<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

Does Your CMS Measure up to DOJ Expectations?

3 min read
Jul 1, 2020

Every financial institution knows that regulatory agencies evaluate a FI’s compliance program as part of the exam process. But did you know the Department of Justice cares about it too?

Every financial institution knows that regulatory agencies evaluate a FI’s compliance program as part of the exam process. But did you know the Department of Justice cares about it too?

The DOJ will take a close look at a company’s compliance program during investigations and consider it as a factor when deciding whether to bring charges, negotiate plea agreements, or calculate criminal fines. It also impacts what, if any, kind of monitoring will be required. This includes both the “adequacy and effectiveness” of the compliance plan when an offense was committed and improvements made afterward.

In its most recent guidance “Evaluation of Corporate Compliance Programs,” the DOJ’s evaluation boils down to three questions:

  • Is the compliance program well designed?
    For the DOJ, effectiveness is all about preventing and detecting employee wrongdoing. It wants to see a compliance culture where management implements and enforces policies and procedures that make it clear misconduct won’t be tolerated. This includes assigning responsibility and having training programs and employee incentives that promote compliance and discipline for noncompliance.
  • Is the compliance program applied in good faith?
    The DOJ wants compliance programs to have the staff, resources, autonomy, and training to be effective. It doesn’t want just a “paper program.” It expects senior and middle management commitment. Also, in language familiar to Fair Lending aficionados, it wants a fair and consistent application of disciplinary actions and incentives. 
  • Does the compliance program work?
    The DOJ knows that misconduct can occur even when there’s a good compliance program, but it looks favorably on programs that self-identify and promptly remediate misconduct. It expects a root cause analysis and efforts to prevent repeat occurrences. It wants to see a program that evolves with risk.

The DOJ’s evaluation of a compliance program shares many similarities with those of federal regulators, including a focus on:

Risk-based compliance. The DOJ uses a flexible approach that recognizes compliance programs vary based on factors like size and geography. It expects FIs to have a risk management process and to use that information to allocate resources proportionately. It also expects companies to track and learn from both their own issues as well as other similar companies.

Policies and procedures. This includes maintaining and monitoring policies and procedures and ensuring staff is adequately trained on them.

Third-party management. The DOJ expects to see risk-based due diligence and monitoring of third-party relationships. They also want a documented business reason for choosing a vendor. The DOJ is particularly interested in monitoring that could uncover misconduct.

Monitoring and review functions. This includes internal audits, control testing, and regularly updated risk assessments.

Other elements the DOJ looks for include confidential reporting mechanisms where employees can report misconduct and due diligence of potential misconduct in acquisition targets.

The Fair Lending Connection

Fair Lending cases are typically referred to the Justice Department by federal regulatory agencies, but not always. Last year a DOJ bank investigation raised eyebrows because it made no mention of a regulatory investigation, which means the issue came to the DOJ’s attention another way.

That means it’s in a FI’s best interest to look at the DOJ’s Evaluation of Corporate Compliance Programs so they can feel confident that existing policies and procedures align with DOJ expectations. While most of it mirrors what’s expected by the regulatory agencies, the DOJ especially emphasizes detecting misconduct, adequate staffing and resources, and employee discipline and incentives.

The next time you’re reviewing your compliance program and compliance management system, it’s worthwhile to assess how it would stack up to a DOJ review.

For a quick evaluation of your Fair Lending compliance foundation, download our Free Fair Lending Compliance Checklist.


Related: What Is A Compliance Management System And Why Your FI Needs One

Subscribe to the Nsight Blog