Mitigating Compliance Risk for Digital Marketing and Social Media

Digital marketing and social media are a must-have for every financial institution. They are invaluable tools, enabling you to reach the right person at the right time with the right message, reduce marketing costs and increase ROI. Their successful implementation can be linked to a 3-step process—data collection and analysis followed by informed action. However, to mitigate compliance risk, digital marketing and social media posts must adhere to the same fair lending and regulatory guidelines and practices as other forms of marketing.

A marketer’s dream. A compliance officer’s nightmare.

Financial institutions collect a tremendous amount of data on their customers. They know addresses, age, gender, ethnicity, marital status, financial status, credit card purchases, vehicle age … priceless data that enables precise targeting. However, certain data triggers may open the window for digital redlining and other fair lending risks if they rely on protected class definitions.

Does this mean financial institutions should shun digital marketing and all its benefits? How do we make sure our institutions are protected from compliance risk in a world where marketing relies on data filters? Let’s explore the ramifications of using targeted, digital marketing and social media in the world of banks, credit unions and regulators.

Does Digital Marketing reach everyone equally?

While the vast majority of Americans use the internet regularly, 10% of the US population is not digitally engaged. Of those, 14% are Hispanic, 15% are black and 27% are over 65 years old.1 These are all protected classes, and they occupy a digital desert; with no data coming in, not even targeted direct mail can reach them. We also have to consider the credit-invisible population, those who have not had the chance or opportunity to develop a credit score, good or bad.

If digital marketing and social media do not reach these individuals, this could be considered disparate impact and/or treatment. It pays to be overly cautious and to decide early how to reach these small, but important, populations.

The Pitfalls of Digital Marketing and Social Media

The more internet-based marketing is used to target advertising, the more likely target data may inadvertently categorize consumers by protected classes. Knowing Alice is a 65-year old Hispanic female who likes to browse fashion is great for shoes. It’s not so great for financial institutions as most of the indicators can be considered protected classes – over 65, Hispanic, female, etc.

With the help of cookies, data is collected and attached to an individual through email addresses, phone number and other personal forms of identification. Algorithms ensure Alice, who has visited numerous real estate sites, sees mortgage offers and links to relevant posts. Sounds innocent enough. But what if Alice’s data excludes (or includes) her based on gender, age or national origin? This opens financial institutions to possible compliance risk.

Compliance Risk and Digital Marketing

Banks and credit unions are increasingly engaged in digital marketing. It’s a cost-effective and powerful platform to reach customers and prospects where they are most engaged with a message that resonates. It often involves collecting real-time consumer data that can be used to create detailed profiles and data triggers for communications, such as product viewed, product bought, income and ethnicity. Triggers based on protected classes, even if it’s done unintentionally, could put your financial institution under scrutiny for fair lending risk.

Compliance Risk and Social Media

Today’s consumer wants more. They want to engage with brands that reflect their values and deliver more than targeted offers. Social media channels are where they turn. They look for meaningful communication that sets your financial institution apart from others. Insightful articles on debt consolidation, Facebook posts about employees and tweets on community involvement are just a few ways you can connect with your customers on a deeper level and reinforce brand loyalty. A strong social media presence helps set your financial institution apart, enhances existing relationships and helps attract prospects. However, the same fair lending risks arise as in digital marketing.

The Equal Credit Opportunity Act (ECOA) and the Fair Housing Act (FHA) provide clear guidance on what is acceptable for marketing and advertising. To ensure targeted digital marketing and social media  posts avoid the pitfalls of compliance risk, financial institutions must make sure their efforts follow all guidelines. Finding a partner with a deep understanding of the financial world can help you navigate the complexities of compliant digital marketing and social media presence.

The Solution

Marquis Compliance Professional Services can help you navigate the digital world. Marquis Compliance Professionals Services experts have a deep understanding that enables them to recognize the risk factors of targeted marketing. They can help develop policies and procedures to collect and analyze data. By implementing risk mitigation tools like demographic balance testing, back-end testing of campaign results and reviewing matching factors, Marquis’ experts can help you avoid and/or uncover fair lending risks.

Marquis’ marketing and compliance solutions were developed specifically for the financial industry. With over 30 years of experience dedicated to financial institutions of all sizes, they understand the unique dynamic between compliance and marketing. They can provide proven and effective strategies to collect, analyze and act on data. Leveraging their unique perspective can help elevate marketing efforts and mitigate risk before it becomes an issue.

CONCLUSION

Digital marketing and a strong social media presence are extremely cost-effective mediums that enable financial institutions to enrich relationships and deliver a message that resonates. Ignoring digital marketing and social media will only handicap your institution’s marketing efforts.

Partnering with Marquis and Marquis Compliance Professional Services can help improve digital marketing and social media efforts and minimize inadvertently triggering compliance risk.

FOOTNOTES:

1 Pew Research Center, Internet/Broadband Fact Sheet: 2019 https://www.pewresearch.org/internet/fact-sheet/internet-broadband/

The Value of a Compliance Management System

A financial institution’s Compliance Management System (CMS) is the backbone of risk management and also acts as the pathway to success (or failure) when it comes to reviews, exams and audits. The CMS should cover all of an institution’s risk areas ranging from loan processes to customer/member complaints. A robust and comprehensive CMS helps ensure proper procedures are being followed, uncovers risks before potential issues arise and helps assure compliance with regulatory demands and requirements.

The CMS touches almost every department, from marketing to administration. The FDIC, just one of the regulatory bodies of several who evaluate the efficacy of a CMS, has provided guidance that a CMS is how financial institutions 1) learn about compliance responsibilities, 2) make sure employees know and understand compliance responsibilities, 3) review operations to ensure responsibilities are fulfilled and requirements met, 4) define risk areas and take corrective action and 5) update materials as needed.1

A CMS that has been implemented and functioning the way it is intended can save a financial institution from compliance failure and fines as well as a loss of reputation.

CMS Structure

Before examining preventative measures, let’s delve into what’s expected from a CMS. Although regulatory bodies are looking for the same general and overall components, emphasis can differ based on the scope of the audit or exam, the examiner, and of course the regulatory body doing the examination.

The FDIC presents three elements considered essential for an effective CMS.

Board and Management Oversight
It is imperative that the Board and Management be committed to compliance efforts. A culture of compliance encourages cross-enterprise support and is supported by a well-defined policy, clear expectations and a compliance officer with the authority to do what is necessary to keep the institution as free from risk as possible. This is often referred to as the “tone at the top”.

The Compliance Program
A strong compliance program includes policies, procedures, training and monitoring guidelines that are clearly stated and carried out. Response to consumer complaints is an integral part of the compliance program. The path for escalation and resolution should be adopted and consistently applied enterprise-wide.

The Compliance Audit

An independent review of how an institution adheres to internal policies and procedures, and how these policies and procedures comply with consumer protection laws and regulations, helps ensure compliance and identify risk.

The CFPB breaks a CMS into two main elements: Board and Management Oversight and the Compliance program. When reviewing a CMS, the CFPB examiners apply the following five modules.2

Module 1: Board and Management Oversight
Examiners focus on the Board and Management’s commitment to the CMS, change management, identifying risk and understanding its source and the ability to proactively identify risk and take corrective action.

Module 2: Compliance Program
A solid CMS includes a clearly defined compliance program that details policies and procedures, provides effective and relevant training, performs routine monitoring and audits and has a responsive customer/member complaint system in place.

Module 3: Service Provider Oversight
Financial institutions are responsible for their service providers. They must ensure service providers are in compliance with Federal standards to avert consumer harm and avoid liability.

Module 4: Violations of Law and Consumer Harm
If a violation is discovered, examiners will consider the cause, severity, duration and prevalence of the violation. Examiners will delve into the CMS to make sure it identified the issue and triggered the necessary corrective action.

Module 5: Examiner Conclusion and Wrap-up
No matter the institution’s risk profile, examiners will conclude by summarizing and recording their findings and identifying weak spots. They must also review their findings with the bank or credit unions and outline considerations for the following exam and/or any follow-up deemed necessary.

In a broader sense, like the FDIC and CFPB, other regulatory bodies’ examinations consider different components necessary for an effective CMS. But, on a more granular level, each cover similar topics, each nuanced by that body’s particular area of concern. For example, the CFPB’s Compliance Program includes policies and procedures, training, monitoring and/or audits and the consumer complaint process while the FDIC spreads these essential components over the Compliance Program and the Compliance Audit.

With almost every detail of a CMS requiring a host of supporting documents, processes, tools, controls and functions, it’s imperative for the compliance officer to ensure their institution’s CMS answers the needs of each regulatory body. Doing it alone can be overwhelming. That’s where Marquis can help.

CMS Development and Maintenance

Identifying risk and weak spots can be challenging when reviewing how a CMS is functioning and details can be missed if the right questions are not asked and evaluated. Enlisting the help of Marquis Compliance Professional Services will ensure your CMS will effectively manage risk, support compliance and prevent consumer harm. Here at Marquis, we are well versed in the ins and outs of building, refining, and maintaining an effective CMS and will apply this expertise to your compliance program. We get what each regulatory body is looking for.

Conclusion

With recent submissions barely in the rear-view mirror, focus on the risks of potential CMS shortcomings should be on the top of all our minds. Now is the time to refresh and update your CMS. With the help of partners like Marquis Compliance Professional Services, by the time submission season or your next Compliance Exam rolls around your CMS can be addressing the examination nuances of the FED, FDIC, OCC and CFPB.

1 FDIC.gov https://www.fdic.gov/regulations/resources/director/presentations/cms.pdf

2 CFPB https://files.consumerfinance.gov/f/documents/201708_cfpb_compliance-management-review_supervision-and-examination-manual.pdf

HMDA and Public Access to New Data

How HMDA data and increased transparency can affect fair lending.

HMDA submission season is just around the corner and your institution’s data will be under close scrutiny by more than regulators. Litigators, advocates and the general public can view the data and possibly use it to identify institutions at fair lending risk. But since HMDA data alone is not enough, this can lead to misinterpretation, unwarranted accusations and loss of reputation. To help mitigate these issues, maintaining HMDA data integrity is essential.

The Home Mortgage Disclosure Act (HMDA) was created to enhance the monitoring of lending patterns and to ensure financing needs are met across a diverse field of potential borrowers. Submitting loan origination and application data on borrower demographics and loan features enables enforcement agencies to identify financial institutions who excel at fair lending and those that require further investigation. In order to accommodate that goal, new data points were added in hopes to further keep biases in check and reduce barriers to homeownership for protected classes.

The new data delivers a deeper understanding of institutional borrowing practices. Regulatory agencies can now apply comprehensive data screening, data monitoring and statistical modeling routines across all lenders subject to HMDA reporting requirements. In addition, many of the new HMDA data fields, like age, credit score and debt-to-loan ratio, can be used for more effective identification of institutions with elevated potentials of fair lending risks.

With the release of the new data, 2020 is the first time members of the public will have greater access to some of the key determinants of underwriting and pricing decisions. Be assured, litigators and advocacy groups will be taking a close look for any sign of unfair practices. Since disparities are estimated after a broader range of pricing and underwriting factors are applied, litigators can present more credible fair lending cases that on the surface appear to be true than with previous HMDA data sets. Furthermore, journalists will also have access to the data, possibly increasing marketing and reputational risks.

Peer analysis also benefits from the new data. Because it is accumulated from all covered financial institutions, it is particularly helpful for defining local and national benchmarks. Peer comparisons can be expanded beyond penetration rates in minority census tracts to include APR, total loan costs, product features and so on. A clearer picture is presented, allowing regulators to more accurately compare benchmarks and identify institutions with elevated fair lending risks.

With more public access to HMDA data, regulators advise caution when interpreting this data, especially if it leads to accusations or conclusions of discrimination. According to a FFIEC Press Release, “HMDA data alone cannot be used to determine whether a lender is complying with fair lending laws. The data do not include some legitimate credit risk considerations for loan approval and loan pricing decisions. Therefore, when regulators conduct fair lending examinations, they analyze additional information before reaching a determination about an institution’s compliance with fair lending laws.”

In today’s world, businesses rise and fall on the whims of public perception. An unsubstantiated claim of discriminatory lending practices based on misinterpreted data could have far-reaching consequences. What can financial institutions do to protect themselves? Understand your data, especially when underwriting and pricing decisions can create and identify disparities. Realize how your data can be interpreted by public regulators, advocacy groups, journalists and litigators. And then be prepared to tell your story and/or present the corrective and preventive actions taken.

The only way to minimize or eliminate risk is to consistently monitor and analyze your own data for pricing, underwriting and redlining risk. Keeping data clean and relevant is essential for accurate interpretation. In addition, separate assessments should be conducted to identify possible anomalies generated by the expanded data fields. This can be an intensive undertaking. Automated compliance software for HMDA reporting will help ensure data accuracy. At the same time, it will help identify fair lending risk points in the application and origination process. When combined with analysis and interpretation, you should be able to identify any additional risk factors.

Marquis can provide a turnkey solution when combining industry-leading tools like CenTrax NEXT compliance software with the experienced and intuitive skills of the Marquis Compliance Professional Services experts. These services can make a great difference in your HMDA reporting process by regularly monitoring and cleaning your data and then helping you understand the HMDA Integrity Analysis. With cleaner data and a deeper understanding of how it can be interpreted, your institution will be better able to respond when your HMDA data is used by regulators and the public to evaluate fair lending risks.

The SCRA – What to Do When Compliance is the Only Option

When duty calls, our military members don’t always have the time or means to care for their finances. The Servicemembers Civil Relief Act (SCRA) requires creditors to reduce interest rates on certain loans, prohibits foreclosures without a court order and allows servicemembers to terminate motor vehicle and domicile in certain instances.

Something to come home to.

The SCRA safeguards active duty servicemembers, reservists, active-duty members of the National Guard and, in limited instances, spouses and dependents. It calls for postponing or suspending certain financial obligations taken on before service began and, for a specified period, post-service. This is how financial institutions help our troops maintain their pre-service financial standing so they can come home to something that’s still worthwhile.

Noncompliance has a cost.

SCRA examiners concentrate on key areas; no reduced APR on loans and credit cards, foreclosures without a court order, repossessions, and apartment and vehicle lease terminations. If active members are not properly identified, a financial institution may be liable for fines, penalties and settlements. In today’s pro-service atmosphere, the reputation hit can lead to the loss of current customers and the distancing of new ones.

Be proactive.

Although required to inform banks and credit unions of their service status, the onus of identifying active military members and affording them their SCRA protections and benefits falls directly upon the financial institution. When a SCRA request is submitted, it is vital to record where it is routed, who reviews it, who approves benefits and who informs the borrower about request status. Your Compliance Management System (CMS) can help make that happen with effective policies and procedures.

Training—It all begins with knowingwhat to look for and how to proceed. Offer regular SCRA training to employees, especially those extending or servicing loans and credit. They should understand compliance obligations to identify active military and ensure they receive the proper protections and benefits. Then make sure employees have the knowledge and tools to identify qualified servicemembers and their dependents.

Internal Controls—Provide clear policies and procedures for SCRA compliance requirements, servicemember identification, loan documentation and other relevant material that demonstrate your institution is doing all it can to be in compliance with the SCRA.

Monitoring—As with all compliance requirements, regular monitoring is essential to ensure SCRA policies and procedures are effective. With the often unforgiving nature of SCRA exams, internal reviews and audits can be a preemptive strike against noncompliance as they identify policy exceptions requiring corrective action.

Identification—In addition to documentation provided by the servicemember, there are two powerful tools you can easily access to identify and monitor customers eligible for protection; the Defense Manpower Data Center (DMDC) and your Customer Information System (CIS). The DMDC is essential to identify and authenticate status. Your CIS, through onboarding and other customer touchpoints, can identify and flag accounts of servicemembers and their dependents.

Complaints—A clearly documented procedure dedicated to SCRA complaints and their path to resolution may prevent issues from coming under the microscope of examiners and give a heads-up to similar problems.

The Benefit of Outside Compliance Experts

The SCRA is one of our oldest protections acts, with similar temporary statutes initiated as early as the Civil War. Made permanent law in 1940, the Act is often updated and riddled with ambiguities, making it open to interpretation, a recipe for misperception and noncompliance. Understanding and staying up to date with the SCRA create a drain on manpower for an already overworked compliance team. An outside party can help navigate these murky waters and alleviate demands, allowing the team to concentrate on other compliance issues.

Marquis Compliance Professional Services, known for their expertise and personal service, are well-versed in all aspects of compliance, including SCRA requirements. They can perform audits and assessments to ensure you have the necessary policies, processes and procedures in place and define areas that need attention. By utilizing third-party compliance experts, you’ll have a fresh view of your SCRA compliance practices and how to improve them.

Conclusion

Self-identification as active military to financial institution is not always a priority for our servicemembers. However, financial institutions are often answerable for servicemembers not afforded the protection and benefits of the SCRA. A robust CMS with clearly defined SCRA policies and procedures is essential. Third-party experts, like Marquis Compliance Professional Services, can help your bank or credit union stay in compliance and away from violations.