief Act (SCRA) 3 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  7. 7. Applicable regulations and statutes (cont.) The Unfair and Deceptive Practices Act (UDAP) Unfair Act: • An unfair act is one that causes harm to a consumer. The injury must be substantial, which includes monetary harm, pecuniary, or other loss with no real countervailing benefit. Deceptive Practice: • A deceptive practice involves a representation, omission or action that is likely to mislead the consumer. This includes false representations, misleading claims, inadequate disclosures, and use of bait and switch techniques. Source: Federal Reserve Board of Governors 4 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  8. 8. Applicable regulations and statutes (cont.) Privacy • The Privacy Act of 1974 • Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy act • Children’s Online Privacy Protection Act (COPPA) Rule • Customer Proprietary Network Information (CPNI) • Gramm-Leach-Bliley (GLB) Act • CAN-SPAM Act • Bank Secrecy Act • USA PATRIOT Act • Various state laws, e.g., California’s Office of Privacy Protection 5 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  9. 9. Global Response: Proliferation of Privacy and Data Protection Laws & Regulations South Korea Please note the below are examples and not a representative list. European Union Canada Act on Promotion of EU Data Protection Federal/Provincial Information and Directive and Member US Federal PIPEDA, FOIPPA, Communications States Data Protection GLBA, HIPAA, PIPA, Do Not Call, Network Utilization Laws, Safe Harbor COPPA, Do Not CPNI and Data Protection Principles Call Hong Kong Personal Japan Data Privacy Guidelines for the Ordinance Protection of Computer Numerous State Laws Processed Breach Notification Personal Data States from CA to NY India Taiwan Law pending Computer- Chile currently Processed Law for the under Personal Data Protection of discussion Protection Law South Africa Australia Private Life Electronic Philippines Federal Privacy Communications Amendment Bill, New Data Privacy Argentina and Transactions Zealand Law State Privacy Bills in Personal Data Act proposed by Victoria, New South Privacy Act Protection Law, ITECC Wales and Queensland, Confidentiality of new email spam and Information Law privacy regulations 6 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  10. 10. Poll question #2 Do you think your organization has a full grasp on the entire universe of consumer laws that it is subject to? •Yes •No •Somewhat •Don’t know Copyright © 2008 Deloitte Development LLC. All rights reserved.
  11. 11. Background on TILA and Reg. Z • Purposes of Truth in Lending Act (TILA): - Promote the informed use of consumer credit by requiring disclosures about its terms and cost. - Gives consumers the right to cancel certain credit transactions. - Regulates certain credit card practices, and provides a means for fair and timely resolution of credit billing disputes. • TILA applies to each individual or business that offers or extends credit Source: Federal Reserve Board of Governors 7 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  12. 12. Housing and Economic Recovery Act of 2008 • Primarily intended to address the subprime mortgage crisis. • Authorizes the Federal Housing Administration to guarantee up to $300 billion in new 30-year fixed-rate mortgages for subprime borrowers if lenders write down principal loan balances to 90 percent of current appraisal value. • Requires existing mortgage holders to accept the proceeds of the insured loan as payment in full for all indebtedness. • States are authorized to refinance subprime loans using mortgage revenue bonds. • Through the powers granted to the Federal Housing Finance Agency (FHFA), created by the act on September 7, 2008, FHFA director James B. Lockhart III announced he had put Fannie Mae and Freddie Mac under the conservatorship of the FHFA. • Amends the Truth-in-Lending Act (TILA) to expand the types of home loans subject to early disclosures and improve loan disclosures given to individuals and families on original and refinancing home loans. Source: U.S. Senate Committee on Banking, Housing and Urban Affairs 8 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  13. 13. Regulatory Review of Compliance Programs Copyright © 2008 Deloitte Development LLC. All rights reserved.
  14. 14. Emergency Economic Stabilization Act of 2008 Quotes from Treasury Secretary Henry Paulson regarding the rationale for the bailout: • Stabilize the economy: quot;We must... avoid a continuing series of financial institution failures and frozen credit markets that threaten American families' financial well-being, the viability of businesses both small and large, and the very health of our economy.quot; • Improve liquidity: quot;These bad loans have created a chain reaction and last week our credit markets froze – even some Main Street non-financial companies had trouble financing their normal business operations. If that situation were to persist, it would threaten all parts of our economy.quot; • Comprehensive strategy: quot;We must now take further, decisive action to fundamentally and comprehensively address the root cause of this turmoil. We must address this underlying problem, and restore confidence in our financial markets and financial institutions so they can perform their mission of supporting future prosperity and growth.quot; • Immediate and significant: quot;This troubled asset relief program has to be properly designed for immediate implementation and be sufficiently large to have maximum impact and restore market confidence.” 9 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  15. 15. Emergency Economic Stabilization Act of 2008 (cont.) Quotes from Treasury Secretary Henry Paulson regarding the rationale for the bailout: • Broad impact: quot;This troubled asset purchase program on its own is the single most effective thing we can do to help homeowners, the American people and stimulate our economy.quot; • Investor confidence: “As investors lost confidence in them some companies saw their access to liquidity and capital markets increasingly impaired and their stock prices drop sharply.” • Impact on economy and GDP: quot;Extraordinarily turbulent conditions in global financial markets... these conditions caused equity prices to fall sharply, the cost of short-term credit--where available--to spike upward, and liquidity to dry up in many markets. Losses at a large money market mutual fund sparked extensive withdrawals from a number of such funds. A marked increase in the demand for safe assets--a flight to quality--sent the yield on Treasury bills down to a few hundredths of a percent. By further reducing asset values and potentially restricting the flow of credit to households and businesses, these developments pose a direct threat to economic growth.quot; 10 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  16. 16. Why care? • Organizations, like individuals, can be found guilty of criminal conduct and can incur civil liability. • While organizations cannot be imprisoned, among other things, they can be: - Fined - Increased regulatory supervision - Ordered to make restitution - Embarrassed by notices of conviction - Exposed to applicable forfeiture or disgorgement statutes 11 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  17. 17. What a September! $700B Treasury Jimmy Cayne rescue plan $700B Treasury resigns from Bear, approved rescue plan passes Alan Schwartz, CEO ML sold to BAC. Lehman Abu Dhabi Nomura files for bankruptcy SWF invests acquires Bear sold $7.5B Lehman’s to JPMC in Citi Asia ops Fed cuts Bear Ken Thompson China Inv rate by Mone hedge resigns from Corp 0.5% Buffett y fund Wachovia Stan O’Neil invests invests $5B fund collapses Fed cuts Govt seizes $5B in MS in Goldman leaves ML goes rate by Fannie/Freddie below 0.75% $1 APR AUG SEP OCT NOV DEC JAN FEB MAR MAY JUN OCT JUL AUG SEP ‘08 ‘07 ‘07 ‘07 ‘07 ‘07 ’08 ‘08 ‘08 ‘08 ‘08 ‘08 ‘08 ‘08 ‘08 Goldman, US Chuck Govt of Morgan Countrywide IndyMac takes Prince Singapore Inv 3 SWFS become bank Bank run fails over leaves Citi Corp invests invest holding cos. AIG $11B in UBS $10B in Martin Sullivan ML Barclays Wachovia resigns from Vikram John Thain BAC acquires agrees AIG, Willumstad acquired by Pandit joins ML Countrywide to buy parts Wells Fargo becomes CEO becomes of Lehman Citi CEO Mitsubishi Dan Mudd resigns acquires 20% from Fannie, US announces of MS Herb Allison, new CEO that they will buy equity Richard Syron resigns stakes in banks WaMu acquired from Freddie, by JP Morgan David Moffett, new CEO 12 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  18. 18. Regulatory view of the need for corrective action Q1. What types of problems has the bank had in the past? Q2. Has the severity of problems progressed? Q3. Does the management team have a history of identifying problems within the bank or do outside parties usually surface them? Q4. Does the management team have the ability to fix the current problem? Q5. Has the bank been placed under an enforcement action before? If so, how long ago and for what? 13 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  19. 19. Poll question #3 What are some key actions Internal Audit/Compliance should undertake to help your organization adapt to the new market environment? • Enhancement of the risk assessment process (methodology, frequency, specific focus areas such as acquired operations) • Increase in specialized Internal Audit/Compliance resources in areas such as regulatory, capital markets, risk management • Internal Audit Plan/Compliance to be significantly expanded to address ever increasing/changing risk environment • Internal Audit Plan/Compliance to be limited to critical or high risk processes allowing Internal Audit/Compliance resources to remain flat with prior year • No significant changes anticipated to internal audit structure, approach or audit execution • Not applicable Copyright © 2008 Deloitte Development LLC. All rights reserved.
  20. 20. Compliance program – Regulatory expectations • Compliance standards and procedures reasonably capable of reducing the prospect of criminal activity • Reductions in redundancies and clear streamlined processes • Oversight by high-level personnel • Due care in delegating substantial discretionary authority • Effective communication to all levels of employees • Reasonable steps to achieve compliance, which include systems for monitoring, auditing, and reporting suspected wrongdoing without fear of reprisal • Consistent enforcement of compliance standards including disciplinary mechanisms • Reasonable steps to respond to and prevent further similar offenses upon detection of a violation • Source: Regulatory examination handbooks 14 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  21. 21. Regulatory risk The assignment of a risk rating might be affected by such factors as: • Potential financial harm to consumers • Potential legal, reputation, and financial harm to a bank • New laws, regulations or amendments thereof • Historical industry compliance • The burden of corrective action, including potential supervisory actions or civil liability that could lead to monetary penalties 15 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  22. 22. Product risk measures Product Management • Relates to the bank’s ability to identify, monitor, and manage the compliance risk inherent with a particular product. Product Materiality • Reflects the importance of a product as compared to other products offered by the bank. 16 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  23. 23. Product risk measures (cont.) Product Stability • An assessment of such characteristics as the newness, growth, or any complex compliance issues associated with the product, automation used to comply with applicable laws and regulations, and any recent changes to the statutes or regulations affecting the product Bank Size or Market Share • A bank’s size or market share serves as a proxy for the number of consumers potentially affected by a bank’s activities. Generally, banks with assets of less than $250 million represent lower risk in this regard, while those with assets of more than $1 billion are higher risk. There may be instances where the market share of a product line, rather than the absolute size of the bank, may be the leading indicator of the impact on consumers. 17 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  24. 24. Sample examination approach REGULATION RISK TABLE RISK Statute/Regulation Section (s) for review 1=low, 5=high 1 Real Estate Settlement Procedures Act (Reg X) Mortgage Servicing Transfer Disclosure 1 Right to Financial Privacy Act All 1 Fair Debt Collection Practices Act All 1 Unfair or Deceptive Acts or Practices (Reg AA) All 2 Expedited Funds Availability (Reg CC) All 2 Truth in Savings Act (Reg DD) All 2 Reserve Requirements (Reg D) All 2 Fair Credit Reporting Act C All 2 Consumer Leasing (Reg M) All 2 Interest on Deposits (Reg Q) All All provisions except those rated “1” and “4” 3 Real Estate Settlement Procedures Act (Reg X) All provisions except those rated “4” 3 Truth in Lending Act (Reg Z) 3 Electronic Funds Transfer Act (Reg E) All 3 Reg. B and FHA Provisions All provisions not covered by FFIEC interagency procedures 4 Truth in Lending Act (Reg Z) APR/Finance charge, HOEPA, and rescission 4 National Flood Insurance Act (Reg H) All 4 Privacy (Reg P) All 4 Real Estate Settlement Procedures Act (Reg X) Section 8 5 HMDA and CRA Data verification 18 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  25. 25. Roles and Responsibilities for Management Copyright © 2008 Deloitte Development LLC. All rights reserved.
  26. 26. Poll question #4 Does your management or governance board articulate the tone for your organization’s compliance focus? •Yes •No •Somewhat •Not Sure Copyright © 2008 Deloitte Development LLC. All rights reserved.
  27. 27. Board of directors and senior management oversight • The board of directors and senior management should: – Provide oversight of the consumer compliance program – this is essential – Periodically review the effectiveness of the bank’s consumer compliance risk management program, including how findings are reported and whether the audit mechanisms in place provide adequate oversight – Stress that quality and timeliness of the information provided to the key decision-makers regarding the bank’s consumer compliance program are important for assessing the program’s effectiveness – Determine sufficient resources have been devoted to the program. – Provide support, authority and independence to the individuals directly responsible for implementing the consumer compliance program and for performing audit/review activities – Make certain that consumer compliance weaknesses are addressed and corrective action is taken in a timely manner 19 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  28. 28. Risk management and board reporting Risk Implications • Potential interaction of multiple risks may be underestimated (internal and extended enterprise) • Risk managers may be isolated in silos • Risk management often focuses on compliance rather than performance, leading to inadequate assessments and responses Considerations • Use a common definition of risk throughout the organization, which addresses both value preservation and value creation • Use a common risk management infrastructure and framework supported by appropriate standards • Provide governing bodies (e.g., boards, audit committees, etc.) with the appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities 20 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  29. 29. Organizational structure • Is the bank’s organizational structure appropriate for the size and complexity of its operations? • Does the bank have a compliance officer? • How independent is the compliance officer? • How comprehensive is the bank’s compliance program? • How much time does the compliance officer devote to regulatory compliance? • Does the bank’s compliance officer operate a proactive or reactive compliance program? 21 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  30. 30. Risk Focused Consumer Compliance Supervision Framework Copyright © 2008 Deloitte Development LLC. All rights reserved.
  31. 31. Types of risk Product Risk • The characteristics of a product, such as its newness or complexity, that are likely to affect the probability and impact of noncompliance Regulation Risk • The possible consequences of noncompliance with applicable laws and regulations to the bank and its customers 22 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  32. 32. Types of Risk (cont.) Operational Risk • The potential that inadequate information systems, operational problems, breaches in internal controls, fraud, or unforeseen catastrophes will result in unexpected losses Legal Risk • The potential that unenforceable contracts, lawsuits, or adverse judgments can disrupt or otherwise negatively affect the operations or condition of a bank Reputational Risk • The potential that negative publicity regarding a bank’s business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions 23 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  33. 33. Policies and procedures • An effective consumer compliance program will have compliance policies and procedures in place, the formality of which (written or unwritten) depends upon the needs of the bank • The degree to which compliance policies and procedures are formalized is not as important as their effectiveness • Procedures should provide personnel with guidance that enables them to complete transactions in accordance with applicable laws and regulations 24 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  34. 34. Compliance audits/reviews • Compliance audits, which can be performed by either in- house staff or external personnel, are a tool to help management and staff ensure continuing compliance and identify different risk factors in a bank • Compliance reviews are less comprehensive than compliance audits, but they are conducted more frequently, (e.g., daily, weekly, monthly, quarterly) and are typically performed by the compliance officer or a designated person within the department • The size of the bank and the scope and complexity of its operations will determine whether a compliance audit or a compliance review is appropriate 25 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  35. 35. Training • Ongoing education of bank personnel is essential to maintaining a sound consumer compliance program • The adequacy of a bank’s training program, like that of its overall consumer compliance program, should be assessed in view of the bank’s organizational structure and the activities in which it engages 26 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  36. 36. Poll question #5 Does your organization separate your audit and compliance functions? •Yes •No •Not Sure •Not applicable Copyright © 2008 Deloitte Development LLC. All rights reserved.
  37. 37. Internal controls • Effective internal controls help to mitigate a bank’s consumer compliance risk and should be an integral part of the daily operations of a bank • Internal controls may take several forms, including: - Independent reviews of specific functions or tasks - Segregation of duties to create a system of checks and balances - Controls over default settings associated with highly automated calculation tools - Verification of data before a transaction is completed - Appropriate approvals and authorizations - Periodic transaction testing and reviews of forms and procedures 27 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  38. 38. Questions & Answers Copyright © 2008 Deloitte Development LLC. All rights reserved.
  39. 39. Join us November 19 at 2 PM EST as our Banking & Securities series presents: State Taxation: How Will New State Laws Impact Your Business? Copyright © 2008 Deloitte Development LLC. All rights reserved.
  40. 40. Thank you for joining today’s webcast. To request CPE credit, click the link below. Copyright © 2008 Deloitte Development LLC. All rights reserved.
  41. 41. Contact info John Graetz Deloitte & Touche LLP Regulatory & Capital Markets Consulting Phone: +1 415 783 4242 Tamara Milliken Deloitte & Touche LLP Regulatory & Capital Markets Consulting Phone: +1 704 887 1876 Margo Hines Deloitte & Touche LLP Regulatory & Capital Markets Consulting Phone: +1 704 227 7920 Copyright © 2008 Deloitte Development LLC. All rights reserved.
  42. 42. This presentation contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this presentation, rendering business, financial, investment, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright © 2008 Deloitte Development LLC. All rights reserved.
  43. 43. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Copyright © 2008 Deloitte Development LLC. All rights reserved.
  44. 44. A member firm of Deloitte Touche Tohmatsu Copyright © 2008 Deloitte Development LLC. All rights reserved.

×