The Expanded Scope of the Compliance Management System - Information Technology

The Consumer Financial Protection Bureau (CFPB) created its compliance management system (CMS) to support financial institutions in maintaining regulatory compliance.

Paul Noring and Vincent Urbancic write that the integration of CMS into the business strategies of financial institutions ensures their establishment and the communication of compliance responsibilities; incorporation of these responsibilities into business processes; review of operations to ensure fulfillment of compliance requirements; and review, correction, and adaptation of new systems and tools, as necessary. Both the CMS and the new Compliance Management Review (CMR-IT) include five modules: Board and Management Oversight, Compliance Program, Service Provider Oversight, Violations of Law and Consumer Harm, and Examiner Conclusions and Wrap-Up.

The CFPB, with the September 2021 release of the Information Technology section of its examination manual, aims to oversee the impact that an institution’s information technology has on compliance with federal consumer laws. The IT examination procedures allow the CFPB and financial entities to evaluate the technological controls of an entity and its service providers as part of their overall CMS.

Numerous enforcement actions have been associated with deficiencies in the CMSs of institutions. The CFPB also has published articles on the importance of CMS. One recent example is the June 2021 supervisory highlights, which mention CMS seven times, highlighting its importance to the CFPB. Institutions within the scope of the CFPB supervision should pay attention to these new assessments.