Comments to us from more than one attorney have described what we're doing as a federal audit insurance policy. We're not an insurance policy but the thought is worth mentioning. So our service is not insurance - we don't sell insurance. Most worthy of mention is that the Bureau, in their Consent Orders, expressly forbids using insurer funds to pay a civil money penalty. This exclusion is not mentioned in regard to the primary fine (the big amounts for restitution, redress, etc. - the actual harm to the consumers). These awards go up to nine figures (that's hundreds of million$). And these amounts are not appropriate for insurance coverage as these are simply refunds as redress to consumers injured by illegal actions. In the alternative, these amounts are shown by the CFPB to have occurred willfully and intentionally AND as was mentioned to us by a top CFPB defense attorney, no law firm could afford such insurance in any case. Civil money penalties (CMP) commonly range from 10% to 20% of the larger redress amounts and occasionally run closer to 50%. And we've now seen 100% in civil penalties, even a $100 million CMP where there was no injury to consumers (Wells Fargo Bank).

All of this notwithstanding, insurance is generally meant to protect against outside, unknown risks that sneak up on you. By now we can safely say most law firms are aware of the CFPB, watchful to some extent, and expectant of increasingly enhanced auditing, fines, penalties, etc.

What we're hearing and reading makes up our Predictions List for future consideration:

• Law Firms and attorneys are now viewed as covered entities by virtue of their collection litigation. Lendors are already there. And in some jurisdictions, a law firm collecting debt has to be licensed as a debt collection agency (New York City for example). 
• First-party lenders/creditors are going to be treated like 3rd party - covered and liable for FDCPA and the rest of the list, needing a CMS system, etc. Commercial work is also leaking into a liable position along with consumer contact areas.
• Sectors that are continually on the Bureau's horizon will be examined and audited more intensely. We all know who these are, payday loans, student loans, autodealers, and more.
• Vendor liability is on steroids. This has always been a huge risk. The largest Consent Orders are mostly about vendor violations; this risk covers most of the $10+ Billion in awards to date (going as high as $750 million dollars). Compliance Umbrella includes a complete Vendor Risk Management Program in its CMS and is scheduled to automate this in 2017. For law firms, the most troublesome area here is with the needs of bank clients in their CFPB compliance. Law firms generally have clients who are covered entities (with vendors) and also have their own vendors to manage and CFPB certify (such as outsourced IT, skip trace/investigators, etc.).
• Law firms and banks will be waking up to the compliance need and to the realization of the 3-D nature of CFPB compliance - themselves, their clients, their vendors. All required, no exemptions. (Caveat: a firm is liable only if it regularly deals with debt collections, mortgage law, financial services (bank clients))

What we WOULD say at Compliance Umbrella is that the feeling a law firm enjoys after joining the Compliance Umbrella team is a little like the deep breath you can take after putting an insurance policy into effect; so the insurance policy metaphor makes some sense.

Will using the software at Compliance Umbrella result in compliance? Only if - and there are three or four "ifs". There's a front-end task list and a back-end task list and vendors/clients in the middle. But nobody is considered to be compliant by the Bureau without a fully populated Compliance Management System (CMS). And if a firm purchases a "CMS" that describes itself as a well-designed repository for all your compliance documentation, that is not a CMS - it's an empty document repository.

A proper description would be that such a product is a formatted template into which one could load CMS content, procedures, training, a complaint database.

What is meant by the front-end task list and the back-end task list? First, prior to using the CMS on a daily basis, the intention, dedication, mission statement and approval of the CMS must be considered and documented by upper management, Board, principal partners, etc. And they need to show this on a continuing basis in meeting minutes, etc. Then the back-end will consist of monitoring, followup, identification and resolution of issues and complaints, again by management and documented. 

Are there secrets to getting this done without wasting time, money, adding resources, etc.? We think so; here are a few:

1. Don't pay a per-user license if you don't have to. Our license is a single, per-location license covering all employees.
2. Buy a fully populated CMS. You will save tens to hundreds of thousands of dollars. You can do-it-yourself using the 930+ page exam manual at CFPB.gov, along with hiring a handful of additional heads for procedures, training, IT, etc. but who has time for that?
3. You only need to assign use to covered attorneys and employees (who have any consumer contact or deal with your work in collections, mortgage law, vendors, bank clients). Some staff will not need to use the system.
4. More information is here - at complianceumbrella.com