LAS VEGAS — Compliance is a necessary but logy topic that all lenders and dealers must comply with, and having a proficient compliance management system (CMS) has — by virtue of its association with compliance — also become a de facto necessity.
For Veros Credit, it took two years of building out its in-house CMS before the company even considered itself to have a CMS, Robert Tennant, vice president and general counsel, said during the 2017 Auto Finance Summit in October.
But simply having it does not guarantee that you’re compliant; it’s an item that needs “to do tangible things and document what you are doing for the regulators,” added Mike Lavin, executive vice president and chief legal officer.
Here are four best practices for setting up and maintaining a successful CMS:
1. Start With a Self-Audit
Veros Credit created its CMS from scratch, Tennant said. “What we did [first] is we went in and did a kind-of self-audit and said, ‘OK, where are our challenge areas?'” he said, adding that the company made sure it set up a complete set of policies based on the findings. “Those [policies] are constantly evolving, but they are there,” he said. Those policies provided the foundation for what the CMS consists of.
2. Use the CFPB as a Guide
“If you look at the CFPB exam manual which is the very best place to start, it’s going to identify all major pieces that you need to have and there will be check boxes,” Tennant said. “If you don’t have those pieces, you need to get them into place very quickly.”
What are some of the major pieces? The basic elements, or pillars of a competent CMS, are a complaint management program and a vendor management program — although Veros Credit also brought in additional training which was “pretty beneficial,” he said.
3. Consider a White-Label CMS
For Consumer Portfolio Services, they invested in a basic boiler-plate CMS from Hudson Cook which provided a headstart. However, it came at a price tag of $25,000, Lavin said.
“What we ended up doing was — myself and another compliance attorney — we spent six months taking the 16 policies and procedures [from the CFPB] and pairing it with our actual business practices,” he said. Those six months consisted of meeting with the business-line managers, meeting with the vice presidents, and finding out what they are doing on a day-in and day-out basis, and then weaving those practices within the CMS.
4. Get Upper Management Involved
In addition to meeting with business manager and vice presidents, CPS has continued to get its board and upper management involved in compliance.
“We do obviously [hold] quarterly board meetings,” Lavin said. “About a week in advance of those board meetings, I write a five-page report for the board,” he said, adding that there is also a standing agenda item at board meetings to talk about compliance. This has led to a positive cultural change at CPS, and the CMS came into play because “it gave us a framework and some bullet points on how to do that.”