Episode 58: Preparing for 2025 Compliance Challenges and Regulatory Changes

In this episode, I sit down with industry experts Doreen Ghusar, a governance & regulatory advisor with 20+ years experience at leading lenders, and Chris Hilliard, a seasoned compliance professional with 20+ years experience at major financial institutions and lenders, to talk about expectations for compliance in 2025 and best practices to mitigate risk.
We discuss:
- The importance of proactively tracking and reviewing supervisory highlights, guidances, circulars, and enforcement actions
- Leveraging compliance tools and alerts to remain informed about regulatory updates and risks
- Investing in compliance resources early to avoid greater costs in the future
- Anticipating changes in 2025, including new regulations for AI and digital innovation
Show Notes:
- COMPLY Podcast Speaker Interest Form: https://comply.performline.com/comply-content-speaker-interest
- The CFPB: 2024 Lookback and 2025 Predictions for Compliance: https://performline.com/blog-post/the-cfpb-2024-lookback-and-2025-predictions-for-compliance/
- Connect with Doreen: https://www.linkedin.com/in/doreen-g-innovate/
- Connect with Chris: https://www.linkedin.com/in/chilliard/
- Connect with Rhonda: https://www.linkedin.com/in/rhonda-mcgill/
Subscribe to COMPLY: The Marketing Compliance Podcast
About COMPLY: The Marketing Compliance Podcast
The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY Podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level.
Episode Transcript:
Rhonda:
Hey there COMPLY Podcast listeners and welcome to this week’s episode. In this episode I sat down with Doreen Ghusar and Chris Hilliard to talk about what they expect for compliance in 2025 with a change in administration and shifting regulatory priorities and best practices for staying proactive in your compliance programs.
Rhonda:
So one of the things we always get from our speakers when we have our webinars is that, you know, the CFPB is a wealth of information. They have a lot of resources. They have a lot of things that you can read between the tea leaves, and you can kind of know where they’re going.
And now we’re not totally sure where they’re going, but what would you advise a young company or even a more experienced company at this particular time? What are some tips that you could potentially provide as to where they should focus in terms of resources or where they should keep their focus?
I always say follow the complaints, but I don’t know if that’s going to be the case in the coming year. Do you have any thoughts on that?
Doreen:
As a compliance officer, I’ve always found it extremely important, helpful, and resourceful to track regulatory enforcement actions.
So CFPB, FTC, FDIC, and, of course, from a state perspective as well, for me, give a great wealth of knowledge to not only understand what the issue was, but how did they define the issue to be mitigated? And the penalties that were being charged, but also take that into account in your internal process.
And suppose you have a great compliance management program where you’re doing your risk analysis. In that case, you can always go back and say, CFPB came out with an enforcement action or circular that talked about junk fees or late fees or consumer complaints of ours, in the last three quarters have been high with respect to Equal Credit Opportunity Act, TILA, or UDAAP. So, it gives us a good perspective of going back and identifying that internal process and making sure that you’re measuring that and saying, this company or this organization who went through this enforcement action meets what we do similar to and, just making sure that all your ducks are in a row.
Measuring that internal process, is a good tool. One of the things I advise on is, Don’t be reactive. You know, don’t don’t have an auditor come in. Don’t have an examiner come in and then tell you what you’re doing wrong. Built processes, internal processes. I mean, from the cradle to the grave where you’re always being proactive and, you know, taking these circulars is these enforcement actions, this guidance that’s coming from the regulators and going in and just doing a quick check. I think it’s so important because it tells you you. Do you know what your risk areas are and how you are going to mitigate them on a continuous basis?
So I think that’s what I would advise and say: Just keep your ears and eyes open, you know, compliance officers, as you’re monitoring the landscape of these enforcement actions, things that are coming out from the regulator, and really sit there and read and analyze it and see, how does this impact my organization?
How does this impact my compliance management program? What are the lessons learned? What are the trends, and what do I need to do on a continuous basis to build a sustainable program? When I have a regulator coming in and starting an examination of my organization, here are the things that may have been a problem. Because of this circular, this enforcement action, and the supervisory document coming out, we took that into consideration, and this is how we mitigated the risk.
So, I think that being proactive is important in itself because it shows that you’re constantly giving compliance an important role and continuously want to manage that risk with good faith intent.
Chris:
I completely agree. It’s one of those things where there are not one thing you can do, not two things you can do, but 17, 20, or 25 things you can do. I want to reiterate that staying current with all the supervisory highlights, as well as really tracking the enforcement action database, going in there, and looking at the press releases, is important.
CFPB makes it a little bit; I don’t know if I’d say it’s easier or more difficult to dig in because it’s a three-step process. Most of the time on the CFPB’s website. You go to the press release. Then, from the press release, you can go to the underlying documentation, which is separated by the enforcement action and the potential remediation action.
It’s multiple layers. You’ve got to dig through all the layers of the onion, which is fine, but make sure you actually dig, looking at what the trending might be in those enforcement actions. And that’s going to completely change again with the new administration.
So you’ll see what’s kind of in the pipeline. There’s going to be a push over these next couple of months to get out of the pipeline what’s currently in it and get that done, because it’s very difficult to bring a report of examination from one administration into the next administration unless there’s some sort of consistency.
I don’t know that we’re going to necessarily have that consistency with this transition. We will certainly see, and the CFPB circulars always give good guidance and definitely touch on emerging regulatory views. It’s one of the places I would look to spot trends early and definitely set up alerts from the CFPB in your email box, with all of the good law firms that you work with and everything else.
Get as many of those as you can. You can also certainly—and this is a shameless plug for our hosts and whatnot—work with companies like PerformLine or Winnow.
Of course, I highly recommend looking into a GRC tool, a governance, risk, and compliance tool that you can work with to perform line and window integration and build robust programs.
It was a yes or no, but I’m going to go deeper into it. One of the things that I have always seen is, you know, compliance. We have the smallest budget when it comes to implementing human resources or bringing in tools and things of that nature. But one of the things that I did at a previous company, we brought in a robust GRC tool where we were able to embed all these other focuses in it, and going back to your point, Chris, you start getting your alerts on that.
And that in itself is something that, even if it’s at the forefront, you’re paying attention to that. You’re doing something with it. You’re addressing] it, whether it’s a risk, high, medium risk, or low, you’re still addressing something. And I think investing in the right tool is extremely important.
Again, one of the things I say is that compliance is important. Compliance is expensive, but it really depends on where you want to pay it: up front, which I would do, or in the back end, which I don’t want to do. So it’s something to think about.
Chris:
One of my favorite conversations with any board at any company is that you can focus on and look at compliance as a cost center or as a cost avoidance center. Just like you’re mentioning, you can pay it upfront, or you can pay significantly more on the back end if you don’t do things the right way. I recently did a course for America’s Credit Unions called Making Compliance Approachable at their compliance school.
It was nice to see CEOs, Chief Risk Officers, and General Counsels in the audience. If you go back all the way to the development of the CFPB and the expansion of the OCC, compliance has been on the forefront for some time. However, there’s a delayed reaction. People are looking at it and seeing the value and utility of involving compliance early and often, but you’re starting to see that change.
It’s nice. I would have hoped it would have changed a decade ago, but you’re starting to see it change more. You’re starting to see some folks open up to the fact that you may need to put some budget dollars into letting compliance get a great GRC, making arrangements with other companies that help them potentially outsource a function or help them complete that function.
Do you often spend those dollars better and have them be more effective than simply hiring a new person or looking to engage outside counsel or something like that? You can make those dollars stretch far and have a far greater effect than you otherwise would just by throwing bodies at a scenario.
Getting back to AI, as we mentioned earlier. You’re looking at these large language models that can look at huge amounts of data. I mean, can go back from the time that, you know, a company may have started servicing, looking at a billion dollar, 5 billion, 20 billion servicing book of business and analyze, trends across the applications that yielded those loans and the loans that may be potentially outside of what that credit box is now where you might need to look at those and have a more proactive servicing approach to them.
You can look at it from not only a compliance enforcement and regulatory remediation standpoint but also from the perspective of avoiding this significant future cost by identifying these areas where I know I have risk. It may not have been something that was against the rules or that had any type of regulation put against it.
You’re talking about huge aspects of buy now pay later. Significant swaths of earned wage access as well to a lot of stuff doesn’t just necessarily exist for those things. So, even though it may not have been against the rules when you did it, it’s good to understand future risk because there are evolving areas of compliance related to those things.
Doreen:
Of course, we’re talking about going back and looking at supervisory highlights. I think it’s important to highlight that every three months as we’re doing our compliance committee meetings, board meetings for compliance, and executive meetings to just really understand the trends and hot topics.
And if we identify those trends and hot topics and build compliance programs, you know, based on that, or at least, in bed, yeah. You know, a focus on that. I think it’s important sometimes I sit here. I look at these supervisory highlights that, You know, an organization had an enforcement action in February, or let’s just say, you know, recently. Still, there was a similar enforcement action two years ago, and I and I sit here and I scratched my head and I said, Well, why did you, not it’s a lesson learned, you know, I mean, again, I know that it gets to a point where we’re always just, you know, I’m You Running so fast to focus on other things.
But then again, I think being proactive is so important if you’re proactive, and he took a, you know, you definitely identified a problem. You didn’t take care of the problem that you have within your organization, which another organization was slapped with two years ago. It must be coming to light that’s extremely important as we have these nonbank registries because the states would be going back and looking at it. So it’s extremely important to use that as a tool and a resource.
Rhonda:
Absolutely. Let’s do a quick roundup of what you think compliance will look like in 2025.
Doreen:
Busy. And I’ll tell you what, because, you know, as we’ve been doing hot topics of artificial intelligence, right? Expanding the territory with respect to digital assets. Cryptocurrency has been shooting up. So, I mean, those other components are going to come into play, and we have to really get intentional about not only meeting those requirements but then also how to build those requirements from a monitoring and oversight perspective. So those are the things that I’m seeing as a really heavy focus on digital innovation with respect to the new focuses. Then, we have organizations that are heavily embedded in digital innovation.
We have to start looking at community banks that have put digital innovation on their roadmap. So that’s something that they will start building to stay competitive in this market. I think compliance would be working really hard within those organizations to build those focuses.
All I’m saying is, organizations, make sure you have a good compliance budget to Fulfill this in the next 12 to 24 months because it’s going to be extremely important.
Chris:
Doreen is spot on. That budget is important, and those dollars can be used very effectively, So don’t be afraid to allocate them. If not, you’ll be allocating far more on the back end, starting with CFPB and where compliance is and where aspects of compliance are going, and then getting into the broad prognostication of what 2025 may hold. Starting with where the CFPB may go and where compliance specifically may go, I think we’re probably going to swing back, on the pendulum more to a principles-based Regulatory scheme really where we’re seeing regulators, including the CFPB established broad principles or prescribed outcomes that organizations and companies and and and third-party providers.
We need to achieve this rather than a brand new rash of specific rules or enforcement of a number of the current rules. I think that you’ve seen President-elect Trump, former President Trump, and now President-elect Trump. You’ve seen his administration prior focus on flexibility, somewhat on innovation, but really on adaptability and using rapidly evolving technologies, as FinTech organizations will do, you’ve seen his administration in the past really look at outcome, oriented, regulation and, potentially what you would call innovation-friendly, regulation in a principles-based fashion, giving flexibility, to organizations to actually try to innovate.
But at the same time, you have to worry about that innovation, what that outcome may be, and it could certainly be negative. If you feel as though you’ve got a lot of rope, you certainly can hang yourself with a lot of rope. It doesn’t need to be specifically short or whatnot.
So, as Doreen said, ensure that you have that budget. Ensure you have those policies and procedures in place that you have those processes described. With President-Elect Trump focusing more on reducing government innovation and allowing markets to quote unquote self-regulate to a greater extent, there’s that huge emphasis on deregulation across many sectors that he’s looking at.
We’re Health and Human Services, the VA, and the military; none of those are safe from potential deregulation and reduction of government intervention. But, you know, that that’s 1 of those things that we’re not going to necessarily see it, We’re not going to see it until it happens. Unfortunately, we will see the proposed rulemaking, hopefully, of what’s to take place. But when something is rolled back, it’s just going to be rolled back. It’s not something that we’re going to have a comment period on for 180 days of potentially rolling back the X, Y, or Z rule.
It’s just going to no longer be, and that’s ultimately very disruptive for the market. We might get to a place where there could be a potential increase in innovation. There could be a potential sigh of relief from companies that are trying to do things that are on the cutting edge.
But at the same time, administrations last four years. So you get too far down the rabbit hole, going in a direction where you’re like, “This will never come back. These rules are always going to be this open.” That’s a bad place to be. You want to be ready to govern yourself.
You want to be ready to ensure that you have the necessary transparency. And we go back to the days of rent-a-charter and things like that. We don’t want to go back there. We don’t want there to be uncertainty. We want there to be that warm and fuzzy feeling that we have at night saying, okay, I’ve got this rule set, and I’ve got to follow it.
Sometimes, especially in the future, you’re going to have to do that yourself. You’re going to have to figure out the rules that you think should apply, not only from a principle-based standpoint, but really from if there’s a different administration in four years, and there will be, regardless as to what political affiliation is, there will be a new administration.
Where may they go as well? You don’t want to be too far down the road and not be able to change course when you’re in it. The regulators change course, which is just getting back to the point that everything is transitory as it relates to much of the new regulation because it’s not had time to be completely implemented in certain respects or even commented on.
And now we’re already looking at potential changes. Overall, I’m just hoping that in 2025, we go down a path of being able to have that reconciliation of, you know, 50 percent of the company for a company, 50 percent of the country doesn’t agree with the other 50 percent of the country.
If we can find some common ground, we can move forward. I know it’s not going to be the case in every single instance, but hopefully, there’s a little bit less derision and division. It would be nice to also have that in Congress. I have hope.
Rhonda:
I think I agree with you all. When all is said and done, one thing they will have in common is the importance of consumer protection. Because of that, I hope that as long as companies are doing the right thing by the consumer, things can be okay.
But definitely, I always encourage the ability to monitor and understand what is out there in the wild so that you are able to protect consumers and your brand because that is so critical and important. Also, I always encourage understanding the changes in regulations because they’re always evolving.
So that’s where, you know, folks like Chris are coming into play where, you know, you can, you understand, on the fly, if things are happening, what’s happening, and how you need to pivot. And so it’s just. You know, taking the time, I always say the end of the year is always a great time to update your policies and your procedures and make sure you’ve got everything into play, but just understanding 2025 is going to be a busy year and compliance. Things aren’t going to slow down.
Things are going to be shifting. Protect your brand, protect your reputation, and protect the consumers.
Rhonda:
Thanks for listening to this week’s episode of the COMPLY Podcast. As always for the latest content on all things marketing compliance you can head to performline.com/resources. And for the most up-to-date pieces of industry news, events, and content be sure to follow PerformLine on LinkedIn. Thanks again for listening and we’ll see you next time!