Consumer Protection
Addressing Major Areas
of Concern for Banks
Introduction
The Consumer Finance Protection
Bureau (CFPB) was established as
an integral element of the DoddFrank Wall Street Reform and
Consumer Protection Act of 2010
(Dodd-Frank Act).
The CFPB, with a broad mandate
encompassing writing rules, supervising
companies and enforcing consumer
financial protection laws, can be seen as a
direct response to lending and marketing
practices that contributed to the 2008
financial crisis, including increased access
to credit and rapid expansion of consumer
and mortgage debt.
Consumer protection has been evolving
over the past 20 years, shaped by events
such as the Enron collapse, the crisis
in subprime mortgage lending, and the
insolvency of mortgage guarantors
Fannie Mae and Freddie Mac.
The CFPB, charged with protecting the
interests of the individual consumer,
is one more addition to the large group of
regulatory bodies responsible for writing
and enforcing rules and regulations related
2
to financial services. As each law
is enacted – typically with multiple
regulations – rulemaking authority
can be delegated to one agency with
enforcement carried out by others.
For example, enforcement of the Truth
in Lending Act, aimed at promoting the
informed use of consumer credit products,
is the responsibility not only of the CFPB
but also of the Federal Reserve, the Federal
Deposit Insurance Corporation (FDIC),
the Office of the Comptroller of the
Currency (OCC) and the National Credit
Union Administration (NCUA).1 Similarly,
the Fair and Accurate Credit Transactions
Act (FACTA) – designed to give consumers
credit information in a fair, timely and
accurate manner – is enforced by the
Federal Trade Commission (FTC), the Federal
Reserve, the FDIC, the OCC, the NCUA and
the CFPB.2
Voices from the Industry
In discussions with industry leaders, we asked them about issues they face in
relation to consumer protection. Below, are paraphrased comments captured.
“In our company, consumer protection is the responsibility of all executives”
“We need better testing and controls to self-identify issues before
customers and regulators do”
“We have trouble keeping track of consumer protection regulations as
they are created”
“Our process is ad-hoc and we need something sustainable for
the long-term”
“We have a process but it is not as rigorous as it should be”
“Our process seems to be very demanding and inefficient”
“We are running into resource constraints given the pace of consumer
protection regulations”
“To reduce the risk in the manual process of tracking customer complaints,
we have centralized the team that handles these issues”
“We are focusing attention on consumer protection and hiring more FTEs”
“We have no automated way of tracking consumer protection issues”
“We are trying to create a vision at the top to filter down through
the company”
“Reports exist but they are manually aggregated”
3
The Effects of Consumer Protection
The key elements of consumer
protection can be summarized
as follows:
• Establishing the right policies
to direct the behavior of
the business;
• Making better decisions around
client management issues;
• Improving information
gathering and aggregation;
• Identifying patterns indicating
potential problems;
• Responding promptly to
customer complaints; and
• Being able to rapidly change
and universalize new policies.
To get all of these elements
in place and operating in a
complementary manner, banks
need to work through systematic
changes in the following areas.
Governance
One common feature of consumer
protection regulation is that regulators
have requested fewer points of contact
with bank personnel. The regulators
seek a centralized information repository
to respond to their requests. Consumers
have also pushed regulators to limit
compensation paid to bank executives.
Under these pressures, banks may need
to anticipate new regulations so that they
can set future strategies. In our view, the
damage to larger banks’ reputations has
caused some consumers to switch, or to
consider switching, to smaller community
or regional banks, and other disruptions
can be expected. Banks may also want
to consider new governance practices
to respond to these changes, including:
•Moving to a more customer-centric
model in which the bank offers a
uniform package of products and
services to consumers;
•Taking innovative approaches to
compensating and retaining top talent;
•Establishing a centralized entity within
the bank to understand all regulations
and create a cohesive approach to
dealing with regulatory concerns; and
•Incorporating rules applicable to
consumer protection into an enhanced
new process for assessing potential
product and/or service introductions.
4
Customer
Communication
Consumer protection regulations
have affected the way banks handle
their interactions with customers.
Regulatory changes, for example,
have increased banks’ requirements to
disclose fees, conflicts of interest, product
descriptions, obligations and collection
practices.3 Broadly speaking, terms and
conditions should be easier to interpret,
and annual reports and statements
should contain clear information on
investment objectives, strategies, costs,
risks and compensation structures.3
The regulations dramatically affect banks’
credit card businesses. Consumers must
be readily able to opt out of particular
product features such as credit card
over-limit liability, and banks cannot hand
out credit card applications on college
campuses and card prospects must be
21 years of age or prove that they have
an income and can pay for debt incurred.4
These types of regulations can restrict a
bank’s ability to market their products.
Banks also are required to collect more
information during customer screening
process, including new elements such as
the Social Security Number, the prospect’s
occupation, his or her income and ability
to pay, current housing payment and proof
of address.5
In our view, these changes may cause
some banks to re-think their participation
in certain product or market segments.
Most changes have affected mortgages
and credit cards, usually seen as the
most problematic products, but similar
changes can be expected for student loans,
car loans and personal loans. Banks may
need to re-word scripted offer letters
as well as their call center scripts, and
may need to train and monitor sales
and collection personnel more closely.
High-performance customer communications
practices banks may want to consider include:
• Leveraging legal counsel to determine what
needs to be disclosed in public reports;
•Creating new applications and strategies
to reflect new customer attributes as
well as new decision-making criteria;
•Determining new ways to originate
younger credit card applicants, as many
prospects will not have sufficient credit
at age 21; and
•Incorporating social media and digital
communications as means to inform
and respond to consumers.
Operations
Consumer protection rules and
regulations have also changed the basic
ways that banks conduct their business.
For example, customers must now be
able to learn the reasons they have been
denied credit, and must be given access
to their credit scores.6 In the interests
of fair lending, banks generally cannot
give better rates to specific customers
except for risk-related reasons. Disclosure
of required information must be accurate
and made in a timely manner. Regulators
may also determine what private wealth
advisors can sell to consumers.
With these rules in place, we believe
banks’ client acquisition strategies may
shift or become more selective based
on product changes. In addition to
new processes to support delivery of
legally required disclosures on a timely
basis, banks may need to generate more
macroeconomic data. This data would
be overlaid on forecasts to help predict
what may happen under stress situations,
such as higher unemployment rates or
continued decreases in housing prices.
Based upon our work in this area, banks’
leading practices in operations include:
•Finding ways to replace lost revenue
streams by exploring other revenue
sources, such as checking accounts;
•Developing more sophisticated credit
card acquisition strategies to ensure
customers are offered the most
appropriate product and price point;
•Modifying the range of products
and services offered by advisors;
Policies and
Procedures
Consumer protection rules and regulations
have changed the way banks conduct
business. Banks now operate under
increased regulatory scrutiny, and
consumers have access to government
programs to help educate them and alert
them to possible deceptive practices and to
abusive and/or illegal collection procedures.
Regulators are creating rules that require
financial institutions to retain a portion of
the risk of the accounts they originate.7
This increased scrutiny has slowed business
processes. Requirements stemming from
new regulations such as Foreign Account
Tax Compliance Act (FATCA) and Legal Entity
Identifier (LEI) need to be incorporated
into existing processes such as client
on-boarding.8 Banks now have a greater
incentive to originate accounts responsibly.
In our view, high-performance banks
have adopted new policies and
procedures including:
•Communicating to regulators how current
and future processes affect consumers;
•Automating processes to increase
efficiencies and reduce potential errors;
•Providing annual training to review new
duties, obligations and regulations; and
•Enhancing operational risk practices,
both to manage new exposures from
consumer protection requirements
and to update Risk and Control
Self-Assessment (RCSA).
•Being more selective about which
clients to take on board; and
•Training people in what can and
cannot be said to customers in
providing them with advice.
5
Data, Technology
and Reporting
As regulators scrutinize financial
institutions, they are asking for new
data sets and more refined data elements,
which they will use to compare banks
with each other. The CFPB, for example,
has developed a new complaint database
for mortgages, credit cards, bank
accounts, and automobile, consumer
and student loans.9 While the extent
to which the CFPB leverages and acts
upon this complaint database is still to
be determined, the regulators will have
a new tool to determine what may be
best for consumers.9 The database could
help prevent new unethical or deceptive
practices from occurring. Regulators
now also require new internal and external
reporting, which may need to be consistent
across business units and/or functions
such as compliance, credit risk, market risk,
regulatory risk and operational risk.10
Regulatory requests will cause banks to
create new reporting tools, processes and
procedures. To support flexible reporting
and analytics capabilities, banks will need
to capture data at the transaction level
with the same level of consistency for all
products and will also need to be able to
provide summaries on demand.10
Leading data, technology and reporting
practices include:
•Overlaying more macroeconomic data
onto forecasts to predict what will
happen under conditions of higher
unemployment, or in case of other
economic shocks such as sharp
decreases in home values; and
•Developing increased scalability
and flexibility for IT architecture to
address changing business needs.
•Creating a mitigation plan to address
concerns arising from the CFPB
complaint database - banks can
access this database and can share
the mitigation plan with regulators
to decrease regulatory scrutiny;
•Focusing on increased accuracy and
consumer confidence by transforming
data architecture to seek source system
consolidation and the development of
a “single version of the truth”, or access
to a single centralized data base for
each key reporting subject area;
The Importance of Consumer Protection
Banks and other financial institutions have
an obvious incentive to follow consumer
protection rules and regulations: the need
to avoid possibly onerous fines. The direct
impact of noncompliance can be enormous.
Actions can be brought against financial
institutions resulting in fines, penalties and
equitable remedies. In FY 2013, CFPB Civil
Penalty Fund deposits totaled more than
$49 billion collected from institutions.11
These fines and penalties can disrupt
operations, affect quarterly earnings
and decrease market capitalization.
6
Consumer protection can also have a
direct impact on banks’ public image
and reputation. One of the CFPB’s primary
goals is to collect, monitor, and respond/
share data associated with customer
inquiries and complaints.12 This means that
public complaints will be much more open
and that customers will consider these
complaints when making banking choices.
Finally, as consumer protection regulations
have been introduced, there has been
a fundamental shift in the way banks
can make money. For example, because
banks can no longer charge over-limit
fees without customer consent, they
must either find new sources of revenue
or re-think their current business models.
Consumer Protection Programs
The Elements of Success
Through our work with banks
and other financial institutions –
and our research into leading
industry practices in the area
of consumer protection – we
have identified four key
characteristics of successful
consumer protection programs.
1. Leadership Buy-In
The bank’s executive leadership
demonstrates the importance of consumer
protection and its place in the regulatory
environment. Business owners and the
heads of lines of business – those with
direct responsibility for the customer
relationship experience – demonstrate
similar commitment. To achieve this buy-in,
training is conducted at different levels and
different areas throughout the organization.
This commitment extends to call center
managers and staff, as they have direct
contact with customers.
2. Being Proactive
Organizations should be proactive
in identifying issues before they are
identified by the regulators. This not
only helps solve issues before they affect
customers, but mitigates them before
they come to regulators’ attention.
Showing regulators that this proactive
approach is in place creates a stronger
bond of trust with the regulatory bodies.
Successful organizations are also proactive
in self-assessments and in mitigating
issues and instituting the changes needed.
Some organizations, for example, may
set up processes and checkpoints that
screen and verify bank interactions
with customers to help ensure these are
compliant with current regulations.
3. Staying WellInformed
We have observed that successful
organizations are informed about the issues
related to consumer protection that directly
affect their operations. They compile data
that is easily accessible, objective, accurate
and timely. They use key risk indicators
(KRIs) at a level which gives executives
the ability to understand what is happening
and to take the appropriate actions, and
all stakeholders (including lines of business)
know each other’s roles and responsibilities.
4. Establishing a
Coordinated Process
Successful banks coordinate their efforts
to remediate outstanding issues and
implement fixes in all areas of the
organization. An issue recognized as
a potential problem in the mortgage
business, for example, may also be a
potential problem in the credit card
business. Coordination helps reduce costs
and increases efficiency while addressing
issues in a timely fashion. This includes
integrating upcoming regulations with
existing regulations to understand their
full implication. Issues are dealt with no
matter where they are identified – whether
by a line of business, by a regulator, or by
a customer – and the organization draws
upon its expertise with Big Data to manage
the full range of consumer protection issues.
7
How Accenture Can Help
In our work helping banks
and other financial institutions
deal with consumer protection
issues, we often take a
four-step approach.
First, a single, internal regulatory team is
formed to help bank entities understand
and deal with regulatory requirements
and maintain relationships with regulators.
Second, proper operations, policies,
procedures and governance need to
be established to address current and
planned regulatory changes and to set up
appropriate training.
Third, data, technology and reporting
architectures should be refined to
enable the reporting capabilities
needed to meet the demands of the
business and of the regulators.
Fourth, the interactions among entities
need to be clearly defined and assigned the
appropriate global policy, with procedures
detailing roles and responsibilities. KRIs
can be created for both the CFPB system as
well as for internal complaint systems.
8
Before this approach gets under way,
an initial assessment can help the bank
benchmark its own practices against those
of leading institutions. When issues are
identified, Accenture and the bank develop
a roadmap of forward-looking initiatives
to deal with the full range of consumer
protection issues.
Design of target state functions may
include a detailed governance structure,
with appropriate policies and procedures
to deal with consumer protection; a data
management architecture to help the
company identify issues before they are
identified by CFPB monitoring systems; and
a reputational risk program for dealing with
negative public information.
As initiatives move into implementation,
Accenture can help train staff for new
functions, processes and procedures; bring
new technology into place to support the
needs of the new functions; integrated
automated reporting; and support
enhanced operating models.
Conclusion
In our view, consumer protection is here to
stay and will grow in significance over the
years to come. The trend towards consumer
protection is highly complex and is evolving
rapidly, with implications for many different
operations at financial institutions.
Despite the challenging nature of the
subject, banks can align themselves
with consumer protection trends and
improve their positioning relative to
competitors. Those banks that do so –
taking a strategic and proactive, rather
than tactical and reactive approach to
consumer protection – should create a
significant competitive advantage for
themselves and their stakeholders.
9
Notes
1. “ Appraisals for Higher-Priced Mortgage
Loans,” Consumer Financial Protection
Bureau. Published Amendment - Effective
Date, 18 January 2014. The full and amended
legislation can be found at Electronic code
of Federal Regulations, U.S. Government
Printing Office, Part 1026 – Truth in Lending
(Regulation Z). Accessed at: http://www.
ecfr.gov/cgi-bin/text-idx?c=ecfr&tpl=/
ecfrbrowse/Title12/12cfr1026_main_02.tpl.
2. “ Fair and Accurate Credit Transactions Act
of 2003,” United States Government Printing
Office, Public Law 108-159-Dec. 4, 2003.
Accessed at: http://www.gpo.gov/fdsys/pkg/
PLAW-108publ159/pdf/PLAW-108publ159.
pdf. Financial Institution Letters, “Fair and
Accurate Credit Transactions Act,” (FIL-1302004), December 13, 2004, Federal Deposit
Insurance Corporation. Accessed at: http://
www.fdic.gov/news/news/financial/2004/
fil13004.html. “OCC Approves Final Rules
and Guidelines Implementing Accuracy
and Integrity Provisions of the FACT Act,”
Office of the Comptroller of the Currency,
press release, NR 2009-64, June 10,
2009. Accessed at: http://www.occ.gov/
news-issuances/news-releases/2009/nrocc-2009-64.html. “FACT Act – Risk Based
Pricing Notices,” NCUA website. Accessed
at: http://www.ncua.gov/Legal/Documents/
Regulatory%20Alerts/RA2010-15Encl1.pdf.
“CFPB Tasked with FCRA Interpretation –
FTC Issues Staff Report to Aid Transition,”
InfoLawGroup, July 26, 2011. Accessed at:
http://www.infolawgroup.com/2011/07/
articles/fcra-and-facta/cfpb-tasked-withfcra-interpretation-ftc-issues-staff-reportto-aid-transition/.
3. “Consumer Credit Protection, U.S.C. 15,
Chapter 41,” available in Legal Information
Institute Cornell University. Accessed at:
http://www.law.cornell.edu/uscode/text/15/
chapter-41. “Electronic code of Federal
Regulations,” U.S. Government Printing
Office, Part 227-Unfair or Deceptive Acts
or Practices (Regulation AA). Accessed at:
http://www.ecfr.gov/cgi-bin/retrieveECFR?gp
=&SID=cc2cc4e65e6df4ccdc9c7e6c0f30995
f&n=12y3.0.1.1.8&r=PART&ty=HTML.
4. “Credit Card Accountability Responsibility
and Disclosure Act of 2009,” Act enacted
by the Senate and House of Representatives
of the United States of America, United
States Government Printing Office, H.R. 627,
January 6, 2009. Accessed at: http://www.
gpo.gov/fdsys/pkg/BILLS-111hr627enr/pdf/
BILLS-111hr627enr.pdf. See also US.C. 15,
Chapter 41 supra.
5. “Bureau of Consumer Financial Protection,
Truth in Lending (Regulation Z),” 12 CFR Part
1026, Billing Code: 4810-AM-P. Accessed at:
http://files.consumerfinance.gov/f/201304_
cfpb_credit-card-ability-to-pay-final-rule.
pdf. See also Electronic code of Federal
Regulations, U.S. Government Printing Office,
Part 1026 –Truth in Lending (Regulation
Z) ss1026.51 “Ability to Pay”. Accessed at:
http://www.ecfr.gov/cgi-bin/retrieveECFR
?gp=1&SID=cbf76e754fdc976d4fa84a9c
28893ae2&ty=HTML&h=L&r=PART&n=1
2y9.0.1.1.1#12:9.0.1.1.1.7.1.7.
6. “A summary of Your Rights Under the
Fair Credit Reporting Act,” Federal Trade
Commission. Accessed at: http://www.ftc.
gov/sites/default/files/documents/one-stops/
credit-reporting/pdf-0096-fair-creditreporting-act.pdf. Full text of the Fair Credit
Reporting Act published by the Federal Trade
Commission can be accessed at http://www.
ftc.gov/sites/default/files/fcra.pdf.
7. “Regulators
Propose New Risk Retention
Rule,” Steve Quinlivan, August 28, 2013,
Stinton Leonard Street website. Accessed at:
http://dodd-frank.com/regulators-proposenew-risk-retention-rule/.
10
8. “FATCA Information for the U.S. Financial
Institutions and Entities,” Internal Revenue
Service. Accessed at: http://www.irs.gov/
Businesses/Corporations/FATCA-Informationfor-United-States-Entities. “FATCA Information
for Foreign Financial Institutions and Entities,”
Alert Notice 2013-69, Internal Revenue
Service. Accessed at: http://www.irs.gov/
Businesses/Corporations/Information-forForeign-Financial-Institutions. “Frequently
Asked Questions: Global Legal Entity Identifier
(LEI),” U.S. Department of the Treasury,
February 2013. Accessed at: http://www.
treasury.gov/initiatives/ofr/data/Documents/
LEI_FAQs_February2013_FINAL.pdf.
9. “Semi-Annual Report of the Consumer
Financial Protection Bureau,” July 1, 2012
– December 31, 2012. Accessed at: http://
files.consumerfinance.gov/f/201303_CFPB_
SemiAnnualReport_March2013.pdf. The
database can be accessed here: http://www.
consumerfinance.gov/complaintdatabase/.
10. “ CFPB Supervision and Examination
Manual,” Consumer Financial Protection
Bureau, Version 2, October 2012.
Accessed at: http://files.consumerfinance.
gov/f/201210_cfpb_supervision-andexamination-manual-v2.pdf.
11. “CFO update for the fourth quarter of fiscal
year 2013,”Consumer Finance Protection
Bureau, July 1 – Sep 30, 2013, Issued:
December 19, 2013. Accessed at: http://files.
consumerfinance.gov/f/201312_cfpb_cfoq4-update.pdf
12. “Strategic Plan, Budget, and Performance
Plan and Report,” Consumer Financial
Protection Bureau, March 2013 –“Goal 3”
page 62 onwards. Accessed at: http://files.
consumerfinance.gov/f/strategic-plan-budgetand-performance-plan-and-report.pdf.
About the Authors
Fred Kim
Fred is a managing director, Accenture
Finance & Risk Services, North America
banking industry lead. Based in Chicago,
Fred has broad and deep consulting and
industry experience in financial services
and risk management across North America
where he worked with global and large
regional banks to transform their risk
management and lending capabilities.
His extensive experience in credit risk,
operational risk, and regulatory compliance
helps executives and their firms become
high-performance businesses.
Gabe Jacobsen
Gabe is a manager, Accenture Finance
& Risk Services, based in Chicago.
With a strong focus on finance, strategy,
risk management and performance
management, Gabe brings his specialized
functional experience to help financial
institutions define, design and implement
their target operating model assignments.
Christopher Beck
Chris is a manager, Accenture Finance
& Risk Services, based in Chicago.
Specialized in strategy planning,
operational risk management and
compliance risk management, Chris
brings his solid experience and skills in
these areas to help financial institutions
define and implement their governance
and risk management structures.
11
About Accenture
Accenture is a global management
consulting, technology services and
outsourcing company, with more than
323,000 people serving clients in more
than 120 countries. Combining unparalleled
experience, comprehensive capabilities
across all industries and business functions,
and extensive research on the world’s
most successful companies, Accenture
collaborates with clients to help them
become high-performance businesses and
governments. The company generated net
revenues of US$30.0 billion for the fiscal
year ended Aug. 31, 2014. Its home page is
www.accenture.com.
Stay Connected
Join Us
https://www.facebook.com/
accenturestrategy
www.facebook.com/accenture
Follow Us
www.twitter.com/accenture
Watch Us
www.youtube.com/accenture
onnect With Us
C
http://www.linkedin.com/
groups/Accenture-Finance-RiskServices-3753715?gid=3753715
Disclaimer
This document is intended for general
informational purposes only and does not
take into account the reader’s specific
circumstances, and may not reflect the most
current developments. Accenture disclaims,
to the fullest extent permitted by applicable
law, any and all liability for the accuracy
and completeness of the information in this
document and for any acts or omissions
made based on such information. Accenture
does not provide legal, regulatory, audit,
or tax advice. Readers are responsible for
obtaining such advice from their own legal
counsel or other licensed professionals.
Copyright © 2015 Accenture
All rights reserved.
Accenture, its logo, and
High Performance Delivered
are trademarks of Accenture.
14-1998