4 Ways To Use Complaint Data To Improve Risk Management
When it comes to risk management, consumer complaints are like canaries in the coalmine. They serve as warning signs when there is a problem with your financial institution’s compliance and risk management programs.
Here are four ways a strong complaint management program can strengthen your overall risk management program:
- Validate inherent risk
- Ensure control effectiveness
- Identify compliance and operational weaknesses
- Help achieve strategic goals
1. Validate Inherent Risk
How likely is a problem to occur? It’s a key question when determining inherent risk, or the level of risk an institution would face if it engaged in an activity and there were no mitigating controls.
Inherent risk boils down to a seemingly simple formula: Inherent risk = Impact of an event * Probability
While it’s relatively straightforward to determine the potential impact of an event, determining probability requires a risk manager’s experience—and that can include subjective analysis. For those reasons, it is important to occasionally go back and reassess whether inherent risk scores are still representative of current realities.
Complaints can aid in this task. Complaints can help uncover violations of law or noncompliance that increase the probability, and thus the inherent risk, of an occurrence. This leads to a more accurate representation of inherent risk.
When an FI identifies increasing risk, it can take action and implement more comprehensive or sophisticated controls to mitigate this risk to ensure residual risk, or the risk of an activity after controls are in place, that aligns with the board’s risk appetite.
2. Ensure Control Effectiveness
Controls are policies, procedures, training, systems, and other protections to mitigate the likelihood that a negative occurrence will take place. Implementing effective controls is essential to ensure risk is mitigated to an acceptable level. A strong complaint program allows the risk department to uncover ineffective controls.
As an example, consider an institution that engages a third-party to sell add-on products to its customers. The FI identifies this as a risky relationship requiring appropriate controls to mitigate the likelihood that its customers will be harmed by the third party.
Potential controls include:
- a policy and procedures to manage third party relationships
- an approved script for the third-party
- recording of sales calls
- customer opt-in forms
If the FI starts receiving consumer complaints that customers have been charged for add-on products without their consent, this could be an indicator of an ineffective control. Without analyzing these types of complaints, a risk program may not identify control deficiencies in a timely manner and may instead face civil monetary penalties for violating consumer protections.
3. Identify Compliance and Operational Weaknesses
No one enjoys hearing complaints, but that doesn’t mean you should tune them out. Complaints represent an opportunity to uncover operational risk such as:
- employee errors
- system failures
- inadequate policies and procedures
The sooner operations issues like these are discovered, the quicker an FI can proactively correct deficiencies and avoid harming large numbers of consumers. Prompt corrective action is a hallmark of an effective compliance management system (CMS).
Let’s say a customer complains that their mortgage payment was not properly applied to their loan account. Receiving and investigating this complaint can help a financial institution uncover the root cause of this issue faster than an audit or examination. If the root cause reveals a system failure, the financial institution can correct the issue for the customer who complained and any other affected customer before they even realize they have been harmed by the institution’s error.
4. Help Achieve Strategic Goals
Every FI has strategic goals and objectives. To successfully navigate strategic initiatives, FIs first need to uncover potential pitfalls and consider ways to avoid them. Once these risks are identified and initiatives are underway, complaints can help management analyze whether a business unit’s activities are contributing or contravening from the institution’s ability to meet its objectives.
Assume an institution is trying to retain customers, but the deposit operations team continues to increase account fees. Collecting complaints regarding fees can help a savvy risk officer identify new risks that may prevent the institution from meeting its strategic objective before milestones are derailed. Uncovering hidden risks through complaints is a great way to ensure the entire organization is aware of its strategic objectives and departments are rowing in the same direction.
In addition, key performance indicators (KPIs) help measure how effectively a financial institution is achieving its objectives. If we use the same example as above, complaints regarding fee structures that are being charged without sufficient notice may bring down key performance indicators such as customer satisfaction and customer retention rates. It can also highlight unfair, deceptive, or abusive acts and practices.
Managing your complaints is more than just a regulatory expectation. Complaints are an essential component that will allow you to fine-tune your risk program and ensure your FI’s strategic and overall compliance risk is acceptable. Ignoring or simply not tracking complaints prevents you from taking your risk program to the next level.