The Federal Financial Institutions Examination Council (FFIEC), an interagency body tasked with prescribing principles and standards for the examination of federally regulated banking and other financial institutions, recently released proposed rules to update the Uniform Interagency Consumer Compliance Rating System (CC Rating System). The CC Rating System is used by FFIEC member agencies and their examiners to evaluate the consumer financial services compliance programs at the financial institutions that those agencies supervise. FFIEC consists of the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the State Liaison Committee, and the Consumer Financial Protection Bureau.
The proposed revisions to the CC Rating System would update the current system established in 1980. According to the FFIEC, the revisions are intended to “reflect the regulatory, examination (supervisory), technological, and market changes that have occurred in the years since the current rating system was established.” In other words, the proposed CC Rating System reflects the general regulatory emphasis in recent years on risk-based compliance and expectations commensurate with a financial institution’s size, complexity, and risk profile. To that end, the proposed CC Rating System is divided into three assessment categories, and each category is assigned underlying assessment factors as follows:
-
Board and Management Oversight
-
Compliance Program
-
Violations of Law and Consumer Harm
Each assessment category is assigned underlying assessment factors. Thus, the proposed CC Rating System serves as useful insight into what consumer financial regulatory compliance issues are of primary concern to the FFIEC member agencies. Notably, the assessment factors are generally consistent with recent rulemaking and enforcement activity and trends with respect to consumer financial services:
-
Board and management oversight of consumer compliance and risk management
-
Sufficient monitoring, systems, audit, and internal controls over consumer compliance programs
-
Ongoing due diligence and oversight of third-party vendors and each vendor’s consumer compliance programs
-
Systems to proactively identify compliance risks and emerging risks, including in new product offerings
-
Effectiveness of policies and procedures and training
-
Process and procedures to address consumer complaints, and management monitoring of the same to identify risks of potential consumer harm
The FFIEC states that the proposed CC Rating System is not intended to set new or higher supervisory expectations and, therefore, will not represent any additional regulatory burden. Regardless of whether that in fact turns out to be the case, affected financial institutions and service providers to those financial institutions all should take note of the proposed guidance and be prepared for this further emphasis on risk-based supervision.
The proposed CC Rating System is open for comment until July 5, 2016.