Whether an auto lender has 100 compliance staffers or one, an effective compliance management system should be at the top of the priority list, said Richard Miller, chief compliance officer at Hyundai Capital America, in a session at the Auto Finance Risk & Compliance Summit last month.
In a nutshell, a compliance management system – or CMS, for short – is the method by which a lender manages policies and procedures, and tests for conformity with laws and regulations.
Here are six of Miller’s top tips for implementation and audit of a CMS:
1. Promote buy-in from the top down. “Executive oversight is the most important aspect of a CMS,” Miller said, even for companies that fall under the radar of the Consumer Financial Protection Bureau. Advocate for a designated compliance officer, if your company does not have one already. That compliance offer should work to reduce – or even eliminate – regulatory violations or lawsuits.
2. Define policies and procedures. Compliance starts with written policies and procedures for all components of the business, including credit approval, loan underwriting, pricing, and servicing standards. Any deviations from these policies and procedures should be explained and documented. “’If it’s not in the P&Ps, it doesn’t exist’ – that’s what the regulators would say,” Miller said. “It should be that what your policies say is what you’re actually doing.” A company the size of Hyundai Capital might have more than 500 policies in place. At a smaller company, specify one person whose job description includes writing policies.
3. Conduct a corporate self-assessment. Identify risks by evaluating credit products and services, organizational structure, and advertising and marketing media. Review collections and loss-mitigation functions to determine if borrowers receive consistent treatment for loan modifications and loan workout arrangements. “Where are there gaps?” Miller asked. “Are there things you just missed?” Use these reviews to avoid surprises during an exam and to have time to correct vulnerabilities before regulators arrive.
4. Track customer complaints. Develop systems that integrate with existing operations. “If you have a spreadsheet, that could be fine, if that’s the volume you have,” he said. “You could have 10 people, or you could be the only one to track complaints.”
5. Regularly review CMS progress. Capture key diagnostics from the CMS and issue reports regularly – monthly, perhaps – to senior executives. Reports should include summaries of recent changes or enhancements, as well as pending issues. “It could be something as simple as a fee that went to $300 from $98, and what do we do about that,” Miller said. Use these reports to set reasonable goals, allocate appropriate resources, and update progress.
6. Develop training protocol for recurring issues. “When there are repeat failures [in a given area], we roll out training,” he said. The goal is to ensure that affected employees understand the details of – and reasoning for – the particular procedure. “We might need to draft a new policy or update the policies, if needed,” he added.