Skip to main content

The value of internal audit through a fresh set of eyes

Written by admin on . Posted in Compliance & Regulations.

There is risk in every aspect of the banking industry and the regulatory environment seems to continually change. As to the governance and control functions of the industry, it may be refreshing to the board of directors, audit committee, and executive management to have their internal audit function re-assessed and validated through a fresh set of eyes to assure that the controls in place are functioning as intended.

Why consider an internal audit?

A strong internal control system, including an independent and effective internal audit function, is part of sound corporate governance. The board of directors, audit committee, senior management, and supervisors must be satisfied with the effectiveness of the internal audit function, that policies and practices are followed, and that management takes appropriate and timely corrective action in response to internal control weaknesses identified by internal auditors. An internal audit function provides vital assurance to a board of directors (who ultimately remains responsible for the internal audit function, whether in-house or outsourced) as to the quality of the internal control system. In doing so, the function helps reduce the risk of loss, regulatory criticism, and reputational damage to the organization.

All internal auditors (whether in-house or outsourced) must have integrity and professional competence, including the knowledge and experience of each internal auditor and of team members collectively. This is essential to the effectiveness of the internal audit function. We encourage internal auditors to comply with and to contribute to the development of national professional standards, such as those issued by the Institute of Internal Auditors, and to promote due consideration of prudent issues in the development of internal audit standards and practices.

Every activity of the organization (including outsourced activities) should fall within the scope of the internal audit function. The scope of the internal audit function’s activities should ensure adequate coverage of matters of regulatory interest within the audit plan. Regular communication by the audit committee, management, and affected personnel is crucial to identify the weaknesses and risk associated to assure that timely remedial actions are taken.

How Young & Associates can help

Young & Associates can independently assess the effectiveness and efficiency of the organization’s internal control, risk management, and governance systems and processes to provide assurance that the internal control structure in place operates according to sound principles and standards. For more information on how we might provide internal audit services specific to your organization’s needs, whether it is outsourced or co-sourced, please contact Dave Reno at 330.422.3455 or email to dreno@younginc.com.

SAFE Act a decade on

Written by admin on . Posted in Compliance & Regulations, Lending & Loan Review.

By: William J. Showalter, CRCM, CRP, Senior Consultant

We have been dealing with the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act) since 2010, and yet questions surface or confusion still exists over SAFE Act requirements.

“A loan clerk quotes loan rates from a non-public rate schedule, along with payment amounts for inquiring consumers. Should she be registered?” (Maybe, she is performing a function of a mortgage loan originator, MLO.)

“Our head of lending is our SAFE Act Officer. He also handles some mortgage loans, with his name on loan documents. However, his background is in commercial lending and he has never been registered with the NMLSR. Do we have a problem?” (Yes, if he is involved in more than five mortgage loans per year, he must be registered.)

“How often do we have to get criminal background checks for our MLOs? How about when their fingerprints expire?” (Criminal background checks are required only on initial registration. The fingerprint expiration date is only relevant for existing MLOs who are coming into the bank as new employees. No updating of fingerprints for ongoing MLOs is required.)

These queries reveal that confusion still exists over what the requirements are and how they impact banks and thrifts.

A little background

Congress enacted the SAFE Act in July 2008 to require states to establish minimum standards for the licensing and registration of state-licensed mortgage loan originators, and to provide for the establishment of a nationwide mortgage licensing system and registry for the residential mortgage industry.

The SAFE Act required all states to provide for a licensing and registration regime for mortgage loan originators who are not employed by federal agency-regulated institutions within one year of enactment (or two years for states whose legislatures meet biennially).

In addition, the SAFE Act required the federal banking agencies, through the Federal Financial Institutions Examination Council (FFIEC), and the Farm Credit Administration (FCA) to develop and maintain a system for registering mortgage loan originators employed by agency-regulated institutions.

The Dodd-Frank Act moved responsibility for the SAFE Act rules to the Consumer Financial Protection Bureau (CFPB), which rolled these rules into its Regulation G (12 CFR 1007).

Licensing vs. registration

Most of the confusion at the outset seemed to center on the issue of licensing versus registration of mortgage loan originators (MLOs). The issue is really deceptively simple.

  • MLOs that work for federally supervised banks, thrifts, and credit unions (as well as FCA lenders) must register with the national registry (NMLSR).
  • MLOs employed by other mortgage lenders (mortgage companies, etc.) must navigate the state licensing and registry system, a much more time consuming, expensive, and burdensome process which also carries a continuing education requirement.

Coverage

A “mortgage loan originator” is an individual who both takes residential mortgage loan applications and offers or negotiates terms of a residential mortgage loan for compensation or gain.

The term “mortgage loan originator” does not include individuals that perform purely “administrative or clerical tasks” (the receipt, collection, and distribution of information common for the processing or underwriting of a loan in the mortgage industry) and communication with a consumer to obtain information necessary for the processing or underwriting of a residential mortgage loan. Also excluded are individuals that perform only real estate brokerage activities and are duly licensed, individuals or entities solely involved in extensions of credit related to timeshare plans, employees engaged in loan modifications or assumptions, and employees engaged in mortgage loan servicing.

“Compensation or gain” includes salaries, commissions, other incentives, or any combination of these types of payments.

MLO registration

An MLO must be federally registered if the individual is an employee of a depository institution, an employee of any subsidiary owned and controlled by a depository institution and regulated by a federal banking agency, or an employee of an institution regulated by the FCA.

The final rule, as required by the SAFE Act, prohibits an individual who is an employee of an agency-regulated institution from engaging in the business of a loan originator without registering as a loan originator with the national registry, maintaining that registration annually, and obtaining a unique identifier through the registry. Employer financial institutions must require adherence to this rule by their employee MLOs.

MLOs may submit their registration information individually or their employer institution may do it for them (by a non-MLO employee). The decision of which approach to take should be made by management to ensure consistency within the institution, especially since there is prescribed institution information that also must be submitted to the registry.

This MLO information must include financial services-related employment history for the 10 years before the date of registration or renewal, including the date the employee became an employee of the bank – not just the time they have worked for their current employer.

MLOs and their employers need to remember that registrations have to be renewed annually for as long as an individual operates as an MLO. The renewal period opens on November 1 and ends on December 31 each year. If an MLO or bank registration lapses, it may be reinstated during a reinstatement period that opens on January 2 and closes on February 28 each year.

Other requirements

Bank and thrift managers also should remember that there are specific requirements in this rule for the institution to have policies and procedures to implement SAFE Act requirements, as well as regarding the use of a unique identifier (NMLS number) by MLOs.

At a minimum, the bank’s SAFE Act policies and procedures must:

  • Establish a process for identifying which employees have to be registered MLOs
  • Require that all employees who are MLOs are informed of the SAFE Act registration requirements and be instructed on how to comply with those requirements and procedures
  • Establish procedures to comply with the unique identifier requirements
  • Establish reasonable procedures for confirming the adequacy and accuracy of employee registrations, including updates and renewals, by comparisons with its own records
  • Establish reasonable procedures and tracking systems for monitoring compliance with registration and renewal requirements and procedures
  • Provide for independent testing for compliance with this part to be conducted at least annually by covered financial institution personnel or by an outside party
  • Provide for appropriate action in the case of any employee who fails to comply with SAFE Act registration requirements or the bank’s related policies and procedures, including prohibiting such employees from acting as MLOs or other appropriate disciplinary action
  • Establish a process for reviewing SAFE Act employee criminal history background reports, taking appropriate action consistent with applicable federal law, and maintaining records of these reports and actions taken with respect to applicable employees, and
  • Establish procedures designed to ensure that any third party with which the bank has arrangements related to mortgage loan origination has policies and procedures to comply with the SAFE Act, including appropriate licensing and/or registration of individuals acting as MLOs

The bank or thrift also must make the unique identifiers (NMLS numbers) of its registered MLOs available to consumers “in a manner and method practicable to the institution.” The bank has latitude in implementing this requirement.

It may choose to make the identifiers available in one or more of the following ways:

  • Directing consumers to a listing of registered MLOs and their unique identifiers on its website
  • Posting this information prominently in a publicly accessible place, such as a branch office lobby or lending office reception area, and/or
  • Establishing a process to ensure that bank personnel provide the unique identifier of a registered MLO to consumers who request it from employees other than the MLO

In addition, a registered MLO must provide his or her unique identifier to a consumer:

  • Upon request
  • Before acting as a mortgage loan originator, and
  • Through the MLO’s initial written communication with a consumer, if any, whether on paper or electronically (often by incorporating it into the signature information for standard letter and e-mail formats)

Banks, thrifts, and their registered MLOs often also make their NMLS numbers available in other ways – such as including them in advertising or on business cards.

As with any compliance rule, banks and thrifts need to make sure that they have systems in place to ensure compliance with SAFE Act requirements, including appropriate training for employees involved in the mortgage origination process.

For information on how Young & Associates can assist your bank with the SAFE Act requirements, contact Dave Reno at 330.422.3455 and dreno@younginc.com.

Regulation B Interpretive Rule on Sexual Orientation and Gender Identity

Written by admin on . Posted in Compliance & Regulations, Lending & Loan Review, News.

The Bureau of Consumer Financial Protection (Bureau) issued an interpretive rule to clarify that, with respect to any aspect of a credit transaction, the prohibition against sex discrimination in the Equal Credit Opportunity Act (ECOA) and Regulation B, which implements ECOA, encompasses sexual orientation discrimination and gender identity discrimination, including discrimination based on actual or perceived nonconformity with sex-based or gender-based stereotypes and discrimination based on an applicant’s associations.

The interpretive rule became effective upon publication in the Federal Register.

Stay compliant

At Young & Associates, we have been teaching for years that this is the correct approach. The reality is that an applicant’s sexual orientation or gender identity has absolutely nothing to do with whether they will be able to repay the loan. The focus of all bankers should be on the same things that are important in all credit decisions – cash, collateral, and credit. Nothing else really matters.

The Equal Credit Opportunity Act (ECOA) makes it “unlawful for any creditor to discriminate against any applicant, with respect to any aspect of a credit transaction,” on several enumerated bases, including “on the basis of … sex …” Likewise, Regulation B prohibits a creditor from discriminating against an applicant on a prohibited basis (including “sex”) “regarding any aspect of a credit transaction,” and from making “any oral or written statement to applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application.”

Changes your institution needs to know

Before this interpretive rule, twenty states and the District of Columbia prohibited discrimination on the bases of sexual orientation and/or gender identity either in all credit transactions or in certain (e.g., housing-related) credit transactions. This interpretive rule now makes this the new national standard. Financial institutions must recognize sexual orientation and/or gender identity as protected classes and incorporate practices that prohibit discrimination on these bases.

This interpretive rule removes any remaining regulatory uncertainty under ECOA and Regulation B regarding the term “sex” to ensure fair, equitable, and nondiscriminatory access to credit for both individuals and communities and to protect consumers from discrimination. It serves a stated purpose of Regulation B, which is to “promote the availability of credit to all creditworthy applicants without regard to … sex …”

As an interpretive rule, it is exempt from the notice-and-comment rulemaking requirements of the Administrative Procedure Act.

To learn more about how we can assist your organization with your compliance efforts, contact Dave Reno, Director – Lending and Business Development, at dreno@younginc.com or 330.422.3455.

Compliance management

Written by admin on . Posted in Compliance & Regulations.

By William J. Showalter, CRCM, CRP, Senior Consultant

We have repeatedly heard over the years that we must manage compliance just like all other aspects of our business. This maxim is particularly true in today’s escalating compliance environment. So many new and changed rules have entered the mix over the past decade that we could easily feel overwhelmed if we did not proactively manage the compliance process.

Over the years, supervisory agencies have shared general outlines of compliance management systems with the financial institutions they regulate. They have quickly pointed out that no single “right” way exists to manage compliance, but every program must meet certain basic needs.

Compliance Management Systems

The Consumer Financial Protection Bureau (CFPB) and other agencies view compliance management as vital to the prevention of violations of federal consumer financial laws and the resulting harm to consumers. In its Supervisory Highlights publication, the CFPB spelled out its expectations for an effective compliance management system (CMS) – which mirror those from other supervisory agencies.

The CFPB states that it expects every entity it supervises (large financial institutions and nonbank financial firms) to have an effective CMS adapted to its business strategy and operations.

According to the CFPB, a CMS is how a supervised entity:

  • Establishes its compliance responsibilities.
  • Communicates those responsibilities to employees.
  • The program ensures that business processes incorporate responsibilities for meeting legal requirements and internal policies.
  • The compliance team reviews operations to ensure they meet legal requirements and carry out assigned responsibilities.
  • Takes corrective action.
  • Updates tools, systems, and materials, as necessary.

No agency requires financial institutions to structure their CMS in any particular manner. They recognize the differences inherent in an industry comprised of banking organizations of different sizes, differing compliance profiles, and a wide range of consumer financial products and services. In addition, some financial firms outsource functions with consumer compliance-related responsibilities to service providers, requiring adaptations in their CMS structure.

However compliance is managed, financial entities are expected by all the federal supervisory agencies to structure their CMS in a manner sufficient to comply with federal consumer financial laws and appropriately address associated risks of harm to consumers.

CFPB Findings

The CFPB has found that the majority of banks it has examined have generally had adequate CMS structures. However, several institutions have lacked one or more of the components of an effective CMS, which creates an increased risk of noncompliance with federal consumer financial laws.

The most common weakness identified during CFPB reviews of banks’ CMS is a deficient system of periodic monitoring and independent compliance audits. The CFPB has noted that an effective CMS implements an effective internal compliance review program as an integral part of an overall risk management strategy. Such a program has two components – both periodic monitoring reviews and an independent compliance audit. These two types of controls are not interchangeable. They must be complementary.

The periodic monitoring reviews are more frequent and less intensive than the audits, focusing on areas that carry the most risk – where mistakes should not be allowed to go uncorrected too long. Monitoring is an ongoing process, conducted by either the individual business lines or the compliance officer/department on a relatively frequent basis, and allows the bank to self-check its processes and ensure day-to-day compliance with federal consumer financial laws.

An independent compliance audit reviews all operations impacted by consumer laws. Auditors perform audits less frequently—usually annually—to ensure ongoing compliance, proper operation of the CMS as a whole, and board awareness of consumer compliance issues identified in these independent reviews. An independent party—either an internal auditor or an outside consultant—should perform audits.

The CFPB notes that an entity lacking periodic monitoring increases its risk that violations and weaknesses will go undetected for long periods of time, potentially leading to multiple regulatory violations and increased consumer harm.

Additionally, these entities increase the risk that:

  • Insufficiencies in the periodic monitoring process may not be identified.
  • The board is not made aware of regulatory violations or program weaknesses.
  • Practices or conduct by employees within the business lines or compliance department that are unfair, deceptive, abusive, discriminatory, or otherwise unlawful could go undetected.

CMS Elements

Although the CFPB states that it does not require any specific CMS structure, it notes that supervisory experience has found that an effective CMS commonly has four interdependent control components, elements that have been advocated by all regulatory agencies over the years:

  • Board of directors and management oversight. An effective board of directors communicates clear expectations and adopts clear policy statements about consumer compliance for both the bank itself and its service providers. The board should establish a compliance function, allocating sufficient resources and qualified staffing to that function, commensurate with the entity’s size, organizational complexity, and risk profile. The board should ensure that the compliance function has the authority and accountability necessary to implement the compliance management program, with clear and visible support from senior management, as well. Management should ensure a strong compliance function and provide recurring reports of compliance risks, issues, and resolutions to the board or to a committee of the board.
  • Compliance program. The CFPB and other federal financial institutions supervisors expect supervised entities to establish a formal, written compliance program, generally administered by a chief compliance officer. A compliance program includes the following elements: policies and procedures, training, monitoring, and corrective action.

The agencies assert that a well-planned, implemented, and maintained compliance program will prevent or reduce regulatory violations, protect consumers from noncompliance and associated harms, decrease the costs and risks of litigation affecting revenues and operational focus, and help align business strategies with outcomes.

  • Consumer complaint management program. Federal supervisory agencies expect financial service providers to respond to complaints and inquiries received from consumers. In addition, financial institutions should monitor and analyze complaints to understand and correct weaknesses in their programs that could lead to consumer risks and violations of law.

Key elements of a consumer complaint management program include establishment of channels through which to receive consumer complaints and inquiries (e.g., telephone numbers or email addresses dedicated to receiving consumer complaints or inquiries); proper and timely resolution of all complaints; recordation, categorization, and analysis of complaints and inquiries; and reviews for possible violations of federal consumer financial laws.

The agencies expect financial firms to organize, retain, and analyze complaint data to identify trends, isolate areas of risk, and identify program weaknesses in their lines of business and overall CMS.

  • Independent compliance audit. A compliance audit program allows the board of directors or its designated committees to determine whether the institution is implementing policies and standards that achieve the level of compliance and consumer protection the board has established. As noted above, an independent party — separate from both the compliance program and business functions — should conduct these audits. The auditor should report the audit results directly to the board or a board committee.

The agencies expect that the audit schedule and scope will be appropriate for the entity’s size, its consumer financial product offerings, and structure for offering these products. The compliance audit program should address compliance with all applicable federal consumer financial laws. It should also identify any significant gaps in policies and standards.

When all of these four control components are strong and well-coordinated, the CFPB states that a supervised entity should be successful at managing its compliance responsibilities and risks.

Handle ARM Adjustments with Care

Written by admin on . Posted in Compliance & Regulations, Lending & Loan Review.

By William J. Showalter, CRCM, CRP, Senior Consultant

Adjustable-rate mortgages (ARM) have not been much of an issue for many banks and thrifts in recent years since fixed rates have been so low. But they are still an important tool for serving those customers who cannot meet the secondary market qualifications applied to most fixed-rate loans. And, many institutions have a portfolio of existing ARM loans that they service. One potential complication for some lenders is the impending discontinuance of the LIBOR index. This requires lenders to find another comparable index for their ARMs.

ARMs were in the spotlight over 10 years ago because of problems in the subprime market. Many subprime products have variable interest rates, which shift the interest rate risk from lender to borrower. Besides the issues raised then over putting borrowers into inappropriate products, there also are concerns over errors in ARM rate changes.

Do an internet search for “ARM errors” or similar terms and you will come up with numerous firms offering loan audit and information services to borrowers. These firms tell borrowers that their companies can correct ARM errors, bring loans into compliance, and get the borrower a mortgage refund.

Background on adjustable-rate mortgages

The initial furor over these mistakes arose over a report on adjustable-rate mortgage adjustment errors prepared by a former Federal Savings and Loan Insurance Corporation employee in 1989. His assertions sent a tremor through the mortgage industry. The report concluded that miscalculations in periodic adjustments to rates on ARM instruments resulted in significant overcharges. He found ARM adjustment errors in about 50 percent of the loans he sampled. From these results, he estimated the potential overcharges to be up to $15 billion for ARMs nationwide at the time. This figure has been estimated as high as $50-60 billion in recent years.

The controversy was further stoked by a study from the Government Accountability Office (GAO) released in September 1991 which found between 20 and 25 percent of the ARM loans at the time contained interest rate errors. Such errors occurred when the related mortgage servicer selected the incorrect index date, used an incorrect margin, or ignored interest rate change caps.

The damaging studies kept coming. In July 1994, Consumer Loan Advocates, a non-profit mortgage auditing firm announced that as many as 18 percent of ARMs had errors costing the borrower more than $5,000 in interest overcharges. And, another government study in December 1995 concluded that 50 to 60 percent of all ARMs contained an error regarding the variable interest rate charged to the homeowner. The study estimated the total amount of interest overcharged to borrowers was in excess of $8 billion. Inadequate computer programs, incorrect completion of documents, and calculation errors were cited as the major causes of interest rate overcharges.

Even though no other government studies have been conducted into ARM interest overcharges to date, the potential issue continues to simmer below the surface and lenders need to be vigilant so that it does not erupt into a veritable super volcano of enforcement actions and lawsuits.

Types of errors

The kinds of errors lenders are said to make in implementing ARM rate and payment adjustments run the gamut from calculation mistakes to carelessness, including:

  • Mistakes in original loan set up/data input
  • Miscalculation of payment amount
  • Improper allocation of payments between interest and principal (amortization)
  • Use of the wrong index
  • Selection of incorrect index value
  • Application of incorrect interest rate caps
  • Failure to adjust in some years
  • Use of incorrect margins
  • Improper rounding methods (e.g., rounding up instead of rounding to the nearest 1/8th of 1 percent)
  • Math mistakes causing an incorrect rate
  • Use of incorrect loan balance

Banking regulators point out that these errors may be considered breaches of contract. These errors could then expose the financial institution to legal action.

Extent of errors

Since ARMs involve changing index values periodically and oftentimes complex computer calculations, they seem to attract human and software errors. Mortgage audit firms point out that leading publications such as The Wall Street Journal, MONEY, Forbes, and Newsweek have warned borrowers about miscalculations occurring in up to 50 percent of ARMs.

  • The firms get borrowers’ attention by pointing to figures of lender overcharges and borrower refunds like these:
  • Average borrower refund of over $1,500
  • 21 percent of refunds ranging from $3,500 to $10,000
  • 13 percent of errors exceeding $10,000

Reasons for errors

The calculation of ARM rate changes is a complex process and errors can occur in a variety of ways. Add to this the fact that many lenders offer, and servicers support, a variety of ARM products with different rate adjustment intervals, indices, margins, and other terms. Another potential complicating factor is the widespread practice of transferring loan servicing. This presents another opportunity for human mistakes and software mismatches to cause errors.

Some of the mortgage audit firms assert that adjustable-rate mortgage rate and payment adjustment errors have been linked to:

  • Lack of training, supervision, and experience of loan servicing personnel
  • Simple human error
  • Computer data entry or software errors
  • Clerical or calculation errors
  • Fraud
  • Sale or transfer of the loan to a different company
  • Rider, handwritten changes, or other irregularities in the note
  • Very complex calculations, use of an unusual index, or interest rate
  • Dissolution or merger of the original loan institution

How to avoid these problems

The federal banking supervisors began encouraging financial institutions back in 1991 to perform reviews of their adjustable-rate loan systems. This was to ensure that interest rate information is correctly ascertained and administered, and that rates are adjusted properly.

Banks and thrifts should have effective internal controls and procedures in place to ensure that all adjustments are made according to the terms of the underlying contracts and that complete, timely, and accurate adjustment notices are provided to borrowers. Also, a system for the ongoing testing of adjustments should be in place to ensure that adjustments continue to be made correctly.

A critical component of any successful loan servicing program, including correctly implementing rate and payment adjustments, is a thorough training regime for lending personnel involved in the process. Those involved must be given the appropriate tools – including knowledge – to succeed in their jobs.

Any review of adjustable-rate mortgage adjustments should include documentation indicating the basis for interest rate adjustments made to a lender’s adjustable-rate mortgage loans, showing whether changes have been made consistent with the underlying contracts.

If a lender finds that it has made errors in the adjustments for interest rates which have resulted in interest overcharges on ARMs, the supervisory agencies expect that you will have in place a system to correct the overcharges and properly credit the borrower’s account for any interest overcharges. In general, undercharges cannot be collected from borrowers.

Learn more about this topic and how Young & Associates, Inc. can assist your institution. Contact Bill Showalter at wshowalter@younginc.com or 330.422.3473 today.

Off-Site Reviews, Virtual/Teleconference Training, and Management Consulting Support

Written by admin on . Posted in Compliance & Regulations, Information Technology, Lending & Loan Review, Management & Planning.

Young & Associates, Inc. remains committed to keeping our employees, clients, and partners safe and healthy during the COVID-19 pandemic. During this difficult and unprecedented time, we have continued to successfully leverage technology to fulfill our commitments to our clients and partners through secure remote access for reviews, virtual/teleconference training, and other management consulting support.

Young & Associates’ commitment to virtual/teleconference training and remote access reviews date back well over five years. We see this ability as a win-win for everyone – the review and training get completed in a timely manner and the bank avoids paying any travel expenses. Concerned about security, please be assured that we use the latest secure technology.

We remain committed to helping our clients with all areas of their operations through off-site reviews and providing the most current regulatory updates through our virtual/teleconferencing training.

Contact one of our consultants today for more information about our off-site reviews or virtual/teleconferencing training:

Bill Elliott, Director of Compliance Education:
bille@younginc.com or 330.422.3450

Karen Clower, Director of Compliance:
kclower@younginc.com or 330.422.3444

Martina Dowidchuk, Director of Management Services:
mdowidchuk@younginc.com or 330.422.3449

Bob Viering, Director of Lending:
bviering@younginc.com or 330.422.3476

Kyle Curtis, Director of Lending Services:
kcurtis@younginc.com or 330.422.3445

Aaron Lewis, Director of Lending Education:
alewis@younginc.com or 330.422.3466

Dave Reno, Director – Lending and Business Development:
dreno@younginc.com or 330.422.3455

Ollie Sutherin, Manager of Secondary Market QC Services:
osutherin@younginc.com or 330.422.3453

Jeanette McKeever, Director of Internal Audit:
jmckeever@younginc.com or 330.422.3468

Mike Detrow: Director of Information Technology Audit/Information Technology:
mdetrow@younginc.com or 330.422.3447

Young & Associates, Inc.’s consultants provide a level of expertise gathered over 42 years. In our consulting engagements, we closely monitor the regulatory environment and best practices in the industry, develop customized solutions for our clients’ needs, and prepare detailed and timely audit reports to ease implementation moving forward. Our consultants have backgrounds and experience in virtually all areas of the financial services industry.. Many of our consultants and trainers have come to the company directly from positions in financial institutions or regulatory agencies where they worked to resolve many of the issues that our clients face daily.

We look forward to working with you as you work to obtain your goals in 2021 and beyond.

Assessing your Compliance Training

Written by admin on . Posted in Compliance & Regulations.

By Bill Elliott, CRCM, Director of Compliance Education

Last fall, the Consumer Financial Protection Bureau (CFPB) updated their Regulatory Agenda for the next few months. As has been the reality for a while, there does not seem to be any particular rush to accomplish many final rules. The Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCP Act) was signed into law in May 2018. In that law, there are a number of required changes that should be fairly easy to implement – if the CFPB would just do so. But in the short term, there appears little likelihood that the changes dictated by the law (or many other changes) will be placed into regulation. But change is still in our future – it is just a question of the timing.

Part of the problem is the regulatory process. Although all banks are not subject to the Home Mortgage Disclosure Act, it is an excellent example. The “new version” of Regulation C was published as a final rule, effective January 2018. Before the 2018 date, the CFPB changed the regulation. With the passage of the EFRRCP Act, many of the new required fields were eliminated for smaller reporters. Although a fairly simple series of changes were necessary, many months passed before the regulation was updated (October 2019). And when those changes were made final, there were still some outstanding issues in HMDA that needed to be addressed, and remain open at this writing. So even with all the changes, it is not “final” yet. The latest Small Entity Guide for HMDA (which will have to be modified again) is Version 4.

Importance of compliance training

This complicates the life of any bank, regardless of size. When the regulatory process is poor and disjointed, it makes training and implementation more difficult. But the reality is that regardless of how confusing the regulatory process is, banks still have to comply.

Training is a necessary expense, as a failure to train, especially when things are in flux, opens the bank to regulatory scrutiny and/or fines for non-compliance. And keeping your policies and procedures current with the latest changes is always a challenge.

Banks should assess how information is disseminated throughout the bank as these changes occur to assure that training dollars are spent effectively. And the time to assess is now, while things are relatively “calm.” Many banks have delegated training to electronic or web-based systems, and there are many good choices available. But, because of the nature of this type of training, they focus on the facts and requirements, but usually do not include information on what to expect of your employees, or the implementation strategies of your bank. Be wary of buying a training system and then assuming all your training needs are met.

How we can help with your compliance training program

We do not market electronic or web-based systems. But Young & Associates, Inc. offers a wide variety of personalized training opportunities, including:

  • Live seminars with some of our state association partners
  • Live in-bank training
  • Conference calls
  • Private webinars
  • Virtual Compliance Consultant program, which includes a monthly telephone call that can be used for compliance support and/or training sessions as well as policy support, and any other personalized training that you may need

In this period of relative quiet, take this time to assess your training methods and your training needs for the future. Eventually the regulators will begin to issue more regulation, and Young & Associates, Inc. stands ready to assist. To discuss how we can help, please contact Karen Clower at 330.422.3444 or kclower@younginc.com.

Liquidity Risk Management

Written by admin on . Posted in Compliance & Regulations, Management & Planning.

By Martina Dowidchuk, Director of Management Services and Senior Consultant

Does your liquidity management meet the standards of increased regulatory scrutiny? Regulators are gradually reviewing what they once deemed acceptable more rigidly, and financial institutions need to be prepared to show that their liquidity risk oversight complies with both supervisory guidance and sound industry practices.

Community banks may not view liquidity risk as an immediate concern given the abundance of liquidity in the banking industry today. However, the history shows that liquidity reserves can change quickly and the changes may occur outside of management’s control. A bank’s liquidity position may be adequate under certain operating environments, yet be insufficient under adverse environments. Adequate liquidity governance is considered as important as the bank’s liquidity position. While the sophistication of the liquidity measurement tools varies with the bank’s complexity and risk profiles, all institutions are expected to have a formal liquidity policy and contingency funding plan that are supported by liquidity cash flow forecast, projected liquidity position analysis, stress testing, and dynamic liquidity metrics customized to match the bank’s balance sheets.

Some of the common liquidity risk management pitfalls found during annual independent reviews include:

Cash Flow Plan:

  • Lack of projected cash flow analysis
  • Inconsistencies between liquidity cash flow assumptions and the strategic plan/budget
  • Lack of documentation supporting liquidity plan assumptions
  • Overdependence on outdated, static liquidity ratios and lack of forward-looking metrics
  • Lack of back-testing of the model

Stress Scenarios:

  • Stress-testing of projected cash flows not performed
  • Stress tests focusing on a single stress event rather than a combination of stress factors
  • Stress tests lacking the assessment of a liquidity crisis impact on contingent funding sources
  • Insufficient severity of stress tests

Contingency Funding Plan Document:

  • Contingency funding plan failing to address certain key components, such as the identification of early warning indicators, alternative funding sources, crisis management team, and action plan details
  • Lack of metrics defined to assess the adequacy of primary and contingent funding sources in the baseline and stressed scenarios

Liquidity Policy:

  • Inadequate risk limits or lack of acceptable levels of funding concentrations defined in the liquidity policy
  • Liquidity policy failing to address responsibilities for maintenance of the cash flow model, model documentation, periodic assumption review, and model validation

Management Oversight:

  • ALCO discussions related to liquidity management not containing sufficient detail and not reflected appropriately in the ALCO meeting minutes
  • Lack of periodic testing of the stand-by funding lines
  • Lack of liquidity model assumption review or documentation of such review
  • Lack of periodic independent reviews of the liquidity risk management process

If you want an independent review of your existing liquidity program and a model validation, or need assistance developing a contingency funding plan, liquidity cash flow plan, and liquidity stress testing, please contact me at 330.422.3449 or mdowidchuk@younginc.com. Young & Associates, Inc. offers an array of liquidity products and services that can help you to ensure compliance with the latest regulatory expectations.

Banks as Federal Contractors, A Brief History

Written by admin on . Posted in Compliance & Regulations, Management & Planning.

By: Mike Lehr, HR Consultant

Unless legal counsel says otherwise, if FDIC covers a bank’s deposits, it’s best to assume it’s a federal contractor. That not only means the bank likely needs an affirmative action plan if it issues fifty or more different W2s in a year, but the federal government holds the bank to higher employment standards.

Still, as human resources professionals know, bank CEOs, presidents, and other senior executives often want to know, “What law says so?” After all, when we think of a “federal contractor,” we often think huge employers with thousands of employees.

For banks with only a few hundred (if that) employees, this all seems very unnecessary. Yet, the short answer is that a reinterpretation of existing law after the 2008 financial crisis made most banks federal contractors if they obtained federal deposit insurance.

Reviewing the way our government works and the history of banks as federal contractors can clarify this answer. After all, the law is not clear. It hasn’t changed much in over twenty years.

This review begins by reminding others that federal laws change in three main ways:

    1. Congress passes or revises laws.
    2. Executive branch reinterprets existing laws.
    3. Courts rule on and clarify regulations causing disagreements among parties.

While Congress neither passed nor revised any law specifically stating banks are federal contractors, the Department of Labor (DOL) reinterpreted the law. Until the 2008 financial crisis, the Office of Federal Contract Compliance Programs (OFCCP), an agency of the DOL, mainly interpreted the law to say FDIC made banks contractors. The DOL, its boss so to speak, never accepted this however.

So, until 2008, unless a bank clearly acted as “an issuing and paying agent for U.S. savings bonds and notes” or “a federal fund depository,” in a substantial manner, the DOL likely didn’t consider it a federal contractor.

Until 2008, FDIC payouts to banks were rare, almost non-existent. This crisis though saw many sizeable payouts. As a result, the DOL accepted OFCCP’s interpretation of the law. The crisis forced the DOL to see FDIC coverage as doing business with the federal government. So now, by its “boss” agreeing, the OFCCP has more authority to enforce its regulations such as affirmative action plans on banks.

Again, a reinterpretation of existing law after the 2008 financial crisis increased dramatically the likelihood that a bank is a federal contractor. This brief history has helped human resources professionals answer questions related to “what law says so?”

For more guidance and support on complying as a federal contractor, you can reach Mike Lehr at mlehr@younginc.com. Mike Lehr is not an attorney. As such, the content in this article should not be construed as providing legal advice. For specific decisions on compliance with OFCCP regulations, readers should consult with their legal counsel.

Private Flood Insurance Update

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance

As you are no doubt aware, the issue of flood insurance has been unsettled for the last 18 months, and the formal FEMA flood program is only approved until the fall. But, after a long wait, the regulators have published additional regulation for private flood insurance – which does not rely on Congress to do anything, and makes the presence or absence of the FEMA program less problematic for lenders.

Background

The Biggert-Waters Act (2012) amended federal flood insurance legislation to require the agencies to issue a rule directing regulated lending institutions to accept “private flood insurance,” as defined by the act. In response to subsequent legislation and comments received regarding the private flood insurance provisions of the first proposed rule (2013), and the second proposed rule (November 2016), all prudential regulatory agencies finally issued the rule, effective July 1, 2019.

It remains to be seen how effective and efficient this will be, as it is a “work in process.” But some have told me that some of their customers have found lower flood insurance rates privately (meaning these policies may become more popular). Others have told me that they have had customers declined for private flood insurance based on the riskiness of the property location.

Summary of the Rule

The rule requires regulated lending institutions to accept “private flood insurance” defined in accordance with the Biggert-Waters Act. There are essentially three categories of private flood insurance.

Category One – Private Flood Insurance with “Compliance Aid” Language

If the following language appears on the flood policy, the lender may accept the policy without any further review:
“This policy meets the definition of private flood insurance contained in 42 U.S.C. 4012a(b)(7) and the corresponding regulation.”

Although it remains to be seen how well this will work, we hope that most insurance companies will include this language, which will make it quite easy for lenders, as no additional effort will be required.

Category Two – Private Flood Insurance without “Compliance Aid” Language

The rule permits regulated lending institutions to exercise discretion to accept flood insurance policies issued by private insurers that do not meet the statutory and regulatory definition of private flood insurance. The conditions for acceptance include a requirement that the policy must provide sufficient protection of a designated loan, consistent with general safety and soundness principles, and the regulated lending institution must document its conclusion regarding sufficiency of the protection of the loan in writing.

The difficulty for lenders will be to determine whether these policies really meet these (and other) requirements. And although the regulation says “discretionary,” it does not appear that the regulators will just allow lenders to summarily reject these policies.

Category Three – Mutual Aid Societies

The agencies will now allow the acceptance of plans providing flood coverage issued by mutual aid societies. The rule defines “mutual aid society” as an organization:
(1) whose members share a common religious, charitable, educational, or fraternal bond;
(2) that covers losses caused by damage to members’ property pursuant to an agreement, including damage caused by flooding, in accordance with this common bond; and
(3) that has a demonstrated history of fulfilling the terms of agreements to cover losses to members’ property caused by flooding.

A regulated lending institution may accept a plan issued by a mutual aid society, as defined above, if the regulated lending institution’s primary federal supervisory agency has determined that such plans qualify as flood insurance for purposes of the act.

Requirement to Purchase Flood Insurance

There is nothing in the rule that changes the amounts of insurance required, or anything else. This simply allows more options and hopefully, over time, will make everyone’s life – lenders and borrowers – easier.

If you need any assistance in this area, especially private flood policies without the “compliance aid” language, please give us a call at 330.422.3450 or send an email to bille@younginc.com. We are always happy to help.

Avoid Getting Swept Away in the Flood of Enforcement Actions

Written by admin on . Posted in Compliance & Regulations.

By: William J. Showalter, CRCM, CRP, Senior Consultant

We seem to be in a bit of a lull in flood insurance rule enforcement by the financial institution regulators. There were only 15 enforcement actions with civil money penalties (CMP) totaling $523,961 in 2018. So far this year, we have had only two such enforcement actions, with total CMPs of $10,550. But, we probably should not expect this trend to continue, especially with all the flooding events we have seen recently, including our unfortunate neighbors along the Missouri River. These events tend to get the attention of Congress and the supervisory agencies.

Keep in mind that enforcement of many rules, including those involving flood insurance, seem to run in cycles. After another apparent lull in flood insurance enforcement actions a couple years ago, the Federal Reserve Board (FRB) issued an Order for a Civil Money Penalty in late May 2017 against SunTrust Bank for $1,501,000 to enforce requirements of the regulations implementing the National Flood Insurance Act. This is thought to be the largest CMP for flood insurance shortcomings. Coupled with 11 other much smaller enforcement actions by the FRB, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC), the total civil money penalties assessed for flood insurance rule violations by mid-year 2017 totaled nearly $1.8 million – and by the end of that year, we had seen 29 enforcement actions with a total of nearly $2.8 million in CMPs.

Background
The original National Flood Insurance Act was passed in 1968, and established the National Flood Insurance Program (NFIP). The Flood Disaster Protection Act of 1974 (FDPA) was enacted to strengthen the NFIP by involving lending institutions in the insurance process.

The NFIP was developed as a way to reduce federal expenditures related to disasters caused by flooding. The program consists of floodplain management plans that affected communities must implement and a flood insurance program to protect properties in flood hazard areas. The intent of the NFIP is to reduce federal outlays for disaster assistance by making those who choose to develop properties in flood-prone areas bear some cost to protect against the flood risks involved, rather than allowing them to rely solely on federal aid.

Part of the NFIP is a system of requirements and restrictions on federal assistance of all kinds to flood-prone areas. This assistance ranges from direct federal lending to loan guarantees, to insurance for deposit accounts. The latter is the connection for many mortgage lenders with the NFIP.

The National Flood Insurance Reform Act of 1994 (NFIRA) comprehensively revised the two federal flood statutes – the NFIA and FDPA – and required federal supervisory agencies to revise their flood insurance regulations. The objective of the changes was to increase compliance with flood insurance requirements and participation in the NFIP, and to decrease the financial burden on the federal government, taxpayers, and flood victims.

The NFIRA authorizes the regulators to impose civil money penalties when a pattern or practice of violations under the NFIA is found. The act requires that civil money penalties be imposed of up to $350 for each violation in such cases. The civil money penalty cap was increased significantly by the Biggert-Waters Flood Insurance Reform Act of 2012, enacted July 6, 2012. The former $350 per violation maximum was raised to $2,000 per violation. Lenders should remember that there can be multiple violations for each covered loan.

Consent Orders
The regulators charged that the financial institutions targeted by the 15 enforcement actions last year were engaged in patterns or practices of violations of various provisions of the flood insurance regulations. Most of the orders give us at least some picture of the violations found by regulatory personnel. These violations of flood insurance rules include failures to:

  • Provide notice about availability of and requirement for flood insurance
  • Provide timely notice about availability of and requirement for flood insurance
  • Require flood insurance coverage
  • Require adequate flood insurance coverage
  • Maintain flood insurance (allowing it to lapse)
  • Escrow premiums (when other property costs are escrowed)
  • Comply with force placement requirements
  • Provide notice regarding lapse and force-placed coverage
  • Provide timely notice regarding lapse and force-placed coverage
  • Obtain force-placed coverage

Avoiding Problems
What can you do to keep your bank or thrift off the ever-growing list of financial institutions being hit with flood insurance enforcement actions? One important way is to establish an effective flood insurance compliance program and make sure that lending staff follows it. Hold them accountable for failures.

At a minimum, your flood insurance compliance program should:

  • Ensure that there is an effective process in place for determining the flood hazard status for improved real property or mobile homes securing any loans, both consumer and commercial, whether the process be one of in-house readings of up-to-date flood maps or outsourced determinations by a professional firm that guarantees its results.
  • Ensure that your institution has performed appropriate due diligence in selecting its flood hazard determination vendor and monitors its performance, and that the vendor guarantees its results and uses the current Special Flood Hazard Determination Forms (SFHDF) to document its determinations.
  • Order or perform flood determinations early in the loan process. This can be done soon after the lender decides to approve the loan.
    Ensure that loan files contain complete and current SFHDF and acknowledged customer flood notices, where applicable.
  • Ensure that collateral properties are insured in the proper amount before loan closing, including appropriate coverage for any senior mortgagees.
  • Remain current on flood map and hazard determination changes, and stay insured throughout the life of the loan.
  • Ensure that coverage is maintained for subsequent financings (increase, extension, renewal, refinancing) of the subject properties.
  • Train all affected staff in their responsibilities under the bank’s flood insurance compliance program, assign appropriate accountability, and enforce staff responsibilities.

This last point is especially important. Training is the foundation for implementing and maintaining a strong flood program. Ensure that all appropriate staff is trained in the requirements of the flood insurance laws and rules that impact their jobs and provide them with refreshers periodically.

Establishing and maintaining a strong flood insurance compliance program can help your bank or thrift stay afloat during any flood of enforcement actions. For more information on this article and/or how Young & Associates, Inc. can assist you in this area, contact Bill Showalter at 330.678.0524 or wshowalter@younginc.com.

The CFPB in the Future

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance 

With the change in management of the CFPB, we are seeing changes in how they operate. When they published their Regulatory Agenda for Fall 2017 (late as usual – it appeared in January 2018), they restated what Section 1021 of the Dodd-Frank Act specified as the objectives of the Bureau, including:

  • Providing consumers with timely and understandable information to make responsible decisions about financial transactions
  • Protecting consumers from unfair, deceptive, or abusive acts and practices and from discrimination
  • Addressing outdated, unnecessary, or unduly burdensome regulations
  • Enforcing federal consumer financial law consistently in order to promote fair competition, without regard to the status of a covered person as a depository institution
  • Promoting the transparent and efficient operation of markets for consumer financial products and services to facilitate access and innovation

They stated that their work in pursuit of those objectives can be grouped into three main categories:

  1. Implementating statutory directives
  2. Other efforts to address market failures, facilitate fair competition among financial services providers, and improve consumer understanding
  3. Modernizing, clarifying, and streamlining consumer financial regulations to reduce unwarranted regulatory burdens

Implementing Statutory Directives

In this area, the CFPB is continuing efforts to facilitate implementation of critical consumer protections under the Dodd-Frank Act. They listed three efforts under way. They include:

  • Regulation C (Home Mortgage Disclosure Act)
  • Mortgage servicing changes
  • Continuing to improve the TRID portion of Regulation Z

The CFPB also listed other projects that are “in the works,” but probably nowhere near completion.

Other Efforts To Address Market Failures, Facilitate Fair Competition among Financial Services Providers, and Improve Consumer Understanding

In this area, the CFPB said they were considering rules, such as:

  • Payday loans, auto title loans, and other similar credit products
  • Debt collection
  • Overdraft programs on checking accounts
  • Prepaid financial products
  • Modernizing, streamlining, and clarifying consumer financial regulations

Many of the regulations are approaching 50 years old and are out of date with the current world. For instance, Regulation B allows you to turn down a customer for not having a land line phone in the home. That was fine in the 1970s, but probably not relevant now. Updating this and many other regulations is overdue, including looking at the effectiveness of some of the more recent changes, which they say they will be doing.

Conclusion

We will have to wait and see what happens. As with all bureaucracies, and based on their past performance, changes are likely to appear slowly. In general, it appears that “new regulations” may slow down a bit, giving us in the industry a chance to catch up.

Young & Associates, Inc. offers a wide variety of compliance services to help your bank satisfy these compliance requirements. If we can help you “catch up” or improve your response to any of the regulations, we stand ready to assist. Please contact Karen Clower, Compliance Operations Manager, at kclower@younginc.com or 330.422.3444 and she will be happy to discuss our services with you.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question