The Value of a Compliance Management System

A financial institution’s Compliance Management System (CMS) is the backbone of risk management and also acts as the pathway to success (or failure) when it comes to reviews, exams and audits. The CMS should cover all of an institution’s risk areas ranging from loan processes to customer/member complaints. A robust and comprehensive CMS helps ensure proper procedures are being followed, uncovers risks before potential issues arise and helps assure compliance with regulatory demands and requirements.

The CMS touches almost every department, from marketing to administration. The FDIC, just one of the regulatory bodies of several who evaluate the efficacy of a CMS, has provided guidance that a CMS is how financial institutions 1) learn about compliance responsibilities, 2) make sure employees know and understand compliance responsibilities, 3) review operations to ensure responsibilities are fulfilled and requirements met, 4) define risk areas and take corrective action and 5) update materials as needed.1

A CMS that has been implemented and functioning the way it is intended can save a financial institution from compliance failure and fines as well as a loss of reputation.

CMS Structure

Before examining preventative measures, let’s delve into what’s expected from a CMS. Although regulatory bodies are looking for the same general and overall components, emphasis can differ based on the scope of the audit or exam, the examiner, and of course the regulatory body doing the examination.

The FDIC presents three elements considered essential for an effective CMS.

Board and Management Oversight
It is imperative that the Board and Management be committed to compliance efforts. A culture of compliance encourages cross-enterprise support and is supported by a well-defined policy, clear expectations and a compliance officer with the authority to do what is necessary to keep the institution as free from risk as possible. This is often referred to as the “tone at the top”.

The Compliance Program
A strong compliance program includes policies, procedures, training and monitoring guidelines that are clearly stated and carried out. Response to consumer complaints is an integral part of the compliance program. The path for escalation and resolution should be adopted and consistently applied enterprise-wide.

The Compliance Audit

An independent review of how an institution adheres to internal policies and procedures, and how these policies and procedures comply with consumer protection laws and regulations, helps ensure compliance and identify risk.

The CFPB breaks a CMS into two main elements: Board and Management Oversight and the Compliance program. When reviewing a CMS, the CFPB examiners apply the following five modules.2

Module 1: Board and Management Oversight
Examiners focus on the Board and Management’s commitment to the CMS, change management, identifying risk and understanding its source and the ability to proactively identify risk and take corrective action.

Module 2: Compliance Program
A solid CMS includes a clearly defined compliance program that details policies and procedures, provides effective and relevant training, performs routine monitoring and audits and has a responsive customer/member complaint system in place.

Module 3: Service Provider Oversight
Financial institutions are responsible for their service providers. They must ensure service providers are in compliance with Federal standards to avert consumer harm and avoid liability.

Module 4: Violations of Law and Consumer Harm
If a violation is discovered, examiners will consider the cause, severity, duration and prevalence of the violation. Examiners will delve into the CMS to make sure it identified the issue and triggered the necessary corrective action.

Module 5: Examiner Conclusion and Wrap-up
No matter the institution’s risk profile, examiners will conclude by summarizing and recording their findings and identifying weak spots. They must also review their findings with the bank or credit unions and outline considerations for the following exam and/or any follow-up deemed necessary.

In a broader sense, like the FDIC and CFPB, other regulatory bodies’ examinations consider different components necessary for an effective CMS. But, on a more granular level, each cover similar topics, each nuanced by that body’s particular area of concern. For example, the CFPB’s Compliance Program includes policies and procedures, training, monitoring and/or audits and the consumer complaint process while the FDIC spreads these essential components over the Compliance Program and the Compliance Audit.

With almost every detail of a CMS requiring a host of supporting documents, processes, tools, controls and functions, it’s imperative for the compliance officer to ensure their institution’s CMS answers the needs of each regulatory body. Doing it alone can be overwhelming. That’s where Marquis can help.

CMS Development and Maintenance

Identifying risk and weak spots can be challenging when reviewing how a CMS is functioning and details can be missed if the right questions are not asked and evaluated. Enlisting the help of Marquis Compliance Professional Services will ensure your CMS will effectively manage risk, support compliance and prevent consumer harm. Here at Marquis, we are well versed in the ins and outs of building, refining, and maintaining an effective CMS and will apply this expertise to your compliance program. We get what each regulatory body is looking for.

Conclusion

With recent submissions barely in the rear-view mirror, focus on the risks of potential CMS shortcomings should be on the top of all our minds. Now is the time to refresh and update your CMS. With the help of partners like Marquis Compliance Professional Services, by the time submission season or your next Compliance Exam rolls around your CMS can be addressing the examination nuances of the FED, FDIC, OCC and CFPB.

1 FDIC.gov https://www.fdic.gov/regulations/resources/director/presentations/cms.pdf

2 CFPB https://files.consumerfinance.gov/f/documents/201708_cfpb_compliance-management-review_supervision-and-examination-manual.pdf

HMDA and Public Access to New Data

How HMDA data and increased transparency can affect fair lending.

HMDA submission season is just around the corner and your institution’s data will be under close scrutiny by more than regulators. Litigators, advocates and the general public can view the data and possibly use it to identify institutions at fair lending risk. But since HMDA data alone is not enough, this can lead to misinterpretation, unwarranted accusations and loss of reputation. To help mitigate these issues, maintaining HMDA data integrity is essential.

The Home Mortgage Disclosure Act (HMDA) was created to enhance the monitoring of lending patterns and to ensure financing needs are met across a diverse field of potential borrowers. Submitting loan origination and application data on borrower demographics and loan features enables enforcement agencies to identify financial institutions who excel at fair lending and those that require further investigation. In order to accommodate that goal, new data points were added in hopes to further keep biases in check and reduce barriers to homeownership for protected classes.

The new data delivers a deeper understanding of institutional borrowing practices. Regulatory agencies can now apply comprehensive data screening, data monitoring and statistical modeling routines across all lenders subject to HMDA reporting requirements. In addition, many of the new HMDA data fields, like age, credit score and debt-to-loan ratio, can be used for more effective identification of institutions with elevated potentials of fair lending risks.

With the release of the new data, 2020 is the first time members of the public will have greater access to some of the key determinants of underwriting and pricing decisions. Be assured, litigators and advocacy groups will be taking a close look for any sign of unfair practices. Since disparities are estimated after a broader range of pricing and underwriting factors are applied, litigators can present more credible fair lending cases that on the surface appear to be true than with previous HMDA data sets. Furthermore, journalists will also have access to the data, possibly increasing marketing and reputational risks.

Peer analysis also benefits from the new data. Because it is accumulated from all covered financial institutions, it is particularly helpful for defining local and national benchmarks. Peer comparisons can be expanded beyond penetration rates in minority census tracts to include APR, total loan costs, product features and so on. A clearer picture is presented, allowing regulators to more accurately compare benchmarks and identify institutions with elevated fair lending risks.

With more public access to HMDA data, regulators advise caution when interpreting this data, especially if it leads to accusations or conclusions of discrimination. According to a FFIEC Press Release, “HMDA data alone cannot be used to determine whether a lender is complying with fair lending laws. The data do not include some legitimate credit risk considerations for loan approval and loan pricing decisions. Therefore, when regulators conduct fair lending examinations, they analyze additional information before reaching a determination about an institution’s compliance with fair lending laws.”

In today’s world, businesses rise and fall on the whims of public perception. An unsubstantiated claim of discriminatory lending practices based on misinterpreted data could have far-reaching consequences. What can financial institutions do to protect themselves? Understand your data, especially when underwriting and pricing decisions can create and identify disparities. Realize how your data can be interpreted by public regulators, advocacy groups, journalists and litigators. And then be prepared to tell your story and/or present the corrective and preventive actions taken.

The only way to minimize or eliminate risk is to consistently monitor and analyze your own data for pricing, underwriting and redlining risk. Keeping data clean and relevant is essential for accurate interpretation. In addition, separate assessments should be conducted to identify possible anomalies generated by the expanded data fields. This can be an intensive undertaking. Automated compliance software for HMDA reporting will help ensure data accuracy. At the same time, it will help identify fair lending risk points in the application and origination process. When combined with analysis and interpretation, you should be able to identify any additional risk factors.

Marquis can provide a turnkey solution when combining industry-leading tools like CenTrax NEXT compliance software with the experienced and intuitive skills of the Marquis Compliance Professional Services experts. These services can make a great difference in your HMDA reporting process by regularly monitoring and cleaning your data and then helping you understand the HMDA Integrity Analysis. With cleaner data and a deeper understanding of how it can be interpreted, your institution will be better able to respond when your HMDA data is used by regulators and the public to evaluate fair lending risks.

The SCRA – What to Do When Compliance is the Only Option

When duty calls, our military members don’t always have the time or means to care for their finances. The Servicemembers Civil Relief Act (SCRA) requires creditors to reduce interest rates on certain loans, prohibits foreclosures without a court order and allows servicemembers to terminate motor vehicle and domicile in certain instances.

Something to come home to.

The SCRA safeguards active duty servicemembers, reservists, active-duty members of the National Guard and, in limited instances, spouses and dependents. It calls for postponing or suspending certain financial obligations taken on before service began and, for a specified period, post-service. This is how financial institutions help our troops maintain their pre-service financial standing so they can come home to something that’s still worthwhile.

Noncompliance has a cost.

SCRA examiners concentrate on key areas; no reduced APR on loans and credit cards, foreclosures without a court order, repossessions, and apartment and vehicle lease terminations. If active members are not properly identified, a financial institution may be liable for fines, penalties and settlements. In today’s pro-service atmosphere, the reputation hit can lead to the loss of current customers and the distancing of new ones.

Be proactive.

Although required to inform banks and credit unions of their service status, the onus of identifying active military members and affording them their SCRA protections and benefits falls directly upon the financial institution. When a SCRA request is submitted, it is vital to record where it is routed, who reviews it, who approves benefits and who informs the borrower about request status. Your Compliance Management System (CMS) can help make that happen with effective policies and procedures.

Training—It all begins with knowingwhat to look for and how to proceed. Offer regular SCRA training to employees, especially those extending or servicing loans and credit. They should understand compliance obligations to identify active military and ensure they receive the proper protections and benefits. Then make sure employees have the knowledge and tools to identify qualified servicemembers and their dependents.

Internal Controls—Provide clear policies and procedures for SCRA compliance requirements, servicemember identification, loan documentation and other relevant material that demonstrate your institution is doing all it can to be in compliance with the SCRA.

Monitoring—As with all compliance requirements, regular monitoring is essential to ensure SCRA policies and procedures are effective. With the often unforgiving nature of SCRA exams, internal reviews and audits can be a preemptive strike against noncompliance as they identify policy exceptions requiring corrective action.

Identification—In addition to documentation provided by the servicemember, there are two powerful tools you can easily access to identify and monitor customers eligible for protection; the Defense Manpower Data Center (DMDC) and your Customer Information System (CIS). The DMDC is essential to identify and authenticate status. Your CIS, through onboarding and other customer touchpoints, can identify and flag accounts of servicemembers and their dependents.

Complaints—A clearly documented procedure dedicated to SCRA complaints and their path to resolution may prevent issues from coming under the microscope of examiners and give a heads-up to similar problems.

The Benefit of Outside Compliance Experts

The SCRA is one of our oldest protections acts, with similar temporary statutes initiated as early as the Civil War. Made permanent law in 1940, the Act is often updated and riddled with ambiguities, making it open to interpretation, a recipe for misperception and noncompliance. Understanding and staying up to date with the SCRA create a drain on manpower for an already overworked compliance team. An outside party can help navigate these murky waters and alleviate demands, allowing the team to concentrate on other compliance issues.

Marquis Compliance Professional Services, known for their expertise and personal service, are well-versed in all aspects of compliance, including SCRA requirements. They can perform audits and assessments to ensure you have the necessary policies, processes and procedures in place and define areas that need attention. By utilizing third-party compliance experts, you’ll have a fresh view of your SCRA compliance practices and how to improve them.

Conclusion

Self-identification as active military to financial institution is not always a priority for our servicemembers. However, financial institutions are often answerable for servicemembers not afforded the protection and benefits of the SCRA. A robust CMS with clearly defined SCRA policies and procedures is essential. Third-party experts, like Marquis Compliance Professional Services, can help your bank or credit union stay in compliance and away from violations.