Lenders have always faced challenges in the compliance side of lending. Regulatory compliance is not new for lenders; it is just evolving. As the economy moves and the government administration changes, the regulatory environment is expected to have some movement as well. There is still uncertainty as to how much movement and attention lending compliance will receive under the new presidential administration. Only time will tell as the new administration settles in and takes action. Regardless of any speculative changes, there are several regulatory challenges lenders should be mindful of in 2017, including consumer protection, FinTech, cyber risk, and sustainable and efficient compliance.
The Consumer Financial Protection Bureau (CFPB) was created in response to the 2008 financial crisis. The CFPB enforces federal financial laws with a focus on consumer protection. The bureau has the ability to take action against a financial institution, including assessing large fines. A fine from the CFPB for any lender could not only cost the business in dollars; but their reputation could also be jeopardized. Though the Federal Trade Commission (FTC) is the lead agency for data protection issues, the CFPB tossed their hat into the mix when they filed a consent order over data security in 2016. The order states that an online payment platform company claimed to have a safe and secure environment to process transactions; however, data security did not meet industry standards and was not encrypted. This CFPB order sends a clear message to all businesses in the financial sector that collect, store, or use customer records that precautions are necessary and accurately describing your security is required. If a business states that they are Payment Card Industry Data Security Standard (PCI DSS) compliant and are not, then the CFPB can act. Personal information must be safeguarded. Lenders should understand the CFPB and existing laws and be prepared to act when regulatory requirements shift.
As FinTech companies continue to enter the lending space, compliance should be a requirement from the beginning. Compliance responsibilities must be known, documented, and a plan established to ensure that the consumer is protected and applicable federal and state financial laws are not violated. As financial institutions partner with FinTech businesses, the financial institution should have a complete understanding of the controls in place to ensure compliance. As a financial institution, the expectations are that customers are known, transactional activity is monitored and suspicious activity is reported to the Financial Crimes Enforcement Network (FinCEN) when identified. As partners, both entities must work together and understand each other’s roles and the compliance culture. The cost of a weak compliance program could be negative news, fines, and litigation for all parties involved.
Related reading: Big Government and Debt Collection: What You Need to Know
Cybercrime is a threat that the financial industry must aggressively combat. Chief information security officers (CISO) are being sought out to address risks such as cybersecurity and consumer data protection. The financial industry must ensure that a cybersecurity framework is in place and is actively working to protect systems and consumers. This is a risk that must be tested continuously for gaps and weaknesses to prevent serious threats. Starting March 1, new rules for the New York Department of Financial Services (NYDFS) took effect. Many in the industry are watching to see how the new rules are implemented, which could possibly serve as a template for other regulatory entities. The "landmark" NYDFS regulations seek to avert and ward off breaches and threats. The regulation includes:
Establishing a framework for a cybersecurity program that is appropriately funded, staffed, supervised, and reported on to senior management.
Setting minimum standards for systems including controls, data protection, encryption, and testing.
Establishing standards to address cyber breaches including a response plan, preservation of data, and notification to Department of Financial Services (DFS).
Providing accountability of material deficiencies, remediation plans, and annual certifications of compliance to DFS.
This new standard should be closely monitored to see how it is received by the financial sector regulated by DFS and if it will be the standard for other regulatory agencies.
Related reading: 5 Tips to Protect Your Financial Institution from Cyber Attacks
Sustainable and Efficient Compliance
A positive and proactive compliance culture throughout a financial institution will foster a sustainable and efficient compliance environment. This can be achieved by communication and training—lots of both! If employees know the importance of complying with current regulations and planning for future regulatory changes, it is more likely that they will get involved and be committed to the process. Lenders need to understand the environment and the consequences for noncompliance and communicate the information to all. Financial institutions must commit to training in order to address questions and concerns involving regulations. A compliance infrastructure including a risk strategy, understanding risk tolerance, and documenting a risk assessment will provide a roadmap to a strong compliance program.
Compliance is a commitment from all who work with consumers and financial products. Compliance is not just something that must be maintained to keep the regulators happy. All financial professionals must actively protect consumers and the financial institution from financial loss and reputation damage. A strong compliance program is paramount in today’s lending environment.