Pub. 6 2018 Issue 4

19 Winter 2018 The Community Banker DID YOU HEAR THE ONE ABOUT THE BANKER THAT LIKED MORE REGULATORY GUIDANCE? By Vernon Tanner, CRCM Sr. V.P., Operational Compliance Manager at Crescent Mortgage N o, seriously. Don’t laugh, because this actually happened. In late spring of 2016, the Federal Financial Institutions Examination Council (FFIEC) proposed a new“Uniform Inter- agency Consumer Compliance Rating System”. It went almost unnoticed by the entire industry, evidenced by the fact that it garnered a mere 17 comments – most of which were very mild. As a result, the final guidance that was issues on November 7, 2016 is essentially the same as originally proposed. It became effective on March 31, 2017, and can be found here: https://www. ffiec.gov/press/PDF/FFIEC_CCR_ SystemFR_Notice.pdf As of the effective date, all the Prudential Federal Regulators should be issuing their Com- pliance Examination ratings in accordance with this new Inter- agency system that they signed off on via the FFIEC. And if history is any indicator, State Regulators will likely follow suit. So what does the new guid- ance say, and why is it a favorable development for us? 1. For starters, compared to most Regulatory publica- tions it's relatively short at "only" 31 pages with only 16 of actual guidance (Pgs 16-31). 2. It doesn’t really create any new requirements or add additional burdens. 3. The mystery of how ratings have been de- termined by Examiners is replaced with much greater transparency. 4. It provides clarity on ex- actly what examinations will focus on. Specifically, the new rating system requires Examiners to rate our institutions based on 3 categories, with four factors in each one: • Board, and Management Oversight o Oversight of and Com- mitment o Change Management o Comprehension, Identi- fication, & Management of Risk o Corrective Action and Self Identification • Compliance Program o Policies and Procedures o Training o Monitoring &/or Audit- ing- o Consumer Complaint Response • Violations of Law and Consumer Harm o Root Cause o Severity o Duration o Pervasiveness What makes this guidance VERY different is that it even goes on to provide clear definitions for the ratings of 1, 2, 3, 4, or 5 in each of those categories. 5. But make no mistake; it explicitly allows for Exam- iner discretion. However, it is a form of protection from those one or two unreasonable Examiners that we inevitably seem to come across during the course of our careers. 6. The uniformity in ratings should foster consistency – not only between dif- ferent Agencies, but also from one examination to the next conducted by the same Regulator. 7. Hold on, because here’s the best part: It’s actually ............. quite reasonable? Consider these two state- ments: .... "“An institution may receive a less than satisfactory rating even when no violations were identified based on deficiencies or weaknesses identified in the institution's CMS” And: “Similarly, an institution may receive a 1 or 2 rating even when violations were present, if the CMS is commensurate with the risk profile and complexity of the institution”.” Basically, every examination from here on out will focus squarely on the sufficiency of the institution’s Compliance Manage- ment System (CMS) - not just on Violations. This guides the Board of Directors, the Sr. Management team, and the Compliance De- partment on where to focus. So let's give credit where it's due: The Regulators got The Reg- ulators got this one right. The key for us is to use this for self-evaluations, and laying out our strategic Compliance Man- agement Systems. I’ve spoken on how to specifically use this information before an exam ever starts, during and exam, and after an exam. Ladies and gentlemen, this is our new roadmap to successful Compliance Examinations. I for one, am rewriting our CMS Policy and Procedures to incorporate the guidance it provides.