Compliance, Fintech

Regulatory Compliance: Plan, Test, Respond

I recently took part in a panel discussion at Used Car Week alongside Michael Thurman of Thurman Legal, and Mike Trainor of S&A Communications. Titled “Regulatory Compliance: Plan, Test, Respond,” it was a high-level discussion about the importance of having a robust Compliance Management System (CMS) in place within an organization.

The panel was developed with the acknowledgement that an explosion in disruptive technologies has led to internet and mobile-technology being used more than ever with financial transactions. However, along with this explosion comes an increased level of compliance and operational risk, corporate responsibility, as well as government regulation and oversight for companies attempting to keep up with the times and their customers’ ever-increasing set of demands. While this session was focused on the automotive finance industry, the subject matter is relevant to virtually any company involved with financial products and transactions.

For this session, we chose to focus on the following five elements of a “Compliance Readiness” program for your business.

  1. Identify the laws that relate to your business: Different businesses in different industries or locations will have a unique set of rules they must adhere to.  Before developing a compliance program, you must understand which rules and requirements specifically apply to your business.  There are a host of considerations here that apply to various financial product lines and loan origination and servicing processes , ranging from Federal and State statutes and regulations, case decisions, consent orders and enforcement actions,  and industry best-practices and self-imposed policies and procedures.
  2. Develop policies and procedures required to comply with those laws: Once you’ve identified the laws that your business must adhere to, you need to develop strong policies and procedures that relate directly to those applicable laws. Compliance policies and procedures are different than your standard desktop “SOP’s”, and will come in many forms, including those related to:
    • A strong CMS documenting roles and responsibilities including B.O.D. and upper management oversight, as well as the company’s commitment to maintain a strong compliance program and how it will go about doing so
    • Applicable regulation specific policies that detail legal/regulatory requirements and how the company will ensure adherence
    • Complaint management and response procedures
    • Compliance training procedures, schedules, and tracking
    • Compliance monitoring, testing, audits, and how issues will be remediated
    • Document retention and information privacy and protection
  3. Training to ensure compliance with company policy and procedures: A compliance program will not be effective if employees are not properly trained on what they must or must-not do from a legal/regulatory standpoint. Compliance training should not be a one-time event…rather, it should be an ongoing process in which there is testing to ensure employees understand the specific requirements, the importance of adherence, and how to comply within the framework of their day to day functions and processes.
  4. Documentation to demonstrate compliance with laws: Even if you have a robust and effective compliance program, the potential for audits, investigations, and/or litigation is still a very real possibility. Keeping this in mind, you want to be sure that you have the proper documentation in place to prove that you’ve been complying with the law, and the commitment and efforts you have maintained to ensure compliance at your organization.
  5. Monitoring and Feedback: Your regulatory compliance function requires close monitoring and will likely evolve with time based on a number of factors. For example, new laws and regulations will be put into place and you’ll need to develop corresponding policies and testing and audit protocols to address these. Ongoing testing of employee performance as it relates to compliance may lead to new training procedures. At all times, you should be asking yourself how the compliance function can be improved, and how you can stay current with developments in your industry, including leveraging new technology to enhance regulatory compliance in an effective and efficient manner.

These elements only begin to scratch the surface of the regulatory compliance issues a company needs to consider from a compliance readiness standpoint. However, they should serve as a high-level roadmap to ensure you are on the right path.

Click here to download a copy of our presentation, and feel free to reach out to us directly at or (844) 877-6583 to discuss your organization’s compliance and loan servicing needs in greater detail.