■ ■ ■ Joint Interagency Statement of Policy for Administrative Enforcement of the Truth in Lending Act for violations of provisions that require the accurate disclosure of cost of credit; and
■ ■ ■ Enforcement actions against specific institutions that, among
other things, may require restitution.
The listing of cases in Table 1 shows that even before the
mortgage crisis of 2007, prudential agencies were requiring
restitution for “bad practices.” For example, the majority of the
11 pre-2007 cases listed in Table 1 required consumer restitution.
The aggregate restitution estimated in the actions ranged from
a low of $100,000 to an extreme high of at least $300 million.
Not surprisingly, the aggregate amounts in the actions prior to
2007 generally pale in comparison to the subsequent actions
on the list.
Definitive Indicators of a Paradigm Shift
Indicator #1: Dodd-Frank
The passage of the Dodd–Frank Wall Street Reform and Consumer
Protection Act was the initial and most apparent indicator of a
paradigm shift in consumer compliance supervision. Dodd-Frank
achieved this largely through two critical measures:
■ ■ ■ Creating the CFPB with the:
• Sole mission of protecting American consumers in the market
for consumer financial products and services and a clear
expectation that “…no provider should be able to use unfair,
deceptive, or abusive practices.”
• Authority to grant any appropriate legal or equitable relief
with respect to a violation of federal consumer financial law,
including but not limited to:
■ ■ Rescission or reformation of contracts;
■ ■ Refund of moneys or return of real property;
■ ■ Restitution;
■ ■ Disgorgement or compensation for unjust enrichment;
■ ■ Payment of damages or other monetary relief;
■ ■ Public notification regarding the violation, including the
costs of notification; and
■ ■ Limits on the activities or functions of the person.
■ ■ ■ Introducing the term “abusive” to the Section 5 of the Federal
Trade Commission Act. The section prohibits unfair or deceptive acts or practices in connection with any transaction for a
consumer financial product or service.
Indicator #2: Revised or new supervisory policies
Two of the prudential regulators, as well as the CFPB, have issued
revised or new supervisory policies that push the agencies closer to
the new focus on consumer harm. The policies address the FDIC’s
violation classification system, the OCC’s risk rating definitions,
and the CFPB’s expectations for responsible business conduct.
■ ■ ■ FDIC Violation Classification System: On October 1, 2012,
the FDIC revised its classification system for citing violations
identified during compliance examinations. The agency re-
placed its two-level system with a three-level classification
framework to help focus attention on the most significant
issues. The reclassification elevates violations that represent
significant harm to consumers (e.g., those resulting in consumer
restitution in excess of $10,000) to the highest level of severity.
Table 2 presents the revised classification severity levels.
■ ■ ■ OCC Risk Category Definitions. The OCC released its refined risk category definitions on May 6, 2013. While the risk
categories’ core meanings were not changed, the construction
of the definitions was modified to more effectively align with
relevant industry terminology and assessment considerations.
The revised definitions for reputation risk and compliance risk
take the spotlight in Table 3. In particular, the reputation risk
definition has been modified to:
• Affirmatively make clear that reputation risk may impair a
bank’s competitiveness by inserting that word in the description.
• Add language to expressly call out the potential impact of
risk exposures related to, among other things, third-party
relationships and unethical or deceptive business practices.
While the compliance risk definition remains relatively unchanged in its meaning, phrases highlighted in Table 3 illustrate
the agency’s objective to:
• Express the potential impact of compliance risk on an institution’s reputation by replacing the term “ lead to” with
the term “result” and
• Add the term “enterprise” to emphasize the breath of the
impact of risk exposure. The case involving American Express
and its affiliates in 2012 is an example (in Table 1).
CFPB Responsible Business Conduct Bulletin
The bulletin outlines how the CFPB will consider an institution’s
self-policing, self-reporting, remediation, and cooperation in
table 2
FDIC Classification System for
Citing Violations in Reports of Examination
level 3/high Severity: Violations that have resulted in
significant harm to consumers or members of a community.
these violations typically result in a request or a requirement
that the institution provide restitution in excess of $10,000
(in aggregate). this also includes any pattern or practice
violations of anti-discrimination provisions, including redlining
or widespread discouragement.
level 2/Medium Severity: Violations reflecting systemic,
recurring, or repetitive errors that represent a failure of the
bank to meet a key purpose of the underlying regulation or
statute. these violations may have had a small, but negative
impact on consumers or they may have the potential to have
a negative impact if uncorrected. level 2/medium severity
violations may also include those resulting in potential
restitution in an amount below the level 3 threshold.
level 1/low Severity: Violations that are isolated or
sporadic. it also includes systemic violations that are
unlikely to affect consumers or the underlying purposes
of the regulation or statute. these violations are typically
due to individual instances of failure to follow established
procedures or minor errors in the implementation of
reasonable procedures to meet obligations of the regulation
or statute.
