If you are offering a financial product or service to consumers, such as a deposit account, loan, credit card, or payment service, you need a strong consumer complaint response function. This is true whether you are an established financial institution or just starting out. Tempoe, LLC learned this the hard way when the Consumer Financial Protection Bureau (CFPB) permanently banned the company from engaging in consumer lease activity on September 11th, after the company failed to act on repeat complaints about consumers not understanding its product.1 Had the company implemented an effective complaint response function, it may have avoided altogether, if not at least survived, its encounter with the CFPB.
A consumer complaint response function — often aptly described as the proverbial canary in the coal mine — is a foundational piece of your compliance management system (CMS) that controls how you receive, respond to, and otherwise use complaints to enhance your business’s compliance. It enables you to:
- gain insight into friction points with your customers
- respond to your customers’ concerns in a way that builds brand loyalty
- detect potential legal violations lurking in your offerings
- resolve complaints before they are escalated to a regulatory or other governmental authority
- reduce your risk of litigation resulting from mishandled complaints that become lawsuits
- reassure bank partners, licensing authorities, and regulators that you understand how to run your business in a compliant-minded manner
You may be asked directly about your complaint response function or for your complaint policy or log at several different junctures, such as when you are seeking to partner with a bank or other financial institution, during a financing round, or in the face of a regulatory inquiry or examination.
Regulators frequently leverage complaints to determine where to direct their focus, including in considering whether you need a certain license or as part of a general sweep for violations among like offerings. For example, a regulator may look more deeply into your operations, including your CMS and complaint response function, if the regulator receives complaints from consumers who could not resolve a complaint with you directly, reads complaints about you online or in the news, or identifies you in the complaints of a business partner or service provider. Explaining that you do not document complaints and their resolution — or that you have not received many — will only increase the scrutiny on you.
At a minimum, your complaint response function should:
- be documented in a written policy and procedures, describing how you receive, record, categorize, escalate, and resolve consumer complaints and inquiries, including those received from or relating to partners or service providers
- effectively train employees on your consumer complaint response policy and procedures
- ensure each complaint is responded to promptly and completely, following a thorough investigation of the facts
- include a root cause analysis of each complaint, identifying which function of your CMS resulted in the complaint and might benefit from enhancement to prevent similar complaints or consumer harm
- involve providing periodic complaint reports to the board so that it may address consumer compliance issues and associated risks of consumer harm through the business’s handling of consumer complaints and inquiries
- involve management in monitoring complaints to identify risks of potential consumer harm or CMS deficiencies and ensuring appropriate prospective and retrospective corrective action is taken
- inform other aspects of your CMS, including enhancements to employee training and monitoring or audit schedules
You may be thinking, “This sounds like a lot of work. Why would I dedicate so many resources to maintain a record of complaints that could be used against me?” After all, regulators, like the CFPB, frequently cite consumer complaints, or how an institution addressed them, in supervisory highlights and consent orders, as it did in Tempoe, LLC.2 But the reality is that every business receives complaints, and regulators understand that. In business, not everything goes perfectly every time, but a complaint response function is a necessary component of a CMS for those offering or supporting a consumer financial product or service, because it facilitates an understanding of issues that may warrant your attention and gives you the opportunity to make improvements and prevent or address consumer harm.
Catalogued complaints, like those cited in CFPB supervisory highlights and consent orders, most often come back to bite a business when those complaints are left unaddressed – for example, when a business logs complaints but makes no effort to monitor them for high-risk issues, like discrimination, unfair, deceptive, or abusive acts or practices, monetary harm, or complaint trends, or when a business is aware of certain complaints but takes no action to prevent future complaints regarding the same issue. These failures increase the likelihood of regulatory enforcement actions or class-action lawsuits. Conversely, if an institution were to document complaints, identify a trend, take prompt action to compensate impacted customers, as necessary or appropriate, and make changes to prevent similar complaints in the future, any outcome with a regulatory authority would likely be more favorable.
It is worth noting that regulators, like the CFPB, handle complaints similarly to how they expect their supervisees to handle them. For example, the CFPB records the complaints it receives in its complaint database, monitors those complaints for responsiveness, prioritizes its regulatory oversight or enforcement actions, at least in part, based on high-risk issues or trends detected through the complaint data it collects, and publishes an annual, publicly-available report on the number and types of complaints it received over the year, similar to a business reporting complaint data to its board.
The strongest complaint response functions promote consumer protection by preventing, self-identifying, and addressing compliance issues in a prompt, thorough, and proactive manner with management oversight to help identify risks of potential consumer harm, deficiencies in the business, and customer service issues. Because supervisory highlights and consent orders exist to address CMS weaknesses that result in violations of law, successful complaint response functions do not get the attention they deserve to serve as models for others. Instead, in constructing their own successful complaint response function, businesses are left to rely on the cautionary tales of others’ misfortunes published by regulators, other regulatory guidance and materials, and counsel from experienced compliance professionals.
Ultimately, a complaint response function can be a tool used to fortify your business’s compliance management or, if neglected, an Achilles’ heel awaiting its fated arrow. Complaints can arise at any time, so it is never too early to begin developing or enhancing your complaint response function.
Goodwin’s Fintech group strategically leverages its regulatory, transactional, and litigation and enforcement practices to provide full-service support in every vertical of fintech and financial services, including: lending, payments, alternative finance, deposits, brokerage and wealth management, digital currency and blockchain, insurance and insurtech, and transactions, including bank partnerships and deal due diligence.
Josh Burlingham is part of Goodwin’s Financial Industry Group, specializing in compliance strategies for consumer financial services offered by banks and fintechs, building and consulting on compliance management systems and their respective functions (board and management oversight, policies, procedures, training, monitoring, audit, consumer complaint response, and service provider oversight), evaluating risk relating to unfair, deceptive, or abusive acts or practices (UDAAP), and preparing for or responding to regulatory inquiries, examinations, or potential actions. For help with your CMS and other compliance needs, contact Josh at email@example.com or (617) 570-1404.
 Tempoe, LLC, File No. 2023-CFPB-0010 (Sept. 11, 2023).
 Id.; see also Servicio UniTeller, Inc., File No. 2022-CFPB-0012 (Dec. 22, 2022), Hello Digit, LLC, File No. 2022-CFPB-0007 (Aug. 10, 2022), CFPB, Supervisory Highlights: Issue 24, Summer 2021 (Jun. 2021), https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-24_2021-06.pdf, and CFPB, Supervisory Highlights: Issue 23, Winter 2021 (Jan. 2021), https://files.consumerfinance.gov/f/documents/cfpb_supervisory-highlights_issue-23_2021-01.pdf.