The steps for
Implementing a Compliance Management System in an organization are:-
Board of
Directors and Management Oversight – The Board of Directors is ultimately
responsible for developing and administering a CMS that ensures compliance with
federal consumer protection laws and regulations. Communicate clear
expectations, adopt clear policies, and define an appropriately staffed
compliance function. A Board can demonstrate commitment to maintaining an
effective CMS by:
Demonstrating clear and unequivocal
expectations about compliance, not only within the institution, but also to
thirdparty providers
Adopting clear policy statements
Appointing a compliance officer with authority
and accountability
Allocating
resources to compliance functions commensurate with the level and complexity of
the institution’s operations
Conducting
periodic compliance audits
Providing for
recurrent reports by the compliance officer to the Board
A Compliance
Program – A financial institution should generally establish a formal, written
compliance program. In addition to being a planned and organized effort to
guide the institution’s compliance activities, a written program represents an
essential source document that will serve as a training and reference tool for all
employees. A well planned, implemented, and maintained compliance program will
prevent or reduce regulatory violations, provide cost efficiencies, and is a
sound business step.
A Consumer Complaint Management Program – Responsive to complaints and inquiries (defines, tracks, monitors, and analyzes). An institution should promptly handle consumer complaints.
Procedures should be established for
addressing complaints, and individuals or departments responsible for handling
them should be designated and known to all institution personnel to expedite
responses.
A compliance officer should be aware of
complaints received and act to ensure a timely resolution.
An Independent Compliance Audit – Review if policies and standards are being implemented. A compliance audit is an independent review of an institution’s compliance with consumer protection laws and regulations and adherence to internal policies and procedures. The audit helps management ensure ongoing compliance and identify compliance risk conditions. It complements the institution’s internal monitoring system. The Board should determine the scope of an audit, and the frequency with which audits are conducted. Regardless of whether audits are conducted by institution personnel or by a contractor, the audit findings should be reported directly to the Board or a committee of the Board. A written compliance audit report should include:
Scope of the audit (including departments, branches, product types and third-party relationships reviewed)
Deficiencies or modifications identified
Number of transactions sampled by category of product type.
Descriptions of, or suggestions for, corrective actions and time frames for correction.
User questions & answers