5 Key Parts of a Robust Compliance Program

These documents should detail how employees are expected to go about their jobs, including the steps they need to take to ensure that business is conducted ethically and within legal boundaries

Provide an outline for:

• Company goals + the procedures to meet them

• All information needed for personnel to complete a business transaction

Regulatory review written policies and procedures periodically and revise them as necessary to address current issues or concerns, changes in laws or regulations, or changes in your business practices

Employees must receive training on laws, regulations, and organizational policies that apply to their jobs

Training programs should be tailored to meet specific job functions and be designed and documented for both new hires as well as existing employees

Training should include information about where to go for help or advice in resolving questions about ethical issues or compliance with applicable laws, regulations, or policies

Employees should be trained and kept current on events that impact the business, such as:

• Important regulations

• Supervisory updates

• Recent enforcement actions

Provide employees with written material for reference and keep these materials updated regulatory with current, complete, and accurate information

Identify and manage consumer complaints submitted internally to your organization (including those submitted via emails, calls, or on social media) and externally to regulatory agencies (like the CFPB and FTC)

• Check out this cheat sheet on how to use the CFPB’s Consumer Complaint Database in your compliance program

Established procedures for addressing complaints and provide sufficient guidance on how to handle complaints internally and externally

Provide a timely resolution to all complaints, ideally within 15 days or less to align with the CFPB’s expectations

Evaluate complaint trends for insights into risk areas and to identify process improvements

Understand who is doing what in marketing, how they're doing it, and whether or not certain activities may be generating consumer complaints or fall out of compliance with regulatory obligations

This kind of monitoring should be ongoing and can help proactively identify procedural or training weaknesses

Monitor all marketing channels for adherence to regulatory and brand guidelines, including across the web (including third-party sites), calls, emails, messages, social media, and pre-production marketing assets (like direct mailers)

Schedule regular reviews of:

• Disclosures

• Document filing and retention purposes

• Posted notices, marketing content, and advertising

• State consumer protection laws and regulations

• Third-party service provider operations

• Internal compliance communications systems that provide updates and revisions of applicable laws and regulations to management + staff

Monitor relevant industry publications and regulatory updates to ensure that you’re able to anticipate potential issues in advance and have time to implement the necessary changes to your program

Stay current on:

• Lawsuits

• Supervisory Highlights

• Enforcement Actions

• Guidelines

Adjust processes and priorities accordingly based on regulatory happenings and trends