If your organization hasn’t made significant progress toward remediating and validating a consent order within the first two to three years, you might have a more serious, lingering problem on your hands.
Timely completion of a consent order is possible.
Many large global banks have gotten tangled in complex consent order remediation and validation processes that have taken many years to resolve.
However, you can’t afford to let a consent order or other enforcement action take any longer than it has to. When regulators fail to see meaningful progress, they might consider issuing additional fines, calling a deferred prosecution agreement into question, suspending strategic transactions, or even piling on more enforcement actions. And if you thought one consent order created problems for your organization, try being under two.
After three years, you should know where you stand with regulators and whether your consent order validation process is working.
As a general rule, the three-year mark tends to represent a make-or-break point for most consent orders. By three years from the date regulators issued the order, your organization should be achieving your service-level agreements and meeting standards on a consistent basis. You should be building credibility with regulators, and your board and senior management should be confident that the resolution of the validation process and eventual lifting of the order is in sight.
Too often, the opposite happens. The fast-paced, high-stress environment under a consent order can create fatigue, staff turnover, and growing pains that put important remediation and validation benchmarks in jeopardy. And when regulators aren’t satisfied with your progress under a consent order, they will let you know – in no uncertain terms. Your organization might already be receiving negative feedback or supervisory letters, which can quickly put pressure on your internal audit team.
When the consent order process breaks down, look first at your foundation, then take stock of your resources.
When you can’t see an end to the consent order process by year three and your validation team isn’t achieving the milestones that your regulators and stakeholders expect, it’s time to look at root causes and ask critical questions.
The first question you need to ask is whether internal audit developed the right processes and standards at the outset of the consent order. Crowe specialists have outlined some of the methods and thought processes you can use to help you answer this question.
If you’ve built a thoughtful, comprehensive strategy and the consent order process still isn’t working, it might be time to ask whether you have the right people in place to execute the strategy. In many cases, a consent order process stalls because the organization doesn’t have the necessary internal audit resources in place, whether those resources come from internal teams, an outside vendor, or a mix.
When you start examining your resources for a consent order validation, it’s essential to ask questions such as:
- Do we have the breadth and depth of expertise to address the deficient areas identified in the consent order?
- How is our team structured in terms of tenure and qualifications?
- Can we forecast when additional labor is needed and address those needs without asking our people to do more work than is reasonable for long periods of time?
- If we rely on a third-party vendor, what is its resume? Has the vendor handled similar consent orders for organizations of the same scale or size as ours? Would we be comfortable submitting vendor resumes to regulators?
- Does our vendor’s management team actively participate throughout the consent order process, or does it treat it as a routine staffing augmentation?
Even if things look bad, it might take only a few adjustments to get your consent order process back on track.
The overall consent order process of remediating and validating a regulatory enforcement action is complex. If yours is not working, you most likely have one or more critical components that are not functioning as intended. And if you fix those components, the process will start moving again.
However, you don’t have time to take a leisurely approach. Consider calling an off-site meeting with your entire team of senior leadership and internal audit directors. Ask the questions we’ve described so far:
- Do we have the right people in place, and are we asking them to do the right things?
- Why do regulators keep giving us bad feedback or disagreeing with our team's conclusions?
- Can we reverse-engineer that feedback to determine what regulators want from us and then put the team and processes in place to deliver?
Crowe can help you with your consent order process.
If you’re not sure whether you have the right internal audit foundation and resources in place to handle a consent order validation and remediation project, ask the specialists at Crowe. We’ve helped financial services companies of all sizes independently test and validate regulatory enforcement actions. We can assess your consent order processes, quickly tell you what’s working and what isn’t, and provide the experienced, on-demand staffing support you need to get things moving in the right direction.
To learn more, visit our consent order remediation and validation webpage or get in touch with us personally.
