Third-Party Testing Reduces Compliance Tasks for Financial Institutions
As your financial institution’s regulatory responsibilities continue to grow, your compliance department may be left with little time for management program requirements like compliance testing. Financial institutions are increasingly looking to third parties to help meet these responsibilities. Outside assistance makes good business sense as it can reduce costs and is relatively easy to manage with already stretched resources.
Compliance management has four parts
According to the Consumer Financial Protection Bureau’s (CFPB) Supervision and Examination Manual, an effective compliance management system should contain four elements:
- Board and management oversight
- Compliance program
- Response to consumer complaints
- Compliance audit
If any of the four elements is missing, CFPB can deem the entire compliance management program to be insufficient. Financial institutions often handle board and management oversight, the compliance program, and consumer complaints with internal resources, but seek outside assistance with the compliance audit.
The compliance audit (sometimes referred to as “compliance testing”) entails reviewing your institution’s compliance with federal consumer protection laws and regulations. The testing should be independent from the compliance program itself, and the testing scope and depth depend on the size of the financial institution and the breadth of its products and services.
Test results should be put into a report that can be provided to the board of directors or a designated committee. The report is most useful if it identifies regulatory violations and provides suggestions on how to correct them. Findings are often categorized as low, moderate, or high risk. It is crucial that you work to implement corrective action to address all of the deficiencies noted in the report.
Getting outside assistance
It often makes good business sense for a financial institution to engage an independent third party to conduct compliance testing. In many cases, it is much cheaper to engage a third party to perform the testing than it is to hire another compliance officer to conduct the tests. The engagement is relatively easy for many institutions to manage as long as they follow some fundamental steps:
- First, in choosing a third party, perform the due diligence necessary to conclude that the firm you choose has adequate expertise and experience assisting similar institutions. Ask candidate companies to provide bios of the consultants who would perform the testing and references from past independent tests.
- Second, set forth (in a contract) the scope of the testing and a timeframe for it to be completed and the report delivered. The deadline must be clear to ensure that the report is available when the examiners arrive.
- Finally, you should expect concrete recommendations for addressing each deficiency contained in the report. The third-party testers should provide workable solutions for each finding. One of the benefits of using third-party testers is that they can share industry best practices and give you a clearer picture of what you need to do to immediately improve compliance.
How we can help
CLA’s experienced compliance testing professionals can help your institution meet its regulatory responsibilities in a cost-effective and timely manner, and offer solutions to improve your compliance management system.