INSIGHT: The Evolving Practice of Complaint Management

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

Eric Ferri

By Eric Ferri

Eric Ferri is a member of Promontory Financial Group’s global consumer protection practice and draws on his regulatory and consulting experience to advise clients on assessing and controlling compliance risks and designing and implementing compliance-management programs.

By Eric Ferri

Financial firms have long used complaint-management programs to resolve customers’ grievances about products and services. Such programs are critical to customer retention: When firms respond quickly and appropriately to complaints, customers become more loyal. When firms do not, even longtime customers might withdraw their patronage.

Complaint-management programs help firms address the complaints of individual customers, but they can also provide insight into product and service improvements and identify broader issues with compliance programs, internal controls, communications, and processes. In recent years, financial firms have enhanced the use of complaint-management programs to identify systemic risks and inform strategy decisions at the business and corporate levels. Similarly, federal regulatory agencies such as the Office of the Comptroller of the Currency and the Federal Reserve Board continue to expand the use of customer complaints in their supervisory processes to bolster the monitoring of financial institutions, scope and conduct examinations, and analyze applications. [“ Consumer Compliance,” Federal Reserve Board (March 2017).]

To effectively pinpoint and remediate systemic issues, however, firms must be able to separate low-frequency, high-risk complaints from the vast amount of data they receive. Such complaints can reveal issues that exist in corners of the organization and go undetected for months or years before suddenly mushrooming into a full-blown crisis. Identifying and remediating them are a tall order — and an industrywide challenge.

A Lack of Formal Guidance

Firms have received limited formal regulatory guidance on the design and execution of complaint-management programs, despite the fact that banking regulators such as the Federal Reserve, the Office of the Comptroller of the Currency, the Consumer Financial Protection Bureau, Canada’s Office of the Superintendent of Financial Institutions, and the Financial Consumer Agency of Canada, among others, are increasingly focusing on financial firms’ processes for handling and responding to complaints as they prioritize compliance, conduct, and operational risks.

U.S. regulators have established informal expectations of complaint-management programs through public and non-public criticisms, emphasizing that firms should use complaint data to identify and manage risks. Specifically, recent matters requiring attention resulting from horizontal examinations have directed firms to use complaint data to help identify, remediate, and mitigate employee sales misconduct.

However, while federal regulators have provided some objectives for what a complaint-management program should accomplish, they have not prescribed formal guidance on how to achieve those aims. Consequently, most financial firms know what they want to achieve with their complaint-management programs and are aware of the consequences of falling short, but for many, the path to success is unclear.

Key Elements of a Complaint-Management Program

The components of an effective complaint-management program vary according to the unique characteristics and requirements of each institution. However, all programs should be rooted in strong foundational elements, from the establishment of clear complaint definitions to supporting technologies and analytics tools that yield insights from complaint data. Firms can approach these elements in a variety of ways, but to be successful, they must be able to use consumer-complaint information to identify risks, make changes to business practices, and enhance the customer experience.

Effective complaint-management programs contain the following elements:

1) Roles and Responsibilities. Firms should start by clearly delineating roles and responsibilities for all stakeholders involved in the complaint process — including the individuals and functions responsible for responding to complaints and handling escalated complaints — and establishing a three-lines-of-defense model to ensure proper oversight. The three-lines-of-defense model should include an independent risk management function responsible for establishing enterprise-wide requirements for complaint management, incorporating those requirements into the firm’s complaint-management policy, overseeing the overall effectiveness of the complaint-management program, and conducting independent analyses of complaint data.

Meanwhile, front-line, customer-facing businesses should establish complaint-management processes that adhere to enterprisewide requirements. While many firms operate distinct complaint-management programs within each business, several large, complex organizations use centralized utility functions to handle certain program elements — such as complaint response, issue management, complaint analytics, and complaint reporting — across businesses. Centralizing complaint-management processes can create efficiencies in front-line execution and enable consistent execution of the enterprise program.

2) Complaint-Program Definitions. Most firms define complaints based on operational needs and regulatory expectations. Some firms bifurcate their definitions based on the relative risk posed by the complaint; for example, some establish “high-risk” or “sensitive” categories for complaints that require specific escalation, handling routines, and review or approval of responses. Firms should reinforce complaint definitions, along with definitions of inquiries and other types of customer contacts, in their policies, procedures, and training material.

3) Intake Channels and Data Capture. Firms should also define all potential intake channels for customer complaints. These include written channels, such as email; verbal channels, such as phone conversations; and any nontraditional method a customer might use to communicate a complaint, such as social media. To ensure data consistency, institutions should create a complaint taxonomy that includes all required data-capture elements, such as the source of the complaint, the date of the complaint, and the issue it raises. An effective complaint taxonomy can significantly enhance a firm’s complaint analytics by improving the information available for back-end analyses. Complaint taxonomies should align with other data taxonomies, such as employee-allegation and whistleblower taxonomies, to ensure the firm can analyze complaint data in conjunction with information from other sources.

4) Escalation. Clear escalation paths help firms remediate high-risk complaints. Firms should start by defining “high-risk” or “sensitive” and outlining various trigger terms that indicate potential regulatory risk, reputational risk, or consumer harm. They should also decide when, and to which function, a complaint should be escalated. Depending on a firm’s structure, complaints may be escalated to a specialized unit within the complaint-management department, such as a front-line utility function, or to an independent risk management function, such as the compliance function.

5) Root-Cause Analysis. Firms should have processes to determine the source of potentially systemic issues identified in complaints. Given the vast amount of complaint data companies collect each month, performing root-cause analyses on each complaint would be extremely difficult. Centralized teams staffed by employees with strong operational and compliance backgrounds should manage root-cause analyses for the firm’s high-risk complaints and identified complaint trends.

6) Remediation. When a root-cause analysis reveals a systemic problem (one that could violate the law or affect multiple customers) the firm should formally label it an “issue” and track its remediation according to its issue-management policy. Again, firms should clearly define which complaints should be categorized as issues and establish clear, consistent remediation standards.

7) Trend Analysis and Business Impact. To identify systemic issues, firms should evaluate complaints and inquiries for any common characteristics that might not be evident from an isolated complaint. For example, a single complaint about the clarity of a disclosure may not be cause for concern, but multiple complaints about the same disclosure should warrant a root-cause analysis and, if necessary, remediation.

8) Reporting. The firm should report on complaint trends and identified issues to process owners, risk functions, senior management, and risk committees. Reporting should enable senior management and the board to understand the most prevalent risks to the organization, as well as actions taken to address any substantiated issues. Firms should consider analyzing complaints data in parallel with data from other sources, such as employee allegations or whistleblower cases, to gain additional insights for management and board reports.

The Low-Risk, High-Frequency Challenge

Robust complaint-management programs will help a firm identify, categorize, and analyze complaints and glean insights from the data. However, many of the challenges associated with customer complaints stem from the fact that high-risk issues are not widespread, and are therefore difficult to spot. Difficulties with identifying and categorizing low-frequency, high-risk complaints are compounded by the following challenges:

1) Reliance on Junior Staff . In general, identifying complaints is a subjective process that is highly prone to human error. Most complaints are sourced by customer-service representatives — typically junior-level employees — over the phone. These representatives must determine whether their interaction with a customer qualifies as a complaint according to their firm’s definition of the term. However, what they often perceive to be a complaint — for example, a phone conversation during which a customer raises his or her voice — may not stem from any error or wrongdoing by the organization. Yet representatives are often required to record such interactions as complaints based on the customer’s expression of dissatisfaction. Likewise, reticent customers who have suffered from genuine errors or wrongdoing may slip through the cracks if the representative they speak with feels the issues were resolved and the call ended on a positive note.

2) Inadequate Complaint Categories. Once an employee (again, often a junior-level staff member) determines that a customer has made a complaint, the next step is to categorize that complaint in a centralized system. For the majority of financial firms, categorizing complaints presents a major operational challenge. Most develop predefined categories for employees to select from, but they often struggle to strike the balance between categories that are too broad or too narrow. As a result, employees do not always match the right complaint to the right category. In addition, internal systems may limit the number of reasons for the complaint or allow for the designation of a primary and secondary reason only, even though a customer may have numerous reasons for a single complaint. Inadequate complaint categories and system limitations may ultimately lead to unreliable or incomplete data for back-end analyses.

3) Complaint Volume. Consumers are also complaining at a high rate. Some firms already receive over 1 million complaints per month, which they must process separately, along with inquires, disputes, and other types of customer interactions. This level of volume can obscure high-risk issues. For example, consider a firm that receives 1,000 complaints per month related to flawed practices for credit card add-on services. That may seem like a large number in hindsight, especially if the issue becomes national news. However, if that same firm receives more than 1 million complaints per month, then the complaints related to add-ons represent less than 0.1% of its total monthly volume.

4) Diverse Intake Channels. While most financial firms identify the majority of complaints during phone conversations, they also source complaints from email, social media, letters, regulatory agencies, vendors, and other sources. This diversity of intake channels, not to mention the employees in different roles and at different levels who handle complaints across those channels, can lead to further inconsistency in how firms capture and categorize complaints.

Firms typically channel all their front-end complaint data into a central repository, which they use to conduct their analytics. In general, those that struggle to identify and categorize complaints will struggle to identify trends and make sound decisions. Of course, if firms are overwhelmed with complaint data, if they are categorizing complaints incorrectly, and if they are having difficulty collecting complaint data from different sources consistently and accurately, then they have even less chance of identifying latent issues that, in many cases, pose the biggest threats.

The Potential of Cognitive

In the coming years, challenges posed by high-risk, low-frequency complaints could be addressed by cognitive computing. After all, firms in other industries have already begun using cognitive computing with artificial intelligence and analytical software to manage and glean insights from massive, complex data sets.

Cognitive technologies are capable of analyzing semantic features of text input, and therefore have the potential to decipher high-level concepts; interpret emotion and sentiment through specific target phrases, entities, and keywords; and recognize relationships and patterns — in essence, to understand natural language in context. When used with machine-learning functionality that automates analytical-model building, these technologies also have the potential to learn iteratively and source insights without being programmed or instructed where to look. While these innovations are still under development, by combining natural-language-processing and machine-learning capabilities, engineers aim to design the next wave of cognitive technologies to compile and analyze data from a variety of unstructured sources, give advice and offer guidance, make hypotheses, and build cases upon evidence-based reasoning, among other capabilities.

For instance, a financial firm could teach a cognitive solution its definition of a complaint and then use it to identify high-risk language patterns and themes in complaint data across different mediums — including emails, call logs, and social media platforms — in near real time. It could also use the technology to categorize complaints according to criteria such as issue type, level of possible severity, products and services mentioned in the complaint, employees and locations mentioned in the complaint, possible financial impact to the firm, and even the likelihood of customer attrition.

Accurate, well-organized data would, of course, yield deeper insights from analytical activities. Most importantly, however, cognitive technologies could help financial firms eliminate current manual processes and support the consistent identification and categorization of complaints according to their level of risk, irrespective of their frequency.

Consider a scenario in which 1 million customers are inadvertently affected by an operational error that miscalculates the reward points for credit card usage over a period of several years. A fraction of those customers identify the error and complain directly to the bank, which receives just a few hundred complaints about the issue each month. One of those customers might call the bank and say to a representative, “I’m not receiving all my credit card points.” Another might call and say, “I should be getting cash back with every purchase, but I’m not.” Still another might email the bank, insert “rewards” in the subject line, and write in the body, “I calculated my rewards balance for my credit card to be around 50,000 points, but I’m short.” And so on.

Through the application of cognitive technology, this firm could understand that the customers are complaining about the same issue, even though the language each customer uses is somewhat different. In addition, if the firm were to consider the issue “high-risk,” a cognitive solution could tag it as such and immediately escalate it for root-cause analysis and remediation. Given the relatively low number of complaints the firm received about the issue, its chances of finding the problem using traditional analytics would be limited.

Potential benefits from using cognitive technologies include:

1) Better Risk Management

  •  Improved data integrity by reducing need for manual complaint categorization and data input
  •  Enhanced complaint insights and analytics
  •  Faster identification and remediation of issues

2) Direct Cost Reduction

  •  Increased efficiency across customer-facing platforms (call centers, chat functions, email intake, etc.)
  •  Increased efficiency across business lines and corporate complaint functions
  •  Reduced oversight and quality-assurance activities
3) Deeper Customer Insights
  •  Enhanced customer satisfaction, experience, and customer retention
  •  Improved insights into processes and product/service design
Of course, cognitive technologies could yield insights from any kind of customer interaction. Their potential is not restricted to identifying complaints that highlight regulatory risks. For example, firms could also use cognitive technologies to evaluate inquiries or other customer contacts. By gaining a deeper understanding of customer issues and needs, firms could make improvements to any number of products, services, and processes, further increasing loyalty and goodwill.


Complaint-management programs with the eight elements outlined above can be invaluable tools for identifying and remediating systemic risks. Indeed, over the past few years, regulators have emphasized the use of complaint data as a roadmap to conduct and compliance issues. Firms that take steps to review their complaint-management programs and address any deficiencies will be in a good position to stay on top of regulatory requirements and drive shareholder value. Those that don’t could be subject to substantial litigation and reputational risks.

However, even the most well-designed programs can miss issues that don’t generate many complaints. While industry best practices have always evolved with technology enhancements, the proliferation of data in today’s business world has created an unprecedented demand for new, sophisticated tools that can glean insights from massive swaths of unstructured information. For complaint-management programs, these tools, while still in development, are likely to take the form of cognitive solutions that reduce a firm’s exposure to human error and reliance on trend analyses and help address the the low-frequency, high-risk challenge — perhaps the biggest complaint-management challenge facing the financial industry today.

Author Information

Eric Ferri is a member of Promontory Financial Group’s global consumer protection practice and draws on his regulatory and consulting experience to advise clients on assessing and controlling compliance risks and designing and implementing compliance-management programs.

Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Corporate on Bloomberg Law