Pub. 6 2016-2017 Issue 2

12 O V E R A C E N T U R Y : B U I L D I N G B E T T E R B A N K S - H E L P I N G C O L O R A D A N S R E A L I Z E D R E A M S FEATURE ARTICLE Consumer Harm & ARCH: How the FDIC Determines Your Risk NATHAN MCDONALD COMPLIANCE ALLIANCE Consumer complaint questions integrate oversight and compliance program considerations. R ecently, the FDIC updated its compli- ance examination manual to include guidance on evaluat ing consumer harm and the new Assessment of Risk of Consumer Harm (ARCH), a 170-question pre- liminary risk assessment used to develop an ac- tion plan for onsite compliance examinations. Perhaps one of the most helpful aspects of the guidance is that it clarifies the FDIC’s defi- nition of “consumer harm.” Specifically, the new guidance defines consumer harm as actual or potential injury or loss to a consumer. In confirming its long held position, the guidance clarifies that consumer harm conducted through third-party relationships will be attributed to regulated institutions. Thus, under this rather expansive view of consumer harm, institutions may be held to account for any possible injury to consumers regardless of whether consumers incurred monetary loss or any other form of measurable economic harm and regardless of the involvement of bank’s own personnel. The ARCH assessment can be divided into two main sections. The first section identifies an institutions’ inherent compliance risk in the following areas: bank structure, supervisory his- tory, and operations. Banks structure considerations include any factors or changes in control; the board; senior officers or key personnel; affiliates or subsidiaries; and business strategies and activities that raise compliance risk. Mergers and acquisitions, growth, pricing strategies, and fee income are also assessed during this phase. Supervisory history questions consider any enforcement actions, significant issues identified during the last examination, complaints, and consumer litigation. Assessment of operations is divided into the following operational areas, as applicable to your institution: lending, deposits, non-deposit products, third party risk, other products or issues, and UDAAP.