WHAT INSPIRES YOU, INSPIRES US.
Insights : Article

Getting the Grade – A New Consumer Compliance Rating System

By   Linda Albrecht

May 21, 2017

You can look forward to a new compliance rating system with your next consumer compliance exam. In November 2016, the Federal Financial Institutions Examination Council (FFIEC) issued an updated Uniform Interagency Consumer Compliance Rating System (CC Rating System). The new rating system was developed to better align with changes that have occurred since the release of the original rating system established in 1980 and takes into consideration the new tailored, risk-based exam approach.

The FFIEC member agencies (CFPB, FDIC, Federal Reserve, NCUA, OCC, and SLC) will apply the new rating system to consumer compliance exams beginning March 31, 2017. The new rating system promises not to generate new examiner expectations or increase the regulatory burden for financial institutions.

Details of the New System

The new system is designed with an emphasis on evaluating a financial institution’s Compliance Management System (CMS). It creates a comprehensive, consistent framework for all member agencies to apply, focusing on consumer protection, self-identification and proactively addressing compliance issues.

The rating system is based on a five-point scale, with “1” being the highest/best rating and “5” reflecting a critically deficient program. The new exam rating system will focus less on transactional testing and more on the financial institution’s CMS, paying particular attention to practices that may cause consumer harm. The new rating system will be applied to all institutions regardless of size, allowing examiners to tailor their activities based on the size, complexity, and risk profile of the institution.

Guiding Principles
The new CC Rating System was designed based on four key principles:

  • Risk-Based – Emphasize that a financial institution’s CMS will vary based on the size, complexity and risk profile of the organization. Even though the same framework will be applied to all financial institutions, it is not meant to be a one-size fits all.
  • Transparent – Create uniform rating categories to promote consistency across member agencies.
  • Actionable – Communicate areas of strength and appropriately emphasize areas for improvement.
  • Incent Compliance – Encourage institutions to establish a strong CMS that focuses on preventing consumer harm, prompt identification and correction of weaknesses.

The CC Rating System is split into three categories and includes specifically assessment factors within each category:

  • Board and Management Oversight - This should include oversight and commitment to the CMS, effectively support change management, driven both internally and externally, identify and manage risks, and detect and correct weaknesses. Along with this, your board should periodically evaluate your fi institution’s needs to ensure sufficient resources are allocated to the compliance program. If third parties are used to supplement your bank’s compliance program, there should be on-going due diligence of these vendors.
  • Compliance Program – This should contain policies and procedures designed for your organization, a training program tailored to staff responsibilities, effective monitoring aimed at identifying potential violations or weaknesses, and a process for addressing consumer complaints.
  • Violations of Law and Consumer Harm – These are rated based on the root cause, severity and impact of consumer harm created, the duration of the violation, and the pervasiveness of the violation. Identifying violations and correcting them is key, but more important is ensuring prior exam recommendations have been addressed.

There seems to be some common themes throughout the foundation of the new CC Rating System—consumer harm, self-identification and corrective action. It goes without saying that if you have a strong CMS that includes board and management oversight, policies and procedures, training, and monitoring with effective corrective action, your next compliance exam should go well.