Ratcheting Up Your Compliance Management System

  • Written by Debra J. Ciskey

ciskey debra jLooking back over the year, it seems that 2017 was a tough one, fraught with natural and man-made disasters at many different levels. I know a lot of people who would like to forget about 2017 and move on to 2018, but then again, at this time last year, people were done with 2016 and ready for 2017 to come. It is probably a good thing we don’t have the power to see into the future. This way, we can look optimistically to the new year, make our resolutions and hope for the best.

In the financial services industry we also experienced some disasters, including a major bank caught “selling” new accounts and other products to customers who didn’t buy them, and a huge data breach at one of the largest and oldest credit reporting companies. These occurrences still seem unfathomable considering that by most accounts, they were preventable. How? By enforcing stronger internal accountability through the implementation of and by the book conformance with a detailed compliance management system. A compliance playbook, of sorts.

Let’s look at the Consumer Financial Protection Bureau’s comments on compliance management system deficiencies in 2017.

In the Summer, 2017 issue of Supervisory Highlights (Issue 16), the Bureau noted one or more debt collectors subjected to examination demonstrated the following deficiencies in their CMS:

• Failure to identify the correct party as a result of inadequate policies and procedures, and training.
• Failure to update training materials with CFPB provided direction in bulletins resulting in misrepresentations.
• Failure to audit systems for compliance which resulted in communication with consumers at inconvenient times.

The first item on the list above is a basic and key skill. What consumer harm results from not identifying the correct party? In many cases, third party disclosure can result. The CFPB contends that inadequate policies and procedures, and inadequate training was the root of the problem. Training is a key component of a compliance management system. What does your training around that basic first step in the collection call, identifying the consumer, look like? What does it sound like? Do you provide audio examples of someone doing it correctly in various scenarios (inbound call, outbound call, call to a workplace, call in which the other party won’t cooperate with proper identification, for example).

The second bullet point above may take readers aback somewhat. This point underlines the CFPB’s expectations that, while compliance bulletins are not law or rules adopted through the normal Federal rulemaking process, compliance with the bulletins is expected and required. The bulletins address misrepresentation of the effect of paying a past due debt on a consumer’s credit score, and misrepresentations regarding payment methods, including those that require the consumer to pay a processing fee. The bulletins, referred to by the CFPB as Official Guidance, are here: https:// implementation-guidance/

The third bullet point is another basic of compliance — avoiding calls at inconvenient times. There are two classes of inconvenient times: those defined by law and those defined by the consumer. We likely have our account management system programmed to alert collectors when the inconvenient times defined by law would apply to any account they may access. Have we taken the further step to prevent calls to consumers at inconvenient times defined by the consumer? After all, the Fair Debt Collection Practices Act gives consumers this right. Once we think we have accomplished the step, how has it been audited? Are collectors heeding the warnings? Do we have other systematic controls in place to prevent calls to consumers at inconvenient times?

Issue 17 of the Supervisory Highlights reports, released in Spring 2017, doesn’t contain a section specifically related to debt collection industry examinations, but way back near the end of the report on page 26, this gem related to complaint analysis appears:

As a data-driven agency, the Bureau has prioritized detecting issues in the market that could result in risk to consumers. The Bureau has historically incorporated this information about market trends into the risk-based prioritization of examinations. To this end, the Bureau now continuously monitors spikes and trends in complaints. Our automated capability monitors the volume of consumer complaints for all companies named by consumers in complaint submissions. Our active monitoring algorithms identify short, medium, and long-term changes in complaint volumes in daily, weekly and quarterly windows. Importantly, the tool works regardless of company size, random variation, general complaint growth, and seasonality. (Emphasis added.)

If you read that quickly, read it again. How much time and effort have you put into analyzing your CFPB complaints? Can you identify short, medium, and long-term changes in your complaint volumes in daily, weekly and quarterly windows? Think that only large market participants need to be concerned about complaint analysis? Look again: Importantly, the tool works regardless of company size, random variation, general complaint growth, and seasonality.

Complaint handling is one of the components of a compliance management system. I submit that complaint analysis is as important a function as complaint handling. The CFPB gives you a head start by publishing the complaint database online, here: dataset/Consumer-Complaints/s6ew-h6mp. It is a large, daunting database, but the tools provided make sorting the database for your own complaints a quick and easy process. Export your complaints into a spreadsheet or other tool and look at your complaints the way the CFPB does. Sort them by issue — what stands out? Further sort by sub issue — what is there? Look at your daily, weekly, monthly, and quarterly numbers — what happened in a month in which you see a spike? Did you load a new client, or buy a portfolio that was troublesome? Did you know it was troublesome? What are your trends? What did you do about it? What are you going to do about it now that you know?

Many folks in our industry got busy and created a compliance management system back when we first learned of the CFPB’s expectations. It is time to dust off those original documents if you haven’t touched them since then. Start using your CMS documentation more like a playbook than a reference tool. It is clear that is what our regulator expects us to do.

Debra Ciskey is the Compliance Officer at Wakefield & Associates. Inc. She is a member of the board of directors and a certified instructor for ACA International.