If your organization hasn’t made significant progress toward remediating and validating a consent order within the first two to three years, you might have a more serious, lingering problem on your hands.
Many large global banks have gotten tangled in complex consent order remediation and validation processes that have taken many years to resolve.
However, you can’t afford to let a consent order or other enforcement action take any longer than it has to. When regulators fail to see meaningful progress, they might consider issuing additional fines, calling a deferred prosecution agreement into question, suspending strategic transactions, or even piling on more enforcement actions. And if you thought one consent order created problems for your organization, try being under two.
As a general rule, the three-year mark tends to represent a make-or-break point for most consent orders. By three years from the date regulators issued the order, your organization should be achieving your service-level agreements and meeting standards on a consistent basis. You should be building credibility with regulators, and your board and senior management should be confident that the resolution of the validation process and eventual lifting of the order is in sight.
Too often, the opposite happens. The fast-paced, high-stress environment under a consent order can create fatigue, staff turnover, and growing pains that put important remediation and validation benchmarks in jeopardy. And when regulators aren’t satisfied with your progress under a consent order, they will let you know – in no uncertain terms. Your organization might already be receiving negative feedback or supervisory letters, which can quickly put pressure on your internal audit team.
When you can’t see an end to the consent order process by year three and your validation team isn’t achieving the milestones that your regulators and stakeholders expect, it’s time to look at root causes and ask critical questions.
The first question you need to ask is whether internal audit developed the right processes and standards at the outset of the consent order. Crowe specialists have outlined some of the methods and thought processes you can use to help you answer this question.
If you’ve built a thoughtful, comprehensive strategy and the consent order process still isn’t working, it might be time to ask whether you have the right people in place to execute the strategy. In many cases, a consent order process stalls because the organization doesn’t have the necessary internal audit resources in place, whether those resources come from internal teams, an outside vendor, or a mix.
When you start examining your resources for a consent order validation, it’s essential to ask questions such as:
The overall consent order process of remediating and validating a regulatory enforcement action is complex. If yours is not working, you most likely have one or more critical components that are not functioning as intended. And if you fix those components, the process will start moving again.
However, you don’t have time to take a leisurely approach. Consider calling an off-site meeting with your entire team of senior leadership and internal audit directors. Ask the questions we’ve described so far:
If you’re not sure whether you have the right internal audit foundation and resources in place to handle a consent order validation and remediation project, ask the specialists at Crowe. We’ve helped financial services companies of all sizes independently test and validate regulatory enforcement actions. We can assess your consent order processes, quickly tell you what’s working and what isn’t, and provide the experienced, on-demand staffing support you need to get things moving in the right direction.