ABA May/June 2025: Managing Communication and Execution in Remediation Efforts
Effective communication is essential for financial institutions (FIs) during the remediation process, ensuring transparency, managing stakeholder expectations, and minimizing reputational risks. Equally important is identifying and documenting lessons learned after remediations. By reflecting on past challenges and outcomes, FIs can strengthen their risk management frameworks, prevent recurring issues, and foster a culture of continuous improvement in compliance and operational practices.
Communicating internally
A comprehensive communication plan is a vital part of the remediation framework. An institution should have a plan for keeping each line of defense and business unit apprised of significant remediation developments that may impact additional lines of business, or worse, the whole enterprise. This can be achieved through reporting to committees such as an Enterprise Risk Management committee or Compliance committee, at which point leadership can determine whether the underlying issue giving rise to remediation has a broader, and in some instances, enterprise-wide impact.
Regular, periodic reporting to senior leadership, executive management, committees and/or the board should be an essential part of any remediation plan, which will provide them an opportunity to offer credible challenge. The manner and depth of reporting would depend upon how issues management is handled at the institution, and the circumstances surrounding the remediation. Often simple green-yellow-red flags can help to quickly identify any issues that might need deeper attention. Committee and board minutes should also contain evidence that the relevant entity has been regularly briefed on major remedial efforts. (If the minutes do not reflect such discussions, then a regulator may not believe they happened.)
Reporting to senior stakeholders should generally include the following at a minimum:
A general description of the event, including a description of any consumer harm, and demonstration that a full root cause analysis was conducted;
Relevant dates regarding the issue (be it an error, control gap, or external event), including when it was discovered and subsequently resolved, the time period covered by the remediation event, important milestones, any hurdles or constraints, and the date or dates when remediation activities will be or were completed;
Affected lines of business, products, geographies, and/or consumer populations;
Laws or regulations relevant to the remediation, including whether the issue represents UDAAP risk;
A description of the type of remediation (monetary or non-monetary, with appropriate level of detail) and an assessment of the financial impact of planned corrective action; and
The number of impacted customers (or potential customers, such as in the case of loan applicants who might have been improperly denied because of a system error).
Depending on the institution, executive management might also be interested in receiving additional data points.
Communicating with regulators
It is important to be forthcoming and transparent with the regulators about self-identified issues and remedial efforts. Institutions will often debate internally, and may seek the advice of counsel, on whether and when to bring an issue to the attention of their regulator(s), and whether to report it in the ordinary course through periodic reporting or whether to separately report it outside of the normal cycle. The unique facts of the situation matter and issues involving significant consumer harm may warrant a meeting with the regulator, followed by written communication memorializing the conversation.
Prior to communicating with the regulators, an institution should devise a communication strategy and have its endgame in mind. For example, if an FI is responding to a regulator’s preliminary findings letter, it should formulate in advance which concessions it is unwilling to make and where it may be willing to negotiate. An institution should also be careful not to include anything in a remediation plan that is still subject to change, such as an estimate of the consumer redress where data analysis is not yet fully complete.
Timing is everything. There is a balancing act between the two extremes of either (1) fully scoping the issue and possibly even initiating the remediation process, versus (2) disclosing the issue to your regulator as early as possible, before a more comprehensive analysis has been completed. In general, regulators wish to be notified without unreasonable delay. If the reporting is perceived to be delayed (e.g., being provided shortly before an examination), an institution will need to justify the delay and may not receive any favorable treatment for responsible business conduct. At the same time, regulators value self-identification, thorough analysis, and proactive planning. For this reason, FIs may be better positioned for this first discussion by having details regarding the event’s scope, root cause, affected business lines, affected consumers, and an estimate of the financial redress and other remedial efforts required. In some instances, an institution may decide not to highlight remediation efforts that involve minor process fixes designed to avoid potential consumer harm where no actual consumer harm has been identified.
Generally, to avoid this timing dilemma, it would be helpful to establish (in the remediation framework) objective criteria that will guide reporting protocols. This criteria can be reviewed with regulators to ensure that the institution is aligned with regulatory expectations. Documenting this approach proactively can drive consistency across the institution for the type of issues that get reported, and when.
Institutions should document conversations with their regulator, capturing any guidance such as a statement that the institution need not remediate a certain group of consumers. In addition, for remediations that are particularly sensitive, or those that involve some level of judgment or flexibility, the institution may request their regulator’s non-objection as to its course of action. Although the regulator may not provide formal written non-objection, at least the record will show that the institution sought supervisory feedback.
In written communications with regulators, FIs should be direct and succinct. Institutions should avoid simply regurgitating their remediation methodology in their remediation plan. Rather, an institution should carefully consider which information to disclose and what may be too detailed and run the risk of obscuring key points, making it harder for the regulator to follow, or even worse, inviting greater scrutiny over an issue the institution considers resolved.
Communicating with consumers
Internal communications should be completed as best as possible prior to any communications with consumers. Deciding whether to communicate with impacted customers — and what to say — will depend on the nature of the issue and the harm. If the harm is evident to the customer, then a communication may be needed. Whenever such communications are issued, remember also to align customer service with internal training, scripting, and other aids to assist groups who may receive questions from consumers. Consumer communications should be approved through appropriate channels, with Legal and Compliance being key stakeholders in the review process. Consider engaging Corporate Communications and additional resources such as outside counsel for any matter that may receive media attention.
Identifying lessons learned
Upon the end of a remediation project (including after final validation), an institution should set aside time for the relevant stakeholders to provide feedback, identify lessons learned, and make suggestions for enhancements in the remediation framework. An institution should also track the root cause(s)for any repeat occurrences, and encourage suggestions for ways to improve controls to prevent similar, or related, occurrences in the future. Examples ofexploratory questions include:
Product governance: Did the institution fully analyze a new/modified product, including its proposed fee structure? Were potential consumer or regulatory criticisms fully vetted (or not fully identified and researched) prior to implementation?
People: Is there a culture-related issue? Are the ethics and whistleblower processes working effectively? Is the staff so tightly constrained that they have become more prone to error? Is training as robust as it should be?
Technology: In programming, were inappropriate shortcuts used? Was testing adequate? Were critical technology interdependencies fully explored, addressed, and tested?
Metrics: Are there any key performance indicators or key risk indicators that can now be implemented to serve as more effective early warning tools?
Answering these types of questions will help identify investments that need to be made over both short- and long-term horizons.
Conclusion
Remediating consumer harm can be a difficult process. By developing a remediation framework, taking steps to plan for and execute a remediation upon discovering an issue, and having a comprehensive communication plan, FIs can increase their chances of effectively remediating consumers while minimizing adverse impacts on the institution.
This article is the final in a three-part series on planning and executing effective remediations. For more information on the importance of self-identifying events that may warrant remediation, strategies for developing an effective remediation framework, and factors to consider when crafting a remediation plan, see our first article, "Proactive remediation: Self-identification and the importance of frameworks," in the January–February 2025 issue. For key steps financial institutions should take when discovering issues requiring remediation, refer to our second article in the series, "Critical steps to take upon identifying issues requiring remediation," in the March– April 2025 issue.
Check out the ABA May/June 2025 Issue HERE.
About the Authors
JEREMY HOCHBERG has 20 years of private and public sector experience in financial services. He advises banks, financial services companies, and third-party service providers on regulatory compliance and enforcement matters. Jeremy represents clients on fair lending and responsible banking issues, including matters involving claims of disparate impact; disparate treatment; and unfair, deceptive, or abusive acts or practices (UDAAP). His work in this area includes advising on underwriting, pricing, exceptions, redlining, steering, limited English proficiency, sales and marketing, artificial intelligence and machine learning, overdrafts, credit reporting, and servicing issues.
PATTI HARTSFIELD-DAVIS is an independent consultant, currently aligned to Mitchell Sandler PLLC, with a focus on risk and compliance advisory services, including regulatory remediations, for financial FIs of all sizes. In addition to working with Mitchell Sandler, she currently serves on the Board of Directors for Sunrise Banks, N.A., a national bank that is also a Community Development Financial Institution, and currently chairs the board’s Compliance & BSA Committee. Prior to entering consulting, she held senior positions at Fifth Third Bank (Chief Compliance Officer), Ally Bank, and Bank of America, spanning roles that included regulatory and consent order remediation, policy administration, and numerous areas of compliance and operational risk management (U.S. and international; consumer and business/commercial).
SIGN UP FOR UPDATES
Never miss our news, insights or events.
FEATURED NEWS
