The Federal Financial Institutions Examination Council (FFIEC) is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and the Consumer Financial Protection Bureau, and to make recommendations to promote uniformity in the supervision of financial institutions. The regulators believe that the FFIEC generally helps them achieve consistency. In situations where they are unable to achieve consistency, it helps them identify where there may be differences or gaps between agencies.
The FFIEC recently issued an updated Uniform Interagency Consumer Compliance Rating System, designed to align with their current risk-based approach to consumer compliance examinations. Regulators began using the updated rating system on examinations beginning on March 31, 2017.
Summary of the Updated Rating System
Under the updated rating system, examiners will evaluate:
Board and Management Oversight
Compliance Program (including policies and procedures, training, consumer complaints process, and compliance audits)
Violations of Law and Consumer Harm
Financial institutions will continue to face the challenges related to having multiple regulators issuing ratings that may not be consistent between agencies. To further exacerbate the challenge, examiners currently do not have to explain their conclusions, leading financial institutions and other regulators without support to understand the basis for their conclusions.
Nevertheless, financial institutions should seek to obtain a satisfactory rating, as an adverse rating of 4 or 5 may lead to more examinations or prohibitions on new activity, and may potentially have safety and soundness implications. Financial institutions must be aware of the updated rating system and take the necessary actions to ensure a smooth transition, including, but not limited to:
Financial institutions need to be proactive, and create a culture of compliance.
Financial institutions must establish an effective CMS composed of four key pillars, which are Board and Management Oversight, Compliance Program, Customer Complaints Process, and Compliance Audits.
As the regulators will explicitly factor a financial institution’s management of third-party relationships into their ratings, institutions must develop a framework to mitigate the risk of third-party vendors and provide a mechanism for ongoing monitoring.
Given that the regulators will continue to use judgment in assigning ratings, financial institutions may want to more thoughtfully consider proactively presenting issues to the regulators.