Compliance Cost Study – Site Visit Guide

Compliance Cost Study
Interview Guide for Compliance Costs Study Site Visits
This outreach is being conducted in order to build the Bureau’s knowledge base on the costs to financial
institutions of complying with consumer financial protection regulations. The information that you
provide will help the CFPB better understand an institution’s compliance costs for several regulations
covering depository products (e.g., checking accounts, savings accounts, debit cards, overdraft
protection). We plan to cover Regulation DD (and Truth in Savings), Regulation E (and Electronic Fund
Transfers), Regulation P (and Privacy of Consumer Financial Information), as well as portions of other
regulations, such as Regulation V (and Fair Credit Reporting), to the extent that they are pertinent to this
product space. We hope to have discussions with relevant executives and representatives from across
your organization, including those from Operations and Compliance, and extending to those from IT,
Marketing, Research, Legal, Risk, and other areas. Participation in these discussions will be voluntary,
and we expect each conversation to last between 45 and 90 minutes.
Most conversations with executives will follow a consistent structure. First, we will confirm the
organizational responsibilities of each executive or group (in the case of group interviews) and
understand the business activities in which the executive or group is involved. Second, based on the
scope of those responsibilities, we will identify specific activities that are affected by compliance with
Regulations DD, E, P, and V. Next, for each affected activity, we will seek to understand the discrete
compliance processes embedded into the execution of that activity. Finally, we will evaluate the abovebaseline 1 costs associated with each of these identified compliance processes. Specifically, we will ask
about the labor costs and third party costs required to drive these processes, as well as the non-labor
costs and fixed investments required to enable those processes. Throughout each session, we will ask a
number of questions to understand the qualitative context for these compliance costs and their broader
strategic implications for the organization.
For a few targeted conversations, we will ask additional questions to situate the quantified costs of
compliance with Regulations DD, E, P, and V within the larger picture of total compliance costs (e.g.,
costs associated with Bank Secrecy Act/ Anti-Money Laundering, state law, NACHA operating rules,
network rules). For example, we will broaden our interview with the leadership of the Compliance
function to understand the total Compliance budget and related metrics (e.g., total number of
Compliance personnel dedicated to specific activities).
The following questions will serve as the common interview guide, to be tailored to the specific
functional leaders with whom we will conduct interviews. To ensure we tailor this guide appropriately,
we will request a small amount of data in advance of our visit to strengthen our understanding of your
organization and help us establish a denominator against which to assess these compliance costs (e.g.,
organizational charts, operating expenses for deposit products).
1

For the purposes of this study, “baseline” costs will refer to those operating costs a bank incurs for activities
related to deposit products and/or services that it would likely continue to incur in the absence of the regulation or
regulations being studied.

Common Interview Guide
(A) Identification of compliance responsibilities and quantification of total costs. In this section of the
interview, we would like to learn more about how compliance factors into your business activities and
attempt to quantify the cost of that impact for Regulations DD, E, P, and V. (Interviewer may probe after
each question to ensure comprehensive, transparent response)

■ (1) Confirmation of organizational role and responsibilities. We would like to start with a brief
introduction to your role/responsibilities and the business activities you manage.

– Please describe at a high level your organizational role/responsibilities.
– Given these responsibilities, what discrete business activities do you oversee?
■

(2) Identification of specific activities implicated by regulatory compliance. From the list of
business activities mentioned in Section A1, we would like to identify those affected by compliance
with Regulations DD, E, P, and V.

– Please identify which of the activities discussed above are affected by a requirement (e.g.,

prompted / unprompted disclosures, error resolution procedures) of Regulation [DD, E, P, V].

■ (3) Deep dive into compliance processes. For each of the affected business activities identified in
Section A2 above, we will want to better understand how the requirements of Regulations DD, E,
P, and V (and the compliance processes they necessitate) shape the execution of those business
activities. This will enable us to assess costs in Sections A4 and A5.

– Please describe the existing compliance processes that you and your department have adopted
to execute business activities affected by regulatory compliance (e.g., designing disclosure
statements, printing and mailing, developing databases of information). This list may include
actions that your department takes to support another department in its compliance efforts
(e.g., reviewing disclosure materials, designing compliance protocols, conducting internal
audits, preparing for supervisory activities). As you detail these compliance processes, please
identify:
□ The discrete tasks required to execute these compliance processes (e.g., number of

document iterations, levels of approval required)

□ Notable changes to processes as a result of recent regulatory change (e.g., overdraft rules)

– Are there certain compliance processes that you share with other departments? Are there
certain compliance processes that apply to multiple regulations?

– What alternative actions, if any, has your organization considered to comply with Regulation
[DD, E, P, V] (e.g., having customers ‘opt-in’ upfront or on a per-transaction basis)?

– Why did your organization choose its existing process(es) over another considered (e.g., limited
infrastructure, uncertainty about regulatory intent, cost-benefit analysis)?

– To what extent were you able to leverage existing processes to meet compliance objectives?
■ (4) Discussion of incremental labor costs. For each of the compliance processes identified in

Section A3 above, we would like to better understand the incremental labor required to drive

those processes. This will include incremental staff hired, incremental work required from existing
staff, or incremental third party outsourcing. We would also like to understand the components of
that cost (e.g., on-going vs. one-time, fixed vs. variable).

– Internal labor costs – incremental employees or incremental time from existing employees
□ For each compliance process discussed above, roughly how many individuals are involved?
□ What is the skill breakdown of these individuals (senior vs. junior personnel)?
□ For each individual, what percentage of time is dedicated to compliance with Regulation

[DD, E, P, V,]?

□ For each individual, please describe the her/his role in the identified processes, as well as

the discrete tasks for which (s)he is responsible.

– External labor costs – third party costs associated with these processes
□ What third party contracts are in place to support these processes?
□ What are the objectives and costs of these contracts?

■ (5) Discussion of incremental non-labor costs. For each of the compliance processes identified in

Section A3 above, we would like to better understand the incremental non-labor costs required to
enable those processes (e.g., IT systems and software, training collateral, mailing material). We
would also like to understand the components of that cost (e.g., on-going vs. one-time, fixed vs.
variable).

– Please describe any discrete, upfront investments that were necessary to implement and
support each identified process. (e.g., IT infrastructure investments)

– Please describe the incremental materials that must be procured to enable each identified
process. (e.g., incremental paper and postage)

– What would you say is the relative scale of these upfront investments versus on-going costs?
(B) Context of compliance costs. In this section, we hope to understand the more qualitative
implications those costs have on your business and its consumers. (Interviewer may probe after each
question to ensure comprehensive, transparent response)

■ (1) Organizational implications of regulatory compliance. In this section, we would like to

qualitatively understand how regulatory implications may have resulted in modifications to your
organization’s structure and/or individual roles/responsibilities.

– Has regulatory compliance resulted in (or created a need for) an organizational redesign?
– Has regulatory compliance substantially altered individuals’ roles and responsibilities?
■

(2) Strategic trade-offs. In this section, we would like to qualitatively understand the strategic
implications these compliance costs have had for your business more broadly.

– Has your organization chosen to make strategic trade-offs to comply with the Regulations DD,
E, P, or V? (e.g., a discontinued product line, constrained innovation)

– Did compliance investments alter the course/timing of your ‘typical’ investment process?

– Have compliance processes created any opportunities for your organization? (e.g., more easily
accessible data, increased consumer touchpoints for marketing/cross-sell purposes)

■ (3) New product introduction. In this section, we would like to understand how regulations may
affect the introduction of a new product.

– What are the critical steps in launching a new product? At what point in the process are
regulations considered? By whom?

– How substantially do regulations factor into the pricing and design of these new products?
– Please describe any discrete processes or investments involved in the most recent deposit

product/service launch (e.g. compliance considerations, staff time and responsibilities, changes
to existing processes or systems).

■ (4) Other concerns. In this section, we would like you to discuss any additional compliance costs /
business impacts you deem important for us to understand.

By addressing these topics, we hope to better understand the incremental, non-voluntary costs that
result from compliance with Regulations DD, E, P, and parts of V.
As required by federal law, the Office of Management of Budget has approved the topics of these
conversations under the Paperwork Reduction Act. The OMB control number for this collection is 3170–
0032.
Also, a federal law called the Privacy Act directs how the federal government treats the information
contained in your answers to these questions. To understand how and when your information may be
shared, you can read the Privacy Act Statement on the CFPB’s website at
www.consumerfinance.gov. The CFPB will also treat the information received consistent its
confidentiality regulations at 12 C.F.R. § 1070
If the responses you provide to this study are requested under the Freedom of Information Act, the
Bureau will withhold such responses to the extent that it determines that they constitute trade secrets
or confidential commercial information that you would not ordinarily make public. The Bureau will deem
any such trade secrets or confidential commercial information to be “confidential information” for
purposes of the Bureau’s confidentiality rules at 12 C.F.R. § 1070.40 et seq.