The Federal Financial Institutions Examination Council (FFIEC), whose members include the CFPB, has finalized guidance setting forth a revised uniform interagency consumer compliance rating system (CCRS). The revisions reflect changes in consumer compliance supervision since the current rating system was adopted in 1980. The other FFIEC members are the Fed, FDIC, NCUA, OCC, and State Liaison Committee.
The FFIEC members plan to implement the revised rating system for consumer compliance examinations that begin on or after March 31, 2017.
The CCRS includes three categories of assessment factors: board and management oversight, compliance program, and violations of law and consumer harm. The assessment factors in the three categories consist of the following:
- To assess an institution’s board and management oversight, examiners will consider: oversight and commitment to the institution’s CMS; effectiveness of the institution’s change management process; comprehension, identification and management of risks arising from the institution’s products, services, and activities; and any corrective action undertaken as consumer compliance issues are identified.
- To assess an institution’s compliance program, examiners will consider: whether the institution’s policies and procedures are appropriate to the risk in the institution’s products, services, and activities; the degree to which compliance training is current and tailored to risk and staff responsibilities; the sufficiency of monitoring, and if applicable, auditing, to encompass compliance risks; and the responsiveness and effectiveness of the consumer complaint resolution process.
- To assess an institution’s violations of law and consumer harm, examiners will consider: the root causes of any violations identified during examinations; the severity of any consumer harm resulting from the violations; the duration of time over which the violations occurred; and the pervasiveness of the violations. The CCRS includes incentives for self-identification and prompt correction of violations.
The revised rating system uses a scale of 1 through 5, with 1 representing the highest rating and lowest degree of supervisory concern and 5 representing the lowest rating and most critically deficient level of performance and thus the highest degree of supervisory concern. An institution’s overall rating under the CCRS is intended to reflect a comprehensive evaluation of the institution’s performance under the rating system by considering the categories and assessment factors in the context of the institution’s size, complexity, and risk profile.
The CCRS does not assign specific numeric ratings to any of the above assessment factors and an institution’s rating is not be based on a numeric average or any other quantitative calculation. As a result, an institution does not have to receive a satisfactory rating in all categories to receive an overall satisfactory rating. Conversely, even if some assessments are rated as satisfactory, an institution can still receive an overall less than satisfactory rating.
The important note is YES this does apply to small Brokers and Lenders and has already been rolled out in a few states. In recent audits, it has been used thoughtfully and seemed fair. Frankly the people having the worst audit experience are those who think they are somehow “above” the process. Be warned.
Nelson A. Locke, Esq.