On May 22, 2014, the Consumer Financial Protection Bureau (“CFPB”) issued its Spring 2014 Supervisory Highlights Report, which includes a review of recent rulemaking, guidance, and enforcement activity.  The CFPB uses its fourth edition since the agency’s founding to reiterate the importance of robust compliance management systems. 

The report notes that a well-developed compliance management system (“CMS”) establishes an entity’s compliance responsibilities; ensures those responsibilities are communicated to employees; ensures that responsibilities for meeting legal requirements and internal policies are incorporated into business process; requires reviews of operations to ensure responsibilities are carried out and legal requirements are met; and requires corrective action when necessary, including updates to tools, systems, training, and materials.  While the CFPB does not require a particular CMS structure, the CFPB reasons that an effective CMS commonly has four interdependent control components: (1) board of directors and management oversight; (2) a compliance program; (3) consumer complaint management program; and (4) an independent compliance audit.  “When all of these control components are strong and well-coordinated, a supervised entity is likely to be more successful at managing its compliance responsibilities and risks.”

Some interesting highlights from the Spring 2014 Report include:

-    CFPB Supervision found that board of directors and senior management at some consumer reporting agencies (“CRAs”) exercise insufficient oversight of the entity’s CMS, with at least one of the CRAs lacking a chief compliance officer or an official with comparable responsibility for company-wide compliance oversight.

-    CFPB examinations found that some CRAs fail to exercise adequate oversight of their business relationships with third-party service providers and that one or more of the CRAs failed to monitor and track consumer complaints altogether.

-    CFPB Supervision observed significant weaknesses in the CMS of several debt collectors.  For example, CFPB Supervision determined that at least one entity had inadequate written CMS policies and procedures and lacked sufficient board and management oversight of CMS.

-    For one debt collector, CFPB Supervision determined that the entity made approximately 17,000 calls to consumers outside the appropriate calling hours set forth in the FDCPA, in addition, the entity also violated the FDCPA when it repeatedly contacted more than one thousand consumers, contacting some consumers as often as 20 times within two days. 

-    CFPB Supervision has cited multiple lenders for unfair, deceptive, or abusive acts or practices, or risks of these acts or practices, for their policies of: repeatedly making unnecessary calls to third parties; improperly disclosing personal debt information; calling borrowers in violation of do-not-call requests; and making false claims during collection calls.

-    The CFPB’s nonpublic supervisory actions have “resulted in more than $70 million in remediation to over 775,000 consumers.”

As with previous Supervisory Highlight Reports, the 2014 spring edition provides insight into the CFPB’s supervisory and enforcement priorities.  For more information on the CFPB and its supervisory role, please contact Katherine Olson of Messer Strickler, Ltd. at 312-334-3444 or