Uniform Interagency Consumer Compliance Rating System, 26553-26563 [2016-10289]
Download as PDF
<![CDATA[
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
In the event a hearing is requested
and granted, EPA will provide notice of
the hearing in the Federal Register not
less than 15 days prior to the scheduled
hearing date. Frivolous or insubstantial
requests for hearing may be denied by
EPA. Following such a public hearing,
EPA will review the record of the
hearing and issue an order either
affirming today’s determination or
rescinding such determination. If no
timely request for a hearing is received
and granted, EPA’s approval of the State
of Connecticut’s request to revise its
Part 142—National Primary Drinking
Water Regulations Implementation
program to allow electronic reporting
will become effective 30 days after
today’s notice is published, pursuant to
CROMERR section 3.1000(f)(4).
Matthew Leopard,
Director, Office of Information Collection.
[FR Doc. 2016–10251 Filed 5–2–16; 8:45 am]
Access And Accommodations: For
information on access or services for
individuals with disabilities, please
contact Martha Berger at 202–564–2191
or berger.martha@epa.gov.
basis. The use of any video or audio
tape recording device, photographing
device, or any other electronic or
mechanical device designed for similar
purposes is prohibited at ASC meetings.
Dated: April 26, 2016.
Martha Berger,
Designated Federal Official.
Dated: April 27, 2016.
James R. Park,
Executive Director.
[FR Doc. 2016–10252 Filed 5–2–16; 8:45 am]
[FR Doc. 2016–10292 Filed 5–2–16; 8:45 am]
BILLING CODE 6560–50–P
BILLING CODE 6700–01–P
FEDERAL FINANCIAL INSTITUTIONS
EXAMINATION COUNCIL
FEDERAL FINANCIAL INSTITUTIONS
EXAMINATION COUNCIL
[Docket No. AS16–05]
[Docket No. FFIEC–2016–0001]
Appraisal Subcommittee Notice of
Meeting
Uniform Interagency Consumer
Compliance Rating System
Appraisal Subcommittee of the
Federal Financial Institutions
Examination Council.
ACTION: Notice of meeting.
AGENCY:
AGENCY:
BILLING CODE 6560–50–P
ENVIRONMENTAL PROTECTION
AGENCY
[FRL–9945–00–OA]
Notice of Meeting of the EPA
Children’s Health Protection Advisory
Committee (CHPAC)
Environmental Protection
Agency.
ACTION: Notice of Meeting.
AGENCY:
Pursuant to the provisions of
the Federal Advisory Committee Act,
Public Law 92–463, notice is hereby
given that the next meeting of the
Children’s Health Protection Advisory
Committee (CHPAC) will be held May
24 and May 25, 2016 at the George
Washington University Milken Institute
School of Public Health, located at 950
New Hampshire Avenue NW.,
Washington, DC 20037. The CHPAC
advises the Environmental Protection
Agency on science, regulations, and
other issues relating to children’s
environmental health.
DATES: May 24 from 1:00 p.m. to 5:30
p.m. and May 25 from 9:00 a.m. to 4:00
p.m., 2016.
ADDRESSES: 950 New Hampshire
Avenue NW., Washington, DC 20037.
FOR FURTHER INFORMATION CONTACT:
Martha Berger, Office of Children’s
Health Protection, USEPA, MC 1107T,
1200 Pennsylvania Avenue NW.,
Washington, DC 20460, (202) 564–2191
or berger. martha(@epa.gov.
SUPPLEMENTARY INFORMATION: The
meetings of the CHPAC are open to the
public. An agenda will be posted to
epa.gov/children.
asabaliauskas on DSK3SPTVN1PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
26553
Description: In accordance with
section 1104(b) of title XI of the
Financial Institutions Reform, Recovery,
and Enforcement Act of 1989, as
amended, notice is hereby given that the
Appraisal Subcommittee (ASC) will
meet in open session for its regular
meeting:
Location: Federal Reserve Board—
International Square location, 1850 K
Street NW., Washington, DC 20006.
Date: May 11, 2016.
Time: 10:00 a.m.
Status: Open
Reports
Chairman
Executive Director
Delegated State Compliance Reviews
Financial Report
Action and Discussion Items
March 9, 2016 Open Session Minutes
ASC 2015 Annual Report
Notice of Proposed Rulemaking on AMC
Fees
How To Attend and Observe an ASC
Meeting
If you plan to attend the ASC Meeting
in person, we ask that you send an
email to meetings@asc.gov. You may
register until close of business four
business days before the meeting date.
You will be contacted by the Federal
Reserve Law Enforcement Unit on
security requirements. You will also be
asked to provide a valid governmentissued ID before being admitted to the
Meeting. The meeting space is intended
to accommodate public attendees.
However, if the space will not
accommodate all requests, the ASC may
refuse attendance on that reasonable
PO 00000
Frm 00028
Fmt 4703
Sfmt 4703
Federal Financial Institutions
Examination Council (FFIEC).
ACTION: Notice and request for comment.
Pursuant to 12 U.S.C. 3301,
the Federal Financial Institutions
Examination Council (FFIEC),
established in 1979, is a formal
interagency body empowered to
prescribe principles and standards for
the federal examination of financial
institutions and to make
recommendations to promote
consistency and coordination in the
supervision of institutions.
The six members of the FFIEC
represent the Board of Governors of the
Federal Reserve System (FRB), the
Federal Deposit Insurance Corporation
(FDIC), the National Credit Union
Administration (NCUA), the Office of
the Comptroller of the Currency (OCC),
the State Liaison Committee (SLC), and
the Consumer Financial Protection
Bureau (CFPB) (Agencies).
The FFIEC promotes compliance with
federal consumer protection laws and
regulations through each agency’s
supervisory and outreach programs.
Through compliance supervision, the
FFIEC Agencies determine whether an
institution is meeting its responsibility
to comply with applicable requirements.
The FFIEC requests comment on a
proposal to revise the Uniform
Interagency Consumer Compliance
Rating System, more commonly known
as the ‘‘CC Rating System,’’ to reflect the
regulatory, examination (supervisory),
technological, and market changes that
have occurred in the years since the
current rating system was established.
The FFIEC is proposing to revise the
existing CC Rating System to better
reflect current consumer compliance
supervisory approaches. The revisions
are designed to more fully align the
rating system with the FFIEC Agencies’
current risk-based, tailored examination
SUMMARY:
E:\FR\FM\03MYN1.SGM
03MYN1
26554
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
asabaliauskas on DSK3SPTVN1PROD with NOTICES
approaches. The proposed revisions to
the CC Rating System were not
developed to set new or higher
supervisory expectations for financial
institutions and their adoption will
represent no additional regulatory
burden.
The proposed revisions emphasize the
importance of institutions’ compliance
management systems (CMS), in
particular, risk control processes
designed to manage consumer
compliance risk which are needed to
support compliance and prevent
consumer harm. The CC Rating System
has provided a general framework for
evaluating compliance factors in order
to assign a consumer compliance rating
to each federally regulated financial
institution.1
DATES: Comments must be received on
or before July 5, 2016.
ADDRESSES: Because paper mail
received by the FFIEC is subject to delay
due to heightened security precautions
in the Washington, DC area, you are
encouraged to submit comments by the
Federal eRulemaking Portal, if possible.
Please use the title ‘‘Consumer
Compliance Rating System’’ to facilitate
the organization and distribution of the
comments. You may submit comments
by any of the following methods:
Federal eRulemaking Portal
(Regulations.gov): Go to https://
www.regulations.gov. Under the ‘‘More
Search Options’’ tab, click next to the
‘‘Advanced Docket Search’’ option
where indicated, select ‘‘FFIEC’’ from
the agency drop-down menu, then click
‘‘Submit.’’ In the ‘‘Docket ID’’ column,
select ‘‘Docket Number FFIEC–2016–
0001’’ to submit or view public
comments and to view supporting and
related materials for this notice of
proposed rulemaking. The ‘‘How to Use
This Site’’ link on the Regulations.gov
home page provides information on
using Regulations.gov, including
instructions for submitting or viewing
public comments, viewing other
supporting and related materials, and
viewing the docket after the close of the
comment period.
Mail: Judith Dupre, Executive
Secretary, Federal Financial Institutions
Examination Council, L. William
Seidman Center, Mailstop: 7081a, 3501
1 NCUA integrates the principles and standards of
the current CC Rating System into the existing
CAMEL rating structure, in place of a separate
rating. When finalized, the revised CC Rating
System will be incorporated into NCUA’s riskfocused examination program. Using the principles
and standards contained in the revised CC Rating
System, NCUA examiners will assess a credit
union’s ability to effectively manage its compliance
risk and reflect that ability in the Management
component rating and the overall CAMEL rating
used by NCUA.
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
Fairfax Drive, Arlington, VA 22226–
3550.
Hand delivery/courier: Judith Dupre,
Executive Secretary, Federal Financial
Institutions Examination Council, L.
William Seidman Center, Mailstop: B–
7081a, 3501 Fairfax Drive, Arlington,
VA 22226–3550.
Instructions: You must include
‘‘FFIEC’’ as the agency name and
‘‘Docket Number FFIEC–2016–0001’’ in
your comment. In general, the FFIEC
will enter all comments received into
the docket and publish them on the
Regulations.gov Web site without
change, including any business or
personal information that you provide
such as name and address information,
email addresses, or phone numbers.
Comments received, including
attachments and other supporting
materials, are part of the public record
and subject to public disclosure. Do not
enclose any information in your
comment or supporting materials that
you consider confidential or
inappropriate for public disclosure.
Docket: You may also view or request
available background documents and
project summaries using the methods
described above.
FOR FURTHER INFORMATION CONTACT:
OCC: Ronald A. Dice, Compliance
Specialist, Office of the Comptroller of
the Currency, 400 7th Street SW.,
Washington, DC 20219, (202) 649–5470;
or Kimberly Hebb, Director of
Compliance Policy, (202) 649–5470.
Board: Lanette Meister, Senior
Supervisory Consumer Financial
Services Analyst, Board of Governors of
the Federal Reserve System, 20th and C
Streets NW., Washington, DC 20551,
(202) 452–2705.
FDIC: Ardie Hollifield, Senior Policy
Analyst, Federal Deposit Insurance
Corporation, 550 17th Street NW.,
Washington, DC 20429–0002, (202) 898–
6638; John Jackwood, Senior Policy
Analyst, (202) 898–3991; or Faye
Murphy, Chief, Consumer Compliance
and UDAP Examination Section, (202)
898–6613.
NCUA: Jamie Goodson, Director,
Division of Consumer Compliance
Policy and Outreach, Office of
Consumer Protection, National Credit
Union Administration, 1775 Duke Street
Alexandria, VA 22314–3428, (703) 518–
1140.
CFPB: Kathleen Conley, Senior
Consumer Financial Protection Analyst,
Consumer Financial Protection Bureau,
1700 G Street NW., Washington, DC
20552, (202) 435–7459.
SLC: Matthew Lambert, Policy
Counsel, Conference of State Bank
Supervisors, 1129 20th Street NW., 9th
PO 00000
Frm 00029
Fmt 4703
Sfmt 4703
Floor, Washington, DC 20036, (202)
407–7130.
SUPPLEMENTARY INFORMATION:
Background
The current CC Rating System,
adopted in 1980, is a supervisory policy
for evaluating financial institutions’ 2
adherence to consumer compliance
requirements. The CC Rating System
provides a framework for evaluating
institutions based on assessment factors
to assign a consumer compliance rating
to each institution.
The CC Rating System is based upon
a scale of 1 through 5, in increasing
order of supervisory concern. Thus, 1
represents the highest rating and
consequently the lowest level of
supervisory concern, while 5 represents
the lowest rating and consequently the
most critically deficient level of
performance and the highest degree of
supervisory concern. When using the
CC Rating System to assess an
institution, the Agencies do not
consider an institution’s record of
lending performance under the
Community Reinvestment Act (CRA)
because institutions are evaluated
separately for CRA.
Factors Supporting a Revised CC Rating
System
The FFIEC is proposing revisions to
the existing CC Rating System,
recognizing that there have been
legislative, regulatory, supervisory,
technological, and market changes since
the adoption of the current CC Rating
System. Since 1980, the regulatory
landscape has evolved considerably.
Over the past 30 years, changes include:
• The consolidation of financial
institutions and resultant changed risk
profiles of entities prompted by factors
such as legal changes that allowed
interstate banking;
• New and revised regulatory
requirements;
• Major transformations in
technology, business models, and
consumers’ banking habits which have
resulted in a broader set of risks to
consumers; and
• The Dodd-Frank Wall Street Reform
and Consumer Protection Act (DoddFrank Act),3 which substantially altered
the regulatory landscape by creating the
CFPB and reshaping the responsibilities
of the prudential regulators.4 As a
result, large institutions over a certain
2 The term financial institutions is defined in 12
U.S.C. 3302(3).
3 12 U.S.C. 5481 et seq.
4 The prudential regulators are the FRB, FDIC,
NCUA, and OCC.
E:\FR\FM\03MYN1.SGM
03MYN1
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
asabaliauskas on DSK3SPTVN1PROD with NOTICES
asset threshold now have more than one
FFIEC consumer compliance supervisor.
Purpose of the Revisions
The Agencies are proposing to revise
the current CC Rating System to better
reflect current consumer compliance
supervisory approaches. The revisions
are designed to more fully align the
rating system with the Agencies’ current
risk-based, tailored examination
approaches. The proposed revisions to
the CC Rating System were not
developed to set new or higher
supervisory expectations for financial
institutions and their adoption will
represent no additional regulatory
burden.
When the current CC Rating System
was adopted in 1980, examinations
focused more on transaction testing for
regulatory compliance rather than
evaluating the sufficiency of an
institution’s CMS to ensure compliance
with regulatory requirements and to
prevent consumer harm. In the
intervening years, each of the FFIEC
Agencies has adopted a risk-based
consumer compliance examination
approach to promote strong compliance
risk management practices and
consumer protection within supervised
financial institutions. Risk-based
consumer compliance supervision
evaluates whether an institution’s CMS
effectively manages the compliance risk
in the products and services offered to
its customers. Under risk-based
supervision, examiners tailor
supervisory activities to the size,
complexity, and risk profile of each
institution and adjust these activities
over time. While compliance
management programs vary based on
the size, complexity, and risk profile of
supervised institutions, all institutions
should maintain an effective CMS. The
sophistication and formality of the CMS
typically will increase commensurate
with the size, complexity, and risk
profile of the entity.
As the Agencies drafted the proposed
rating system definitions, one objective
was to develop a rating system
appropriate for evaluating institutions of
all sizes. Therefore, the first principle
discussed within the CC Rating System
conveys that the system is risk-based to
recognize and communicate clearly that
compliance management programs vary
based on the size, complexity, and risk
profile of supervised institutions. This
principle is reinforced in the Consumer
Compliance Rating Definitions by
conveying to examiners that assessment
factors associated with an institution’s
CMS should be evaluated
commensurate with the institution’s
size, complexity, and risk profile.
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
In developing the revised CC Rating
System, the Agencies believe it is also
important for the new rating system to
establish incentives for institutions to
promote consumer protection by
preventing, self-identifying, and
addressing compliance issues in a
proactive manner. The proposed rating
system would also create a framework
for the Agencies to recognize
institutions that consistently adopt
these compliance strategies.
Another benefit of the proposed CC
Rating System is to promote
coordination, communication, and
consistency among the Agencies,
consistent with the Agencies’ respective
supervisory authorities. Pursuant to the
proposal, each of the Agencies would
use the same CC Rating System to assign
a consumer compliance rating to all
supervised institutions, including banks
and non-banks. Further, revising the
rating system definitions responds to
requests from industry representatives
who have asked that the CC Rating
System be updated.
Proposed Consumer Compliance Rating
System
The primary purpose of the proposed
CC Rating System is to ensure that all
institutions are evaluated in a
comprehensive and consistent manner,
and that supervisory resources are
appropriately focused on areas
exhibiting risk of consumer harm and
on institutions that warrant elevated
supervisory attention. The Agencies are
recommending retention of the current
CC Rating System’s five-scale
framework for the proposed System
while also recommending revisions to
the current CC Rating System to
enhance its effectiveness.
The proposed CC Rating System is
based upon a numeric scale of 1 through
5 in increasing order of supervisory
concern. Thus, 1 represents the highest
rating and consequently the lowest
degree of supervisory concern, while 5
represents the lowest rating and the
most critically deficient level of
performance, and therefore, the highest
degree of supervisory concern. Ratings
of 1 or 2 represent satisfactory or better
performance. Ratings of 3, 4, or 5
indicate performance that is less than
satisfactory.
The proposed CC Rating System
reflects risk-based expectations
commensurate with the size, complexity
and risk profile of institutions and
incents institutions to prevent, selfidentify, and address compliance issues.
Pursuant to the proposed System,
each institution would be assigned a
consumer compliance rating based
primarily on the adequacy of its CMS,
PO 00000
Frm 00030
Fmt 4703
Sfmt 4703
26555
which is designed to ensure compliance
on a continuing basis.
The proposed CC Rating System is
composed of guidance and definitions.
The guidance would provide examiners
with direction on how to use the
definitions when assigning a consumer
compliance rating to an institution. The
definitions consist of qualitative
descriptions for each rating category and
factors regarding violations of laws and
consumer harm.
The proposed System is based on a set
of key principles. The Agencies agreed
that the proposed ratings should be: (1)
Risk-based; (2) Transparent; (3)
Actionable; and (4) an Incentive for
Compliance. Each principle is discussed
in detail in the guidance.
The Agencies are proposing a CC
Rating System that includes three
categories of assessment factors:
• Board and Management Oversight
• Compliance Program
• Violations of Law and Consumer
Harm
When assigning a rating under the
proposed CC Rating System, examiners
would consider each of the assessment
factors in each category. Further, the
categories would allow examiners to
distinguish between varying levels of
supervisory concern when rating
institutions for compliance with federal
consumer protection laws. The
consumer compliance rating reflects a
comprehensive evaluation of the
institution’s performance under the CC
Rating System by considering the
categories and assessment factors in the
context of the size, complexity, and risk
profile of an institution. It is not based
on a numeric average or any other
quantitative calculation. Specific
numeric ratings will not be assigned to
any of the twelve assessment factors.
Thus, an institution need not achieve a
satisfactory rating in all categories in
order to be assigned an overall
satisfactory rating. Conversely, an
institution may be assigned a less than
satisfactory rating even if some of its
assessments were rated as satisfactory.
All institutions, regardless of size,
should maintain an effective CMS. The
sophistication and formality of the CMS
typically will increase commensurate
with the size, complexity, and risk
profile of the entity. The articulation of
CMS assessment factors is not intended
to create new expectations for lower risk
institutions.
Board and Management Oversight
The first category of the proposed CC
Rating System would be used to analyze
an institution’s CMS and the role of its
board and management officials. The
four assessment factors would be:
E:\FR\FM\03MYN1.SGM
03MYN1
26556
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
• Oversight and Commitment
• Change Management
• Comprehension, Identification and
Management of Risk
• Corrective Action and SelfIdentification
The Agencies believe the above
factors would provide examiners with
an effective and consistent framework
for evaluating whether or not board and
management are engaged to a
satisfactory degree at a particular
institution. All institutions, regardless
of size, should maintain an effective
CMS. However, each institution should
be evaluated based on its size,
complexity and risk profile.
Compliance Program
The second category of the proposed
CC Rating System would be used to
analyze other elements of an effective
CMS. The assessment factors for
Compliance Program are:
• Policies and Procedures
• Training
• Monitoring and/or Audit
• Consumer Complaint Response
The Agencies believe these factors,
along with Board and Management
Oversight, would provide an effective
and consistent framework to evaluate an
institution’s CMS. Each of these
assessment factors would be considered
in evaluating risk and assigning a
consumer compliance rating. As
explained above, each institution would
be evaluated based on its size,
complexity and risk profile.
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Violations of Law and Consumer Harm
The third category of the proposed CC
Rating System is Violations of Law and
Consumer Harm. This category would
provide examiners with a framework for
considering the broad range of
violations of consumer protection laws
and evidence of consumer harm.
The current CC Rating System was
adopted in 1980. Since that time, the
industry has become more complex, and
the broad array of risks in the market
that can cause consumer harm has
become increasingly clear. Violations of
various laws, including, for example,
the Servicemembers Civil Relief Act 5
and Section 5 of the Federal Trade
Commission Act,6 as well as fair lending
violations, may potentially cause
significant consumer harm and raise
serious supervisory concerns.
Recognizing this broad array of risks,
the proposed guidance directs
examiners to consider all violations of
consumer laws, based on the root cause,
5 50
6 15
U.S.C. App. 501–697b.
U.S.C. 45 et seq.
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
severity, duration, and pervasiveness of
the violation. This approach emphasizes
the importance of a range of consumer
protection laws and is intended to
reflect the broader array of risks and the
potential harm caused by consumer
protection related violations.
Specifically, in conjunction with
assessing an institution’s CMS based on
the first two categories, examiners will
evaluate the consumer protection
violations and related consumer harm
based on the four assessment factors
below:
• Root cause, or causes, of any
violations of law identified
• Severity of any consumer harm
resulting from violations
• Duration of time over which the
violations occurred
• Pervasiveness of violations
Consumer harm may occur as a result
of a violation of law. While many
instances of consumer harm can be
quantified as a dollar amount associated
with financial loss, such as charging
higher fees for a product than was
initially disclosed, consumer harm may
also result from a denial of an
opportunity. For example, a consumer
could be harmed when an institution
denies the consumer credit or
discourages an application in violation
of the Equal Credit Opportunity Act,7
whether or not financial harm occurred.
Assignment of Ratings by Supervisor(s)
The prudential regulators will
continue to assign and update, as
appropriate, consumer compliance
ratings for institutions they supervise,
including those with total assets of more
than $10 billion.8 As a member of the
FFIEC, the CFPB will also use the CC
Rating System to assign a consumer
compliance rating, as appropriate, for
institutions with total assets of more
than $10 billion, as well as to nonbanks
for which it has jurisdiction regarding
the enforcement of Federal consumer
financial laws as defined under the
Dodd-Frank Act.9 When assigning a
7 15
U.S.C. 1691 et seq.
1025 of the Dodd-Frank Act (12 U.S.C.
5515) applies to federally insured institutions with
more than $10 billion in total assets. This section
granted the CFPB exclusive authority to examine
insured depository institutions and their affiliates
for compliance with Federal consumer financial
laws. The prudential regulators retained authority
for examining insured depository institutions with
more than $10 billion in total assets for compliance
with certain other laws related to consumer
financial protection, including the Fair Housing
Act, the Servicemembers Civil Relief Act, and
section 5 of the Federal Trade Commission Act.
9 12 U.S.C. 5481 et seq. A financial institution
with assets over $10 billion may receive a consumer
compliance rating by both its primary prudential
regulator and the CFPB. The rating is based on each
agency’s review of the institution’s CMS and
8 Section
PO 00000
Frm 00031
Fmt 4703
Sfmt 4703
consumer compliance rating, as well as
in other supervisory situations as
appropriate, the prudential regulators
will take into consideration any material
supervisory information provided by the
CFPB, as that information relates to
covered supervisory activities or
covered examinations.10 Similarly, the
CFPB will take into consideration any
material supervisory information
provided by prudential regulators in
appropriate supervisory situations,
including when assigning consumer
compliance ratings.
State regulators maintain supervisory
authority to conduct examinations of
state-chartered depository institutions
and licensed entities. As such, states
may assign consumer compliance
ratings to evaluate compliance with
both state and federal laws and
regulations. States will collaborate and
consider material supervisory
information from other state and federal
regulatory agencies during the course of
examinations.
Paperwork Reduction Act
In accordance with the Paperwork
Reduction Act (44 U.S.C. 3501 et seq.)
(PRA), the Agencies may not conduct or
sponsor, and a person is not required to
respond to, a collection of information
unless it displays a currently valid
Office of Management and Budget
(OMB) control number. The proposed
CC Rating System would not involve
any new collections of information
pursuant to the PRA. Consequently, no
information will be submitted to the
OMB for review.
FFIEC Guidance on Updating the
Uniform Interagency Consumer
Compliance Rating System
Uniform Interagency Consumer
Compliance Rating System
The Federal Financial Institutions
Examination Council (FFIEC) member
agencies (Agencies) promote
compliance with federal consumer
protection laws and regulations through
supervisory and outreach programs.11
The Agencies engage in consumer
compliance supervision to assess
compliance with the federal consumer protection
laws falling under each agency’s jurisdiction.
10 The prudential regulators and the CFPB signed
a Memorandum of Understanding on Supervisory
Coordination dated May 16, 2012 (MOU) intended
to facilitate the coordination of supervisory
activities involving financial institutions with more
than $10 billion in assets as required under the
Dodd-Frank Act.
11 The FFIEC members are the Board of Governors
of the Federal Reserve System, the Federal Deposit
Insurance Corporation, the National Credit Union
Administration, the Office of the Comptroller of the
Currency, the Consumer Financial Protection
Bureau, and the State Liaison Committee.
E:\FR\FM\03MYN1.SGM
03MYN1
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
whether a financial institution is
meeting its responsibility to comply
with these requirements.
This Uniform Interagency Consumer
Compliance Rating System (CC Rating
System) provides a general framework
for assessing risks during the
supervisory process using certain
compliance factors and assigning an
overall consumer compliance rating to
each federally-regulated financial
institution.12 The primary purpose of
the CC Rating System is to ensure that
regulated financial institutions are
evaluated in a comprehensive and
consistent manner, and that supervisory
resources are appropriately focused on
areas exhibiting risk of consumer harm
and on institutions that warrant
elevated supervisory attention.
The CC Rating System is composed of
guidance and definitions. The guidance
provides examiners with direction on
how to use the definitions when
assigning a consumer compliance rating
to an institution. The definitions consist
of qualitative descriptions for each
rating category and include compliance
management system (CMS) elements
reflecting risk control processes
designed to manage consumer
compliance risk and considerations
regarding violations of laws, consumer
harm, and the size, complexity, and risk
profile of an institution. The consumer
compliance rating reflects the
effectiveness of an institution’s CMS to
ensure compliance with consumer
protection laws and regulations and
reduce the risk of harm to consumers.
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Principles of the Interagency CC Rating
System
The Agencies developed the following
principles to serve as a foundation for
the CC Rating System.
Risk-based. Recognize and
communicate clearly that compliance
management programs vary based on
the size, complexity, and risk profile of
supervised institutions.
Transparent. Provide clear
distinctions between rating categories to
support consistent application by the
Agencies across supervised institutions.
Reflect the scope of the review that
formed the basis of the overall rating.
Actionable. Identify areas of strength
and direct appropriate attention to
specific areas of weakness, reflecting a
12 The Federal Financial Institutions Examination
Council Act of 1978 (12 U.S.C. 3302(3)) defines
financial institution. Additionally, as a member of
the FFIEC, the CFPB will also use the Rating System
to assign a consumer compliance rating, as
appropriate for nonbanks, for which it has
jurisdiction regarding the enforcement of Federal
consumer financial laws as defined under the
Dodd-Frank Act (12 U.S.C. 5481 et seq.).
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
risk-based supervisory approach.
Convey examiners’ assessment of the
effectiveness of an institution’s
compliance risk management program,
including its ability to prevent
consumer harm and ensure compliance
with consumer protection laws and
regulations.
Incent Compliance. Incent the
institution to establish an effective
consumer compliance program across
the institution and to identify and
address issues promptly, including selfidentification and correction of
consumer compliance weaknesses.
Reflect the potential impact of any
consumer harm identified in
examination findings.
Five-Level Rating Scale
The CC Rating System is based upon
a numeric scale of 1 through 5 in
increasing order of supervisory concern.
Thus, 1 represents the highest rating
and consequently the lowest degree of
supervisory concern, while 5 represents
the lowest rating and the most critically
deficient level of performance, and
therefore, the highest degree of
supervisory concern.13 Ratings of 1 or 2
represent satisfactory or better
performance. Ratings of 3, 4, or 5
indicate performance that is less than
satisfactory. Consistent with the
previously described Principles, the
rating system incents a financial
institution to establish an effective
compliance management system across
the institution, to self-identify risks, and
take the necessary actions to reduce the
risk of non-compliance and consumer
harm.
• The highest rating of 1 is assigned
to a financial institution that maintains
a strong CMS and takes action to
prevent violations of law and consumer
harm.
• A rating of 2 is assigned to a
financial institution that maintains a
CMS that is satisfactory at managing
consumer compliance risk in the
institution’s products and services and
at substantially limiting violations of
law and consumer harm.
• A rating of 3 reflects a CMS
deficient at managing consumer
compliance risk in the institution’s
products and services and at limiting
violations of law and consumer harm.
• A rating of 4 reflects a CMS
seriously deficient at managing
consumer compliance risk in the
institution’s products and services and
13 The Agencies do not consider an institution’s
record of performance under the Community
Reinvestment Act (CRA) in conjunction with
assessing an institution under the CC Rating System
since institutions are evaluated separately under the
CRA.
PO 00000
Frm 00032
Fmt 4703
Sfmt 4703
26557
at preventing violations of law and
consumer harm. A rating of seriously
deficient indicates fundamental and
persistent weaknesses in crucial CMS
elements and severe inadequacies in
core compliance areas necessary to
operate within the scope of statutory
and regulatory consumer protection
requirements and to prevent consumer
harm.
• A rating of 5 reflects a CMS
critically deficient at managing
consumer compliance risk in the
institution’s products and services and
at preventing violations of law and
consumer harm. A rating of critically
deficient indicates an absence of crucial
CMS elements and a demonstrated lack
of willingness or capability to take the
appropriate steps necessary to operate
within the scope of statutory and
regulatory consumer protection
requirements and to prevent consumer
harm.
CC Rating System Categories and
Assessment Factors
CC Rating System—Categories
The CC Rating System is organized
under three broad categories:
1. Board and Management Oversight,
2. Compliance Program, and
3. Violations of Law and Consumer
Harm.
The Consumer Compliance Rating
Definitions below list the assessment
factors considered within each category,
along with narrative descriptions of
performance.
The first two categories, Board and
Management Oversight and Compliance
Program, are used to assess a financial
institution’s CMS. As such, examiners
should evaluate the assessment factors
within these two categories
commensurate with the institution’s
size, complexity, and risk profile. All
institutions, regardless of size, should
maintain an effective CMS. The
sophistication and formality of the CMS
typically will increase commensurate
with the size, complexity, and risk
profile of the entity.
Additionally, compliance
expectations contained within the
narrative descriptions of these two
categories extend to third-party
relationships into which the financial
institution has entered. There can be
certain benefits to financial institutions
engaging in relationships with third
parties, including gaining operational
efficiencies or an ability to deliver
additional products and services, but
such arrangements also may expose
financial institutions to risks if not
managed effectively. The prudential
agencies, the CFPB, and some states
E:\FR\FM\03MYN1.SGM
03MYN1
26558
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
have issued guidance describing
expectations regarding oversight of
third-party relationships. While an
institution’s management may make the
business decision to outsource some or
all of the operational aspects of a
product or service, the institution
cannot outsource the responsibility for
complying with laws and regulations or
managing the risks associated with
third-party relationships.
As noted in the Consumer
Compliance Rating Definitions,
examiners should evaluate activities
conducted through third-party
relationships as though the activities
were performed by the institution itself.
Examiners should review a financial
institution’s management of third-party
relationships and servicers as part of its
overall compliance program.
The third category, Violations of Law
and Consumer Harm, includes
assessment factors that evaluate the
dimensions of any identified violation
or consumer harm. Examiners should
weigh each of these four factors—root
cause, severity, duration, and
pervasiveness—in evaluating relevant
violations of law and any resulting
consumer harm.
Board and Management Oversight—
Assessment Factors
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Under Board and Management
Oversight, the examiner should assess
the financial institution’s board of
directors and senior management, as
appropriate for their respective roles
and responsibilities, based on the
following assessment factors:
• Oversight of and commitment to the
institution’s compliance risk
management program;
• effectiveness of the institution’s
change management processes,
including responding timely and
satisfactorily to any variety of change,
internal or external, to the institution;
• comprehension, identification, and
management of risks arising from the
institution’s products, services, or
activities; and
• any corrective action undertaken as
consumer compliance issues are
identified.
Compliance Program—Assessment
Factors
Under Compliance Program, the
examiner should assess other elements
of an effective CMS, based on the
following assessment factors:
• Whether the institution’s policies
and procedures are appropriate to the
risk in the products, services, and
activities of the institution;
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
• the degree to which compliance
training is current and tailored to risk
and staff responsibilities;
• the sufficiency of the monitoring
and, if applicable, audit to encompass
compliance risks throughout the
institution; and
• the responsiveness and
effectiveness of the consumer complaint
resolution process.
Violations of Law and Consumer
Harm—Assessment Factors
Under Violations of Law and
Consumer Harm, the examiner should
analyze the following assessment
factors:
• The root cause, or causes, of any
violations of law identified during the
examination;
• the severity of any consumer harm
resulting from violations;
• the duration of time over which the
violations occurred; and
• the pervasiveness of the violations.
As a result of a violation of law,
consumer harm may occur. While many
instances of consumer harm can be
quantified as a dollar amount associated
with financial loss, such as charging
higher fees for a product than was
initially disclosed, consumer harm may
also result from a denial of an
opportunity. For example, a consumer
could be harmed when a financial
institution denies the consumer credit
or discourages an application in
violation of the Equal Credit
Opportunity Act,14 whether or not there
is resulting financial harm.
This category of the Consumer
Compliance Rating Definitions defines
four factors by which examiners can
assess violations of law and consumer
harm.
Root Cause. Root cause analyzes the
degree to which weaknesses in the CMS
gave rise to the violations. In many
instances, the root cause of a violation
is tied to a weakness in one or more
elements of the CMS. Violations that
result from critical deficiencies in the
CMS evidence a critical absence of
management oversight and are of the
highest supervisory concern.
Severity. The severity dimension of
the Consumer Compliance Rating
Definitions weighs the type of consumer
harm, if any, that resulted from
violations of law. More severe harm
results in a higher level of supervisory
concern under this factor. For example,
some consumer protection violations
may cause significant financial harm to
a consumer, while other violations may
cause negligible harm, based on the
specific facts involved.
14 15
PO 00000
U.S.C. 1691 et seq.
Frm 00033
Fmt 4703
Sfmt 4703
Duration. Duration describes the
length of time over which the violations
occurred. Violations that persist over an
extended period of time will raise
greater supervisory concerns than
violations that occur for only a brief
period of time. When violations are
brought to the attention of an
institution’s management and
management allows those violations to
remain unaddressed, such violations are
of the highest supervisory concern.
Pervasiveness. Pervasiveness
evaluates the extent of the violation(s)
and resulting consumer harm, if any.
Violations that affect a large number of
consumers will raise greater supervisory
concern than violations that impact a
limited number of consumers. If
violations become so pervasive that they
are considered to be widespread or
present in multiple products or services,
the institution’s performance under this
factor is of the highest supervisory
concern.
Self-Identification of Violations of Law
and Consumer Harm
Strong compliance programs are
proactive. They promote consumer
protection by preventing, selfidentifying, and addressing compliance
issues in a proactive manner.
Accordingly, the CC Rating System
provides incentives for such practices
through the definitions associated with
a 1 rating.
The Agencies believe that selfidentification and prompt correction of
violations of law reflect strengths in an
institution’s CMS. A robust CMS
appropriate for the size, complexity and
risk profile of an institution’s business
often will prevent violations or will
facilitate early detection of potential
violations. This early detection can limit
the size and scope of consumer harm.
Moreover, prompt self-reporting of
serious violations represents concrete
evidence of an institution’s commitment
to responsibly address underlying risks.
In addition, appropriate corrective
action, including both correction of
programmatic weaknesses and full
redress for injured parties, limits
consumer harm and prevents violations
from recurring in the future. Thus, the
CC Rating System recognizes
institutions that consistently adopt
these strategies as reflected in the
Consumer Compliance Rating
Definitions.
Evaluating Performance Using the CC
Rating Definitions
The consumer compliance rating is
derived through an evaluation of the
financial institution’s performance
under each of the assessment factors
E:\FR\FM\03MYN1.SGM
03MYN1
26559
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
described above. The consumer
compliance rating reflects the
effectiveness of an institution’s CMS to
identify and manage compliance risk in
the institution’s products and services
and to prevent violations of law and
consumer harm, as evidenced by the
financial institution’s performance
under each of the assessment factors.
The consumer compliance rating
reflects a comprehensive evaluation of
the financial institution’s performance
under the CC Rating System by
considering the categories and
assessment factors in the context of the
size, complexity, and risk profile of an
institution. It is not based on a numeric
average or any other quantitative
calculation. Specific numeric ratings
will not be assigned to any of the twelve
assessment factors. Thus, an institution
need not achieve a satisfactory
assessment in all categories in order to
be assigned an overall satisfactory
rating. Conversely, an institution may be
assigned a less than satisfactory rating
even if some of its assessments were
satisfactory.
The relative importance of each
category or assessment factor may differ
based on the size, complexity, and risk
profile of an individual institution.
Accordingly, one or more category or
assessment factor may be more or less
relevant at one financial institution as
compared to another institution. While
the expectations for compliance with
consumer protection laws and
regulations are the same across
institutions of varying sizes, the
methods for accomplishing an effective
CMS may differ across institutions.
The evaluation of an institution’s
performance within the Violations of
Law and Consumer Harm category of
the CC Rating Definitions considers
each of the four assessment factors: Root
Cause, Severity, Duration, and
Pervasiveness. At the levels of 4 and 5
in this category, the distinctions in the
definitions are focused on the root cause
assessment factor rather than Severity,
Duration, and Pervasiveness. This
approach is consistent with the other
categories where the difference between
a 4 and a 5 is driven by the institution’s
capacity and willingness to maintain a
sound consumer compliance system.
In arriving at the final rating, the
examiner must balance potentially
differing conclusions about the
effectiveness of the financial
institution’s CMS over the individual
products, services, and activities of the
organization. Depending on the relative
materiality of a product line to the
institution, an observed weakness in the
management of that product line may or
may not impact the conclusion about
the institution’s overall performance in
the associated assessment factor(s). For
example, serious weaknesses in the
policies and procedures or audit
program of the mortgage department at
a mortgage lender would be of greater
supervisory concern than those same
gaps at an institution that makes very
few mortgage loans and strictly as an
accommodation. Greater weight should
apply to the financial institution’s
management of material products with
significant potential consumer
compliance risk.
An institution may receive a less than
satisfactory rating even when no
violations were identified, based on
deficiencies or weaknesses identified in
the institution’s CMS. For example,
examiners may identify weaknesses in
elements of the CMS in a new loan
product. Because the presence of those
weaknesses left unaddressed could
result in future violations of law and
consumer harm, the CMS deficiencies
could impact the overall consumer
compliance rating, even if no violations
were identified.
Similarly, an institution may receive
a 1 or 2 rating even when violations
were present, if the CMS is
commensurate with the risk profile and
complexity of the institution. For
example, when violations involve
limited impact on consumers, were selfidentified, and resolved promptly, the
evaluation may result in a 1 or 2 rating.
After evaluating the institution’s
performance in the two CMS categories,
Board and Management Oversight and
Compliance Program, and the
dimensions of the violations in the third
category, the examiner may conclude
that the overall strength of the CMS and
the nature of observed violations viewed
together do not present significant
supervisory concerns.
CONSUMER COMPLIANCE RATING DEFINITIONS
Assessment factors to
be considered
1
2
3
4
5
Board and Management Oversight
Board and management oversight factors should be evaluated commensurate with the institution’s size, complexity, and risk profile. Compliance
expectations below extend to third-party relationships
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Oversight and Commitment.
VerDate Sep<11>2014
Board and management demonstrate
strong commitment
and oversight to
the financial institution’s compliance
risk management
program.
18:53 May 02, 2016
Jkt 238001
Board and management provide satisfactory oversight of
the financial institution’s compliance
risk management
program.
PO 00000
Frm 00034
Fmt 4703
Board and manageBoard and management oversight of
ment oversight, rethe financial institusources, and attention’s compliance
tion to the complirisk management
ance risk manageprogram is deficient.
ment program are
seriously deficient.
Sfmt 4703
E:\FR\FM\03MYN1.SGM
03MYN1
Board and management oversight, resources, and attention to the compliance risk management program are
critically deficient.
26560
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
CONSUMER COMPLIANCE RATING DEFINITIONS—Continued
Assessment factors to
be considered
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Change Management
1
2
3
4
5
Substantial compliance resources are
provided, including
systems, capital,
and human resources commensurate with the institution’s size,
complexity, and risk
profile. Staff is
knowledgeable,
empowered and
held accountable
for compliance with
consumer laws and
regulations.
Management conducts comprehensive and ongoing
due diligence and
oversight of third
parties consistent
with agency expectations to ensure
that the financial institution complies
with consumer protection laws, and
exercises strong
oversight of third
parties’ policies,
procedures, internal
controls, and training to ensure consistent oversight of
compliance responsibilities.
Management anticipates and responds
promptly to
changes in applicable laws and regulations, market conditions and products and services
offered.
Compliance resources are adequate and staff is
generally able to
ensure the financial
institution is in compliance with consumer laws and
regulations.
Compliance resources and staff
are inadequate to
ensure the financial
institution is in compliance with consumer laws and
regulations.
Compliance resources and staff
are seriously deficient and are ineffective at ensuring
the financial institution’s compliance
with consumer laws
and regulations.
Compliance resources are critically deficient in
supporting the financial institution’s
compliance with
consumer laws and
regulations, and
management and
staff are unwilling
or incapable of operating within the
scope of consumer
protection laws and
regulations.
Management conducts adequate and
ongoing due diligence and oversight of third parties
to ensure that the
financial institution
complies with consumer protection
laws, and adequately oversees
third parties’ policies, procedures,
internal controls,
and training to ensure appropriate
oversight of compliance responsibilities.
Management does
not adequately conduct due diligence
and oversight of
third parties to ensure that the financial institution complies with consumer
protection laws, nor
does it adequately
oversee third parties’ policies, procedures, internal controls, and training
to ensure appropriate oversight of
compliance responsibilities.
Management oversight and due diligence over third
party performance,
as well as management’s ability to
adequately identify,
measure, monitor,
or manage compliance risks, is seriously deficient.
Management oversight and due diligence of third party
performance is critically deficient.
Management reManagement does
sponds timely and
not respond adeadequately to
quately and/or
changes in applicatimely in adjusting
ble laws and reguto changes in applilations, market concable laws and regditions, products
ulations, market
and services ofconditions, and
fered by evaluating
products and servthe change and imices offered.
plementing responses across impacted lines of
business.
Management evaluates product
changes before
and after implementing the change.
Management’s response to changes
in applicable laws
and regulations,
market conditions,
or products and
services offered is
seriously deficient.
Management fails to
monitor and respond to changes
in applicable laws
and regulations,
market conditions,
or products and
services offered.
Management conducts due diligence
in advance of product changes, considers the entire life
cycle of a product
or service in implementing change,
and reviews the
change after implementation to determine that actions
taken have
achieved planned
results.
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
PO 00000
Frm 00035
Fmt 4703
Sfmt 4703
E:\FR\FM\03MYN1.SGM
03MYN1
26561
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
CONSUMER COMPLIANCE RATING DEFINITIONS—Continued
Assessment factors to
be considered
1
2
3
4
5
Comprehension, Identification and Management of Risk.
Management has a
solid comprehension of and effectively identifies
compliance risks,
including emerging
risks, in the financial institution’s
products, services,
and other activities.
Management actively
engages in managing those risks,
including through
comprehensive
self-assessments.
Management comprehends and adequately identifies
compliance risks,
including emerging
risks, in the financial institution’s
products, services,
and other activities.
Management has an
inadequate comprehension of and
ability to identify
compliance risks,
including emerging
risks, in the financial institution’s
products, services,
and other activities.
Management exhibits
a seriously deficient
comprehension of
and ability to identify compliance
risks, including
emerging risks, in
the financial institution.
Management does
not comprehend
nor identify compliance risks, including emerging risks,
in the financial institution.
Management
proactively identifies issues and
promptly responds
to compliance risk
management deficiencies and any
violations of laws or
regulations, including remediation.
Management adequately responds to
and corrects deficiencies and/or violations, including
adequate remediation, in the normal
course of business.
Corrective Action and
Self-Identification.
Management adequately manages
those risks, including through self-assessments.
Management does
Management renot adequately response to defispond to compliciencies, violations
ance deficiencies
and examination
and violations infindings is seriously
cluding those redeficient.
lated to remediation.
Management is incapable, unwilling
and/or fails to respond to deficiencies, violations
or examination findings.
Compliance Program Compliance Program factors should be evaluated commensurate with the institution’s size, complexity, and risk profile.
Compliance expectations below extend to third-party relationships.
Compliance policies
and procedures
and third-party relationship management programs are
strong, comprehensive and provide
standards to effectively manage compliance risk in the
products, services
and activities of the
financial institution.
Compliance policies
and procedures
and third-party relationship management programs are
adequate to manage the compliance
risk in the products,
services and activities of the financial
institution.
Compliance policies
and procedures
and third-party relationship management programs are
inadequate at managing the compliance risk in the
products, services
and activities of the
financial institution.
Compliance policies
and procedures
and third-party relationship management programs are
seriously deficient
at managing compliance risk in the
products, services
and activities of the
financial institution.
Compliance policies
and procedures
and third-party relationship management programs are
critically absent.
Training ......................
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Policies and Procedures.
Compliance training
is comprehensive,
timely, and specifically tailored to the
particular responsibilities of the staff
receiving it, including those responsible for product
development, marketing and customer service.
Compliance training
outlining staff responsibilities is provided timely to appropriate staff.
Compliance training
is not adequately
comprehensive,
timely, updated, or
appropriately tailored to the particular responsibilities of the staff.
Compliance training
is seriously deficient in its comprehensiveness,
timeliness, or relevance to staff with
compliance responsibilities, or has numerous major inaccuracies.
Compliance training
is critically absent.
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
PO 00000
Frm 00036
Fmt 4703
Sfmt 4703
E:\FR\FM\03MYN1.SGM
03MYN1
26562
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
CONSUMER COMPLIANCE RATING DEFINITIONS—Continued
Assessment factors to
be considered
2
The compliance training program is updated proactively in
advance of the introduction of new
products or new
consumer protection laws and regulations to ensure
that all staff are
aware of compliance responsibilities before rolled
out.
The compliance training program is updated to encompass new products
and to comply with
changes to consumer protection
laws and regulations.
Monitoring and/or
Audit.
Compliance monitoring practices,
management information systems,
compliance audit,
and internal control
systems are comprehensive, timely,
and successful at
identifying and
measuring material
compliance risk
management
throughout the financial institution.
Programs are monitored proactively to
identify procedural
or training weaknesses to preclude
regulatory violations. Program
modifications are
made expeditiously
to minimize compliance risk.
Consumer Complaint
Response.
asabaliauskas on DSK3SPTVN1PROD with NOTICES
1
Processes and procedures for addressing consumer complaints are strong.
Consumer complaint investigations
and responses are
prompt and thorough.
Management monitors consumer
complaints to identify risks of potential consumer harm,
program deficiencies, and customer service
issues and takes
appropriate action.
3
4
5
Compliance monitoring practices,
management information systems,
compliance audit,
and internal control
systems adequately
address compliance risks throughout the financial institution.
Compliance monitoring practices,
management information systems,
compliance audit,
and internal control
systems do not
adequately address
risks involving
products, services
or other activities
including timing
and scope.
Compliance monitoring practices,
management information systems,
compliance audit,
and internal controls are seriously
deficient in addressing risks involving products,
services or other
activities.
Compliance monitoring practices,
management information systems,
compliance audit,
or internal controls
are critically absent.
Processes and procedures for addressing consumer complaints are adequate. Consumer
complaint investigations and responses are generally prompt and
thorough.
Management adequately monitors
consumer complaints and responds to issues
identified.
Processes and procedures for addressing consumer complaints are inadequate. Consumer
complaint investigations and responses are not
thorough or timely.
Processes and procedures for addressing consumer complaints and consumer complaint investigations are seriously deficient.
Processes and procedures for addressing consumer complaints are critically
absent. Meaningful
investigations and
responses are absent.
Management does
not adequately
monitor consumer
complaints.
Management monitoring of consumer
complaints is seriously deficient.
Management exhibits
a disregard for
complaints or preventing consumer
harm.
Violations of Law and Consumer Harm
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
PO 00000
Frm 00037
Fmt 4703
Sfmt 4703
E:\FR\FM\03MYN1.SGM
03MYN1
26563
Federal Register / Vol. 81, No. 85 / Tuesday, May 3, 2016 / Notices
CONSUMER COMPLIANCE RATING DEFINITIONS—Continued
Assessment factors to
be considered
1
2
3
4
5
Root Cause ................
The violations are the
result of minor
weaknesses, if any,
in the compliance
risk management
system.
The type of consumer
harm, if any, resulting from the violations would have a
minimal impact on
consumers.
The violations and resulting consumer
harm, if any, occurred over a brief
period of time.
Violations are the result of modest
weaknesses in the
compliance risk
management system.
The type of consumer
harm resulting from
the violations would
have a limited impact on consumers.
Violations are the result of serious deficiencies in the
compliance risk
management system.
The type of consumer
harm resulting from
the violations would
have a serious impact on consumers.
Violations are the result of critical deficiencies in the
compliance risk
management system.
The type of consumer
harm resulting from
the violations would
have a serious impact on consumers.
The violations and resulting consumer
harm, if any, have
been long standing
or repeated.
The violations and resulting consumer
harm, if any, have
been long standing
or repeated.
The violations and resulting consumer
harm, if any, are
isolated in number.
The violations and resulting consumer
harm, if any, are
limited in number.
Violations are the result of material
weaknesses in the
compliance risk
management system.
The type of consumer
harm resulting from
the violations would
have a considerable impact on consumers.
The violations and resulting consumer
harm, if any, occurred over an extended period of
time.
The violations and resulting consumer
harm, if any, are
numerous.
The violations and resulting consumer
harm, if any, are
widespread or in
multiple products or
services.
The violations and resulting consumer
harm, if any, are
widespread or in
multiple products or
services.
Severity ......................
Duration ......................
Pervasiveness ............
[End of proposed text.]
Dated: April 28, 2016.
Federal Financial Institutions Examination
Council.
Judith E. Dupre,
FFIEC Executive Secretary.
[FR Doc. 2016–10289 Filed 5–2–16; 8:45 a.m.]
BILLING CODE 7535–01–P 6714–01–P; 6210–01–P 4810–
33–P; 4810–AM–P
FEDERAL RESERVE SYSTEM
asabaliauskas on DSK3SPTVN1PROD with NOTICES
Change in Bank Control Notices;
Acquisitions of Shares of a Bank or
Bank Holding Company
The notificants listed below have
applied under the Change in Bank
Control Act (12 U.S.C. 1817(j)) and
§ 225.41 of the Board’s Regulation Y (12
CFR 225.41) to acquire shares of a bank
or bank holding company. The factors
that are considered in acting on the
notices are set forth in paragraph 7 of
the Act (12 U.S.C. 1817(j)(7)).
The notices are available for
immediate inspection at the Federal
Reserve Bank indicated. The notices
also will be available for inspection at
the offices of the Board of Governors.
Interested persons may express their
views in writing to the Reserve Bank
indicated for that notice or to the offices
of the Board of Governors. Comments
must be received not later than May 18,
2016.
A. Federal Reserve Bank of Atlanta
(Chapelle Davis, Assistant Vice
President) 1000 Peachtree Street NE.,
VerDate Sep<11>2014
18:53 May 02, 2016
Jkt 238001
The violations and resulting consumer
harm, if any, occurred over a limited period of time.
Atlanta, Georgia 30309. Comments can
also be sent electronically to
Applications.Comments@atl.frb.org:
1. Fanny Dascal, Miami Beach,
Florida, as Trustee, Cesar R. Camacho,
Miami, Florida, individually and as
Trustee, of The Fanny Dascal Grantor
Retained Annuity Trust, Miami, Florida,
Jacqueline Dascal Chariff, Miami Beach,
Florida, and Ana Marie Camacho,
Miami, Florida; to acquire voting shares
of Continental Bancorp, and directly
acquire voting shares of Continental
National Bank, both in Miami, Florida.
B. Federal Reserve Bank of Kansas
City (Dennis Denney, Assistant Vice
President) 1 Memorial Drive, Kansas
City, Missouri 64198–0001:
1. Todd Allen Cook, Laverne,
Oklahoma; to acquire voting shares of
Laverne Bancshares, Inc., and thereby
indirectly acquire voting shares of Bank
of Laverne, both in Laverne, Oklahoma.
In connection with this application,
Sheldon Olis Cook, McAlester,
Oklahoma, as a member of the Cook
Family Group, and acting individually,
has applied to retain voting shares of
Laverne Bancshares, Inc., and thereby
indirectly retain voting shares of Bank
of Laverne, both in Laverne, Oklahoma.
Board of Governors of the Federal Reserve
System, April 28, 2016.
Michael J. Lewandowski,
Associate Secretary of the Board.
[FR Doc. 2016–10332 Filed 5–2–16; 8:45 am]
BILLING CODE 6210–01–P
PO 00000
Frm 00038
Fmt 4703
Sfmt 4703
FEDERAL RESERVE SYSTEM
Formations of, Acquisitions by, and
Mergers of Bank Holding Companies
The companies listed in this notice
have applied to the Board for approval,
pursuant to the Bank Holding Company
Act of 1956 (12 U.S.C. 1841 et seq.)
(BHC Act), Regulation Y (12 CFR part
225), and all other applicable statutes
and regulations to become a bank
holding company and/or to acquire the
assets or the ownership of, control of, or
the power to vote shares of a bank or
bank holding company and all of the
banks and nonbanking companies
owned by the bank holding company,
including the companies listed below.
The applications listed below, as well
as other related filings required by the
Board, are available for immediate
inspection at the Federal Reserve Bank
indicated. The applications will also be
available for inspection at the offices of
the Board of Governors. Interested
persons may express their views in
writing on the standards enumerated in
the BHC Act (12 U.S.C. 1842(c)). If the
proposal also involves the acquisition of
a nonbanking company, the review also
includes whether the acquisition of the
nonbanking company complies with the
standards in section 4 of the BHC Act
(12 U.S.C. 1843). Unless otherwise
noted, nonbanking activities will be
conducted throughout the United States.
Unless otherwise noted, comments
regarding each of these applications
must be received at the Reserve Bank
E:\FR\FM\03MYN1.SGM
03MYN1
]]>Agencies
[Federal Register Volume 81, Number 85 (Tuesday, May 3, 2016)]
[Notices]
[Pages 26553-26563]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-10289]
-----------------------------------------------------------------------
FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL
[Docket No. FFIEC-2016-0001]
Uniform Interagency Consumer Compliance Rating System
AGENCY: Federal Financial Institutions Examination Council (FFIEC).
ACTION: Notice and request for comment.
-----------------------------------------------------------------------
SUMMARY: Pursuant to 12 U.S.C. 3301, the Federal Financial Institutions
Examination Council (FFIEC), established in 1979, is a formal
interagency body empowered to prescribe principles and standards for
the federal examination of financial institutions and to make
recommendations to promote consistency and coordination in the
supervision of institutions.
The six members of the FFIEC represent the Board of Governors of
the Federal Reserve System (FRB), the Federal Deposit Insurance
Corporation (FDIC), the National Credit Union Administration (NCUA),
the Office of the Comptroller of the Currency (OCC), the State Liaison
Committee (SLC), and the Consumer Financial Protection Bureau (CFPB)
(Agencies).
The FFIEC promotes compliance with federal consumer protection laws
and regulations through each agency's supervisory and outreach
programs. Through compliance supervision, the FFIEC Agencies determine
whether an institution is meeting its responsibility to comply with
applicable requirements.
The FFIEC requests comment on a proposal to revise the Uniform
Interagency Consumer Compliance Rating System, more commonly known as
the ``CC Rating System,'' to reflect the regulatory, examination
(supervisory), technological, and market changes that have occurred in
the years since the current rating system was established. The FFIEC is
proposing to revise the existing CC Rating System to better reflect
current consumer compliance supervisory approaches. The revisions are
designed to more fully align the rating system with the FFIEC Agencies'
current risk-based, tailored examination
[[Page 26554]]
approaches. The proposed revisions to the CC Rating System were not
developed to set new or higher supervisory expectations for financial
institutions and their adoption will represent no additional regulatory
burden.
The proposed revisions emphasize the importance of institutions'
compliance management systems (CMS), in particular, risk control
processes designed to manage consumer compliance risk which are needed
to support compliance and prevent consumer harm. The CC Rating System
has provided a general framework for evaluating compliance factors in
order to assign a consumer compliance rating to each federally
regulated financial institution.\1\
---------------------------------------------------------------------------
\1\ NCUA integrates the principles and standards of the current
CC Rating System into the existing CAMEL rating structure, in place
of a separate rating. When finalized, the revised CC Rating System
will be incorporated into NCUA's risk-focused examination program.
Using the principles and standards contained in the revised CC
Rating System, NCUA examiners will assess a credit union's ability
to effectively manage its compliance risk and reflect that ability
in the Management component rating and the overall CAMEL rating used
by NCUA.
---------------------------------------------------------------------------
DATES: Comments must be received on or before July 5, 2016.
ADDRESSES: Because paper mail received by the FFIEC is subject to delay
due to heightened security precautions in the Washington, DC area, you
are encouraged to submit comments by the Federal eRulemaking Portal, if
possible. Please use the title ``Consumer Compliance Rating System'' to
facilitate the organization and distribution of the comments. You may
submit comments by any of the following methods:
Federal eRulemaking Portal (Regulations.gov): Go to https://www.regulations.gov. Under the ``More Search Options'' tab, click next
to the ``Advanced Docket Search'' option where indicated, select
``FFIEC'' from the agency drop-down menu, then click ``Submit.'' In the
``Docket ID'' column, select ``Docket Number FFIEC-2016-0001'' to
submit or view public comments and to view supporting and related
materials for this notice of proposed rulemaking. The ``How to Use This
Site'' link on the Regulations.gov home page provides information on
using Regulations.gov, including instructions for submitting or viewing
public comments, viewing other supporting and related materials, and
viewing the docket after the close of the comment period.
Mail: Judith Dupre, Executive Secretary, Federal Financial
Institutions Examination Council, L. William Seidman Center, Mailstop:
7081a, 3501 Fairfax Drive, Arlington, VA 22226-3550.
Hand delivery/courier: Judith Dupre, Executive Secretary, Federal
Financial Institutions Examination Council, L. William Seidman Center,
Mailstop: B-7081a, 3501 Fairfax Drive, Arlington, VA 22226-3550.
Instructions: You must include ``FFIEC'' as the agency name and
``Docket Number FFIEC-2016-0001'' in your comment. In general, the
FFIEC will enter all comments received into the docket and publish them
on the Regulations.gov Web site without change, including any business
or personal information that you provide such as name and address
information, email addresses, or phone numbers. Comments received,
including attachments and other supporting materials, are part of the
public record and subject to public disclosure. Do not enclose any
information in your comment or supporting materials that you consider
confidential or inappropriate for public disclosure.
Docket: You may also view or request available background documents
and project summaries using the methods described above.
FOR FURTHER INFORMATION CONTACT: OCC: Ronald A. Dice, Compliance
Specialist, Office of the Comptroller of the Currency, 400 7th Street
SW., Washington, DC 20219, (202) 649-5470; or Kimberly Hebb, Director
of Compliance Policy, (202) 649-5470.
Board: Lanette Meister, Senior Supervisory Consumer Financial
Services Analyst, Board of Governors of the Federal Reserve System,
20th and C Streets NW., Washington, DC 20551, (202) 452-2705.
FDIC: Ardie Hollifield, Senior Policy Analyst, Federal Deposit
Insurance Corporation, 550 17th Street NW., Washington, DC 20429-0002,
(202) 898-6638; John Jackwood, Senior Policy Analyst, (202) 898-3991;
or Faye Murphy, Chief, Consumer Compliance and UDAP Examination
Section, (202) 898-6613.
NCUA: Jamie Goodson, Director, Division of Consumer Compliance
Policy and Outreach, Office of Consumer Protection, National Credit
Union Administration, 1775 Duke Street Alexandria, VA 22314-3428, (703)
518-1140.
CFPB: Kathleen Conley, Senior Consumer Financial Protection
Analyst, Consumer Financial Protection Bureau, 1700 G Street NW.,
Washington, DC 20552, (202) 435-7459.
SLC: Matthew Lambert, Policy Counsel, Conference of State Bank
Supervisors, 1129 20th Street NW., 9th Floor, Washington, DC 20036,
(202) 407-7130.
SUPPLEMENTARY INFORMATION:
Background
The current CC Rating System, adopted in 1980, is a supervisory
policy for evaluating financial institutions' \2\ adherence to consumer
compliance requirements. The CC Rating System provides a framework for
evaluating institutions based on assessment factors to assign a
consumer compliance rating to each institution.
---------------------------------------------------------------------------
\2\ The term financial institutions is defined in 12 U.S.C.
3302(3).
---------------------------------------------------------------------------
The CC Rating System is based upon a scale of 1 through 5, in
increasing order of supervisory concern. Thus, 1 represents the highest
rating and consequently the lowest level of supervisory concern, while
5 represents the lowest rating and consequently the most critically
deficient level of performance and the highest degree of supervisory
concern. When using the CC Rating System to assess an institution, the
Agencies do not consider an institution's record of lending performance
under the Community Reinvestment Act (CRA) because institutions are
evaluated separately for CRA.
Factors Supporting a Revised CC Rating System
The FFIEC is proposing revisions to the existing CC Rating System,
recognizing that there have been legislative, regulatory, supervisory,
technological, and market changes since the adoption of the current CC
Rating System. Since 1980, the regulatory landscape has evolved
considerably. Over the past 30 years, changes include:
The consolidation of financial institutions and resultant
changed risk profiles of entities prompted by factors such as legal
changes that allowed interstate banking;
New and revised regulatory requirements;
Major transformations in technology, business models, and
consumers' banking habits which have resulted in a broader set of risks
to consumers; and
The Dodd-Frank Wall Street Reform and Consumer Protection
Act (Dodd-Frank Act),\3\ which substantially altered the regulatory
landscape by creating the CFPB and reshaping the responsibilities of
the prudential regulators.\4\ As a result, large institutions over a
certain
[[Page 26555]]
asset threshold now have more than one FFIEC consumer compliance
supervisor.
---------------------------------------------------------------------------
\3\ 12 U.S.C. 5481 et seq.
\4\ The prudential regulators are the FRB, FDIC, NCUA, and OCC.
---------------------------------------------------------------------------
Purpose of the Revisions
The Agencies are proposing to revise the current CC Rating System
to better reflect current consumer compliance supervisory approaches.
The revisions are designed to more fully align the rating system with
the Agencies' current risk-based, tailored examination approaches. The
proposed revisions to the CC Rating System were not developed to set
new or higher supervisory expectations for financial institutions and
their adoption will represent no additional regulatory burden.
When the current CC Rating System was adopted in 1980, examinations
focused more on transaction testing for regulatory compliance rather
than evaluating the sufficiency of an institution's CMS to ensure
compliance with regulatory requirements and to prevent consumer harm.
In the intervening years, each of the FFIEC Agencies has adopted a
risk-based consumer compliance examination approach to promote strong
compliance risk management practices and consumer protection within
supervised financial institutions. Risk-based consumer compliance
supervision evaluates whether an institution's CMS effectively manages
the compliance risk in the products and services offered to its
customers. Under risk-based supervision, examiners tailor supervisory
activities to the size, complexity, and risk profile of each
institution and adjust these activities over time. While compliance
management programs vary based on the size, complexity, and risk
profile of supervised institutions, all institutions should maintain an
effective CMS. The sophistication and formality of the CMS typically
will increase commensurate with the size, complexity, and risk profile
of the entity.
As the Agencies drafted the proposed rating system definitions, one
objective was to develop a rating system appropriate for evaluating
institutions of all sizes. Therefore, the first principle discussed
within the CC Rating System conveys that the system is risk-based to
recognize and communicate clearly that compliance management programs
vary based on the size, complexity, and risk profile of supervised
institutions. This principle is reinforced in the Consumer Compliance
Rating Definitions by conveying to examiners that assessment factors
associated with an institution's CMS should be evaluated commensurate
with the institution's size, complexity, and risk profile.
In developing the revised CC Rating System, the Agencies believe it
is also important for the new rating system to establish incentives for
institutions to promote consumer protection by preventing, self-
identifying, and addressing compliance issues in a proactive manner.
The proposed rating system would also create a framework for the
Agencies to recognize institutions that consistently adopt these
compliance strategies.
Another benefit of the proposed CC Rating System is to promote
coordination, communication, and consistency among the Agencies,
consistent with the Agencies' respective supervisory authorities.
Pursuant to the proposal, each of the Agencies would use the same CC
Rating System to assign a consumer compliance rating to all supervised
institutions, including banks and non-banks. Further, revising the
rating system definitions responds to requests from industry
representatives who have asked that the CC Rating System be updated.
Proposed Consumer Compliance Rating System
The primary purpose of the proposed CC Rating System is to ensure
that all institutions are evaluated in a comprehensive and consistent
manner, and that supervisory resources are appropriately focused on
areas exhibiting risk of consumer harm and on institutions that warrant
elevated supervisory attention. The Agencies are recommending retention
of the current CC Rating System's five-scale framework for the proposed
System while also recommending revisions to the current CC Rating
System to enhance its effectiveness.
The proposed CC Rating System is based upon a numeric scale of 1
through 5 in increasing order of supervisory concern. Thus, 1
represents the highest rating and consequently the lowest degree of
supervisory concern, while 5 represents the lowest rating and the most
critically deficient level of performance, and therefore, the highest
degree of supervisory concern. Ratings of 1 or 2 represent satisfactory
or better performance. Ratings of 3, 4, or 5 indicate performance that
is less than satisfactory.
The proposed CC Rating System reflects risk-based expectations
commensurate with the size, complexity and risk profile of institutions
and incents institutions to prevent, self-identify, and address
compliance issues.
Pursuant to the proposed System, each institution would be assigned
a consumer compliance rating based primarily on the adequacy of its
CMS, which is designed to ensure compliance on a continuing basis.
The proposed CC Rating System is composed of guidance and
definitions. The guidance would provide examiners with direction on how
to use the definitions when assigning a consumer compliance rating to
an institution. The definitions consist of qualitative descriptions for
each rating category and factors regarding violations of laws and
consumer harm.
The proposed System is based on a set of key principles. The
Agencies agreed that the proposed ratings should be: (1) Risk-based;
(2) Transparent; (3) Actionable; and (4) an Incentive for Compliance.
Each principle is discussed in detail in the guidance.
The Agencies are proposing a CC Rating System that includes three
categories of assessment factors:
Board and Management Oversight
Compliance Program
Violations of Law and Consumer Harm
When assigning a rating under the proposed CC Rating System,
examiners would consider each of the assessment factors in each
category. Further, the categories would allow examiners to distinguish
between varying levels of supervisory concern when rating institutions
for compliance with federal consumer protection laws. The consumer
compliance rating reflects a comprehensive evaluation of the
institution's performance under the CC Rating System by considering the
categories and assessment factors in the context of the size,
complexity, and risk profile of an institution. It is not based on a
numeric average or any other quantitative calculation. Specific numeric
ratings will not be assigned to any of the twelve assessment factors.
Thus, an institution need not achieve a satisfactory rating in all
categories in order to be assigned an overall satisfactory rating.
Conversely, an institution may be assigned a less than satisfactory
rating even if some of its assessments were rated as satisfactory.
All institutions, regardless of size, should maintain an effective
CMS. The sophistication and formality of the CMS typically will
increase commensurate with the size, complexity, and risk profile of
the entity. The articulation of CMS assessment factors is not intended
to create new expectations for lower risk institutions.
Board and Management Oversight
The first category of the proposed CC Rating System would be used
to analyze an institution's CMS and the role of its board and
management officials. The four assessment factors would be:
[[Page 26556]]
Oversight and Commitment
Change Management
Comprehension, Identification and Management of Risk
Corrective Action and Self-Identification
The Agencies believe the above factors would provide examiners with
an effective and consistent framework for evaluating whether or not
board and management are engaged to a satisfactory degree at a
particular institution. All institutions, regardless of size, should
maintain an effective CMS. However, each institution should be
evaluated based on its size, complexity and risk profile.
Compliance Program
The second category of the proposed CC Rating System would be used
to analyze other elements of an effective CMS. The assessment factors
for Compliance Program are:
Policies and Procedures
Training
Monitoring and/or Audit
Consumer Complaint Response
The Agencies believe these factors, along with Board and Management
Oversight, would provide an effective and consistent framework to
evaluate an institution's CMS. Each of these assessment factors would
be considered in evaluating risk and assigning a consumer compliance
rating. As explained above, each institution would be evaluated based
on its size, complexity and risk profile.
Violations of Law and Consumer Harm
The third category of the proposed CC Rating System is Violations
of Law and Consumer Harm. This category would provide examiners with a
framework for considering the broad range of violations of consumer
protection laws and evidence of consumer harm.
The current CC Rating System was adopted in 1980. Since that time,
the industry has become more complex, and the broad array of risks in
the market that can cause consumer harm has become increasingly clear.
Violations of various laws, including, for example, the Servicemembers
Civil Relief Act \5\ and Section 5 of the Federal Trade Commission
Act,\6\ as well as fair lending violations, may potentially cause
significant consumer harm and raise serious supervisory concerns.
Recognizing this broad array of risks, the proposed guidance directs
examiners to consider all violations of consumer laws, based on the
root cause, severity, duration, and pervasiveness of the violation.
This approach emphasizes the importance of a range of consumer
protection laws and is intended to reflect the broader array of risks
and the potential harm caused by consumer protection related
violations.
---------------------------------------------------------------------------
\5\ 50 U.S.C. App. 501-697b.
\6\ 15 U.S.C. 45 et seq.
---------------------------------------------------------------------------
Specifically, in conjunction with assessing an institution's CMS
based on the first two categories, examiners will evaluate the consumer
protection violations and related consumer harm based on the four
assessment factors below:
Root cause, or causes, of any violations of law identified
Severity of any consumer harm resulting from violations
Duration of time over which the violations occurred
Pervasiveness of violations
Consumer harm may occur as a result of a violation of law. While
many instances of consumer harm can be quantified as a dollar amount
associated with financial loss, such as charging higher fees for a
product than was initially disclosed, consumer harm may also result
from a denial of an opportunity. For example, a consumer could be
harmed when an institution denies the consumer credit or discourages an
application in violation of the Equal Credit Opportunity Act,\7\
whether or not financial harm occurred.
---------------------------------------------------------------------------
\7\ 15 U.S.C. 1691 et seq.
---------------------------------------------------------------------------
Assignment of Ratings by Supervisor(s)
The prudential regulators will continue to assign and update, as
appropriate, consumer compliance ratings for institutions they
supervise, including those with total assets of more than $10
billion.\8\ As a member of the FFIEC, the CFPB will also use the CC
Rating System to assign a consumer compliance rating, as appropriate,
for institutions with total assets of more than $10 billion, as well as
to nonbanks for which it has jurisdiction regarding the enforcement of
Federal consumer financial laws as defined under the Dodd-Frank Act.\9\
When assigning a consumer compliance rating, as well as in other
supervisory situations as appropriate, the prudential regulators will
take into consideration any material supervisory information provided
by the CFPB, as that information relates to covered supervisory
activities or covered examinations.\10\ Similarly, the CFPB will take
into consideration any material supervisory information provided by
prudential regulators in appropriate supervisory situations, including
when assigning consumer compliance ratings.
---------------------------------------------------------------------------
\8\ Section 1025 of the Dodd-Frank Act (12 U.S.C. 5515) applies
to federally insured institutions with more than $10 billion in
total assets. This section granted the CFPB exclusive authority to
examine insured depository institutions and their affiliates for
compliance with Federal consumer financial laws. The prudential
regulators retained authority for examining insured depository
institutions with more than $10 billion in total assets for
compliance with certain other laws related to consumer financial
protection, including the Fair Housing Act, the Servicemembers Civil
Relief Act, and section 5 of the Federal Trade Commission Act.
\9\ 12 U.S.C. 5481 et seq. A financial institution with assets
over $10 billion may receive a consumer compliance rating by both
its primary prudential regulator and the CFPB. The rating is based
on each agency's review of the institution's CMS and compliance with
the federal consumer protection laws falling under each agency's
jurisdiction.
\10\ The prudential regulators and the CFPB signed a Memorandum
of Understanding on Supervisory Coordination dated May 16, 2012
(MOU) intended to facilitate the coordination of supervisory
activities involving financial institutions with more than $10
billion in assets as required under the Dodd-Frank Act.
---------------------------------------------------------------------------
State regulators maintain supervisory authority to conduct
examinations of state-chartered depository institutions and licensed
entities. As such, states may assign consumer compliance ratings to
evaluate compliance with both state and federal laws and regulations.
States will collaborate and consider material supervisory information
from other state and federal regulatory agencies during the course of
examinations.
Paperwork Reduction Act
In accordance with the Paperwork Reduction Act (44 U.S.C. 3501 et
seq.) (PRA), the Agencies may not conduct or sponsor, and a person is
not required to respond to, a collection of information unless it
displays a currently valid Office of Management and Budget (OMB)
control number. The proposed CC Rating System would not involve any new
collections of information pursuant to the PRA. Consequently, no
information will be submitted to the OMB for review.
FFIEC Guidance on Updating the Uniform Interagency Consumer Compliance
Rating System
Uniform Interagency Consumer Compliance Rating System
The Federal Financial Institutions Examination Council (FFIEC)
member agencies (Agencies) promote compliance with federal consumer
protection laws and regulations through supervisory and outreach
programs.\11\ The Agencies engage in consumer compliance supervision to
assess
[[Page 26557]]
whether a financial institution is meeting its responsibility to comply
with these requirements.
---------------------------------------------------------------------------
\11\ The FFIEC members are the Board of Governors of the Federal
Reserve System, the Federal Deposit Insurance Corporation, the
National Credit Union Administration, the Office of the Comptroller
of the Currency, the Consumer Financial Protection Bureau, and the
State Liaison Committee.
---------------------------------------------------------------------------
This Uniform Interagency Consumer Compliance Rating System (CC
Rating System) provides a general framework for assessing risks during
the supervisory process using certain compliance factors and assigning
an overall consumer compliance rating to each federally-regulated
financial institution.\12\ The primary purpose of the CC Rating System
is to ensure that regulated financial institutions are evaluated in a
comprehensive and consistent manner, and that supervisory resources are
appropriately focused on areas exhibiting risk of consumer harm and on
institutions that warrant elevated supervisory attention.
---------------------------------------------------------------------------
\12\ The Federal Financial Institutions Examination Council Act
of 1978 (12 U.S.C. 3302(3)) defines financial institution.
Additionally, as a member of the FFIEC, the CFPB will also use the
Rating System to assign a consumer compliance rating, as appropriate
for nonbanks, for which it has jurisdiction regarding the
enforcement of Federal consumer financial laws as defined under the
Dodd-Frank Act (12 U.S.C. 5481 et seq.).
---------------------------------------------------------------------------
The CC Rating System is composed of guidance and definitions. The
guidance provides examiners with direction on how to use the
definitions when assigning a consumer compliance rating to an
institution. The definitions consist of qualitative descriptions for
each rating category and include compliance management system (CMS)
elements reflecting risk control processes designed to manage consumer
compliance risk and considerations regarding violations of laws,
consumer harm, and the size, complexity, and risk profile of an
institution. The consumer compliance rating reflects the effectiveness
of an institution's CMS to ensure compliance with consumer protection
laws and regulations and reduce the risk of harm to consumers.
Principles of the Interagency CC Rating System
The Agencies developed the following principles to serve as a
foundation for the CC Rating System.
Risk-based. Recognize and communicate clearly that compliance
management programs vary based on the size, complexity, and risk
profile of supervised institutions.
Transparent. Provide clear distinctions between rating categories
to support consistent application by the Agencies across supervised
institutions. Reflect the scope of the review that formed the basis of
the overall rating.
Actionable. Identify areas of strength and direct appropriate
attention to specific areas of weakness, reflecting a risk-based
supervisory approach. Convey examiners' assessment of the effectiveness
of an institution's compliance risk management program, including its
ability to prevent consumer harm and ensure compliance with consumer
protection laws and regulations.
Incent Compliance. Incent the institution to establish an effective
consumer compliance program across the institution and to identify and
address issues promptly, including self-identification and correction
of consumer compliance weaknesses. Reflect the potential impact of any
consumer harm identified in examination findings.
Five-Level Rating Scale
The CC Rating System is based upon a numeric scale of 1 through 5
in increasing order of supervisory concern. Thus, 1 represents the
highest rating and consequently the lowest degree of supervisory
concern, while 5 represents the lowest rating and the most critically
deficient level of performance, and therefore, the highest degree of
supervisory concern.\13\ Ratings of 1 or 2 represent satisfactory or
better performance. Ratings of 3, 4, or 5 indicate performance that is
less than satisfactory. Consistent with the previously described
Principles, the rating system incents a financial institution to
establish an effective compliance management system across the
institution, to self-identify risks, and take the necessary actions to
reduce the risk of non-compliance and consumer harm.
---------------------------------------------------------------------------
\13\ The Agencies do not consider an institution's record of
performance under the Community Reinvestment Act (CRA) in
conjunction with assessing an institution under the CC Rating System
since institutions are evaluated separately under the CRA.
---------------------------------------------------------------------------
The highest rating of 1 is assigned to a financial
institution that maintains a strong CMS and takes action to prevent
violations of law and consumer harm.
A rating of 2 is assigned to a financial institution that
maintains a CMS that is satisfactory at managing consumer compliance
risk in the institution's products and services and at substantially
limiting violations of law and consumer harm.
A rating of 3 reflects a CMS deficient at managing
consumer compliance risk in the institution's products and services and
at limiting violations of law and consumer harm.
A rating of 4 reflects a CMS seriously deficient at
managing consumer compliance risk in the institution's products and
services and at preventing violations of law and consumer harm. A
rating of seriously deficient indicates fundamental and persistent
weaknesses in crucial CMS elements and severe inadequacies in core
compliance areas necessary to operate within the scope of statutory and
regulatory consumer protection requirements and to prevent consumer
harm.
A rating of 5 reflects a CMS critically deficient at
managing consumer compliance risk in the institution's products and
services and at preventing violations of law and consumer harm. A
rating of critically deficient indicates an absence of crucial CMS
elements and a demonstrated lack of willingness or capability to take
the appropriate steps necessary to operate within the scope of
statutory and regulatory consumer protection requirements and to
prevent consumer harm.
CC Rating System Categories and Assessment Factors
CC Rating System--Categories
The CC Rating System is organized under three broad categories:
1. Board and Management Oversight,
2. Compliance Program, and
3. Violations of Law and Consumer Harm.
The Consumer Compliance Rating Definitions below list the
assessment factors considered within each category, along with
narrative descriptions of performance.
The first two categories, Board and Management Oversight and
Compliance Program, are used to assess a financial institution's CMS.
As such, examiners should evaluate the assessment factors within these
two categories commensurate with the institution's size, complexity,
and risk profile. All institutions, regardless of size, should maintain
an effective CMS. The sophistication and formality of the CMS typically
will increase commensurate with the size, complexity, and risk profile
of the entity.
Additionally, compliance expectations contained within the
narrative descriptions of these two categories extend to third-party
relationships into which the financial institution has entered. There
can be certain benefits to financial institutions engaging in
relationships with third parties, including gaining operational
efficiencies or an ability to deliver additional products and services,
but such arrangements also may expose financial institutions to risks
if not managed effectively. The prudential agencies, the CFPB, and some
states
[[Page 26558]]
have issued guidance describing expectations regarding oversight of
third-party relationships. While an institution's management may make
the business decision to outsource some or all of the operational
aspects of a product or service, the institution cannot outsource the
responsibility for complying with laws and regulations or managing the
risks associated with third-party relationships.
As noted in the Consumer Compliance Rating Definitions, examiners
should evaluate activities conducted through third-party relationships
as though the activities were performed by the institution itself.
Examiners should review a financial institution's management of third-
party relationships and servicers as part of its overall compliance
program.
The third category, Violations of Law and Consumer Harm, includes
assessment factors that evaluate the dimensions of any identified
violation or consumer harm. Examiners should weigh each of these four
factors--root cause, severity, duration, and pervasiveness--in
evaluating relevant violations of law and any resulting consumer harm.
Board and Management Oversight--Assessment Factors
Under Board and Management Oversight, the examiner should assess
the financial institution's board of directors and senior management,
as appropriate for their respective roles and responsibilities, based
on the following assessment factors:
Oversight of and commitment to the institution's
compliance risk management program;
effectiveness of the institution's change management
processes, including responding timely and satisfactorily to any
variety of change, internal or external, to the institution;
comprehension, identification, and management of risks
arising from the institution's products, services, or activities; and
any corrective action undertaken as consumer compliance
issues are identified.
Compliance Program--Assessment Factors
Under Compliance Program, the examiner should assess other elements
of an effective CMS, based on the following assessment factors:
Whether the institution's policies and procedures are
appropriate to the risk in the products, services, and activities of
the institution;
the degree to which compliance training is current and
tailored to risk and staff responsibilities;
the sufficiency of the monitoring and, if applicable,
audit to encompass compliance risks throughout the institution; and
the responsiveness and effectiveness of the consumer
complaint resolution process.
Violations of Law and Consumer Harm--Assessment Factors
Under Violations of Law and Consumer Harm, the examiner should
analyze the following assessment factors:
The root cause, or causes, of any violations of law
identified during the examination;
the severity of any consumer harm resulting from
violations;
the duration of time over which the violations occurred;
and
the pervasiveness of the violations.
As a result of a violation of law, consumer harm may occur. While
many instances of consumer harm can be quantified as a dollar amount
associated with financial loss, such as charging higher fees for a
product than was initially disclosed, consumer harm may also result
from a denial of an opportunity. For example, a consumer could be
harmed when a financial institution denies the consumer credit or
discourages an application in violation of the Equal Credit Opportunity
Act,\14\ whether or not there is resulting financial harm.
---------------------------------------------------------------------------
\14\ 15 U.S.C. 1691 et seq.
---------------------------------------------------------------------------
This category of the Consumer Compliance Rating Definitions defines
four factors by which examiners can assess violations of law and
consumer harm.
Root Cause. Root cause analyzes the degree to which weaknesses in
the CMS gave rise to the violations. In many instances, the root cause
of a violation is tied to a weakness in one or more elements of the
CMS. Violations that result from critical deficiencies in the CMS
evidence a critical absence of management oversight and are of the
highest supervisory concern.
Severity. The severity dimension of the Consumer Compliance Rating
Definitions weighs the type of consumer harm, if any, that resulted
from violations of law. More severe harm results in a higher level of
supervisory concern under this factor. For example, some consumer
protection violations may cause significant financial harm to a
consumer, while other violations may cause negligible harm, based on
the specific facts involved.
Duration. Duration describes the length of time over which the
violations occurred. Violations that persist over an extended period of
time will raise greater supervisory concerns than violations that occur
for only a brief period of time. When violations are brought to the
attention of an institution's management and management allows those
violations to remain unaddressed, such violations are of the highest
supervisory concern.
Pervasiveness. Pervasiveness evaluates the extent of the
violation(s) and resulting consumer harm, if any. Violations that
affect a large number of consumers will raise greater supervisory
concern than violations that impact a limited number of consumers. If
violations become so pervasive that they are considered to be
widespread or present in multiple products or services, the
institution's performance under this factor is of the highest
supervisory concern.
Self-Identification of Violations of Law and Consumer Harm
Strong compliance programs are proactive. They promote consumer
protection by preventing, self-identifying, and addressing compliance
issues in a proactive manner. Accordingly, the CC Rating System
provides incentives for such practices through the definitions
associated with a 1 rating.
The Agencies believe that self-identification and prompt correction
of violations of law reflect strengths in an institution's CMS. A
robust CMS appropriate for the size, complexity and risk profile of an
institution's business often will prevent violations or will facilitate
early detection of potential violations. This early detection can limit
the size and scope of consumer harm. Moreover, prompt self-reporting of
serious violations represents concrete evidence of an institution's
commitment to responsibly address underlying risks. In addition,
appropriate corrective action, including both correction of
programmatic weaknesses and full redress for injured parties, limits
consumer harm and prevents violations from recurring in the future.
Thus, the CC Rating System recognizes institutions that consistently
adopt these strategies as reflected in the Consumer Compliance Rating
Definitions.
Evaluating Performance Using the CC Rating Definitions
The consumer compliance rating is derived through an evaluation of
the financial institution's performance under each of the assessment
factors
[[Page 26559]]
described above. The consumer compliance rating reflects the
effectiveness of an institution's CMS to identify and manage compliance
risk in the institution's products and services and to prevent
violations of law and consumer harm, as evidenced by the financial
institution's performance under each of the assessment factors.
The consumer compliance rating reflects a comprehensive evaluation
of the financial institution's performance under the CC Rating System
by considering the categories and assessment factors in the context of
the size, complexity, and risk profile of an institution. It is not
based on a numeric average or any other quantitative calculation.
Specific numeric ratings will not be assigned to any of the twelve
assessment factors. Thus, an institution need not achieve a
satisfactory assessment in all categories in order to be assigned an
overall satisfactory rating. Conversely, an institution may be assigned
a less than satisfactory rating even if some of its assessments were
satisfactory.
The relative importance of each category or assessment factor may
differ based on the size, complexity, and risk profile of an individual
institution. Accordingly, one or more category or assessment factor may
be more or less relevant at one financial institution as compared to
another institution. While the expectations for compliance with
consumer protection laws and regulations are the same across
institutions of varying sizes, the methods for accomplishing an
effective CMS may differ across institutions.
The evaluation of an institution's performance within the
Violations of Law and Consumer Harm category of the CC Rating
Definitions considers each of the four assessment factors: Root Cause,
Severity, Duration, and Pervasiveness. At the levels of 4 and 5 in this
category, the distinctions in the definitions are focused on the root
cause assessment factor rather than Severity, Duration, and
Pervasiveness. This approach is consistent with the other categories
where the difference between a 4 and a 5 is driven by the institution's
capacity and willingness to maintain a sound consumer compliance
system.
In arriving at the final rating, the examiner must balance
potentially differing conclusions about the effectiveness of the
financial institution's CMS over the individual products, services, and
activities of the organization. Depending on the relative materiality
of a product line to the institution, an observed weakness in the
management of that product line may or may not impact the conclusion
about the institution's overall performance in the associated
assessment factor(s). For example, serious weaknesses in the policies
and procedures or audit program of the mortgage department at a
mortgage lender would be of greater supervisory concern than those same
gaps at an institution that makes very few mortgage loans and strictly
as an accommodation. Greater weight should apply to the financial
institution's management of material products with significant
potential consumer compliance risk.
An institution may receive a less than satisfactory rating even
when no violations were identified, based on deficiencies or weaknesses
identified in the institution's CMS. For example, examiners may
identify weaknesses in elements of the CMS in a new loan product.
Because the presence of those weaknesses left unaddressed could result
in future violations of law and consumer harm, the CMS deficiencies
could impact the overall consumer compliance rating, even if no
violations were identified.
Similarly, an institution may receive a 1 or 2 rating even when
violations were present, if the CMS is commensurate with the risk
profile and complexity of the institution. For example, when violations
involve limited impact on consumers, were self-identified, and resolved
promptly, the evaluation may result in a 1 or 2 rating. After
evaluating the institution's performance in the two CMS categories,
Board and Management Oversight and Compliance Program, and the
dimensions of the violations in the third category, the examiner may
conclude that the overall strength of the CMS and the nature of
observed violations viewed together do not present significant
supervisory concerns.
Consumer Compliance Rating Definitions
--------------------------------------------------------------------------------------------------------------------------------------------------------
Assessment factors to be considered 1 2 3 4 5
--------------------------------------------------------------------------------------------------------------------------------------------------------
Board and Management Oversight
Board and management oversight factors should be evaluated commensurate with the institution's size, complexity, and risk profile. Compliance
expectations below extend to third-party relationships
--------------------------------------------------------------------------------------------------------------------------------------------------------
Oversight and Commitment........... Board and management Board and management Board and management Board and management Board and management
demonstrate strong provide satisfactory oversight of the oversight, oversight,
commitment and oversight of the financial resources, and resources, and
oversight to the financial institution's attention to the attention to the
financial institution's compliance risk compliance risk compliance risk
institution's compliance risk management program management program management program
compliance risk management program. is deficient. are seriously are critically
management program. deficient. deficient.
[[Page 26560]]
Substantial compliance Compliance resources Compliance resources Compliance resources Compliance resources
resources are are adequate and and staff are and staff are are critically
provided, including staff is generally inadequate to ensure seriously deficient deficient in
systems, capital, and able to ensure the the financial and are ineffective supporting the
human resources financial institution institution is in at ensuring the financial
commensurate with the is in compliance with compliance with financial institution's
institution's size, consumer laws and consumer laws and institution's compliance with
complexity, and risk regulations. regulations. compliance with consumer laws and
profile. Staff is consumer laws and regulations, and
knowledgeable, regulations. management and staff
empowered and held are unwilling or
accountable for incapable of
compliance with operating within the
consumer laws and scope of consumer
regulations. protection laws and
regulations.
Management conducts Management conducts Management does not Management oversight Management oversight
comprehensive and adequate and ongoing adequately conduct and due diligence and due diligence of
ongoing due diligence due diligence and due diligence and over third party third party
and oversight of oversight of third oversight of third performance, as well performance is
third parties parties to ensure parties to ensure as management's critically
consistent with that the financial that the financial ability to deficient.
agency expectations institution complies institution complies adequately identify,
to ensure that the with consumer with consumer measure, monitor, or
financial institution protection laws, and protection laws, nor manage compliance
complies with adequately oversees does it adequately risks, is seriously
consumer protection third parties' oversee third deficient.
laws, and exercises policies, procedures, parties' policies,
strong oversight of internal controls, procedures, internal
third parties' and training to controls, and
policies, procedures, ensure appropriate training to ensure
internal controls, oversight of appropriate
and training to compliance oversight of
ensure consistent responsibilities. compliance
oversight of responsibilities.
compliance
responsibilities.
Change Management.................. Management anticipates Management responds Management does not Management's response Management fails to
and responds promptly timely and adequately respond adequately to changes in monitor and respond
to changes in to changes in and/or timely in applicable laws and to changes in
applicable laws and applicable laws and adjusting to changes regulations, market applicable laws and
regulations, market regulations, market in applicable laws conditions, or regulations, market
conditions and conditions, products and regulations, products and conditions, or
products and services and services offered market conditions, services offered is products and
offered. by evaluating the and products and seriously deficient. services offered.
change and services offered.
implementing
responses across
impacted lines of
business.
Management conducts Management evaluates
due diligence in product changes
advance of product before and after
changes, considers implementing the
the entire life cycle change.
of a product or
service in
implementing change,
and reviews the
change after
implementation to
determine that
actions taken have
achieved planned
results.
--------------------------------------------------------------------------------------------------------------------------------------------------------
[[Page 26561]]
Comprehension, Identification and Management has a solid Management comprehends Management has an Management exhibits a Management does not
Management of Risk. comprehension of and and adequately inadequate seriously deficient comprehend nor
effectively identifies compliance comprehension of and comprehension of and identify compliance
identifies compliance risks, including ability to identify ability to identify risks, including
risks, including emerging risks, in compliance risks, compliance risks, emerging risks, in
emerging risks, in the financial including emerging including emerging the financial
the financial institution's risks, in the risks, in the institution.
institution's products, services, financial financial
products, services, and other activities. institution's institution.
and other activities. products, services,
and other activities.
Management actively Management adequately
engages in managing manages those risks,
those risks, including through
including through self-assessments.
comprehensive self-
assessments.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Corrective Action and Self- Management proactively Management adequately Management does not Management response Management is
Identification. identifies issues and responds to and adequately respond to deficiencies, incapable, unwilling
promptly responds to corrects deficiencies to compliance violations and and/or fails to
compliance risk and/or violations, deficiencies and examination findings respond to
management including adequate violations including is seriously deficiencies,
deficiencies and any remediation, in the those related to deficient. violations or
violations of laws or normal course of remediation. examination
regulations, business. findings.
including remediation.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Compliance Program Compliance Program factors should be evaluated commensurate with the institution's size, complexity, and risk profile. Compliance
expectations below extend to third-party relationships.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Policies and Procedures............ Compliance policies Compliance policies Compliance policies Compliance policies Compliance policies
and procedures and and procedures and and procedures and and procedures and and procedures and
third-party third-party third-party third-party third-party
relationship relationship relationship relationship relationship
management programs management programs management programs management programs management programs
are strong, are adequate to are inadequate at are seriously are critically
comprehensive and manage the compliance managing the deficient at absent.
provide standards to risk in the products, compliance risk in managing compliance
effectively manage services and the products, risk in the
compliance risk in activities of the services and products, services
the products, financial institution. activities of the and activities of
services and financial the financial
activities of the institution. institution.
financial institution.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Training........................... Compliance training is Compliance training Compliance training Compliance training Compliance training
comprehensive, outlining staff is not adequately is seriously is critically
timely, and responsibilities is comprehensive, deficient in its absent.
specifically tailored provided timely to timely, updated, or comprehensiveness,
to the particular appropriate staff. appropriately timeliness, or
responsibilities of tailored to the relevance to staff
the staff receiving particular with compliance
it, including those responsibilities of responsibilities, or
responsible for the staff. has numerous major
product development, inaccuracies.
marketing and
customer service.
[[Page 26562]]
The compliance The compliance
training program is training program is
updated proactively updated to encompass
in advance of the new products and to
introduction of new comply with changes
products or new to consumer
consumer protection protection laws and
laws and regulations regulations.
to ensure that all
staff are aware of
compliance
responsibilities
before rolled out.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Monitoring and/or Audit............ Compliance monitoring Compliance monitoring Compliance monitoring Compliance monitoring Compliance monitoring
practices, management practices, management practices, practices, practices,
information systems, information systems, management management management
compliance audit, and compliance audit, and information systems, information systems, information systems,
internal control internal control compliance audit, compliance audit, compliance audit, or
systems are systems adequately and internal control and internal internal controls
comprehensive, address compliance systems do not controls are are critically
timely, and risks throughout the adequately address seriously deficient absent.
successful at financial institution. risks involving in addressing risks
identifying and products, services involving products,
measuring material or other activities services or other
compliance risk including timing and activities.
management throughout scope.
the financial
institution.
Programs are monitored
proactively to
identify procedural
or training
weaknesses to
preclude regulatory
violations. Program
modifications are
made expeditiously to
minimize compliance
risk.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Consumer Complaint Response........ Processes and Processes and Processes and Processes and Processes and
procedures for procedures for procedures for procedures for procedures for
addressing consumer addressing consumer addressing consumer addressing consumer addressing consumer
complaints are complaints are complaints are complaints and complaints are
strong. Consumer adequate. Consumer inadequate. Consumer consumer complaint critically absent.
complaint complaint complaint investigations are Meaningful
investigations and investigations and investigations and seriously deficient. investigations and
responses are prompt responses are responses are not responses are
and thorough. generally prompt and thorough or timely. absent.
thorough.
Management monitors Management adequately Management does not Management monitoring Management exhibits a
consumer complaints monitors consumer adequately monitor of consumer disregard for
to identify risks of complaints and consumer complaints. complaints is complaints or
potential consumer responds to issues seriously deficient. preventing consumer
harm, program identified. harm.
deficiencies, and
customer service
issues and takes
appropriate action.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Violations of Law and Consumer Harm
--------------------------------------------------------------------------------------------------------------------------------------------------------
[[Page 26563]]
Root Cause......................... The violations are the Violations are the Violations are the Violations are the Violations are the
result of minor result of modest result of material result of serious result of critical
weaknesses, if any, weaknesses in the weaknesses in the deficiencies in the deficiencies in the
in the compliance compliance risk compliance risk compliance risk compliance risk
risk management management system. management system. management system. management system.
system.
Severity........................... The type of consumer The type of consumer The type of consumer The type of consumer The type of consumer
harm, if any, harm resulting from harm resulting from harm resulting from harm resulting from
resulting from the the violations would the violations would the violations would the violations would
violations would have have a limited impact have a considerable have a serious have a serious
a minimal impact on on consumers. impact on consumers. impact on consumers. impact on consumers.
consumers.
Duration........................... The violations and The violations and The violations and The violations and The violations and
resulting consumer resulting consumer resulting consumer resulting consumer resulting consumer
harm, if any, harm, if any, harm, if any, harm, if any, have harm, if any, have
occurred over a brief occurred over a occurred over an been long standing been long standing
period of time. limited period of extended period of or repeated. or repeated.
time. time.
Pervasiveness...................... The violations and The violations and The violations and The violations and The violations and
resulting consumer resulting consumer resulting consumer resulting consumer resulting consumer
harm, if any, are harm, if any, are harm, if any, are harm, if any, are harm, if any, are
isolated in number. limited in number. numerous. widespread or in widespread or in
multiple products or multiple products or
services. services.
--------------------------------------------------------------------------------------------------------------------------------------------------------
[End of proposed text.]
Dated: April 28, 2016.
Federal Financial Institutions Examination Council.
Judith E. Dupre,
FFIEC Executive Secretary.
[FR Doc. 2016-10289 Filed 5-2-16; 8:45 a.m.]
BILLING CODE 7535-01-P 6714-01-P; 6210-01-P 4810-33-P; 4810-AM-P
