Skip to main content

5 Ways to Create Compliance Depth

Written by admin on . Posted in Compliance & Regulations.

By: Adam Witmer, CRCM, Compliance Consultant

As football season is now in full swing, many die-hard fans find themselves viewing the player roster of their favorite teams. They do this because they are curious, not about the obvious starters, but about those who are there to back up the starters. Football fans are often interested in the depth of skill their team has retained.

Just like an NFL team has a depth chart of skilled back-up players, it is important to have compliance “depth” within our financial institutions. This is especially true today as examiners have been shifting their expectations of compliance from a one-person dictatorship approach to a fully functioning “compliance management system” (CMS).

With so many new rule changes coming out by the Consumer Financial Protection Bureau, financial institutions can no longer depend on a single individual to be the sole person knowledgeable of compliance regulations. Having a depth of compliance knowledge ̶ both in quantity (number of employees) and quality (individual knowledge) ̶ is more important today than ever before. Therefore, financial institution leaders should consider building greater depth of compliance within their teams.

The following are five ways that every financial institution can build depth into the compliance function of their organizations.

A Formal Compliance Management System (CMS) Model
One of the best ways to infuse compliance depth into a financial institution is to develop a formal compliance management system (CMS) model which ultimately steers the institution’s compliance activities. While most financial institutions have some sort of compliance management system in place – a risk assessment, training, audit and/or monitoring, designating a compliance officer, and managing complaints – we have found that many of these programs are often informal in nature and don’t always establish depth in the overall program.

A formal CMS model is an intentionally designed program that goes above and beyond the core elements of a compliance management system – the model acts as the infrastructure for a compliance program. Generally, a CMS model will produce certain results:

  • Continuity of compliance, regardless of change
  • Pro-active compliance management
  • Clear communication of the CMS to examiners, directors, and additional parties
  • Integration of compliance into applicable job functions of the organization
  • Early detection of compliance issues
  • Strong regulatory change management

The idea is that a formal CMS model helps to ensure that systems, controls, and procedures are effectively implemented and maintained, which helps to naturally build depth into the compliance structure of an organization.

Integration
Another way any financial institution can create compliance depth is to proactively integrate compliance into applicable job functions of the organization. Years ago, compliance could often be approached as an add-on or after-thought to the main task at hand. For example, prior to the late 1960’s and 1970’s, creditors didn’t really have to worry about lending fairly among minorities, protected classes, or even different income levels. Over the years, however, fair lending has evolved so much that organizations that don’t have effective systems, procedures, and controls to ensure fair lending compliance can easily place themselves in a high-risk position for fair lending violations.

Integration can occur in a number of ways. First, policies and procedures can be enhanced to include compliance components. Secondly, controls and testing can include applicable compliance elements. Finally, compliance can become an essential part of employee expectations, such as the requirement of training and even consideration in performance evaluations.

When a financial institution integrates compliance into each applicable job function, a depth of compliance is naturally infused into the organization. This is exactly why many financial institutions are adopting a formal CMS model under which they operate.

Compliance Council
For well over a decade now, we at Young and Associates, Inc. have been advocating for the creation of a Compliance Council in many of our client financial institutions. A compliance council is a group of employees, often middle to senior management, who come together on a regular basis to provide oversite of the compliance function of the organization. While only a few financial institutions operate with just a compliance council (rather than having a designated compliance officer), many of those that do have a designated compliance officer also operate with a compliance council.

There are several reasons why a financial institution will operate with a compliance council in addition to having a designated compliance officer. First, the compliance council helps to provide support for the compliance officer. In today’s regulatory environment, it is often unreasonable for any financial institution to place all responsibility of regulatory compliance on the shoulders of one compliance officer. Therefore, a compliance council can help to distribute the compliance burden and help support the compliance officer.

In addition to providing support, a compliance council also helps to enhance communication in relation to compliance activities. While different departments within a financial institution often operate somewhat independently, a compliance council can help to bring various department managers together while focusing on a uniform goal of compliance.

A compliance council can be an integral component for building compliance depth and this is why many CMS models have a compliance council at the center of their model.

Succession Planning
Just as every NFL team has a depth chart that outlines who is ready to play a certain position, financial institutions can create compliance depth by establishing and maintaining a formal
succession plan for each applicable compliance function. While a compliance succession plan doesn’t need to be complex or even robust, having a clearly designated back-up person for each major compliance function helps to establish greater depth.

To establish depth, a succession plan should designate a back-up person for each significant area of compliance and outline who would assume responsibility in the event that the primary employee responsible for that area is unable to perform their duties. When a back-up person is formally designated and appropriately cross-trained, a CMS model will effectively continue without any major breaches in continuity, meaning that a greater depth of compliance is established.

Training
The final and probably most obvious way to create compliance depth is to conduct enhanced compliance training. Compliance depth can be added through training in two main ways: organizational training and individual training.
First, organizational training can be expanded to integrate compliance into the training rather than treating compliance as an afterthought. Therefore, compliance components should be included in new employee orientations, annual training initiatives, and even sales and other employee specific training sessions.

Secondly, training can increase compliance depth when employees, other than just the compliance team, receive in-depth training on compliance regulations that affect their job functions. For example, a loan processor manager may be able to greatly benefit from in-depth training on Regulation Z, while a lender may benefit on training specific to Regulation O.

Regardless of the type, training is a tool that helps to build compliance depth within an organization.

Summary
Creating compliance depth is going to become an even more important strategy for financial institutions as regulatory expectations continue to expand and evolve. In creating compliance depth, organizations will enhance their overall compliance posture by ensuring compliance continuity when employee positions change, providing better communication regarding the compliance function, infusing necessary components of compliance into each job function, and providing better communication to affected parties regarding the organizations compliance program.

Just as every sports team works to ensure that they have a depth of skilled players, financial institutions who establish compliance depth – through steps like establishing a formal CMS model – are going to fair much better in the long run than those who do not.

Moving Closer to a Guaranteed Statement of Costs – Integrated Disclosures

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance

The new Integrated Disclosures will be upon us in a few short months and will create some unique difficulties for financial institutions. In the distant past, creditors gave the applicants a Good Faith Estimate. However, the United States Department of Housing and Urban Development (HUD) decided that the information was too scattered, etc., and in 2009 announced a new more consolidated format. The goal that HUD had was laudable, but their form really did not improve the situation much, if at all.

Upon the passage of the Dodd-Frank Act, a new federal agency, the Consumer Financial Protection Bureau was told to remedy this situation once again, and specifically to combine the Good Faith Estimate and early Truth in Lending Disclosure (into the Loan Estimate), as well as combine the HUD-1 and final Truth in Lending Disclosure (into the Closing Disclosure). The new forms are an improvement from the current forms, but are also quite complex. The teaching manual that Young & Associates is using for live training runs several hundred pages to explain how to complete the 8 pages of new forms.

Creditors currently have three categories of charges that exist on the Good Faith Estimate – those that have to be correct, those that (as a group) have to increase no more than 10%, and those that represent the creditor’s best guess (typically escrow, insurance, and odd days interest).

The new forms and instructions maintain the “best guess” category as it exists in the current format, so we will not discuss this category further. The issue is with the first two categories – settlement service charges that must be correct and those that must as a group be within 10%.

Settlement Service Charges

Under the current rule, some settlement service charges must be correct. These items include charges that are fully within the creditor’s control – typically their own charges or the mortgage broker’s charges. Beginning August 1, the new rule will still include the creditor’s own charges, but also expand this area as follows:

  • Amounts payable to the creditor’s affiliates and the mortgage broker’s affiliates
  • Settlement services for which the creditor will not allow the consumer to shop.  These would include:
    • Appraiser
    • Credit bureau
    • Tax service companies
    • PMI companies
    • Governmental fees for government programs
    • Flood determination fees
    • And perhaps others.

These fees will have to be correct. This is not likely to create much difficulty, as these charges are rarely an issue. For instance, if the creditor only uses two appraisers, every Good Faith Estimate generated now will list the fee for the appraiser that charges the highest amount.

The problem is that all of these items now are removed from the 10% calculation, meaning that the “cushion” that creditors have had for 10% tolerance items will decrease, as the calculation relies on items subject to the 10% tolerance, and those items are shrinking.

You will note that the second bullet point above included settlement services for which the consumer is not permitted to shop. This creates another level of risk for creditors. For instance, if the creditor does not allow the consumer to shop for a title company, then the title company fees also must be accurate, as this fee moves from the “10%” category to the “must be correct” category. This would apply to any other service for which the consumer is not permitted to shop. So the reality is that if you decide to not allow your consumer to shop for any settlement service, every fee will have to be correct, and the only settlement service charge that will appear in your “10%” category will be filing fees.

The only protection here is to allow the consumer to shop. The phrase “allowing the consumer to shop” does not mean giving them a list and making them pick settlement service providers off the list. If creditors do that, then the creditor has not allowed the consumer to shop. Allowing them to shop means giving them a list of settlement service providers (which you should already have at least partially developed), and telling the consumer that they can shop for these services. Often, the response from the consumer will be to say, “I don’t care, use whoever you want.” If this happens, then the creditor may use their “regular” provider, and the settlement service remains in the 10% category. There is a difference between forcing them to choose off a list and the consumer abdicating their shopping rights.

Of course, the best position for the creditor is when the consumer does shop and hires another competent provider for a settlement service. As soon as they decide to do so, the consumer agrees to assume the entire liability for paying that provider. The creditor discloses what the creditor’s provider would charge, and whatever the final fee is, the consumer must pay it with no risk to the creditor.

The regulation is quite clear that in order to explain to the consumer that they have a right to shop for a specific settlement service, the service and one provider must appear on the settlement service provider list. This list, and what needs to appear on it, will now be dictated by a new form, which will become part of the application disclosures.

Preparing for the New System

To prepare for this new system, creditors need to assure that they do the following:

  • Determine settlement service providers for each service that the creditor might EVER require, even if it only is required once a year.
  • Determine what the charge will be, or determine a method to calculate the charge so that the creditor can get it “right” on the Loan Estimate. Creditors will have to understand that for settlement services that are only required every few months, they may have to telephone the provider prior to completing the Loan Estimate if they have not used that provider recently.
  • Work with settlement service providers who add on multiple fees from closing to closing. This area is mostly limited to title companies who have all sorts of small and miscellaneous fees. The discussion should probably be about how to remove these fees, because sooner or later the creditor may well have to pay them, given the smaller “10%” window.

This new structure need not create a massive increase in risk, provided you prepare for it now. Think about the providers, how they calculate their charges, and how you will assure that your staff will know what these charges will be. Just like the current Good Faith Estimate, if the first Loan Estimate has fatal flaws, there will be no legal way to repair the damage.

Integrated Disclosure Review

Young & Associates, Inc. offers an Integrated Disclosure Review service for sample documents and sample loans as you prepare for this transition and set up your loan types. You will need to provide an appropriate narrative to us that explains the loan and its terms, then provide the Loan Estimate and the Closing Disclosure. The purpose of this review is to determine that the loan type is properly set up and ready to go before the mandatory August 1 deadline. Young & Associates, Inc. will not validate APRs and other similar items. For more information, click here.

Reg Z Policy

We will also be releasing our new Regulation Z mortgage loan policy on or about June 15, allowing time for customization of the policy and board approval prior to the mandatory August 1, 2015 date. For more information, contact Bryan Fetty at bfetty@younginc.com or 1.800.525.9775.

Compliance Reviews in These Uncertain Times

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Director of Compliance Education

The world of regulatory compliance is in turmoil. Rules are announced, approved, “kind of” enforced, and then the regulators back away and say, “just kidding.” Perhaps the most recent example of this is the OCC’s decision to back away from their interpretation of the Community Reinvestment Act. They have suspended their version of CRA (issued in mid-2020) and decided to join with the Federal Reserve and the FDIC in a rulemaking to update the regulation. Clearly, this is what should have happened initially, but it did not. While this situation only impacted national banks, federal savings associations, and federal branches of foreign banks, it is an example of the ongoing turmoil that takes place in Washington D.C.

This makes the process of compliance much more difficult, as financial institutions do not know necessarily which set of rules will apply and for how long. The result is great difficulty in navigating the world of compliance and deciding what areas should be addressed in any compliance audit/review. When the regulations are in flux as they are now, uncertainty increases the risks of noncompliance.

Focus on Risk

When deciding on compliance audit/review topics, whether they are accomplished internally or externally, financial institutions must assure they focus on their largest risk items. Back in the early 2000s, the Federal Reserve posted a list of regulations by the most important to the least important. If you look at that list today, it would be clear that the world of compliance has changed dramatically, and financial institutions need to prepare and adjust. It sometimes seems as if this happens continuously.

For loans, Regulations Z and flood are probably at the top of the review list. On the deposit side, Regulation E seems to be the most important regulation, due to the tremendous volume of electronic transactions in financial institutions. We should note that Regulation E is far removed from our current electronic reality, making the process even more difficult.

Whether management is working with an internal auditor, external auditors or consultants, it is important to assure that attention is focused on those areas that are most critical and determine what resources should be expended on other compliance subjects.

The regulator that walks in your door to do an exam is in the same turmoil you are, and it is not their fault. Nonetheless, they must do the best they can to examine your institution based on the current regulatory environment. The more complete your internal or external compliance reviews/audits are, the easier their job will be. And regulators always appreciate an assist, as they are experiencing limited resource issues as well.

So, when preparing for reviews in 2022 and beyond, you need to assure that any compliance reviews that are completed focus on the subjects discussed earlier, as well as the following:

  1. New products
  2. New services
  3. Regulatory issues that you have had in the past, to assure that they are properly addressed prior to the exam

Only after these items are addressed should financial institutions include other regulations. That does not mean that financial institutions should ignore any regulation. For instance, Regulation DD (Truth in Savings) has not materially changed in over 20 years. However, it has been number two based on number of violations (behind Regulation Z) on the FDIC violation list for the past two years. So, management should never equate “no change” with “no risk.”

Not focusing appropriately results in potential difficulties. First, financial institutions can experience a colossal waste of time and money by continually reviewing insignificant items that are low risk. Secondly, the decision to cover a wide variety of compliance topics may mean less time and effort on those areas that need the most attention – and of course these are the most critical for your institution.

Our Approach

At Young & Associates, we always try to work with financial institutions to assure coverage that gives the institution the maximum protection for the dollar amount spent. This approach should be used whether you are using an external firm or internal auditors. Doing something merely because “we have always done it” is often not the best approach.

If we can be of any assistance in planning and executing your compliance reviews, please contact Dave Reno, Director – Lending and Business Development. He can be reached at 330.422.3455 and dreno@younginc.com.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question