Achieving Regulatory Exam Readiness
September 21, 2016
Over the last several years, Bridgeforce has assisted clients with challenging regulatory compliance and control matters in the areas of operations, strategy, and credit risk management. We have worked on a number of initiatives ranging from proactive preparation for exams and responses to supervisory letters, to management of large-scale remediation efforts – all part of supporting clients by providing effective regulatory support, and frequently, CFPB compliance exam-related consulting services.
This white paper (download the PDF for the full version) examines the topic of achieving regulatory exam readiness through an operational lens – honing in on recommended core functions, processes, and organizational approaches to take in advance of a regulatory exam.
Achieving Exam Readiness – But Where to Start?
Our clients often ask, “We have an upcoming exam and are not sure where to start – what do we do?” There are certainly some common standards but our answer often varies by client based on a number of factors that must be considered before planning readiness activities. These factors include:
- Who is the examiner (e.g. CFPB, OCC)?
- What functions (if known) are being reviewed during the exam?
- What is the context for the exam (the first exam conducted or the fourth?)
- What is the maturity of the individual client’s Risk and Control infrastructure?
We ask these questions before beginning to construct a readiness plan. However, while the most logical starting point always varies, there are several steps that can be taken to best prepare – starting with identifying a set of high risk functions that are likely to be the focus of the exam, and comparing the current state against known regulatory expectations for compliance and control.
Identifying high risk functions is essential as it will guide all readiness activities. In addition to any exam materials or bulletins made available by the respective examiner, the activities listed below enable an organization to identify an initial list of functions to focus its readiness efforts:
- Determine regulatory applicability and compare expectations to the current state
- Analyze complaints to identify potential root cause weaknesses
- Review recent enforcement actions
- Re-examine past internal audit or regulatory exam findings
The Risk Assessment and Exam Readiness Plan
Once high risk processes and functions are identified, we recommend completing a risk assessment to identify gaps and determine how to address them prior to the exam. In the full white paper, you’ll find the key success factors when completing a risk assessment: getting off to a quick start, ensuring independence and completing a thorough review.
Upon completion of the risk assessment, it is time to build an exam readiness plan. Prioritization, documented ownership, governance routines and sustainability are essential to developing and executing upon an effective exam readiness plan. We share the most important factors to consider when completing an exam readiness plan – and where we have seen other plans fall short.
Through our experience across various risk management, operational risk and compliance consulting projects, we have found investing in preparatory steps in advance of regulatory exams can minimize back-end costs that serve as a distraction to your business. Download our full white paper, Achieving Regulatory Exam Readiness, to learn more about how you can best prepare for an upcoming exam.