Building a strong compliance management system is one of the top priorities for any compliance officer. In this post, you'll learn the essential elements for any successful CMS.
Over the past few months, the topic of how to build a strong compliance management system has been a major point of focus. For example, it was a key area of discussion during the ABA Regulatory Compliance Conference. In addition, the regulators continue to provide insights into what they expect to see in a CMS.
According to the CFPB, they “share certain key findings from supervisory activities to help the industry limit risks to consumers and comply with the Federal consumer financial laws.” In fact, the CFPB released their updated Compliance Management Review Examination Procedures just a few years ago, in 2017.
The CFPB is not the only regulator talking about compliance management systems! The OCC updated their compliance management systems handbook in June of last year, too.
As you read through these essential elements of a CMS, how to you compare to the best practice guidelines?
According to regulatory guidance, when these four control components are strong and coordinated, financial institutions should be successful:
Board of Directors and Management Oversight: Communicate clear expectations, adopt clear policies, and define an appropriately staffed compliance function.
A Compliance Program: A formal, written compliance program. This should include:
Policies/procedures,
Training,
Monitoring, and
Consumer complaint response.
The Bureau notes that when these two elements "are strong and well-coordinated, an institution should be successful at managing its compliance responsibilities and risks."
We will spend a little more time on each of these areas in the next section.
"To maintain legal compliance, an institution must develop and maintain a sound compliance management system (CMS) that is integrated into the overall framework for product design, delivery, and administration across their entire product and service lifecycle."
- CFPB, "Compliance Management Review Examination Procedures"
Both the CFPB and the OCC are taking this approach to defining the CMS. Here is an image from the OCC's handbook mentioned earlier:
In 2019, all financial institutions will have some form of a compliance management system, but may be missing one of more of the key components to ensure success. Is your compliance management system strong enough to truly address your risks?
Below are a few additional details and links to more resources for each essential component of a strong and successful CMS.
Regardless of your regulatory agency, know that any examiner will review the strength of your CMS in a compliance exam. If you're concerned about the strength of yours, it may be worth the time to review, reflect and possibly adjust your existing approach to compliance.
Know that we offer compliance consulting and software to help you address and reduce your compliance risk. To learn more about how we can help, click here.
Editor's Note: This article has been entirely updated and rewritten for accuracy in July 2019. However, we did maintain the old URL to ensure that all bookmarks and links would be preserved.