Menu

Preventing Cracks In Your Compliance Management System

  • Written by Debra J. Ciskey

ciskey debra jIn 2016, the CFPB celebrated its fifth birthday; half a decade; more than 1,500 employees; more than a million complaints in the complaint database. The CFPB is now finding its way in a new administration and fighting challenges to its organization and very existence. Some of the expectations of the bureau cost us money.

Some expectations make us better. Some of them are foundational and help us create a positive culture. We are thinking more about compliance every day. A robust compliance management system (CMS) is the foundation and driver for our daily compliance efforts. Five years since the birth of the CFPB is a good time to examine our foundation, check for cracks and fill in gaps in the basic structure. Let’s look at foundational elements of a CMS.

Document Solid Policies and Procedures

This is the rebar that provides stability and structure for your foundation. Think about your processes, from initial interaction with the customer through closing the deal. If you have expectations about the content of interactions, write scripts and memorialize them in a policy. If verbal disclosures are required, include them in a script and memorialize them in a policy. If particular behaviors are prohibited, memorialize them in a policy. Policies should reference applicable laws, rules, or regulations – federal, state, and local if you have them.

Policies Should Be Organized

Organized documents are easier to find and use. Policies should be useful and they should be used. You can structure your policies as you see fit for your organization. The following structure is commonly used:

1. Purpose: Generally, what does the policy seek to require or prohibit?
2. Scope: Who does it apply to?
3. Implementation: Who is responsible for implementation of the policy?
4. Training: How and when is training provided on the policy?
5. Policy: State the policy.
6. Procedure: Step by step process required to perform the task the policy requires.
7. Records: Where would records be found that shows the policy was followed?
8. Definitions: Define any relevant terms
9. Reference documents: Provide citations for law, rule or regulation with which the policy seeks to comply.

Provide training on policies and procedures and document proficiency in knowledge and performance. When you write policies and procedures, you should be thinking about how you are going to test for proficiency in knowledge and performance of the policy. Start with the end in mind. How will people demonstrate on the job that they know, understand and are applying the policy in the day-to-day performance of their jobs?

Make your training behavior-based by including information related to required and prohibited behaviors. Train from the perspective that asks, “What do I want people to do related to this policy, and how will I know they are doing it?” If your people can quote your policies chapter and verse, but don’t understand the behaviors that are required of them by the policies, the policies are not meaningful. Training should include the “why” – what are we trying to comply with? Help your folks by including examples, scripts, and detailed work instructions.

Design training for staff around meaningful information. For example, pick the top five areas people fail the most, in aggregate, on compliance audits. Design training that explains the what, how and why. Make it behavior based – what am I supposed to do – or stop doing? How would I do that, and why do I have to do it that way? Provide legal citations and applicable examples from lawsuits and enforcement actions to help with understanding about the why. If you take something away from collectors, give them two things with which to replace it. This assures staff are not working in a vacuum, leaving them to figure it out along the way.

You can have the strongest policies and the best training, but you may still receive complaints. Respond to consumer complaints, every one, every time. Consumer complaints can be considered a test of how well our policies and procedures are working. Not only should we respond to complaints but take corrective action when warranted. Corrective action is defined broadly, and if you think about what caused the complaint to occur, the corrective action necessary can be immediately evident. Don’t stop there – analyze your complaint data. Use the categories the CFPB uses to categorize your complaints. Look for the root causes. Use your team to help you pinpoint solutions to the problems that may be identified by complaints. Your analysis of complaints will show you exactly what is needed – follow up training, coaching or disciplinary action.

Complaints or no complaints, audit all processes for compliance with policies and legal requirements. Many processes are transparent to consumers and a breakdown in compliance may not stimulate consumer complaints, yet these processes can be key to the successful operation of our businesses.

Take corrective action when it is warranted. Provide remedial training and write ups. Get rid of the bad apples. They are your best collectors? Bite the apple and let them go if they can’t change their behavior to conform with the behaviors your policies mandate. Do not hesitate to eject people who intentionally resist.

It’s not easy. Nothing worthwhile ever is. However, developing a good foundation allows you to grow and provides support for subsequent additions – new clients, more staff. Maintain your foundation to prevent cracks in your compliance performance. Every minute you spend fixing a problem that could have been prevented is a minute you can’t use to grow your future and reach your goals.


Debra Ciskey is the Compliance Officer at Wakefield & Associates. Inc. She is a member of the board of directors and a certified instructor for ACA International.