Simplifying US state-level obligations to help achieve compliance certainty

Pain point #2: The regulators are coming

In addition to public statements by Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra⁶ in support of states’ proactivity in consumer protection, the CFPB issued an interpretive rule in May 2022.⁷ The interpretive rule describes the states’ authority to pursue companies and individuals that violate the provisions of federal consumer financial protection law. While not new, the states have not broadly embraced this authority.⁸ In addition, many states have now created agencies that resemble mini-CFPBs, with the support of the actual CFPB.⁹ An example of this is the recent interpretive rule¹⁰ where the CFPB reminds states that they can:

• enforce all statutes and regulations under the Consumer Financial Protection Act, even without the involvement of the CFPB;
• pursue claims and actions against a vast range of entities.

Additionally, the rule asserts that CFPB enforcement actions will not halt state actions. This new deference toward the states elevates the already important task of being able to prove compliance with applicable state obligations. When reviewing current processes, a financial institution should consider whether it provides end-to-end traceability of state law and regulatory changes. This determination is necessary to facilitate internal audits and demonstrate compliance to state regulators across multiple jurisdictions. If a financial institution’s existing processes cannot do that, it is time to re-evaluate.

Pain point #3: Compliance costs a fortune

Financial institutions operating in many states and national banks have the enormous, ever-present task of state-level obligation management across many jurisdictions. They are subject to thousands of state and federal regulatory obligations, which develop continuously and vary by jurisdiction. Beyond complying with state and federal requirements, financial institutions must also provide proof of compliance across the board to internal stakeholders and regulatory authorities. While some financial institutions may argue compliance costs are too steep, what about the costs of non-compliance with state requirements?

In the last ten years, and during differing political climates, states have imposed over US$5.1bn in penalties on financial institutions for consumer protection-related offences. Multi-state attorney general cases account for almost US$5bn of that amount, and mortgage abuses were the most cited offence by far.

As an industry, financial institutions would benefit from better management of state-level regulatory compliance risk. And what is one of the most typical costs related to compliance with state requirements? For most financial institutions, it is the engagement of outside counsel or other third parties to provide 50- state surveys or other similar material. However, as shared earlier, lists of obligations are costly to produce and can have many drawbacks. Since they are often manually managed in an Excel spreadsheet, they are challenging to keep current and quickly go stale.

Pain point #4: We are partially automated but still cannot produce end-to-end traceability

It is critical for a financial institution to know what obligations they need to comply with and their organisational status of compliance with those obligations, and for them to be able to prove it to a regulator or internal auditor. When information lies in too many systems and areas of record, it is very difficult to manage this with certainty. For many financial institutions, traceability data comes from various sources, including 50-state surveys, multiple internal systems and third-party analysis of various regulatory topics. This information is often managed and delivered in spreadsheets and is not easily traced from the laws to the obligations, to the cross-jurisdictional obligations and finally to the policies, training, risks and controls or other activities developed to manage the risk and maintain compliance. The right technology can help connect the disparate parts of your institution’s handling of its regulatory obligations and provide the necessary end-to-end traceability.

The pros and cons of cuttingedge technologies

Regulatory technology (RegTech) solutions have become a critical component in today’s compliance department,¹¹ providing institutions with the necessary tools to manage regulatory risk. As compliance burdens increase, cutting-edge technologies, such as artificial intelligence (AI) and machine learning-enabled solutions, can drive better insights and outcomes.

Technology also permits financial institutions to deploy human resources more strategically. However, there are two critical things to remember about technology. One, it cannot involve a ‘black box’. A financial institution must be able to understand and explain how the technology they rely on works to regulators, auditors and others.

Second, AI-driven solutions do not always get it right. A human expert review of AIderived data is preferred when available. There can be pitfalls to depending solely on a technology platform to identify, tag and aggregate the full range, volume and frequency of regulatory changes relevant to a financial institution’s business. Technologies such as AI cannot, by themselves, deliver an effective regulatory change management approach. By employing a combination of technology and regulatory experts who can validate the technology output, that is, an expert-augmented intelligence approach, a financial institution will have a complete and accurate picture across the entire enterprise. That clarity will allow the financial institution to oversee enterprise obligation management more effectively and compliantly. For technology solutions that manage regulatory change, this is called ‘expert-augmented intelligence’. It is a key growth and focus area.

Another facet of RegTech solutions is the technology needed to make them work. Financial institutions should strongly consider requiring flexible technology, such as a regulatory content data feed, to ensure continuity as a financial institution may change governance, risk and compliance (GRC) platforms. Successful obligation management solutions enable an institution to reduce regulatory obligations to a more manageable number. It is also critical to ensure that a RegTech solution provider can accommodate all new regulatory changes and offer support across multiple states and territories. This should include an extensive legal library and a mix of expertise and AI to aggregate and analyse requirements across state laws and regulations.

Regulators use technology in many aspects of their oversight obligations and expect institutions to do the same. When implemented effectively as part of a broader compliance programme management (CPM) process, RegTech solutions are invaluable to help control compliance risk, including the large number of regulatory changes that compliance leaders must manage daily. Leveraging RegTech or other compliance technology to ensure success in an increasingly complex and regulated landscape is no longer an option. It is a necessity.

Streamline compliance with clustered citations

Today, financial institutions face mounting strategic challenges, including being subject to a multitude of laws and regulations that vary by jurisdiction. Understanding how to comply with both state and federal requirements involves manually sifting through a vast amount of data.

More importantly, it is essential to maintain full compliance with a growing volume of new rules and provide proactive guidance on those that may impact core business operations. In this context, effective obligation management becomes a mission-critical process, ensuring that rule identification, compliance requirements and operationalisation occur effectively and systematically.

Many financial institutions rely on state surveys conducted by large, in-house teams or third-party providers to help manage state-level compliance obligations. While these surveys are crucial to understanding and reacting to state laws, they are resource-intensive and extremely expensive, costing hundreds of thousands or even millions of dollars. Additionally, they are extraordinarily difficult to maintain and keep current. A best-in-class technology solution would support a financial institution’s need to simplify and prove compliance where state and federal regulations converge. The technology would permit compliance professionals to develop one organisational requirement to explain how the institution will address each cluster of aggregated, similar state obligations to ensure complete and efficient process implementation.

Functionality, such as a comprehensive legal library of state and federal citations and requirements, which logically analyses, groups and clusters relevant legal requirements across multiple jurisdictions, is key to streamlining a financial institution’s process for creating and managing a rationalised set of legal requirements. Ideally, a RegTech solution will cluster citations using cuttingedge machine learning and natural language algorithms to bundle similar legal requirements for financial institutions. As a result, users can focus on only the relevant citations for their jurisdictions or further filter and isolate those that require necessary action, allowing users to view the entire citation or digestible summaries that capture actionable requirements in a single sentence.

The result is a faster, less costly and more efficient process for comprehensively managing a financial institution’s regulatory requirements. End-to-end traceability and reporting to facilitate internal audits can also demonstrate compliance to regulators across multiple jurisdictions.

Conclusion

The reality is that technology accelerates time to value. Machine-aided approaches enable complete rule book coverage and pre-emption guidance. However, state-of-the-art technology still requires human insight. Without expertise, AI presents unexpected costs and can provide a false sense of security.

The goal is to find a solution that allows financial institutions to manage the overwhelming complexity and volume of state and federal regulatory obligations while minimising manual effort. When you begin searching for a solution, consider first those that offer automation, including the best use of AI that is augmented by a deep bench of human expertise. Expert-augmented AI can offer the speed, accuracy and flexibility needed to grow your institution while helping ensure compliance certainty. The solutions you consider should be adaptable to your institution’s footprint, products and services that provide the most relevant content but also offer scalability as your institution grows. Choose a solution that is market-proven with a provider that can meet your financial institution’s unique content needs as well as relate and respond to your third-party service provider’s risk management requirements.

To save your time and resources, and to help ensure solution providers meet the requirements of your institution’s unique state-level obligation needs, consider a request for proposal (RFP) process. Through the use of an RFP process, all your stakeholder needs can be identified and communicated simultaneously to relevant providers and help level the playing field quickly. Good luck on your journey to US state-level compliance obligation certainty.

References and notes

(1) Dodd-Frank Wall Street Reform and Consumer Protection Act, Public Law 203, US Statutes at Large 124 (2010): 1376-2223.

(2) Sykes, J. B. (2019) ‘Federal Preemption in the Dual Banking System: An Overview and Issues for the 116th Congress’, Congressional Research Service, available at https://crsreports.congress.gov/product/ pdf/R/R45726 (accessed 30th June, 2023).

(3) Expert opinion based on numerous conversations with industry professionals and proprietary data. Data source is not publicly available.

(4) Burniston, T. (2022) ‘Wolters Kluwer Indicator “Pain Index” Highlights Significant Risk and Regulatory Compliance Concerns for US Lenders’, Wolters Kluwer, available at https://www.wolterskluwer. com/en/news/wolters-kluwer-indicator-painindex-highlights-significant-risk-and-regulatorycompliance-concerns (accessed 30th June, 2023).

(5) Expert opinion based on numerous conversations with industry professionals, proprietary data and data sources utilised in the course of business. Data sources not publicly available.

(6) Chopra, R. (7th December, 2021) ‘Director Chopra Remarks — December NAAG Meeting’, Consumer Financial Protection Bureau, available at https:// www.consumerfinance.gov/about-us/newsroom/ director-chopra-remarks-december-naag-meeting/ (accessed 30th June, 2023).

(7) Consumer Financial Protection Bureau (2022) ‘Authority of States to Enforce the Consumer Financial Protection Act of 2010’ 12 CFR Chapter X, available at https://www.consumerfinance.gov/rulespolicy/final-rules/authority-of-states-to-enforce-theconsumer-financial-protection-act-of-2010/ (accessed 30th June, 2023).

(8) American Financial Services Association (2020) ‘State Mini CFPBs’, available at https://afsaonline. org/wp-content/uploads/2020/10/Mini-CFPBsFact-Sheet.pdf (accessed 30th June, 2023).

(9) Ibid.

(10) Consumer Financial Protection Bureau, ref 7 above.

(11) Burniston, ref 4 above