As with the burden of cleaning out a fridge, no one wants to undergo an audit – not even a compliance audit.
Audits are arduous and time-consuming, and they routinely shine a light on host of messy, sticky issues— but, in an industry bound by strict regulations, audits need to happen.
Audits: Painful But Necessary
Can you remember the last time you cleaned out your refrigerator? A grimy fridge isn’t just unpleasant; it can hasten spoilage, encourage mold and bacteria growth, and even increase your electric bills. Still, many of us don’t sort through the food we keep in cool storage as much as we should—it’s just not very high on anyone’s list of priorities. And, as long as no one gets sick, it’s probably no big deal… right?
If you’re lending to consumers, it’s like you’ve got a giant commercial fridge. And compliance audits help you get rid of the rotten stuff.
A Compliance Management System contains 4 areas of focus:
Mouse over each area to learn more.
Compliance audits are one of a few mechanisms through which government agencies, banking partners, and members of executive leadership can ensure that a business is following fair lending practices. Audits not only allow capital lenders to verify that clients conform to their standards and industry regulations, but help organizations uncover areas of risk and take proactive corrective action.
And don’t forget about third parties. Consumer lenders must themselves audit their third parties (e.g. collections agencies) to ensure they are complying with fair lending practices as well.
The level of complexity in lending regulations has reached an all-time high, but lenders have unprecedented access to auditing tools that uncover compliance data at the granular level. Imagine that your fridge could clean itself, or at least notify you when it’s time and illuminate the yogurt cups and salsa jars that need to be tossed out. This is the power of a robust compliance management system.
What the CFPB Looks for in an Audit Program
Clearly, the CFPB insists that the lenders it oversees have some kind of audit functionality in place, but what exactly are regulators looking for? In assessing an organization’s CMS, examiners will seek to determine whether:
- The audit program is sufficiently independent and reports to the board or a committee of the board.
- The audit program addresses compliance with all applicable Federal consumer financial laws.
- The schedule and coverage of audit activities is appropriate to the size of the entity, its consumer financial product offerings, and its manner of conducting its consumer financial products business.
- All appropriate compliance and business unit managers receive copies of audit reports in a timely manner.
- Audit results lead to appropriate, timely corrective action.
The Last Line of Defense
Just as stocking and using the right ingredients will help keep your fridge clear before a mess can accumulate, your CMS should provide several defensible compliance processes in addition to audit functionality. A well-structured CMS includes three lines of defense against regulatory action:
Audits + Automation = Awesome Compliance
Make life easy for your auditors and your compliance staff: consider adopting and implementing an automated compliance management system. An automated compliance management system provides with you a single platform with which to store, assign, and track the policies and training your financial and customer-focused staff are accountable for. This, in turn, gives auditors one place to go for the reports, evidence, and documentation they require.
With an automated CMS, you will no longer encounter any nasty surprises or missing documentation—because you’re already tracking compliance across your business, always. It’s about as close as you can get to a self-tidying fridge. In terms of audits, that is.