Compliance Cost Study – Site Visit Guide

Sensitive and pre-decisional

For internal use only

Compliance Cost Study
Sample Outreach Communication to Participating Banks (DRAFT – 3/28/13)
Thank you for agreeing to participate in the Consumer Financial Protection Bureau’s Compliance Costs Study.
This outreach is being conducted in order to build the Bureau’s knowledge base on costs to financial institutions
of complying with consumer financial protection regulations. The information that you provide will help the
CFPB better understand an institution’s cost of regulatory compliance activities for several regulations covering
deposit accounts and transactions. We plan to cover Regulation DD (and Truth in Savings), Regulation E (and
Electronic Fund Transfers), Regulation P (and Privacy of Consumer Financial Information), as well as portions of
other regulations, such as Regulation V (and Fair Credit Reporting), to the extent that they are pertinent to this
product space.
We hope to have discussions with relevant executives and representatives from across your organization,
including those from Operations and Compliance, and extending to those from IT, Marketing, Research, Legal,
Risk, and other areas. Participation in these discussions will be voluntary, and we expect each conversation to
last between 45 and 90 minutes. As required by federal law, the Office of Management of Budget has approved
the topics of these conversations under the Paperwork Reduction Act. The OMB control number for this
collection is 3170–0032.
Most conversations with executives will follow a consistent structure. First, we will confirm the organizational
responsibilities of each executive or group (in the case of group interviews) and understand the business
activities in which the executive or group is involved. Second, based on the scope of those responsibilities, we
will identify specific activities that are affected by compliance with Regulations DD, E, P, and V. Next, for each
affected activity, we will seek to understand the discrete compliance processes embedded into the execution of
that activity. Finally, we will evaluate the above-baseline 1 costs associated with each of these identified
compliance processes. Specifically, we will ask about the labor costs and third party costs required to drive
these processes, as well as the non-labor costs and fixed investments required to enable those processes.
Throughout each session, we will ask a number of questions to understand the qualitative context for these
compliance costs and their broader strategic implications for the organization.
For a few targeted conversations, we will ask additional questions to situate the quantified costs of compliance
with Regulations DD, E, P, and Vwithin the larger picture of total compliance costs (e.g., costs associated with
Bank Secrecy Act/ Anti-Money Laundering, state law, NACHA operating rules, network rules). For example, we
will broaden our interview with the leadership of the Compliance function to understand the total Compliance
budget and related metrics (e.g., total number of Compliance personnel dedicated to specific activities).
The topics listed below will serve as the common interview guide, to be tailored to the specific functional
leaders with whom we will conduct interviews. To ensure we tailor this guide appropriately, we will request a
small amount of data in advance of our visit to strengthen our understanding of your organization and help us
establish a denominator against which to assess these compliance costs (e.g., organizational charts, operating
expenses for deposit products).

1 For the purposes of this study, “baseline” costs will refer to those operating costs a bank incurs for activities related to deposit products
and/or services that it would likely continue to incur in the absence of the regulation or regulations being studied.

Sensitive and pre-decisional

For internal use only

Common Interview Guide
(A) Identification of compliance responsibilities and quantification of total costs. In this section of the
interview, we would like to learn more about how compliance factors into your business activities and attempt
to quantify the cost of that impact for Regulations DD, E, P, and V.

■ (1) Confirmation of organizational role and responsibilities. We would like to start with a brief
introduction to your role/responsibilities and the business activities you manage.

■ (2) Identification of specific activities implicated by regulatory compliance. From the list of business
activities mentioned in Section A1, we would like to identify those affected by compliance with Regulations
DD, E, P, or V.

■

(3) Deep dive into compliance processes. For each of the affected business activities identified in Section
A2 above, we will want to better understand how the requirements of Regulations DD, E, P, or V (and the
compliance processes they necessitate) shape the execution of those business activities. This will enable
us to assess costs in Sections A4 and A5.

■ (4) Discussion of incremental labor costs. For each of the compliance processes identified in Section A3
above, we would like to better understand the incremental labor required to drive those processes. This
will include incremental staff hired, incremental work required from existing staff, or incremental third
party outsourcing. We would also like to understand the components of those costs (e.g., are they ongoing vs. one-time, fixed vs. variable).

■

(5) Discussion of incremental non-labor costs. For each of the compliance processes identified in Section
A3 above, we would like to better understand the incremental non-labor costs required to enable those
processes (e.g., IT systems and software, training collateral, mailing material). We would also like to
understand the components of those costs (e.g., are they on-going vs. one-time, fixed vs. variable).

(B) Context of compliance costs. In this section, we hope to understand the more qualitative implications those
costs have on your business and its consumers.

■ (1) Organizational implications of regulatory compliance. In this section, we would like to qualitatively
understand how regulatory implications may have resulted in modifications to your organization’s
structure and/or individual roles/responsibilities.

■ (2) Strategic trade-offs. In this section, we would like to qualitatively understand the strategic implications
these compliance costs have had for your business more broadly.

■

(3) New product introduction. In this section, we would like to understand how regulations may affect
the introduction of a new product.

■

(4) Other concerns. In this section, we would like you to discuss any additional compliance costs /
business impacts you deem important for us to understand.

By addressing these topics, we hope to better understand the incremental, non-voluntary costs that result from
compliance with Regulations DD, E, P, and parts of V.

Sensitive and pre-decisional

For internal use only

As required by federal law, the Office of Management of Budget has approved the topics of these conversations
under the Paperwork Reduction Act. The OMB control number for this collection is 3170–0032.
Also, a federal law called the Privacy Act directs how the federal government treats the information contained in
your answers to these questions. To understand how and when your information may be shared, you can read
the Privacy Act Statement on the CFPB’s website at www.consumerfinance.gov. The CFPB will also treat the
information received consistent its confidentiality regulations at 12 C.F.R. § 1070.
If the responses you provide to this study are requested under the Freedom of Information Act, the Bureau will
withhold such responses to the extent that it determines that they constitute trade secrets or confidential
commercial information that you would not ordinarily make public. The Bureau will deem any such trade secrets
or confidential commercial information to be “confidential information” for purposes of the Bureau’s
confidentiality rules at 12 C.F.R. § 1070.40 et seq.