PPP, CRA and Fair Lending – How the Payment Protection Program Affects Compliance Reporting

2020 has been a year of incredible disruption. As the country and rest of the world deal with the fallout of the COVID-19 Pandemic, small businesses struggle to stay viable, retain employees and cover operating expenses. The Coronavirus Aid, Relief and Economic Security Act (CARES) was implemented to supply much needed economic relief.

The Payment Protection Program (PPP) portion of the CARES Act offered small business owners a means to meet their financial obligations. However, there are inherent difficulties involved. Business owners found supplying all the appropriate documentation and certificates to be a complicated process while financial institutions struggled with constant updates, unclear guidance and inadequate resources.

Regardless of whether ill intent was involved, protected classes did not consistently receive the aid they needed. This became apparent in May when a Unidos US survey1 was released. Of the Black and Latino small businesses requesting relief, over half asked for less than $20,000 to cover employment and operating expenses. Of those, 12% received the funding they requested and 41% received no help at all. 21% were still waiting to hear if they qualified. Examiners and regulators will be looking closely to make sure your institution lives up to regulatory expectations.

Reporting continues as usual.

Despite the difficulties, PPP lending will be considered when evaluating CRA and Fair Lending. PPP loans can be eligible for CRA credit if you know what you’re looking for, but that can be difficult to do.

Because PPP rolled out so quickly and the volume of requests was so large, many financial institutions were required to reallocate untrained resources to loan processing as a result. And with the August 8, 2020 extension, loan processing is still eating up valuable time and resources. Due to unfamiliarity with the documentation and application process, many of the reallocated personnel may not be aware of Fair Lending and CRA requirements and how it affects their financial institution. This has the potential to make it even more difficult to meet the demands of CRA and Fair Lending expectations.

Helpful Guidance

The best way to protect your institution from compliance risk remains the same as it was before COVID-19 became our new normal.

Document. Test. Monitor. Train.

Clarify what has happened with your loan processes to this point and get down the details now. Why were loans that were denied dispositioned in the manner they were? What procedures may have changed and why? How were fraud attempts dealt with? Then get your story down, including how you intend to rectify any at-risk policies. Once noted, leverage that knowledge to make sure protected classes are truly protected during PPP loan processing and the loan forgiveness stage.

Correct anything that can be fixed now, document and explain oversights and the actions taken to fix them and train your loan personnel top to bottom. Then review procedures and follow up on your actions to ensure you’re moving in the right direction. Finally, keep your Compliance Management System (CMS) up to date and your team, including the Board, on the same page. This is often an overwhelming and time-consuming endeavor. You don’t have to face it alone.

Marquis – here when you need us.

Let Marquis become your compliance partner. We offer a two-prong solution to help you get the CRA credit you deserve and tell your compliance story successfully.

CenTrax NEXT, our proprietary compliance system created exclusively for the financial industry, enables you to assemble, analyze and act on your data. This is not a software solution released in response to the current situation. CenTrax NEXT is a proven compliance reporting solution that will continue to deliver value well past COVID-19 and its fallout.

We also offer guidance with Marquis Professional Services. Our team of dedicated experts continues to stay current on the frequent updates, fluctuating requirements and possible reporting issues of PPP and all of their ramifications. Their job is to alleviate your stress, offering you the guidance you need to identify possible risk areas and develop your story.

Just as your financial institution stepped up to help your customers and members, Marquis is here to help you navigate the often-confusing demands and requirements when reporting your PPP loans for CRA and completing Fair Lending analysis. Please get in touch to find out more about CenTrax NEXT and Marquis Professional Services.

Sources

1 Unidos US http://publications.unidosus.org/bitstream/handle/123456789/2051/UnidosUS-Color-Of-Change-Federal-Simulus-Survey-Findings.pdf?sequence=1&isAllowed=y

Mitigating Compliance Risk for Digital Marketing and Social Media

Digital marketing and social media are a must-have for every financial institution. They are invaluable tools, enabling you to reach the right person at the right time with the right message, reduce marketing costs and increase ROI. Their successful implementation can be linked to a 3-step process—data collection and analysis followed by informed action. However, to mitigate compliance risk, digital marketing and social media posts must adhere to the same fair lending and regulatory guidelines and practices as other forms of marketing.

A marketer’s dream. A compliance officer’s nightmare.

Financial institutions collect a tremendous amount of data on their customers. They know addresses, age, gender, ethnicity, marital status, financial status, credit card purchases, vehicle age … priceless data that enables precise targeting. However, certain data triggers may open the window for digital redlining and other fair lending risks if they rely on protected class definitions.

Does this mean financial institutions should shun digital marketing and all its benefits? How do we make sure our institutions are protected from compliance risk in a world where marketing relies on data filters? Let’s explore the ramifications of using targeted, digital marketing and social media in the world of banks, credit unions and regulators.

Does Digital Marketing reach everyone equally?

While the vast majority of Americans use the internet regularly, 10% of the US population is not digitally engaged. Of those, 14% are Hispanic, 15% are black and 27% are over 65 years old.1 These are all protected classes, and they occupy a digital desert; with no data coming in, not even targeted direct mail can reach them. We also have to consider the credit-invisible population, those who have not had the chance or opportunity to develop a credit score, good or bad.

If digital marketing and social media do not reach these individuals, this could be considered disparate impact and/or treatment. It pays to be overly cautious and to decide early how to reach these small, but important, populations.

The Pitfalls of Digital Marketing and Social Media

The more internet-based marketing is used to target advertising, the more likely target data may inadvertently categorize consumers by protected classes. Knowing Alice is a 65-year old Hispanic female who likes to browse fashion is great for shoes. It’s not so great for financial institutions as most of the indicators can be considered protected classes – over 65, Hispanic, female, etc.

With the help of cookies, data is collected and attached to an individual through email addresses, phone number and other personal forms of identification. Algorithms ensure Alice, who has visited numerous real estate sites, sees mortgage offers and links to relevant posts. Sounds innocent enough. But what if Alice’s data excludes (or includes) her based on gender, age or national origin? This opens financial institutions to possible compliance risk.

Compliance Risk and Digital Marketing

Banks and credit unions are increasingly engaged in digital marketing. It’s a cost-effective and powerful platform to reach customers and prospects where they are most engaged with a message that resonates. It often involves collecting real-time consumer data that can be used to create detailed profiles and data triggers for communications, such as product viewed, product bought, income and ethnicity. Triggers based on protected classes, even if it’s done unintentionally, could put your financial institution under scrutiny for fair lending risk.

Compliance Risk and Social Media

Today’s consumer wants more. They want to engage with brands that reflect their values and deliver more than targeted offers. Social media channels are where they turn. They look for meaningful communication that sets your financial institution apart from others. Insightful articles on debt consolidation, Facebook posts about employees and tweets on community involvement are just a few ways you can connect with your customers on a deeper level and reinforce brand loyalty. A strong social media presence helps set your financial institution apart, enhances existing relationships and helps attract prospects. However, the same fair lending risks arise as in digital marketing.

The Equal Credit Opportunity Act (ECOA) and the Fair Housing Act (FHA) provide clear guidance on what is acceptable for marketing and advertising. To ensure targeted digital marketing and social media  posts avoid the pitfalls of compliance risk, financial institutions must make sure their efforts follow all guidelines. Finding a partner with a deep understanding of the financial world can help you navigate the complexities of compliant digital marketing and social media presence.

The Solution

Marquis Compliance Professional Services can help you navigate the digital world. Marquis Compliance Professionals Services experts have a deep understanding that enables them to recognize the risk factors of targeted marketing. They can help develop policies and procedures to collect and analyze data. By implementing risk mitigation tools like demographic balance testing, back-end testing of campaign results and reviewing matching factors, Marquis’ experts can help you avoid and/or uncover fair lending risks.

Marquis’ marketing and compliance solutions were developed specifically for the financial industry. With over 30 years of experience dedicated to financial institutions of all sizes, they understand the unique dynamic between compliance and marketing. They can provide proven and effective strategies to collect, analyze and act on data. Leveraging their unique perspective can help elevate marketing efforts and mitigate risk before it becomes an issue.

CONCLUSION

Digital marketing and a strong social media presence are extremely cost-effective mediums that enable financial institutions to enrich relationships and deliver a message that resonates. Ignoring digital marketing and social media will only handicap your institution’s marketing efforts.

Partnering with Marquis and Marquis Compliance Professional Services can help improve digital marketing and social media efforts and minimize inadvertently triggering compliance risk.

FOOTNOTES:

1 Pew Research Center, Internet/Broadband Fact Sheet: 2019 https://www.pewresearch.org/internet/fact-sheet/internet-broadband/

The Value of a Compliance Management System

A financial institution’s Compliance Management System (CMS) is the backbone of risk management and also acts as the pathway to success (or failure) when it comes to reviews, exams and audits. The CMS should cover all of an institution’s risk areas ranging from loan processes to customer/member complaints. A robust and comprehensive CMS helps ensure proper procedures are being followed, uncovers risks before potential issues arise and helps assure compliance with regulatory demands and requirements.

The CMS touches almost every department, from marketing to administration. The FDIC, just one of the regulatory bodies of several who evaluate the efficacy of a CMS, has provided guidance that a CMS is how financial institutions 1) learn about compliance responsibilities, 2) make sure employees know and understand compliance responsibilities, 3) review operations to ensure responsibilities are fulfilled and requirements met, 4) define risk areas and take corrective action and 5) update materials as needed.1

A CMS that has been implemented and functioning the way it is intended can save a financial institution from compliance failure and fines as well as a loss of reputation.

CMS Structure

Before examining preventative measures, let’s delve into what’s expected from a CMS. Although regulatory bodies are looking for the same general and overall components, emphasis can differ based on the scope of the audit or exam, the examiner, and of course the regulatory body doing the examination.

The FDIC presents three elements considered essential for an effective CMS.

Board and Management Oversight
It is imperative that the Board and Management be committed to compliance efforts. A culture of compliance encourages cross-enterprise support and is supported by a well-defined policy, clear expectations and a compliance officer with the authority to do what is necessary to keep the institution as free from risk as possible. This is often referred to as the “tone at the top”.

The Compliance Program
A strong compliance program includes policies, procedures, training and monitoring guidelines that are clearly stated and carried out. Response to consumer complaints is an integral part of the compliance program. The path for escalation and resolution should be adopted and consistently applied enterprise-wide.

The Compliance Audit

An independent review of how an institution adheres to internal policies and procedures, and how these policies and procedures comply with consumer protection laws and regulations, helps ensure compliance and identify risk.

The CFPB breaks a CMS into two main elements: Board and Management Oversight and the Compliance program. When reviewing a CMS, the CFPB examiners apply the following five modules.2

Module 1: Board and Management Oversight
Examiners focus on the Board and Management’s commitment to the CMS, change management, identifying risk and understanding its source and the ability to proactively identify risk and take corrective action.

Module 2: Compliance Program
A solid CMS includes a clearly defined compliance program that details policies and procedures, provides effective and relevant training, performs routine monitoring and audits and has a responsive customer/member complaint system in place.

Module 3: Service Provider Oversight
Financial institutions are responsible for their service providers. They must ensure service providers are in compliance with Federal standards to avert consumer harm and avoid liability.

Module 4: Violations of Law and Consumer Harm
If a violation is discovered, examiners will consider the cause, severity, duration and prevalence of the violation. Examiners will delve into the CMS to make sure it identified the issue and triggered the necessary corrective action.

Module 5: Examiner Conclusion and Wrap-up
No matter the institution’s risk profile, examiners will conclude by summarizing and recording their findings and identifying weak spots. They must also review their findings with the bank or credit unions and outline considerations for the following exam and/or any follow-up deemed necessary.

In a broader sense, like the FDIC and CFPB, other regulatory bodies’ examinations consider different components necessary for an effective CMS. But, on a more granular level, each cover similar topics, each nuanced by that body’s particular area of concern. For example, the CFPB’s Compliance Program includes policies and procedures, training, monitoring and/or audits and the consumer complaint process while the FDIC spreads these essential components over the Compliance Program and the Compliance Audit.

With almost every detail of a CMS requiring a host of supporting documents, processes, tools, controls and functions, it’s imperative for the compliance officer to ensure their institution’s CMS answers the needs of each regulatory body. Doing it alone can be overwhelming. That’s where Marquis can help.

CMS Development and Maintenance

Identifying risk and weak spots can be challenging when reviewing how a CMS is functioning and details can be missed if the right questions are not asked and evaluated. Enlisting the help of Marquis Compliance Professional Services will ensure your CMS will effectively manage risk, support compliance and prevent consumer harm. Here at Marquis, we are well versed in the ins and outs of building, refining, and maintaining an effective CMS and will apply this expertise to your compliance program. We get what each regulatory body is looking for.

Conclusion

With recent submissions barely in the rear-view mirror, focus on the risks of potential CMS shortcomings should be on the top of all our minds. Now is the time to refresh and update your CMS. With the help of partners like Marquis Compliance Professional Services, by the time submission season or your next Compliance Exam rolls around your CMS can be addressing the examination nuances of the FED, FDIC, OCC and CFPB.

1 FDIC.gov https://www.fdic.gov/regulations/resources/director/presentations/cms.pdf

2 CFPB https://files.consumerfinance.gov/f/documents/201708_cfpb_compliance-management-review_supervision-and-examination-manual.pdf

HMDA and Public Access to New Data

How HMDA data and increased transparency can affect fair lending.

HMDA submission season is just around the corner and your institution’s data will be under close scrutiny by more than regulators. Litigators, advocates and the general public can view the data and possibly use it to identify institutions at fair lending risk. But since HMDA data alone is not enough, this can lead to misinterpretation, unwarranted accusations and loss of reputation. To help mitigate these issues, maintaining HMDA data integrity is essential.

The Home Mortgage Disclosure Act (HMDA) was created to enhance the monitoring of lending patterns and to ensure financing needs are met across a diverse field of potential borrowers. Submitting loan origination and application data on borrower demographics and loan features enables enforcement agencies to identify financial institutions who excel at fair lending and those that require further investigation. In order to accommodate that goal, new data points were added in hopes to further keep biases in check and reduce barriers to homeownership for protected classes.

The new data delivers a deeper understanding of institutional borrowing practices. Regulatory agencies can now apply comprehensive data screening, data monitoring and statistical modeling routines across all lenders subject to HMDA reporting requirements. In addition, many of the new HMDA data fields, like age, credit score and debt-to-loan ratio, can be used for more effective identification of institutions with elevated potentials of fair lending risks.

With the release of the new data, 2020 is the first time members of the public will have greater access to some of the key determinants of underwriting and pricing decisions. Be assured, litigators and advocacy groups will be taking a close look for any sign of unfair practices. Since disparities are estimated after a broader range of pricing and underwriting factors are applied, litigators can present more credible fair lending cases that on the surface appear to be true than with previous HMDA data sets. Furthermore, journalists will also have access to the data, possibly increasing marketing and reputational risks.

Peer analysis also benefits from the new data. Because it is accumulated from all covered financial institutions, it is particularly helpful for defining local and national benchmarks. Peer comparisons can be expanded beyond penetration rates in minority census tracts to include APR, total loan costs, product features and so on. A clearer picture is presented, allowing regulators to more accurately compare benchmarks and identify institutions with elevated fair lending risks.

With more public access to HMDA data, regulators advise caution when interpreting this data, especially if it leads to accusations or conclusions of discrimination. According to a FFIEC Press Release, “HMDA data alone cannot be used to determine whether a lender is complying with fair lending laws. The data do not include some legitimate credit risk considerations for loan approval and loan pricing decisions. Therefore, when regulators conduct fair lending examinations, they analyze additional information before reaching a determination about an institution’s compliance with fair lending laws.”

In today’s world, businesses rise and fall on the whims of public perception. An unsubstantiated claim of discriminatory lending practices based on misinterpreted data could have far-reaching consequences. What can financial institutions do to protect themselves? Understand your data, especially when underwriting and pricing decisions can create and identify disparities. Realize how your data can be interpreted by public regulators, advocacy groups, journalists and litigators. And then be prepared to tell your story and/or present the corrective and preventive actions taken.

The only way to minimize or eliminate risk is to consistently monitor and analyze your own data for pricing, underwriting and redlining risk. Keeping data clean and relevant is essential for accurate interpretation. In addition, separate assessments should be conducted to identify possible anomalies generated by the expanded data fields. This can be an intensive undertaking. Automated compliance software for HMDA reporting will help ensure data accuracy. At the same time, it will help identify fair lending risk points in the application and origination process. When combined with analysis and interpretation, you should be able to identify any additional risk factors.

Marquis can provide a turnkey solution when combining industry-leading tools like CenTrax NEXT compliance software with the experienced and intuitive skills of the Marquis Compliance Professional Services experts. These services can make a great difference in your HMDA reporting process by regularly monitoring and cleaning your data and then helping you understand the HMDA Integrity Analysis. With cleaner data and a deeper understanding of how it can be interpreted, your institution will be better able to respond when your HMDA data is used by regulators and the public to evaluate fair lending risks.