Tips to Conduct a Meaningful Compliance Risk and Gap Assessment
After the arrival of Reg F, agencies across the ARM landscape have been busy evaluating and implementing new technologies and modifying their workflows to comply with the latest CFPB rulings. However, the hustle to comply with Reg F can inevitably create new blind spots and add potential risk to your overall compliance profile. Conducting an internal risk and gap assessment can help you avoid regulators’ and consumer attorneys’ radar.
To discuss the laws, rules and regulations agencies should consider in their assessments, Research Assistant and insideARM hosted a webinar with Sara Woggerman (Executive Director of iA Research Assistant and President of ARM Compliance Business Solutions) and Missy Meggison (General Counsel and Executive Editor at insideARM and Executive Director of the Consumer Relations Consortium). The following summarizes key excerpts from the webinar that are geared towards helping you start working on a risk and gap assessments more effectively.
Tips for doing homework before you begin
Before you start with any risk and gap assessment (RGA), make sure your policies and procedures are logged and categorized properly. As you begin the assessment exercise, assessment responsibilities should be assigned and priorities well established. Given RGA is an operational audit function, do not include client requirements in this process.
As you confirm the scope of the assessment, make sure you pin down the CFPB exam manual, major cases, and state regulations under the scope. Communicate with the operations team in advance about risk and gap assessments as you choose a time for RGA that ensure minimal interruption in your “peak” performance hours.
Tips for preparing assessment questions
Familiarize yourself with the background material. As you get through all of your source material, review the content of each of your procedures and draft assessment questions to fit the size and complexity of your agency. When building your assessment log, list as many "Who," "What," "Why," and "How" questions. For each question around policies, procedures, training, audit, and systemic controls, determine what you will need to "evidence" your compliance.
Tips for executing the assessment
As a next step, study the CFPB Exam Manual and subsequently review your policies, procedures, internal controls, and training materials to uncover gaps and potential risks. As you review everything mentioned above, make sure you know clear expectations about compliance with Federal consumer financial laws and enforceable consequences for violating any compliance-related responsibilities.
Next, identify and evaluate your organization’s significant gaps. Missing critical policies, audit controls, etc. should stand out at this point in your assessment. Subsequently, assign someone to start drafting policies and procedures to remediate any significant deficiencies in your current compliance profile.
Are you looking for a partner to assist in your compliance assessment process? Provana’s comprehensive Reg F compliance audit solutions are here to help. Learn more and schedule your personalized demo here.