In the last webinar in this series, Jessie Skibbe and Chris Straiter described what you can expect while working as a Chief Compliance Officer (CCO). We learned that the CCO is a critical role for any organization and is an essential component of the overall compliance management system. Now, we’ll go a bit further to learn how the CCO uses compliance analytics to ensure compliance.

What are Compliance Analytics?

Compliance analytics are a component of management review that is performed in the “check” phase of the compliance management system. It is used as a tool for the reporting of compliance issues to executive management.

Where do I Start?

When beginning to learn about and use compliance analytics, consider the following steps:

  • Map the Regulatory Requirements: Identify regulatory requirements, map them to your processes, develop or purchase programs to analyze and report on data to ensure compliance, develop action plans where applicable, and take action.
  • Capture the Data: Data could include complaints, call monitoring, training results, internal audit results, and vendor management audit results.
  • Analyze the Consumer Complaint Response: Ensure complaints are promptly addressed, categorized, reviewed, and analyzed.
  • Evaluate Call Analytics: Utilize scorecard data, ensure policies and procedures for call monitoring are being followed, and identify weaknesses and opportunities for improvements.
  • Assess Employee Training: Identify weaknesses and opportunities for retraining; implement modular training and evaluation or pass/fail testing.

To learn more about how a CCO can utilize compliance analytics, download the full webinar. For more information about CCOs, be sure to download the additional webinars in the CCO series or contact us today.

 

Have you recently accepted a Chief Compliance Officer (CCO) position? Are you curious about what responsibilities your new position entails? Are you wondering what the CCO of your organization does on a day-to-day basis? In this webinar, speakers Chris Straiter, CCO with Sentry Credit, and Jessie Skibbe, CCO with KirkpatrickPrice, provide an overview of what you can expect as a CCO.

What are the Responsibilities of a Chief Compliance Officer?

The CCO is a critical role within organizations and is a key component of overall compliance management systems. As such, a CCO would:

  • Identify new regulatory requirements
  • Review processes for development and implementation of new consumer financial products or services
  • Document the organization’s compliance programs, including policies and procedures, training, and monitoring and corrective actions
  • Ensure consumer complaints are addressed, categorized, reviewed, and analyzed in a timely fashion

Essentially, the responsibilities of the CCO are to maintain operational independence, direct access to the executive management, ensure compliance with Consumer Financial Protection Laws, and manage the compliance management system.

How can KirkpatrickPrice and Your Chief Compliance Officer Work Together?

KirkpatrickPrice offers a variety of audits including a CFPB readiness audit, which reviews the overall design of your organization’s policies, procedures, and documents. It also reviews the operational effectiveness by testing controls to ensure compliance with CFPB examination procedures. By working together to ensure that your organizations compliance management system adheres to CFPB regulations, KirkpatrickPrice will help prepare you for future audit reports and assist you in creating a stronger culture of compliance for your organization.

To learn more about what you can expect working as a Chief Compliance Officer or for ways that KirkpatrickPrice can assist you in assuring compliance with the CFPB standards, contact us today.

Man working on computer

Are you wondering why a risk assessment is so important? Do you need more information about how to conduct a risk assessment? If it is your first time conducting a risk assessment, or if you are looking for a way to simplify your risk assessment process, follow these nine steps:

  1. Asset Characterization: Identify your organization’s assets such as hardware, software, human resources, data, and processes.
  2. Threat Identification: Detect either man-made or natural events that could take advantage of an asset’s flaws.
  3. Vulnerability Identification: Locate both known and unknown flaws or weaknesses in assets that could result in the loss of integrity, availability, or confidentiality.
  4. Control Analysis: Determine the current controls that have been used to mitigate potential threats or vulnerabilities and implement future controls.
  5. Likelihood Determination: Analyze the likelihood of a specific event having a negative effect on an asset.
  6. Impact Analysis: Identify what the impact would be on business if an event has a negative effect on an asset.
  7. Risk Determination: Use the current analysis to determine whether the asset is material or non-material.
  8. Control Recommendation: Document the status of the protection of the asset.
  9. Results Documentation: Document the constraints on the remediation such as time, budget, and/or resources.

For more information about how you can complete a risk assessment or how KirkpatrickPrice can help you meet your risk assessment needs, contact us today.

What’s Changed?

There needs to be a full chain of custody as the CFPB expects you to “oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law….” For example, if you have “any person (i.e. service provider) that provides a material service to a covered person (i.e. you) in connection with the offering or provision by such covered person of a consumer financial product or service,” then you are responsible for their compliance to all relevant CFPB requirements. In essence, both parties are responsible for upholding the requirements of the CFPB.

For your vendor compliance management program to meet these requirements, it will need to include the following required components:

  • Due diligence in vendor selection and onboarding
  • Ongoing risk assessment
  • Contractual requirements
  • Audit plan
  • Monitoring
  • Termination
  • List of third parties to include a description of services performed
  • Third party contracts
  • Statement or Work or Service Level Agreements
  • Third parties’ SOC 1 reports, PCI RoC, etc.
  • Conduct a risk assessment
  • Develop policies and procedures that define due diligence requirements according to risk ranking and services performed
  • Develop policies and procedures that define due diligence requirements according to risk ranking and services performed
  • Establish vendor compliance management policies, procedures, checklists, and templates

For more information about vendor compliance management, contact us today.

The CFPB and Vendor Compliance

Are you looking to find out more about how to ensure that your organization is meeting vendor compliance management requirements? This webinar provides an overview of vendor compliance management programs and what you can expect to need in order to achieve compliance with the CFPB.

In the past, vendor compliance was managed contractually, compliance risk and responsibility was transferred, and compliance activity was kept at an arms-length. Now, a full chain of custody must be implemented as the CFPB expects that you “oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law….” In other words, the CFPB now holds both you and the service provider responsible.

So, what does a vendor compliance management program include? It includes the policies and procedures, list of third parties and the activities that they perform, contracts with third parties, and evidence of due diligence. However, if you are still unsure of how to ensure that your organization is complying with the CFPB standards for VCM, consider doing the following:

  • Conducting risk assessments
  • Developing/enhancing your policies and procedures
  • Implementing continuous monitoring
  • Participating in remediation

Download the full webinar to learn more about vendor compliance management and for an overview of types of evidence you might be expected to present to demonstrate CFPB compliance. For more information about VCM or CFPB compliance, contact us today.