In the wake
of the Wells Fargo debacle, the CFPB has issued a Compliance Bulletin which
addresses employee incentives and the consumer risks associated with them. CFPB Compliance Bulletins are non-binding general
statements of CFPB policy. The Bulletin
notes that while businesses and consumers alike may benefit from the use of
incentives when properly implemented and monitored, incentives may also lead to
significant consumer harm when effective controls for risk are not in
place.
Key to the
Bulletin is the CFPB’s articulation of its vision for an effective compliance
management system addressing employee incentives. While effective compliance management systems are
not contemplated to be a one size fits all proposition, they should take into
account the risk, nature and significance of the incentive program. The Bulletin describes an effective
compliance management system as generally addressing the following:
- Board of Directors and Management Oversight. An effective compliance management system will foster strong customer service and should take into account the following components:
- Board members and senior management should take into account not only the outcomes their incentive programs seek to achieve but also how they may incentivize outcomes that are harmful to consumers;
- Board members and senior management should authorize compliance personnel to design and implement compliance management elements which anticipate both intended and unintended outcomes and provide compliance personnel with sufficient resources to do so; and
- Board members and senior management should foster an environment that empowers employees to report suspected improper behavior.
- Policies and Procedures. The CFPB notes that policies and procedures regarding incentives should provide:
- Sales/collection quotas tied to employee incentives should be reasonably attainable and transparent;
- Clear controls managing the risk inherent in each cycle of a product’s life including marketing, opening of the account, servicing the account and collection of the account;
- Mechanisms to identify conflicts of interest presented by supervisory employees who are covered by incentives but tasked with monitoring the quality of consumer treatment and satisfaction; and
- Fair and independent processes for investigating issues of suspected improper behavior.
- Training. Training should be implemented and should:
- Address the institution’s expectations for incentives;
- Address the institution’s expectations and standards of ethical behavior;
- Identify and address common risky behaviors;
- Foster a greater awareness of areas for risk;
- Educate employees and service providers as to the terms and conditions of the institution’s products and services;
- Address regulatory and business requirements, including requirements for documenting consent (a point of emphasis in the wake of the Wells Fargo enforcement action)
- Monitoring. Overall monitoring systems should track key metrics and outliers that may be indicative of abuse. Examples provided by the CFPB include:
- Employee turnover;
- Employee complaint rates;
- Analysis of termination statistics for trends and root causes;
- Spikes or trends in sales associated with an individual, group or product;
- Financial incentive payouts;
- Account opening/enrollment statistics by group and individual; and
- Account closures/product cancellation by group and individual.
- Corrective Action. The Compliance Management Systems should provide for the prompt identification and implementation of corrective actions addressing any areas of weakness. The CFPB expects corrective actions to include:
- Termination of bad actor employees (including managers) and service providers;
- Changes in the structures of incentive programs and training of affected employees;
- Remediation in the form of refunds to affected consumers;
- Identification, analysis and resolution of root causes of deficiencies; and
- Escalation to the Board and Senior Management, particularly where there is risk of significant harm to consumers.
- Consumer Complaint Management Program. As was noted in the Wells Fargo Order and confirmed by the Bulletin, the CFPB expects institutions to collect and analyze consumer complaints for indicators that incentives are leading to consumer harm or violations of law in order to identify and resolve the root causes of any such issues.
- Independent Compliance Audit. The CFPB expects Compliance Management Systems to provide for periodic independent compliance audits. Institutions’ Compliance Management Systems should therefore:
- Provide for and schedule audits for all products subject to incentives. Audits should address incentives and potential consumer risks;
- Insure audits are conducted independently of both the compliance program and business functions; and
- Insure all necessary corrective actions are promptly implemented.
Financial
institutions who use incentive programs should take some comfort in the fact
that the CFPB acknowledges that incentive programs, when properly implemented,
may be beneficial to the marketplace. At
the same, time, financial institutions should be aware that incentive programs
are being carefully scrutinized. It is
therefore incumbent on financial institutions to carefully review their compliance
management programs as to incentive programs.
The level of specificity provided by the CFPB Bulletin suggests that
this will likely be the measuring stick used in current and upcoming
examinations and that incentive programs will be a point of emphasis by
regulators in general.