Astute receivables leaders know how to identify issues and act on them before they become major problems – especially when it comes to compliance. The cost of noncompliance and damage to reputation can be debilitating, but preventive measures save resources by eliminating the cost of noncompliance and damage to reputation, helping to create new business and maintain advantage over the competition. For this reason, ARM agencies should work diligently to prepare for potential compliance audits from the CFPB or other regulatory authorities who oversee their operations. If they don’t, the risk of fines, penalties and legal actions may mount to an untenable extent if they aren’t avoided through mitigation actions.
Despite the warnings, many choose less favorable options, either ignoring the need for checks on their compliance tactics, hiring outside contractors who don’t know their business or simply absorbing the inevitable cost of noncompliance. Leaders take the proverbial bull by the horns, act immediately to avoid expenses and put their operations in a stronger position.
Immersing yourself in your own business and fearlessly seeking out issues that need correction brings your operation to heights you wouldn’t think possible. Here are 10 key components you need to avoid botching your compliance audit:
Take a good, hard look at your agency and learn where it stands with regard to compliance. Learn the regulations that apply to you, in detail, and gain a full understanding of the ramifications of not following them. Find out where the gaps and vulnerabilities lie. Be honest with yourself and your team.
When it comes time to actually conducting your audit, don’t leave it to run itself – orchestrate and control it. Be proactive, make a plan and get ahead of possible issues before they become threats. Prepare participants who will meet with auditors and know your evidence: Documents and records.
Establishing a culture of compliance starts with communication but relies on expectation of integrity and accountability. Your organization needs published values and a code of ethics. Write them down, distribute them, evangelize them at company meetings and reward those who follow.
Make all stakeholders aware of compliance expectations. Communicate them to your board of directors and executive leadership. Educate everyone in your organization about the policies, procedures, laws and regulations as you work to ensure understanding and buy-in.
Establish a formal compliance management system to identify, prevent and correct compliance breakdowns. Empower leaders within your organization for key roles and responsibilities, and document your policies and procedures. These practices should strengthen your ability to identify and manage compliance violations and identify, analyze and mitigate risks.
Audit methods may involve interviews, inspections, observation, testing and sampling. So take some time to determine the audit’s scope and criteria, select participants, set expectations and provide reference criteria to specific requirements.
Get a handle on how your audit will go and have a plan in place for the outcomes you expect. That means creating checks and balances for vulnerabilities and measuring key goals and strategic initiatives to monitor achievement and progress. Periodically examine your training records and conduct your own internal audit on your compliance management system.
Schedule your audits to meet business needs with respect to relevance, degree of risk, process stability, prior issues, regulatory requirements, organizational realignment and infusion of new talent. An audit may be required, but you should take advantage of the flexibility you’re offered.
Create a nonthreatening environment for auditors and associates alike, and talk with those handling your business ahead of time. Conduct mock interviews and record your observations and findings while managing with respect to time and content. You should ask open-ended questions that help describe how employees are trained on consumer financial protection laws, how training is monitored to ensure expectations are met and how potential violations are identified.
Provide your staff and management with a crash course in compliance, and sponsor and empower objective employees to test your operation ahead of time. Select your own auditors based on competency and integrity and ensure objectivity by both organization and relationship. Have them check to make sure any noncompliance issues you uncover are resolved, and examine every requirement of your business – regulations, policies, processes, laws, standards and controls are all fair game. Then, identify nonconformance and opportunities for improvement and capture a description of how you’ve conformed to each.
A compliance audit is a serious matter with serious impact on your business. Take the time to ensure you’re prepared – It will pay serious dividends down the line.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Dan Potts, Process Appraisal and Certifications Director at Ontario Systems, is a certified CMMI Lead Appraiser and has served clients in the commercial insurance, banking and finance verticals to help benchmark and improve product development capabilities. Dan earned a B.S. in Political Science and Systems Analysis from Taylor University in Upland, Indiana and is trained as a Six Sigma Black Belt and a Malcolm Baldrige Examiner.