Fannie Mae LQI and CFPB Compliance: Detecting Undisclosed Liabilities offered by Credit Plus
CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness...
Transcript of CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness...
![Page 1: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/1.jpg)
CFPB Readiness Series:
Compliance Management System (CMS)
Overview
![Page 2: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/2.jpg)
Who is KirkpatrickPrice?
KirkpatrickPrice is a licensed CPA firm, providing assurance services to over 200 clients in more than 40 states, Canada, Asia and Europe. The firm has over 10 years of experience in information assurance by performing assessments, audits, and tests that strengthen information security controls.
![Page 3: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/3.jpg)
Welcome
Joseph Kirkpatrick is Managing Partner of the firm. He oversees the compliance audits delivered to the receivables management industry.
– Certified in the Governance of Enterprise IT (CGEIT)
– Certified Information Systems Auditor (CISA)
– Certified in Risk and Information Systems Control (CRISC)
– Qualified Security Assessor (QSA)
![Page 4: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/4.jpg)
Confusion on the CMS
Requirement
• Does it even apply to me?
• How do I apply it to our organization?
• What IS a CMS anyway?
• How can I start complying until I know what an examiner will be reviewing?
![Page 5: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/5.jpg)
Drawing on Previous Regulatory
Actions
• Financial institutions have well-defined examination frameworks
• The tone and approach in the CFPB examination procedures harken back to other actions such as the GLBA Safeguards Rule
• The CMS examination procedures are a direct copy from guidance issued over 10 years ago
![Page 6: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/6.jpg)
Welcome
Todd Stephenson is an Information Security Specialist helping collection agencies and law firms prepare for a CFPB examination.
– Certified Information Systems Auditor (CISA)
– Information Security Specialist
– Over four years working with the ARM industry
![Page 7: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/7.jpg)
Why are we here?
“A critical component of a well-run financial institution is a robust and effective compliance management system (CMS)... Consequently, one of the most important responsibilities of the CFPB supervisory program is assessing the quality of the compliance management systems employed by the financial institutions under the CFPB’s jurisdiction.”
CFPB Supervisory Highlights Fall 2012
![Page 8: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/8.jpg)
What is a CMS? Direct from the CFPB Supervision and Examination Manual-v 2.0, Pg. 35:
A compliance management system is how a supervised entity:
• Establishes its compliance responsibilities;
• Communicates those responsibilities to employees;
• Ensures that responsibilities for meeting legal requirements and internal policies are incorporated into business processes;
• Reviews operations to ensure responsibilities are carried out and legal requirements are met; and
• Takes corrective action and updates tools, systems, and materials as necessary.
![Page 9: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/9.jpg)
What is a CMS? What established best practices say:
A Compliance Management System (CMS) is a set of interrelated or interacting elements that organizations use to direct and control how compliance policies are implemented and compliance objectives are achieved.
![Page 10: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/10.jpg)
What are the Core
Components? Direct from the CFPB:
An effective compliance management system commonly has four interdependent control components:
• Board and management oversight;
• Compliance program;
• Response to consumer complaints; and
• Compliance audit.
![Page 11: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/11.jpg)
What is the flow?
![Page 12: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/12.jpg)
Phase 1: Plan
• Establish the systems intent and goals
– What do we intend to accomplish?
– Define what success looks like
– Define resources
• Risk Assessment
• Written policy and procedure (controls) directly tied to identified risks - adapted
• Management/Board Involvement is critical here
![Page 13: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/13.jpg)
Phase 2: Do
• Management provides clear support
• Training
• Documentation made easily available
• Complaint Resolution Program
• This area is what most people think of as a CMS
– Only one phase
![Page 14: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/14.jpg)
Phase 3: Check
• “Monitor and Review”
– Internal Audit
• Are we doing what we say we do?
– Management Review
• Audit the audit
• Identify where action is needed
• Provide direction
– Two separate processes
![Page 15: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/15.jpg)
Phase 4: Act
• Document areas of non-compliance
– A functioning CMS WILL find areas of non-compliance – good test of “quality”
– “…issues should be self-identified; and corrective action should be identified by the entity.”
• Action Plan
– Written Corrective Actions
– Written Preventative Actions
– Documented follow up with timelines and completion
![Page 16: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/16.jpg)
The flow continues annually.
![Page 17: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/17.jpg)
Thank you for attending our
Webinar
Q & A
For further information contact:
Todd Stephenson
800.977.3154 Ext. 202
![Page 18: CFPB Readiness Series: Compliance Management System (CMS) … · 2014-10-02 · CFPB Readiness Series: Vendor Compliance Management When: June 26th CFPB Bulletin 2012-3 states that](https://reader036.fdocuments.net/reader036/viewer/2022063005/5fb3bd26fc932505a0136a0c/html5/thumbnails/18.jpg)
Coming up Next
CFPB Readiness Series: Vendor Compliance Management
When: June 26th
CFPB Bulletin 2012-3 states that companies must “oversee” their vendors “in a manner that ensures compliance with Federal consumer financial law…The CFPB’s exercise of its supervisory and enforcement authority will closely reflect this orientation and emphasis.”