Can you remember the last time you conducted an audit of your organization’s workforce compliance program? If you can’t remember, or if you’ve never gone through an audit, your financial services company could be in serious trouble.
This wasn’t always the case. Unfamiliarity with audits, David Keene told our audience during a recent webinar, “is very dangerous … in today’s political climate.” As the director of compliance at Sierra Auto Finance, a Certified Compliance & Ethics Professional, and a member of the National Automotive Finance Association, David has watched the consumer finance industry undergo several momentous transformations. Over his 37-year career, he has seen the power of regulators—from the Department of Justice to the Consumer Financial Protection Bureau—wax and wane with the introduction of new laws, processes, and technologies.
He’s also done a lot of audits—many of them in the last 10 years. Why more recently? These days, he said, “our landscape is changing quite a bit”:
“Until Dodd-Frank came along in 2008 and 2010, there wasn’t much need for compliance in this industry—nor did you ever hear the word. So, a lot of us pretty much started from scratch back then. And one of the things I’ve learned, and especially with one of my other certifications, is that the scope of compliance now is bigger than just the CFPB. We’ve been laser-focused on the CFPB for quite some time because they are the the keeper of the rules, but there are other federal agencies out there. And we’re seeing… a lot of the focus shift down to the state attorneys general and their regulatory departments.”
Last week, Michael Benoit took us through what the CFPB is looking for in an organization’s audit program. But what about those state agencies and attorneys general? David provides the answer and other insights in this week’s webinar recap:
5 Internal Audit Key Questions
Every organization must decide what kind of compliance department it wants to have. A large finance company may have a department that seems like a cast of thousands: a dedicated, law-driven platoon whose mere presence scares people into compliance.
But for a smaller organization, that team often looks more friendly and helpful versus punitive and domineering. Their mission is to ask: “What can we do to help you and the business become compliant with state and federal laws? How can we help you get where you need to be?” For organizations where people may wear many hats and resources are frequently scarce, this second approach is almost always the more effective one.
With that in mind, the first step is to set up your audit program. You can use the CFPB examination manual as your model, whether you’re directly regulated by the CFPB or not—either way, if you set it up and treat your company like you are regulated by the CFPB, you’ll be ahead of the game. If you ask what they ask, you can get your business ready for an outside audit.
Next, run through a “gapping exercise.” In every department—underwriting, funding, collections, and even loan servicing—you may have agents and personnel who use cheat sheets, tips, guidelines, and other shortcuts provided by management to do their jobs. Take those documents and compare them with your policies. If your operational documents don’t reflect your policy, it’s essentially unwritten and your policy becomes folklore: it’s a matter of what someone heard or said.
Consider these key questions:
Next up: how compliance automation can make audits easy and effective in organizations of any size. Check back soon for the next part of this series!