Compliance Management System (CMS)

A company's Compliance Management System (CMS) is the foundation of its compliance program and provides the guidance and framework for its compliance culture. Regulatory agencies, investors, and other third party partners focus on the effectiveness of the CMS and look for assurance regarding how an institution:

  • Keeps the board of directors and management apprised of compliance performance and ensures the board and management provide appropriate oversight for the program
  • Implements an effective compliance program that addresses and monitors compliance risk resulting from its products, services, and processes
  • Adequately responds to consumer complaints and ensures corrective actions are taken to prevent the same complaint from recurring, and
  • Performs independent audits of the compliance program to ensure it is operating as management intended.

An effective compliance management system commonly has the four interdependent control components described above. When all four control components are strong and well-coordinated, a supervised entity should be successful at managing its compliance responsibilities and risks. We help clients assess whether they have implemented a comprehensive CMS through consultation, monitoring, or targeted independent compliance reviews.

 

Consultation

Every client has different needs and the regulatory compliance services we provide are tailored to those needs. We have worked with clients who are just establishing their compliance management systems (CMS) and with clients who have a mature CMS in place. Our approach ensures we have a clear understanding of a client’s operating environment and governance structure so that the advice and solutions we provide fit the institution and are sustainable in the long term. We provide consultative services that prevent compliance risks or provide early identification and correction. However, we understand that despite all efforts, there may be times when issues are identified that require remediation. We have successfully supported clients with both preventive and reactive efforts.

  • Supervisory/Enforcement Action and Issue Remediation
  • Compliance Review of New Products and Services
  • Policy and Procedure Development
  • Exam Readiness
  • Compliance Training for Staff, Management, and Board of Directors

Assessment & Monitoring

In business we often hear, “What gets measured gets managed.” That statement certainly holds true in reference to the effectiveness of a compliance management system (CMS). It is imperative that an institution periodically assess the effectiveness of the CMS so that it may continue to optimize the system. Our qualitative and quantitative risk assessment approach helps ensures our client’s CMS remains commensurate with its products, services, processes, and compliance risk profile. In addition, to ensure that the preventive and detective controls are functioning properly, we have conducted periodic monitoring (monthly, quarterly, semi-annually, etc.) of a sampling of transactions. This monitoring should not be confused with independent compliance audits, which are typically performed at a point in time. The monitoring results will help with program corrections, ensuring risks are mitigated sooner than later.

  • Compliance Risk Assessment
  • Compliance Monitoring

Independent Compliance Reviews

Taking the initiative to strengthen compliance performance and reduce compliance risk is paramount to a highly effective CMS. A review conducted by a qualified, independent third party will provide compliance management with an unbiased evaluation of the compliance program or execution of compliance processes against regulatory requirements. It also increases the chances of a favorable internal audit or regulatory examination as it allows management to correct issues in the normal course of business. We have conducted the following types of independent compliance reviews for our clients:

  • Compliance Management System
  • Deposit Regulations
  • Lending Regulations
  • Loan Origination
  • Loan Servicing
  • New Products

Representative Engagements

  • CFPB MOU Remediation – reviewed several thousand loan modifications and provided detailed reporting allowing client to meet CFPB requirements in a timely manner
  • CFPB Readiness Exams – prepared both originators and servicers for upcoming exams which included enabling “self-reporting”
  • Compliance Consultation Training – provided training to business lines as well as senior management and board committees, both proactively and in response to examination findings
  • Compliance Management System (CMS) Reviews – identified gaps in CMS for various non-depository mortgage entities and fintechs
  • Compliance Policy and Procedures Development – allowed various clients to strengthen governance and internal controls
  • Foreclosure Management Look-Backs – executed numerous reviews which allowed clients to improve their operational controls
  • UDAAP – assisted with a multi-phased review of a regional bank’s administration of debt protection products, including a look-back of thousands of customer loans with debt protection originated over several years

View Engagements