Change is Happening

Change is happening overnight at the Consumer Financial Protection Bureau (CFPB)
As we await the Senate confirmation of Rohit Chopra to lead the Consumer Financial Protection
Bureau, there are things you can do to prepare for what’s to come. We know from Chopra’s
background and experience, more intense scrutiny is on the horizon to protect consumers. That
means companies and organizations need to step up compliance operations.

Under Former CFPB Director Kathy Kraninger, the bureau collected around $800 million dollars
in punitive fines over a two-year period. Under Chopra, I would expect to see that number
triple. Just compare Kraninger’s numbers to the six-year tenure of former Director Richard
Cordray, who collected $12 billion in fines and consumer redress, according to a Bloomberg Law
article, posted on August 14, 2020. Cordray went after the big banks like Wells Fargo, JPMorgan
Chase and Bank of America.

We know CARES Act compliance will be a strong focus of the CFPB under the new
administration. Congresswoman Maxine Waters (D-CA), Chairwoman of the House of
Representatives Committee on Financial Services, has urged President Biden to
“direct the CFPB to aggressively protect consumers by enforcing the law, including protections
provided under the CARES Act…” You can read the full letter here.

The laws and rules change quite frequently, because the world is changing, and the laws and
rules are changing to meet those needs. That can create a challenge to update your operations.
Half the battle is knowing about them, and then the other is implementing the changes to
comply with them.

I’ve been in regulatory compliance for more than two decades. While it is one of the most
complicated and ever-changing fields, I have loved solving issues for the big banks. After the
2008 financial crisis, I experienced first-hand how the CFPB changed the industry and it’s one of
the reasons I founded Azimuth GRC.

Rohin Tagra
Founder & CEO Azimuth GRC

GRC 1.0 Is Dead — And It’s Long Overdue

By Josh Irons April 23, 2025
For over two decades, organizations have relied on a Governance, Risk, and Compliance (GRC) model that is fundamentally broken. GRC 1.0 — along with its more recent rebrand as Integrated Risk Management (IRM) — promised operational alignment, proactive compliance, and streamlined oversight. In practice, however, it delivered little more than fragmented systems, spreadsheet sprawl, and manual processes masked by marketing jargon. The traditional approach centers on mapping controls to regulatory requirements. On paper, this seems rational. In reality, it means that companies are asked to translate legal frameworks into internal checklists, build and maintain custom workflows, and rely on periodic sampling — all while assuming that sampled controls reflect systemic compliance. They don’t. The traditional model leaves organizations exposed in ways that are hard to justify today. It fails to identify areas where controls are missing altogether, allows existing controls to shift without notice, and gives leaders the illusion that everything is under control when it isn’t. Instead of offering clarity, compliance turns into an exercise in educated guessing. Companies are left to manage the heavy lifting — building systems, interpreting regulations, and enforcing policies — all while struggling to see whether their efforts are actually working or paying off.
Azimuth and Truist

Azimuth extends relationship with Truist to enhance its automation capabilities

November 12, 2024
Azimuth, a pioneer in compliance automation, announced today that it is growing its strategic partnership with Truist Financial Corp (NYSE: TFC). With this multi-year expansion of their current partnership, Truist will implement Azimuth’s VALIDATOR software, enabling the bank to deploy automated, full-population compliance monitoring across multiple consumer businesses.