Adjusting to the new regulatory environment
Recent problems with bank employees opening unauthorized accounts for consumers have focused the regulatory spotlight on sales practices in the industry. The fallout from sales practices problems has been spectacular and well-publicized:
- Hundreds of millions of dollars in fines and legal costs
- Destruction of shareholder value
- Brand and reputational damage
- Increased regulatory scrutiny
- Pay cuts, bonus clawbacks and job losses for senior- and mid-level executives
Sales practices governance is now a key regulatory risk issue for banks, creating an exposure that is as critical as hacking, low reserves, and credit risk from deteriorating lending standards. Regulators are demanding that banks implement enterprise-wide sales practices risk management programs to ensure harmful sales practices are detected, remediated, and ultimately prevented. Even banks with low occurrences of unauthorized account opening (i.e., without customer consent) still need to integrate sales practices controls and risk monitoring into their overall enterprise risk management framework.
Perficient’s five-phase approach to sales practices compliance
Leading banks turn to us for help. We have a proven, data-driven risk analytics approach that stands up to regulatory scrutiny and addresses the need for a unified, comprehensive, auditable sales practices compliance program, which detects and prevents sales practices misconduct. Our approach rationalizes unstructured data (such as customer complaints and whistleblower entries) with structured account data, customer behavior, compensation plans, cross-selling/revenue generation strategies, and employee reward programs – to:
- Identify unauthorized activity and the employees engaged in potential misconduct
- Determine and address the underlying root cause(s) of identified patterns of inappropriate behavior
- Determine the impact to customers of identified instances of employee fraud, misconduct, or other errors
To achieve these outcomes, we leverage an approach that is broken into five phases.
Phase 1 – Unify data
To begin, critical sources of sales practices risk data are combined and analyzed to identify indicators of unauthorized accounts and employee misconduct. This includes sales practices risk data (e.g., terminated and reprimanded employees, ethics hotline, whistleblower, exit interviews), along with channels internal (e.g., customer service centers, branches, mail, customer surveys) and external (e.g., CFPB’s customer complaint database) to the bank.
Phase 2 – Risk-rank accounts for potential misconduct
Behavioral triggers (e.g., suspicious account activity, multiple account openings within a prescribed timeframe) consistent with sales practices misconduct are tested and modeled. We maintain a database of risk triggers that have been previously successfully applied to identify potentially unauthorized accounts. These risk triggers are modeled and refined to optimally identify sales misconduct behavior specific to the client’s account base. All the bank’s accounts are risk-ranked and prioritized in order to continue investigating which accounts are potentially unauthorized.
Phase 3 – Test Accounts to identify potential account and employee misconduct
A series of criteria-driven tests are performed to discern a pool of accounts where questionable sales practices activities can be inferred. Data analytics are further applied with the objective of identifying a population of employees who may be engaging in potential misconduct. This testing process yields a list of “impacted accounts” that tie identified employees to the accounts, in which potential sales practice misconduct may have occurred.
Phase 4 – Validation and back-testing
Rigorous manual validation and back-testing of data analytics results are performed. Using product-specific testing scripts, employee, customer, and account information contained in client systems is reviewed to fully assess the effectiveness and optimize the outcomes from the data analytics, risk ratings, thresholds, and results.
Phase 5 – Sales practices compliance program operationalization
To complete the process, a sales practices compliance program for the ongoing monitoring and detection of potential misconduct is operationalized. Processes and procedures, exception routing, and line of business communications protocols are developed, documented, and implemented to manage the results of employee and account testing. Requirements are addressed for tracking, persistence, retention, archiving, and reporting for audit and OCC review.
High-level plans are developed to address root causes and customer impact. These plans can include, but are not limited to, employee discipline, account closures, enhancing operational risk controls, incentive plan revisions, sales training improvements, and improved customer complaint processing.
Additionally, staff experienced in OCC communications can craft regulatory response documentation for first and second line of defenses.
At Perficient, our goal is to help you establish an effective and efficient ongoing sales practices compliance program, along with the evidence and documentation that demonstrates your organization’s compliance with your procedural governance.
Not only do we have the means to outline the compliance gaps for you, we also have the necessary resources to assist in remediation.
If you are interested in establishing a sales practices compliance program, please fill out this contact form.