Compliance management review examination procedures

Summary

To maintain legal compliance, an institution must develop and maintain a sound compliance management system (CMS) that is integrated into the overall framework for product design, delivery, and administration across their entire product and service lifecycle. Ultimately, compliance should be part of the day-to-day responsibilities of management and the employees of a supervised entity; issues should be self-identified; and corrective action should be initiated by the entity. Institutions are also expected to manage relationships with service providers to ensure that service providers effectively manage compliance with Federal consumer financial laws applicable to the product or service being provided.

This CMS examination manual is divided into five Modules:

• Module 1: Board and Management Oversight
• Module 2: Compliance Program
• Module 3: Service Provider Oversight
• Module 4: Violations of Law and Consumer Harm
• Module 5: Examiner Conclusions and Wrap-Up

In general, all CFPB reviews will include Modules 1, 2, 3, and 5. Module 4 will generally be included in targeted reviews of individual product lines, as well as examinations that will result in the institution receiving a consumer compliance rating. The CMS review for target reviews will generally be limited to reviewing aspects of CMS pertaining to the product line under review. To the extent that CMS for a particular product line or a specific institution has been previously reviewed, CFPB examiners may evaluate CMS by reviewing previous conclusions and assessing only the changes to the current CMS program.