Evaluating Impact of Consumer Harm.pdf

Full Transcript

II. Consumer Compliance Examinations - Evaluating Impact of Consumer Harm
Evaluating Impact of Consumer Harm
Introduction
The FDIC has a risk-focused consumer compliance
examination approach, based on the potential for compliance
errors to have an adverse impact on banking customers. The
following guidance is provided to assist compliance examiners
in understanding the impact of consumer harm 1 on
examination and supervisory responsibilities. In addition, this
guidance communicates to examiners information about bank
activities or omissions that can frequently result in consumer
harm. Examination activities promote and confirm FDICsupervised institutions’ compliance with federal consumer
protection and fair lending laws, the Community Reinvestment
Act, and the regulations that implement these requirements.
Effective supervision focuses on the areas requiring elevated
supervisory attention and promotes the efficient use of
resources.
What is Consumer Harm?
The FDIC’s consumer compliance examination process is riskfocused based on the potential for consumer harm. “Consumer
Harm” is an actual or potential injury or loss to a consumer,
whether such injury or loss is economically quantifiable (e.g.,
overcharge) or non-quantifiable (e.g., discouragement). It may
be caused by a financial institution’s violation of a federal
consumer protection law or regulation directly or through a third
party or reflects weaknesses in a financial institution’s
compliance management system. . Consumer Harm may occur
in a variety of ways, including:
1. Quantifiable harm – Economic harm to a consumer where
the injury or loss can be measured. For example, a consumer
may suffer monetary harm as a result of deceptive marketing
practices that entices a consumer to purchase a product
without having accurate information regarding the benefits,
costs, or terms of the product in violation of Section 5 of the
Federal Trade Commission Act. Similarly, if a bank
employs a pricing structure that allows significant discretion,
without effective monitoring or controls, resulting in a
protected class of borrowers being charged higher prices on
average than similarly situated non-protected borrowers in
violation of the Equal Credit Opportunity Act, then the
higher prices paid by the protected class of borrowers over
similarly situated non-protected borrowers is quantifiable
consumer harm.

1

Regarding Consumer Harm as discussed in this manual, “consumers” include
persons, as well as commercial customers (e.g., corporations, partnerships,
trusts, etc.) which may be eligible for protections under certain laws and
regulations (e.g., Section 5 of the FTC Act, the Flood Act, ECOA, etc.).
“Consumer Harm” is an actual or potential injury or loss to these consumers,
whether such injury or loss is economically quantifiable (e.g., an overcharge)
or non-quantifiable (e.g., discouragement).

FDIC Consumer Compliance Examination Manual – June 2019

2. Non-quantifiable harm – Injury or loss to the consumer that
cannot be measured, or is very difficult to measure, yet the
consumer may suffer some form of economic or other harm.
For example, a consumer could be injured economically
when a financial institution unfairly denies the consumer
credit or discourages an application on a prohibited basis in
violation of the Equal Credit Opportunity Act, however
calculating a monetary value for the injury may be
challenging. Another example may be a bank that imposes
additional, unlawful requirements on consumers before the
bank is willing to consider the consumers’ billing disputes or
requirements that are not accurately divulged in the bank’s
error resolution disclosures. The practices could discourage a
consumer from filing a dispute. Consumer harm exists, but
may be difficult to identify and/or quantify.
3. Potential harm – Involves financial institution activities
(or failure to take action) that create the possibility that a
consumer may be harmed. An example of potential
consumer harm is a violation of the regulations that
implement the National Flood Insurance Act of 1968
where the financial institution failed to require flood
insurance on a residence at loan closing. The consumer
has not suffered actual loss but is exposed to potential
economic loss should a flood occur.
Consumer harm is a broad concept and the examples provided
here are not exhaustive. Among key points are that consumer
harm is not limited to monetary loss, can be quantifiable or
non-quantifiable, can be actual harm or potential harm, and
may be caused by activities conducted through third-party
relationships.
How does Consumer Harm Impact Examination Activities?
The concept of consumer harm is an important consideration in
all examination and enforcement efforts, including
examination strategies, examination scoping activities,
assessment of the CMS, content of examination reports,
supervisory actions, and communications with bankers. The
FDIC’s mission of promoting public confidence in the
financial system is best served through a supervisory approach
focused on identifying, addressing, and preventing consumer
harm.
• Identification – Supervisory and examination activities are
driven by a focus on identifying the inherent risk of
consumer harm that may occur in a financial institution’s
business activity. Inherent risk is the compliance risk
associated with product and service offerings, practices, or
other activities that could directly or indirectly result in
significant consumer harm or noncompliance with
consumer protection rules and regulations. For example,
a new loan product, a change to deposit account terms, or
a third party relationship all represent inherent risk.
• Addressing identified risks – When inherent risks of
consumer harm are identified, examiners will ensure the

II - 2.1

II. Consumer Compliance Examinations - Evaluating Impact of Consumer Harm
institution takes appropriate action to address or mitigate
these risks. Corrective action for violations of law and
regulations should remediate consumer harm when it
occurs and remove underlying incentives to engage in
practices harmful to consumers. Where there is a
violation of law or regulation, the extent and severity of
consumer harm informs the type and scope of
enforcement action sought to correct the violation.
• Prevention –Mitigating factors are the strength of the
compliance management system (CMS) to mitigate
inherent risk. Examples of mitigating factors include
strong management controls, effective training programs,
and on-going monitoring efforts. Supervisory efforts
should encourage institutions to have an effective CMS to
avoid and mitigate risks of consumer harm. To support
that effort, examination and other staff communicate
information and best practices in a variety of settings to
assist institutions in managing risks of consumer harm
when conducting their business. Identifying, addressing,
and preventing consumer harm is an important
consideration in all examination and enforcement
activities, as identified in the following diagram and
discussed below.

reviews, visitations, investigations, and offsite analysis of how
the bank manages its consumer compliance responsibilities.
The timing and frequency of these activities can be adjusted
based upon indications of risk of consumer harm, such as
consumer complaints, referral from other divisions or agencies,
changes in the institutions’ products, services, or markets, or
reliance on third parties to offer products and services to
consumers. Supervisory strategies should be flexible to
respond to indications of increasing or decreasing risk of
consumer harm.
Examination Scoping Activities
All applicable federal consumer compliance laws and
regulations are considered in connection with any bank
compliance examination through the risk scoping process.
However, the FDIC’s supervisory approach apportions
resources to areas of higher risk for consumer harm rather than
to uncovering technical issues in meeting regulatory
requirements. This approach also results in the identification of
the most serious violations of federal consumer compliance
laws and regulations during the examination. If financial
institutions understand the potential for consumer harm and
choose to develop and implement institution-specific plans,
policies, and processes to prevent and mitigate consumer harm
based on their risk profiles, it may assist institutions in avoiding
risk and promoting compliance with the federal consumer
protection regulations.
Examiners have several tools available to assist them in
identifying risks of consumer harm. Examiners evaluate risks
of consumer harm through an analysis of an institution’s
historical CMS, the products and services currently offered, the
markets served, and existing and new third-party relationships.
Examiner judgment is the most critical aspect of properly
evaluating an institution’s risk profile. The FDIC’s approach
tailors the examination to focus primarily on those areas that
present the highest risk of consumer harm, as examiners are
unable to review all aspects of an institution’s CMS at any
given examination. The pre-examination planning process,
which includes review of the pre-exam questionnaire with bank
management and preparation of the automated Compliance Information
and Document Request (CIDR), guides examiners in requesting
the information necessary to identify areas of the greatest risk
of potential consumer harm.

Supervisory Strategies
The FDIC’s supervisory strategies are designed to promote
compliance with consumer protection laws and regulations in
FDIC-supervised institutions. Activities used to implement
FDIC supervisory strategies include examinations, targeted

II - 2.2

In scoping examinations, examiners consider the inherent risks
associated with product and service offerings or other activities
that could directly or indirectly result in consumer harm.
Inherent risk refers to the risk that a product, service, practice,
or other activity would pose if no controls or other mitigating
factors were in place. Examiners also focus on whether a bank
is effectively and independently managing or mitigating the
risk of consumer harm that comes from the products and
services the institution offers and markets in which they serve.
After considering an institution’s inherent risks, and the
strength of its CMS, residual risk exposure may remain.

FDIC Consumer Compliance Examination Manual – June 2019

II. Consumer Compliance Examinations - Evaluating Impact of Consumer Harm
Residual risk refers to the risk exposure that remains after
identifying the level of inherent risk and factoring in the
strength of the mitigating factors to control that risk. The
guiding principle is a risk scoping formula: inherent risk –
mitigating factors = residual risk. For example, a bank
introduces a new overdraft program with no due diligence, no
monitoring or auditing, and numerous customer inquiries. This
example represents a high risk product without effective CMS
elements to mitigate inherent risk; therefore, a higher level of
residual risk remains, and this product warrants review and
transaction testing during an examination. As part of the
examination scoping process, examiners focus on areas where
residual risk is elevated and not on areas where risk is wellcontrolled and residual risk of consumer harm is low.
Examination Procedures
Examination procedures are drafted and implemented in a
manner to guide examiners in assessing the risk of consumer
harm in the conduct of the examination. Well-crafted
examination procedures that are focused on risks and potential
for consumer harm promote the efficient use of resources,
identification of root causes of deficiencies, and allocation of
resources to areas presenting the highest risk, while avoiding
unnecessary review of areas with little or no risk of consumer
harm. As an example, examination procedures regarding
overdraft programs differentiate the type and extent of review
based on the type of overdraft program offered (e.g.,
automated versus ad hoc) and further reserves more detailed
transaction testing to situations where examiners have
identified specific risks or weaknesses.
Consumer Compliance Examination Ratings
The Federal Financial Institutions Examination Council’s
Uniform Interagency Consumer Compliance Rating System
(CC Rating System), which is a supervisory policy for
evaluating financial institutions’ adherence to consumer
compliance requirements, includes a section titled Violations
of Law and Consumer Harm. 2 The CC Rating System
emphasizes the importance of institution’ compliance
management systems, with emphasis on compliance risk
management practices designed to manage consumer
compliance risk, support compliance, and prevent consumer
harm. Examiners consider this section as they assess
institutions’ compliance with the federal consumer protection
laws and regulations.
Report Presentation
The Report of Examination plays an important role in
communicating the FDIC’s assessment of the CMS to the
institution. The FDIC classifies violations of federal consumer
laws based, in part, on the level of risk of consumer harm. In

2

the event violations are identified in the Report of
Examination, this classification process serves to communicate
to banks the FDIC’s conclusions about the severity, extent, or
potential consumer harm caused by the violation. The
expectation is that FDIC-supervised institutions will prioritize
corrective action and on-going management of their CMS to
correct errors and mitigate risks of consumer harm.
Supervisory Actions
Effective supervision includes requiring institutions to take
corrective action when weaknesses in the CMS or violations
are identified. Appropriate corrective action considers the
overall effectiveness of the institution’s CMS, the root cause(s)
of the deficiencies as well as the extent and impact of
consumer harm. When there is a violation of law or regulation
that results in consumer harm, the FDIC will seek corrective
action, which may include restitution to consumers as part of
an appropriate enforcement action. Civil money penalties
(CMPs) may also be assessed to sanction an institution or an
institution-affiliated party according to the degree of
culpability. Other factors examiners consider include intent
and severity of the violation of law or regulation, breach of
fiduciary duty, and/or whether a practice is unsafe or unsound.
CMPs are also assessed to deter future misconduct.
Communication and Technical Assistance
Communication and technical assistance to supervised
institutions is an important component of the FDIC’s
supervisory approach in preventing consumer harm by
supporting institutions’ efforts to maintain an effective CMS.
Communication is especially important during periods of
regulatory change and transition. The FDIC communicates
through a number of channels, including national and regional
bankers’ teleconferences on emerging topics; speaking
engagements at national, regional, state, and local conferences
and conventions; a web-based regulatory calendar; Supervisory
Insights Journal articles; regional newsletters; banker and
bank director trainings and online technical assistance videos;
meetings with industry trade groups; and issuance of guidance
through Financial Institution Letters. Communicating the
focus of FDIC examination efforts and supervisory priorities
through these diverse channels assists bankers in identifying
and reviewing key areas of concern and addressing
deficiencies promptly, prior to and unrelated to a specific
examination activity. In addition, examiners can provide
certain types of technical assistance to community bankers
during the course of an examination that may enable an
institution to reduce the risk of consumer harm in the operation
of its business. These communication and technical assistance
efforts provide bankers with tools to address issues that may
pose risk of consumer harm.

Section II-13.1 – Consumer Compliance Ratings

FDIC Consumer Compliance Examination Manual – June 2019

II - 2.3

References
FIL-75-2016: Final Guidance on the Uniform Interagency
Consumer Compliance Rating System

II - 2.4

FDIC Consumer Compliance Examination Manual – June 2019