The CFPB recently released their 2015 Supervisory Highlights noting their observations and findings during their recent supervisory examinations. There are a lot of examples and learning opportunities for us to gain from these findings that we should focus on in order to strengthen our compliance at our own organizations.
The first item that really stood out is in regards to consumer reporting. The CFPB found several occasions where dispute-handling obligations required in Section 611 of the Fair Credit Reporting Act (FCRA) were not met. The law clearly states that Credit Reporting Agencies (CRAs) must notify a furnisher any time a consumer disputes the accuracy of the information in regards to their debt. The struggle with CRAs to properly notify of any consumer disputes is the result of a lack of clear policies and procedures that lay out guidelines for how to deal with these consumer related disputes in a way that is not harmful to the consumer.
It was also noted that there are many violations regarding the Fair Debt Collection Practices Act (FDCPA). This law protects against false and misleading representation of a collector or a debt to a consumer. It was found that many collector calls, scripts, and letters sent to consumers contained false or misleading information. This brings focus to call monitoring and what you are doing at your organization to ensure that collectors are not violating FDCPA laws. Do you have a script that is truthful? Are you monitoring your collectors to ensure they are following the policies and procedures you have established for collecting debts? Properly training and monitoring collector communications with consumers can keep you from a serious offense if you are found in violation of FDCPA laws.
According to the Highlights, a “sound and robust Compliance Management System (CMS) is essential to ensuring compliance with Federal consumer financial law.” The supervisory examinations found that many organizations are operating with a weak CMS. A CMS is the basis for which you ensure you are in compliance with all CFPB laws and regulations, so without a strong and functional CMS you have no foundation for which to measure and monitor your compliance. The fault was found primarily in regards to training, both board members and employees, in regards to their specific compliance responsibilities. Not understanding their compliance obligations also led many organizations to have third-party audits with a limited scope, which resulted in a failure to find several regulation violations. Appointing a Chief Compliance Officer to oversee and manage the CMS and overall compliance related activities is the starting point for ensuring that you have a fully developed CMS that is being properly implemented. Once the CCO and staff have been designated, a full set of policies and procedures should be documented, tested, disseminated to appropriate personnel, and implemented.
Achieving compliance cannot be a solo act. It takes togetherness and awareness to truly educate and inspire everyone to do their due diligence to achieve information security and compliance with federal regulations and industry standards. If you have any tips or best practices that you’ve found helpful when achieving your own compliance, tweet them to us here: @KPAudit.