<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

2 Key Elements of a Successful Compliance Management System from the CFPB

3 min read
Jul 17, 2019

Building a strong compliance management system is one of the top priorities for any compliance officer. In this post, you'll learn the essential elements for any successful CMS.

Over the past few months, the topic of how to build a strong compliance management system has been a major point of focus. For example, it was a key area of discussion during the ABA Regulatory Compliance Conference. In addition, the regulators continue to provide insights into what they expect to see in a CMS.

In this post, you'll learn two key elements of a successful compliance management system.

According to the CFPB, they “share certain key findings from supervisory activities to help the industry limit risks to consumers and comply with the Federal consumer financial laws.” In fact, the CFPB released their updated Compliance Management Review Examination Procedures just a few years ago, in 2017.

The CFPB is not the only regulator talking about compliance management systems! The OCC updated their compliance management systems handbook in June of last year, too. 

As you read through these essential elements of a CMS, how to you compare to the best practice guidelines?

The 2 Key Elements of Successful Compliance Management Systems

According to regulatory guidance, when these four control components are strong and coordinated, financial institutions should be successful:

  1. Board of Directors and Management Oversight: Communicate clear expectations, adopt clear policies, and define an appropriately staffed compliance function.

  2. A Compliance Program: A formal, written compliance program. This should include:

    • Policies/procedures,

    • Training,

    • Monitoring, and

    • Consumer complaint response.

The Bureau notes that when these two elements "are strong and well-coordinated, an institution should be successful at managing its compliance responsibilities and risks."

We will spend a little more time on each of these areas in the next section.


"To maintain legal compliance, an institution must develop and maintain a sound compliance management system (CMS) that is integrated into the overall framework for product design, delivery, and administration across their entire product and service lifecycle." 

- CFPB, "Compliance Management Review Examination Procedures"

Both the CFPB and the OCC are taking this approach to defining the CMS. Here is an image from the OCC's handbook mentioned earlier:


In 2019, all financial institutions will have some form of a compliance management system, but may be missing one of more of the key components to ensure success. Is your compliance management system strong enough to truly address your risks?

Below are a few additional details and links to more resources for each essential component of a strong and successful CMS.

  • Board and Management Oversight
  • Compliance Program
    • Policies and Procedures
      • Written policies and procedures provide the framework for your compliance program.
    • Training
      • Training is an essential part of any compliance program. Here are a few best practices:
        • Offer both general and role-specific training as applicable.
        • Include methods to track attendance.
        • Consider including testing to ensure comprehension of materials.
        • Develop repercussions for failing to attend, complete, or pass training. 
      • Free Resource: Fair Lending Compliance Training Module
    • Monitoring
      • Monitoring includes risk assessments, audits, independent reviews, as well as compliance analytics, to identify and mitigate your risk.
      • We help thousands of financial institutions nationwide monitor their compliance risk. If this is a priority for you, it may be helpful to speak with a consultant today.
    • Consumer Complaint Management
      • Your consumer complaint management program needs to include: 
        • Complaint Policy
        • Complaint Management Process/Procedure
        • Clear Responsibilities
        • Training
        • Tracking and Reporting
      • Read Also: 5 Things Your Consumer Complaint Management Program Needs to Succeed

Regardless of your regulatory agency, know that any examiner will review the strength of your CMS in a compliance exam. If you're concerned about the strength of yours, it may be worth the time to review, reflect and possibly adjust your existing approach to compliance.

Know that we offer compliance consulting and software to help you address and reduce your compliance risk. To learn more about how we can help, click here.

Contact Us To Learn More About How We Can Help You Strengthen Your CMS

New call-to-action


Editor's Note: This article has been entirely updated and rewritten for accuracy in July 2019. However, we did maintain the old URL to ensure that all bookmarks and links would be preserved.

Subscribe to the Nsight Blog