The Federal Financial Institutions Examination Council (FFIEC) is proposing to revise the Uniform Interagency Consumer Compliance Rating System to align more closely with agencies’ current practice. Standards for evaluating institutions would include three categories of assessment factors:
- board and management oversight,
- compliance program, and
- violations of law and consumer harm.
The FFIEC is requesting industry input on the changes, which reflect the evolution of consumer compliance supervision since the current standards were adopted in 1980. Its recent announcement notes that when the current system was adopted, examinations focused more on transaction testing for regulatory compliance rather than evaluating the adequacy of an institution’s compliance management system (CMS) to ensure adherence to regulatory requirements and prevent consumer harm. The proposed changes to the rating system are designed to more fully align it with the risk-based approach to consumer compliance examinations that the FFIEC agencies have adopted over the intervening years.
The Consumer Compliance Rating System uses a scale of 1 to 5, with 1 representing the highest rating and lowest degree of supervisory concern, while 5 represents the lowest rating, most critically deficient level of performance, and thus highest degree of supervisory concern. The grades enables regulators to focus their attention on those institutions with the greatest likelihood of violating consumer protection laws and regulations.
Importantly, the new system will likely reward proactive compliance and encourage those with inadequate compliance systems to improve. Notably, the FFIEC qualified that, “The proposed revisions were not developed with the intention of setting new or higher supervisory expectations for financial institutions; their adoption will represent no additional regulatory burden.”
Assessment factors that examiners would consider in the three categories include:
Board and management oversight
- oversight and commitment to the institution’s CMS;
- effectiveness of the institution’s change management process, including responding timely and satisfactorily to internal or external changes to the institution;
- comprehension, identification, and management of risks arising from the institution’s products, services, and activities; and
- any corrective action undertaken as consumer compliance issues are identified.
- whether the institution’s policies and procedures are appropriate to the risk in the institution’s products, services, and activities;
- the degree to which compliance training is current and tailored to risk and staff responsibilities;
- the sufficiency of monitoring and auditing to encompass compliance risks; and
- the responsiveness and effectiveness of the consumer complaint resolution process.
Violations of law and consumer harm
- the root causes of any violations identified during examinations;
- the severity of any consumer harm resulting from the violations;
- the duration of time over which the violations occurred; and
- the pervasiveness of the violations.
We encourage you to review the proposed revisions carefully (http://www.ffiec.gov/press/PDF/FFIEC_CCR_System_Federal_Register_Notice.pdf). The FFIEC is accepting comments until July 5, 2016. Although the proposal is not final, it is not too early to begin preparing for the likelihood that this rating system will be adopted in approximately its current form.