CFPB Examinations Are Coming – UPDATE 2


CFPB Examinations Are Coming – UPDATE 2

UPDATE 2 – June 2012:  Memorandum of Understanding issued on CFPB examinations

Examinations are coming, but hopefully they won’t impose too much of an additional burden on you.  At least that is the intent of an MOU was recently signed between the CFPB and the other Federal regulators (Federal Reserve, NCUA, FDIC and OCC).  The MOU provides for information sharing among and between all agencies in order to minimize unnecessary duplication of examination efforts, and provides guidelines for “Simultaneous and Coordinated Examinations” between the agencies.  So expect additional visitors during future examinations, but if they truly expect to achieve the stated objective to “minimize unnecessary regulatory burden on Covered Institutions” they could start by doing away with CFPB examinations entirely.

UPDATE 1  –  May 2012:  Ramping Up…

Coming soon to your financial institution –

Dear Board of Directors:

Pursuant to the authority of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the Consumer Financial Protection Bureau (CFPB) performed a risk-focused examination of your institution.  The examination began on April 1, 2012.  The following report summarizes the findings of our examination.

Any matters of criticism, violations of laws or regulations, and other matters of concern identified within this Examination Report require the Board of Director’s and management’s prompt attention and corrective action….

Although by law the CFPB will only  examine large depository institutions (assets greater than $10B) individually, Section 1026 extends coverage to smaller institutions on a sampling basis.  This means all institutions can eventually expect a visit from CFPB examiners (either with or without your primary federal regulator) at some point in the future.  And it is my opinion that the influence of the CFPB will continue to expand to all financial institutions regardless of size.  Consider the following:

  1. The CFPB is now one of the agencies comprising the inter-agency council of the FFIEC (replacing the OTS).  This means that CFPB will have input into all FFIEC guidance going forward.
  2. The head of the CFPB sits on the FDIC Board of Directors
  3. So far, 19 (Regs. B – P, V, X, Z & DD) out of the total of 39 Regulations have been turned over to CFPB for enforcement.  (I wonder if including Reg E will affect all electronic funds transfers, or only those initiated by non-business customers?  I find it hard to believe that there would be 2 sets of standards.)

So they are coming, but believe it or not there is good news.  Not only are they telling you what they are looking for ahead of time, they are giving you lots of helpful templates to fill out in preparation.  True, the templates are for their examiners, but there is no reason why you can’t use them too.  Particularly helpful is the Consumer Risk Assessment Template which CFPB examiners will use to determine inherent risk, which is then reduced by the appropriate controls to arrive at the overall risk (also called residual risk).  This table represents the summary of the consumer risk assessment process:

Notice that if the inherent risk is high, the residual risk can be no lower than moderate, regardless of the strength of the controls.  I think this is significant because of the potential implications for all risk assessments going forward.  Remember, CFPB now has a seat at the FFIEC (and FDIC) table.

But consider this…could we be looking at a fundamental change in how all risk assessments are conducted, and examined, in the future?  One single standardized risk assessment template for all risks?  Inherent risk levels are pre-defined, and control strength is pre-determined, making residual risk a purely objective calculation.  The complete lack of subjectivity means that all examiners evaluate all institutions against the exact same set of standards.  No exit meeting surprises, no unexpected CAMELS score downgrades, no spending hours and hours preparing for one area of compliance, only to have the examiners focus on something else.

So could the influence of the CFPB be a smoother, more predictable examination experience overall?  Or am I dreaming?

Tom Hinkel
As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Write a Comment