Examination of Consumer Finance Entities
The examination focuses on compliance with applicable state and federal laws and regulations and areas deemed likely to affect the safety and soundness of the licensee.
Consumer finance entities supervised by the Department include licensed lenders, premium finance agencies, and sales finance companies.
The DFS assigns licensed consumer finance entities a FILMS rating based on an assessment of financial condition, internal controls and auditing, legal and regulatory compliance, management, and systems and technology. The ratings range from “1” (Strong) to “5” (Unsatisfactory).
Licensees with a FILMS rating of "4" (Marginal) or “5” (Unsatisfactory) or severe violations/deficiencies may be subject to regulatory actions such as monetary fines, and license suspension and revocation.
Details on the evaluation of the FILMS components
Financial Condition: This evaluation considers balance sheet composition including the level of past due and non-performing loans, asset quality, the adequacy of capital to absorb losses and to support growth, the level and quality of earnings, and the adequacy of liquidity.
Internal Controls and Auditing: Internal controls and auditing are evaluated based upon the effectiveness of accounting, financial, operation, and systems controls, and the audit program. The assessment considers the extent of adherence to established policies and procedures; the independence, frequency, scope, and adequacy of the internal audit function (including risk assessment) relative to the size and business activities of the licensee; the severity of internal control and audit exceptions; the extent to which internal control and audit exceptions are tracked and resolved in a timely manner; the adequacy of management information reports; and whether the system of controls is reviewed to keep pace with changes in the licensee’s business plan.
Legal and Regulatory Compliance: This evaluation is based upon the level of adherence to applicable state and federal laws and regulations including any supervisory follow-up actions; the effectiveness of the written compliance program and training of personnel charged with maintaining compliance; the ability to submit regulatory reports in a timely and accurate manner; and management’s ability to identify and correct compliance issues in a timely manner.
Management: The rating is based upon, but not limited to the following: the overall performance of the licensee; the capability of the governing board and management in carrying out the licensee’s mission; management depth and succession; soundness of credit administration; the adequacy of risk identification processes; and responsiveness to recommendations from auditors and supervisory authorities.
Systems and Technology: The evaluation is based upon assessments of the following four critical components: IT Audit – evaluates the quality of the entire IT auditing process (including risk assessment), internal and external in terms of management and the external auditor’s ability to effectively identify, monitor and test internal controls over information systems; Management – evaluates the extent to which management effectively monitors and controls the risks inherent in information systems, including, but not limited to, resources employed and disaster recovery/business continuity planning and testing; Development and Acquisitions – addresses the adequacy of the licensee’s systems development methodology and related risk management practices for the acquisition and development of IT; Support and Delivery – measures the licensee’s ability to provide reliable and secure quality information systems services effectively and efficiently in-house and through service providers.