New Coordinates Articles Details


The Six R's for Navigating the Intersection of Compliance Management and Complaint Management - Anne M. Moore

Anne M. Moore
New Coordinates
Summer 2016

Knowledge is power. Consumer feedback via complaints is one of the most valuable types of information for any institution. It can provide institutions with real-time information on how they can improve their product offerings and customer service experiences to retain their existing customers and attract new ones. Financial industry regulators, especially the Consumer Financial Protection Bureau (CFPB), have been pushing financial institutions to use the information contained in consumer complaints as a tool to self-monitor and self-regulate. To meet ever-increasing regulatory expectations, institutions must tightly integrate consumer complaints into their existing compliance management systems (CMS) and implement improvements to exceed regulators' future expectations.

Merely meeting the consumer's expectation for a prompt and appropriate response may not be sufficient for meeting the regulators' expectations of what constitutes a "best-in-class" complaint management program. Understanding the root cause of consumer complaints, addressing the root cause, documenting the process, and creating a culture that strives to avoid future com plaints by proactively addressing potential concerns raised can aid institutions in effectively self-monitoring and self-regulating With complaint data available to regulators, institutions should be hyperaware of trends in the data and how those trends may drive the regulators' next exam.

In addition to self-monitoring and self-regulation, boards of directors are expected by regulators and other stakeholders to perform informed and effective oversight Compliance departments must provide robust board reporting-not only of the complaint trends for their own institutions, but for their peers and the industry as a whole. And, a best-in-class complaint program will also document how consumer complaints have driven compliance improvement, by demonstrating a commitment to consumers.

Financial institutions should consider how well they are managing these Six R's of compliance­ complaints management: receive, research, resolve, respond, remediate, and record, to determine if their complaint management program needs to be refined or further developed to strengthen the institution's overall CMS system.

Toward Integrated Compliance-Complaint Management
Consumer complaint management is one of the four control components the CFPB expects for an effective CMS (the others being board and management oversight, a compliance program, and an independent compliance audit). Financial institutions must strike a balance between integrating complaint management into their CMS and meeting the regulator's expectations for an effective complaint management program. Often the monitoring and governance of consumer complaint management is assigned to a financial institution's compliance group in charge of fair lending/responsible banking. An effective complaint management system should be designed to monitor and ensure uniform and appropriate resolutions to complaints and evaluate the concerns raised to identify any potential Unfair, Deceptive, or Abusive Acts or Practices (UDAAP).

Additionally, the CFPB and other regulators use financial institutions' complaint data during exams to perform risk assessments and guide their reviews. Much like the Home Mortgage Disclosure Act (H MDA) is a recording regulation aimed at providing accurate borrower demographics and loan application pricing data to aid in regulators' fair lending assessments, a financial institution's complaint program is expected to provide an accurate record of complaint data to aid regulators in assessing responsible business practices.

An effective complaint management program should document that a financial institution is responsive and responsible in handling consumer complaints and inquiries. Intelligence gathered from consumer interactions should be organized, retained, and integrated into an institution's CMS.

A bank should also demonstrate to regulators that its CMS is dynamic-driven by actual, timely feedback from consumers. It's important to show that the bank is listening to feedback received and understanding its implications. An effective CMS is dependent on complaints to help adjust and improve the bank's preventive and detective controls, such as training, corporate policy, and even product development.

Since all aspects of consumer complaints serve such an important role in regulatory exams, it is vital to implement proactive complaint management program procedures to address the inherent risks reflected in complaint records.

The Six R's of Complaint Management

Financial institutions should have established policies and procedures that address how they receive consumer feedback, including complaints. The CFPB expects banks to capture, track, and address all consumer complaints in a timely manner, from channels including:

a regulator;




in person at a branch;

social media post; and

third-party vendor(s).

To rapidly handle such a large volume of incoming communications from consumers, financial institutions must first define and delineate what is and is not a complaint. Many institutions struggle with complaint data because they are including general communications such as account maintenance requests and service inquiries, driving up the volume of complaints and skewing trend data.

Financial institutions can organize consumer communications into at least three categories:

account maintenance;

inquiry; and


Being able to define and delineate these three categories, despite gray areas, improves the data and demonstrates to regulators that an institution understands its consumer feedback and is committed to routine inquiries as well as consumer complaints. Banks should also conduct periodic reviews of communications designated as account maintenance and inquiries, to ensure their definition and training is accurately capturing all complaints, including general comments with potential UDAAP issues.

After narrowing the scope of the complaint management system to include only those communications determined to be complaints, the next step is to triage, or risk rate, the complaints for appropriate research and timely resolution. Higher-risk complaints may include:

complaints submitted by a consumer through a regulator's complaint portal;

egregious allegations of consumer harm; and

complaints addressing a known bank issue undergoing remediation.

Moderate- to low-risk complaints may include routine and less egregious allegations. Risk rating is dynamic and should be adjusted based on regulatory or industry focus, as well as other variables including, but not limited to, new product development, customer feedback, and compliance testing results.

Categorizing complaints by severity can help in designating the appropriate resources to research each of them. Research includes root cause analysis to determine if an individual complaint was the result of:

human error;

system error;

policy or procedure; or

consumer error.

Once research is complete, determine how best to address and resolve the complaint with the consumer. Resolutions will vary based on each consumer's experience and specific allegations, including:

an explanation to the consumer about how a product or service was designed to function;

a fee refund; or

a correction to an account.

In addition to resolving complaints directly with customers, regulators expect a complaint monitoring program to provide real-time feedback to business lines, when the research identifies compliance risks and concerns. The feedback loop between the compliance department and the business lines should ensure that:

complaint resolutions drive remediation efforts;

complaint research highlights new process improvements or training opportunities;

concession matrices are appropriate and comprehensive.

The root cause analysis performed in the research phase must be communicated with business lines in a timely manner to allow for discussion and, ideally, short-term and long-term process improvements.

By researching and identifying the root cause of each consumer's complaint, financial institutions can better understand how consumers use and understand their products, and dynamically identify potential high-risk gaps in existing business practices that may need to be addressed immediately.

After determining the most prudent method of resolving a customer's specific complaint, a financial institution must communicate the resolution to the consumer. Remember, the response to the consumer is ultimately available to regulators on a quarterly basis and, in the age of social media, potentially to the public as well. The compliance department should monitor resolutions and responses for appropriateness to mitigate both compliance risk and reputational risk.

"If a tree falls in the forest and no one hears it, did it make a sound?" This adage applies to complaint management and the relationship between what the financial institution does in practice to what it can prove to regulators through documentation. In addition to providing a framework for managing the pipeline of consumer complaints, financial institutions must devise a method of capturing:

complaints received;

research performed;

resolution with the consumer; and

further remediation for all consumers.

Regulators expect complaint data to accurately reflect a financial institution's approach to consumer feedback. This record should capture:

the product involved;

complaint specifics;

root cause;

any sub-process tied to the complaint;

the resolution;

any monetary relief; and

any relevant information related to a consumer's perception of "fair."

Demonstrate that all consumer complaints are treated equally and fairly in both handling and resolution. Is it fair if a consumer is five times more likely to receive monetary compensation when complaining through the CFPB portal than when complaining to a service representative for the same issue? Complaint data should be used by the compliance group handling fair lending and responsible banking to guide its reviews and assess the various lines of business for UDAAP and other key concerns.

The record of the complaint management process should be accurate and uniform. This data, housed in one central repository, should be capable of being used for trend analysis to present to management and the board of directors. Trend analysis is vital to identifying smaller, underlying symptoms that may signal a greater risk. An example of this may be a startling increase from one month to the next in credit card-related complaints. One reason for this increase in complaints may be a faulty marketing campaign with systemic issues in fulfillment, or an increase in consumers using the product, or an unfavorable experience when attempting to pay monthly statements on a new website.

Financial institutions should ensure that business lines view individual consumer complaints as warnings or "canaries in the coal mine" and go further to identify if there may be more consumers affected by the root cause issue. The last key element of a compliance-complaint management process is the ability to use the complaint data to identify and remediate other consumers who were equally effected by a policy, procedure, or system failure, but did not complain.

Remediation efforts should be fair, equal, and documented. The record will affirm that complaint data is driving proactive remediation efforts to:

address consumers unintentionally harmed by the root cause of the complaints; and

to address and fix the root cause to prevent future harm to other consumers.


Consumer complaints provide some of the most valuable pieces of feedback a financial institution can receive. Consumers will identify gaps and loopholes in a financial institution's products and procedures through their real-time use of the products.

Regulators expect financial institutions to harness the information provided in complaints and constantly evaluate and amend the identified gaps in their processes, products, and service offerings. The Six R's of a complaint management program should guide financial institutions in determining if they can fluidly meet the expectations of their consumers, boards of directors, and regulators.

Treliant Risk Advisors, Compliance, Risk Management, and Strategic Advisors to the Financial Services Industry, brings to you New Coordinates, a quarterly newsletter offering insights and information regarding pertinent issues affecting the financial services industry. This article appeared in its entirety in the 2016 Outlook issue. To subscribe to our quarterly newsletter, please Contact Us.