■ ■ ■ Date the lookback was completed;
■ ■ ■ Business line impacted;
■ ■ ■ Process that was impacted.
This information should be maintained for all remediation
events within the company, including pending, current, and completed projects. Snapshot reporting can provide a very accurate
picture of the bank’s overall exposure, which is useful from an
Enterprise Risk Management perspective. For example, effective
remediation reporting can assist management in determining if
there are particular regulations, business lines or processes that
give rise to events of consumer harm. Risk management attention
can then be targeted to those areas. Understanding the overall
costs of restitution will assist management in justifying additional
internal controls to prevent issues in the future. This data can also
be used to prompt additional reviews in other areas of the bank to
ensure that similar problems don’t exist in other business channels.
Perhaps most importantly, ongoing management and board
reporting demonstrates the bank’s awareness of strong oversight
related to issues impacting the bank’s customer base. In the end,
these efforts serve to reinforce the bank’s stated policy to remediate consumer harm.
Validating the Process
POLICY TIP: A comprehensive Remediation Policy will
include provisions requiring that restitution events
will be subject to independent testing and validation
to ensure the corrective action process was accurately
As with all sensitive consumer-protection events, which may give
rise to supervisory scrutiny, it is essential that the bank’s remediation program include standards for independent validation
of the corrective action taken. The nature, size and scope of the
remediation event will dictate the level of testing and validation
that should be performed.
For smaller, less material remediation events, it may be appropriate to have validation performed by the independent compliance
function or the internal audit staff. For larger, more complex events
with higher levels of legal or regulatory exposure, it may be wise to
engage outside vendors to ensure a truly independent assessment.
The bank should have a written narrative that describes in detail
the process that was followed in each of these areas:
■ ■ ■ Scope of the remediation and why?
■ ■ ■ Scope of impacted customers: How were harmed customers
■ ■ ■ Scope of lookback: How was the period of time determined?
■ ■ ■ Amount to be reimbursed: How was the per account reimbursement amount determined?
Ideally, these areas should be vetted by an independent reviewer
prior to the implementation of any corrective action.
Once the remediation process has been completed, an audit
should be performed in order to validate the process and confirm
that all required restitution has been made.
When evaluating the overall efficacy of the bank’s remediation
process, the methodologies used by management to scope and
frame the remediation event will form the basis of the independent review.
Document All Actions Taken
and Maintain Records
In order for the audit process to be effective, management must
develop and maintain sufficient records related to all aspects of
the remediation event. Be sure the bank has written procedures
which require recordkeeping and retention. Where possible, develop a standard set of templates to facilitate a more consistent
approach to documenting the process. The goal is to have records
in an auditable format and to retain those records for purposes
of audit, examination and possible legal defense.
When a compliance issue rears its ugly head and causes consumer harm, it pays to have a documented Restitution Policy
and related procedures to guide the bank through the corrective
action process. By setting some internal standards and establishing a disciplined process, a Remediation Policy can go a long way
in helping the bank proactively assess and remediate the harm,
while preserving customer confidence and avoiding needless
regulatory criticism. ■
ABOUT THE AUTHORS
THOMAS G. PAREIGAT, J.D., is Executive Vice President and General
Counsel of The Bancorp, Inc., headquartered in Wilmington,
Delaware. He has been practicing law since 1984 and has over 25
years of consumer protection and regulatory compliance experience. Tom is a frequent speaker on emerging risk issues within the
financial services industry. He serves on the ABA Bank Compliance
Editorial Advisory Board. Reach him at email@example.com
or (612) 852-8005.
ANGELA V. SAYRE, is Vice President and Customer Remediation
Program Manager for Consumer Banking Sales and Support at
U.S. Bank. She began her 20-year banking career as an American
General Finance Branch Manager in Ohio, West Virginia and
Pennsylvania, where she re-organized branch infrastructure and
rehabilitated delinquent branches.
Prior to joining U.S. Bank, Angela managed compliance and
regulatory issues as a Vice President for Bank of America.
Angela is a graduate of the University of Phoenix with a B.S. in
Business Administration and also holds a Paralegal certification
from the University of Boston. She can be reached at avsayre5@
gmail.com or (740) 357-2269.
The authors wish to thank MEG SCZYRBA, CRCM, for her
assistance in the development of this article.
Reporting remediation events should be a
standard practice so the bank can demonstrate
management and board oversight.