> > >
Sections in this Topic
Last update: September 6, 2013
The following issues should be considered when developing a consumer compliance risk management program during the start-up period.
What is the bank’s business strategy?
A retail bank with many consumer products has a higher degree of consumer compliance risk by virtue of the nature of the products, the numbers of customers using the products, and the number of consumer laws and regulations that apply to these products. A wholesale bank, on the other hand, may be subject to fewer consumer compliance laws and regulations by virtue of the business nature of its products. However, since some consumer regulations, such as Regulation B and Regulation CC, apply to business transactions, knowledge of the applicable laws and regulations will be required to ensure compliance.
Does the bank have staff familiar with consumer laws and regulations?
A successful bank needs staff with knowledge of consumer protection laws and regulations commensurate with the products and services in the bank’s overall business strategy. Outside vendors may be employed to handle certain portions of the bank’s overall compliance management program, such as audits and training. However, while certain activities can be outsourced, the overall responsibility for compliance remains with senior management and the board of directors.
What type of structure does the bank have?
While each structure needs a compliance officer, the level of responsibility for this position will depend on whether the function is handled in a centralized or decentralized manner. If the function is centralized, the compliance officer should have an adequate level of knowledge of all consumer compliance laws and regulations that cover deposit operations, the lending function (including fair lending), and the Community Reinvestment Act (CRA). If a decentralized structure is adopted, generally personnel within each business line will have responsibility for all consumer compliance laws and regulations. Regardless of the structure chosen, an adequate level of Management Information Systems (MIS) and communications should occur between and among compliance officers, business line management, senior management, and the board of directors.