Skip to main content

Tag: lending

CFPB Amends HMDA Rule

Written by admin on . Posted in Compliance & Regulations.

By: William J. Showalter, CRCM, CRP; Senior Consultant

The Consumer Financial Protection Bureau (CFPB) issued a final rule making several technical corrections and clarifications to the expanded data collection under Regulation C, which implements the Home Mortgage Disclosure Act (HMDA). The regulation is also being amended to temporarily raise the threshold at which banks are required to report data on home equity lines of credit (HELOC).

These amendments take effect on January 1, 2018, along with compliance for most other provisions of the newly expanded Regulation C.

Background
Since the mid-1970s, HMDA has provided the public and public officials with information about mortgage lending activity within communities by requiring financial institutions to collect, report, and disclose certain data about their mortgage activities. The Dodd-Frank Act amended HMDA, transferring rule-writing authority to the CFPB and expanding the scope of information that must be collected, reported, and disclosed under HMDA, among other changes.

In October 2015, the CFPB issued the 2015 HMDA Final Rule implementing the Dodd-Frank Act amendments to HMDA. The 2015 HMDA Final Rule modified the types of institutions and transactions subject to Regulation C, the types of data that institutions are required to collect, and the processes for reporting and disclosing the required data. In addition, the 2015 HMDA Final Rule established transactional thresholds that determine whether financial institutions are required to collect data on open-end lines of credit or closed-end mortgage loans.

The CFPB has identified a number of areas in which implementation of the 2015 HMDA Final Rule could be facilitated through clarifications, technical corrections, or minor changes. In April 2017, the agency published a notice of proposed rulemaking that would make certain amendments to Regulation C to address those areas. In addition, since issuing the 2015 HMDA Final Rule, the agency has heard concerns that the open-end threshold at 100 transactions is too low. In July 2017,  the CFPB published a proposal to address the threshold for reporting open-end lines of credit. The agency is now publishing final amendments to Regulation C pursuant to the April and July HMDA proposals.

HELOC Threshold
Under the rule as originally written, banks originating more than 100 HELOCs would have been generally required to report under HMDA, but the final rule temporarily raises that threshold to 500 HELOCS for data collection in calendar years 2018 and 2019, allowing the CFPB time to assess whether to make the adjusted threshold permanent.

In addition, the final rule corrects a drafting error by clarifying both the open-end and closed-end thresholds so that only financial institutions that meet the threshold for two years in a row are required to collect data in the following calendar years. With these amendments, financial institutions that originated between 100 and 499 open-end lines of credit in either of the two preceding calendar years will not be required to begin collecting data on their open-end lending (HELOCs) before January 1, 2020.

Technical Amendments and Clarifications
The final rule establishes transition rules for two data points – loan purpose and the unique identifier for the loan originator. The transition rules require, in the case of loan purpose, or permit, in the case of the unique identifier for the loan originator, financial institutions to report “not applicable” for these data points when reporting certain loans that they purchased and that were originated before certain regulatory requirements took effect. The final rule also makes additional amendments to clarify certain key terms, such as “multifamily dwelling,” “temporary financing,” and “automated underwriting system.” It also creates a new reporting exception for certain transactions associated with New York State consolidation, extension, and modification agreements.

In addition, the 2017 HMDA Final Rule facilitates reporting the census tract of the property securing or, in the case of an application, proposed to secure a covered loan that is required to be reported by Regulation C. The CFPB plans to make available on its website a geocoding tool that financial institutions may use to identify the census tract in which a property is located. The final rule establishes that a financial institution would not violate Regulation C by reporting an incorrect census tract for a particular property if the financial institution obtained the incorrect census tract number from the geocoding tool on the agency’s website, provided that the financial institution entered an accurate property address into the tool and the tool returned a census tract for the address entered.

Finally, the final rule also makes certain technical corrections. These technical corrections include, for example, a change to the calculation of the check digit and replacement of the word “income” with the correct word “age” in one comment.

The HMDA final rule is available at www.consumerfinance.gov/policy-compliance/rulemaking/final-rules/regulation-c-home-mortgage-disclosure-act/.

Updated HMDA Resources
The CFPB also has updated its website to include resources for financial institutions required to file HMDA data. The updated resources include filing instruction guides for HMDA data collected in 2017 and 2018, and HMDA loan scenarios. They are available at www.consumerfinance.gov/data-research/hmda/for-filers.

For More Information
For more information on this article, contact Bill Showalter at 330-422-3473 or
wshowalter@younginc.com.

For information about Young & Associates, Inc.’s newly updated HMDA Reporting
policy, click here. In addition, we are currently updating our HMDA Toolkit.

To be notified when the HMDA Toolkit is available for purchase, contact Bryan
Fetty at bfetty@younginc.com.

Capital Market Commentary – May 2017

Written by admin on . Posted in Management & Planning.

By: Stephen Clinton, President, Capital Market Securities, Inc.

Market Update – The Trump Effect
The election of President Donald Trump was followed by a strong upward movement in the market. Hopes related to lower taxes, less regulation, and economic stimulus led the market to new highs. Since the election, the Dow Jones Industrial Average moved up 14.22% through April 30th. Banks moved upward even more, increasing 21.29% (as measured by the Nasdaq Bank Index). Much has been made of the first 100 days of the new administration, with many Executive Orders being issued but no real legislative actions accomplished. The March failure to pass legislation to repeal the Affordable Care Act was a stark reminder that enacting legislation is a difficult process. However, the market appears to remain optimistic that President Trump’s initiatives will be delivered.

Economic Developments of Note ƒƒ

  •  April marks the 94th month for the current economic expansion, the third longest in U.S. history (1960’s and 1990’s were the two longest).
  • The U.S. economy grew at its weakest pace in three years in the first quarter as consumer spending barely increased and businesses invested less on inventories. Gross domestic product increased at a 0.7% annual rate, the weakest performance since the first quarter of 2014. The economy grew at a 2.1% pace in the fourth quarter of 2016.
  • The latest annual inflation rate for the United States is 2.1%, exceeding the Fed’s target of 2% for the first time in nearly five years. The increase in inflation may provide support for the Fed to continue its plans to move interest rates up in 2017.
  • In March, it was reported that employers slowed their pace of hiring. However, unemployment was reported at 4.5%. The March unemployment rate was the lowest in almost a decade. It was also reported that private-sector workers saw average earnings rise 2.7% in March compared to the previous year. This is a sign that we are nearing “full employment” and competition is heating up to attract and retain employees.
  • Activity in the manufacturing sector remained solid in April marking the eighth consecutive month of industrial expansion. One concern for the future, however, is the auto industry. After seven straight years of sales gains, including two consecutive record performances, auto demand has cooled in 2017 despite soaring discounts. Overall, auto makers sold 1.43 million vehicles in the U.S. in April, down 4.7% from a year earlier. A record 17.55 million vehicles were sold in 2016.
  • Exports were reported to be higher by 7.2% this year. This is a positive sign to future economic growth.
  • Home prices have continued their impressive climb upward. The S&P/Case-Shiller Home Price Index, covering the entire nation, rose 7% in the 12 months ending in February. We anticipate that these gains will continue, perhaps at a slower rate, due to high demand, low inventories, as well as the overall positive financial condition of home buyers.

We expect that the economy will remain on a positive trend this year. We project GNP to be at 2% for the year as a whole. Job growth should remain positive this year. We expect home building and home sales to be positive. We think that the Fed will increase rates, but anticipate them to be cautious in how quickly they raise rates and reduce their holdings of securities.

Interesting Tid Bits ƒƒ

  • It has been reported that several large auto lenders have decreased their emphasis on auto lending due to concerns about credit quality issues and auto resale values. A portion of this concern is related to the length of new car loans being made. Loans with original terms of between 73 and 84 months accounted for 18.2% of the market. It was further reported that 31% of consumers who traded in a car in 2016 did so in a negative equity position.
  • China’s banking system was reported as the largest by assets, reaching $33 trillion at the end of 2016. This compares to $16 trillion for the U.S. banking market.
  • U.S. household net worth was reported at a record $92.8 trillion at year-end 2016. U.S. households lost approximately $13 trillion during the 2007-2009 recession. The eight-year rally since has added $38 trillion in net worth principally from rising stock prices and climbing real estate values.
  • The Farm Credit System (a government sponsored enterprise) has over $314 billion in assets which would place it as one of the country’s ten largest banks.
  • A bankruptcy judge recently issued a $45 million fine against Bank of America. The action was in connection with a $590,000 residential mortgage loan and servicing issues related to its delinquency.
  • We have been led to believe that small businesses employ the majority of Americans. This is no longer the case. Large companies (10,000 employees or more) employ over 25% of the workforce. Employers with more than 2,500 workers employ 65% of total employees.
  • Nonbank lenders (i.e., Quicken Loans) were responsible for 51.4% of the consumer mortgage loans originated in the third quarter of 2016. This is up from 9% in 2009.
  • People in the United States ages 65 to 74 hold more than five times the debt Americans held two decades ago.

Short-term interest rates ended April 30 up 29 b.p. from year-end with the 3-Month T-Bill at 0.80%. The 10-Year T-Note ended April at 2.29%. This is lower than December 31, 2016, when they were at 2.45%. This reflects a flattening of the yield curve.

The general stock market continued to climb to record levels in the first four months of 2017. The Dow Jones Industrial Index ended April up 5.96% for the year. Banks, after their spectacular rise after the election, retreated somewhat in the first four months of 2017. The broad Nasdaq Bank Index fell 4.05%. Larger banks were more fortunate (as measured by the KBW Bank Index) falling only 0.60%. Banks appear to have been more impacted by the uncertainty surrounding proposed tax cuts and less regulation than other companies.

Merger and Acquisition Activity
For the first four months of 2017, there were 77 bank and thrift announced merger transactions. This compares to 83 deals in the same period of 2016. The median price to tangible book for transactions involving bank sellers was 159% compared to the 133% median value for all of 2016.

Capital Market Commentary – November 2016

Written by admin on . Posted in Management & Planning.

By: Stephen Clinton, President, Capital Market Securities, Inc.

Market Update
The current expansion began in June 2009 and has now continued for 88 months, making it the fourth longest period of growth since the data has been recorded. The third quarter growth in the U.S. economy was 2.9%. A tight job market, increasing wages, and low oil prices are aiding the economic growth. Additionally, stronger export growth added to the GNP. Corporate profits are expected to grow and businesses are showing interest in business expansion after sitting on the sidelines for some time.

The following summarize certain issues we think are worth watching:

  • Retail sales in September were up 2.7% from the prior year. Consumer spending, the primary driver for the U.S. economy, accounts for two-thirds of GDP.ƒƒ
  • The number of Americans applying for first-time unemployment benefits was reported at a four-decade low in early October. Initial jobless claims have now remained below 300,000 for seven years, the longest streak since 1970. Job growth has been spurred by a hiring streak that surpassed its previous record in March and is now at 70 straight months. Unemployment is now at 5%.
  • Median household incomes have risen, increasing 5% in the last year. This has led to the consumer confidence reading hitting its highest point in nine years.
  • The Fed continues to remain cautious. Despite fueling expectations for rising interest rates, the Fed has boosted rates only once since the last recession.
  • Home-price growth accelerated in August, as a lack of inventory and low interest rates helped push prices to near record levels. The S&P CoreLogic Case-Shiller Indices covering the entire nation rose 5.3% in the 12 months ending in August.
  • Inflation has remained below the Fed’s 2% annual target for more than four years, but has shown signs of firming recently. Now expectations are building that inflation may move above the Fed’s target.
  • Mr. Trump’s November election will usher in a new President who will have party majorities in both the House and Senate. This should help the new Administration enact programs and policies more readily.

Short-term interest rates remain historically low with the 3-month T-Bill ending September at 0.26%. The 10-year T-Note ended September at 1.56%, down 71 basis points from year-end 2015. This has led to a significant reduction in the slope of the yield curve.

The stock market performance in 2016 has been positive. The Dow Jones Industrial Index closed September up 5.07% for the year. The Nasdaq Index closed up 6.08%. The Nasdaq Bank index ended September up 5.15%. Larger U.S. bank pricing struggled, ending the first three quarters of 2016 down 3.05%.

The dichotomy between big bank pricing and smaller bank pricing can be seen by comparing pricing multiples for each. Since 1995, banks in the S&P Bank Index averaged a price-to-earnings multiple of 14.1. Currently they average 12.0. Conversely, smaller banks had a historical average of 15.9 and are now trading at a multiple of 17.8.

Interesting Tid Bitsƒƒ

  • New Competition. Goldman Sachs, the Wall Street giant, recently began offering consumer loans. An online consumer lending platform was rolled out offering personal loans up to $30,000.
  • CFPB. Thanks to a lawsuit brought by nonbank mortgage lender PHH Mortgage, a three-judge panel recently ruled that the single director structure of the CFPB was unconstitutional and limited the CFPB’s ability to ignore statute of limitations governing administrative enforcement actions.
  • The Big Get Bigger. It was recently reported that since Dodd-Frank was passed in 2010, large banks have grown by 30%. The six largest U.S. banks now hold assets of approximately $10 trillion. There are now at least 1,500 fewer banks with assets under $1 billion than prior to the financial crisis.
  • ƒBoom in Global Trade. The S&P 500 is up nearly nine-fold since October 1986. Among factors cited to explain this dramatic growth is the acceleration of global trade spurred by various trade agreements.
  • ƒƒMerger and Acquisition Activity. In the first nine months of the year, there were 185 bank and thrift announced merger transactions. This compares to 195 deals in the first three quarters of 2015. The median price to tangible book for transactions involving bank sellers was 129% which is down from the 141% median recorded in 2015.

Ag Lending in 2017

Written by admin on . Posted in Lending & Loan Review.

By: Bob Viering, Senior Consultant

In our loan review practice, we have an opportunity to work with ag banks throughout the Midwest. In general, our findings are similar to what you may have read from many ag economists. Working capital is dwindling quickly, and the debt to asset ratio is increasing as is short-term debt. Many banks have been refinancing intermediate- and long-term assets to fix working capital declines and carryover debt. Some borrowers have sold land to reduce debt. We have seen many instances where borrowers have been able to reduce input costs and, most importantly, cash rents to bring them back to the point where they are either producing positive debt service coverage or are coming much closer to positive debt service coverage than they were in 2014. But overall, balance sheets are weakening and repayment is a continuing challenge. Credits that were barely a pass credit in better times have, in many cases, dropped to Special Mention or Substandard. Solid pass credits from a couple of years ago are now one weak year from a criticized level.

For many bankers, having struggling ag borrowers is a relatively new experience. I have more recently been through the experience in working with struggling ag borrowers while working at a western bank that had many cattle ranches that were severely impacted by low cattle prices and drought conditions. Many of the lessons learned there are just as applicable to the situation many of us face here in the Midwest.

As you head into renewal season, here are a few items to consider:

1. Complete information is critical. There is an old Russian proverb, “Trust but verify.” This is good to keep in mind when analyzing your borrower. As things get tougher, there is a temptation by some borrowers to not include every liability or to see some liabilities as something not worth mentioning. When short-term borrowing gets tougher, some borrowers will turn to using the local co-op for some inputs, borrowing from family and friends, or using online lenders (FinTech has hit agriculture too) or credit cards. At renewal time at our bank, we would send out a renewal package that had not only financial statement requests but a complete debt schedule form and inquiry about other loans or bills from any source, including family. We ran a new credit bureau report and compared it to prior ones to see if any new credit card or other type of debt was taken out since the last renewal and looked for any significant increases in balances, especially on credit cards. We completed a new UCC search for the same reason. In the end, we wanted to be sure that all debts were accounted for and had a source of repayment.

2. Restructure only if it helps. Often we see banks terming out any carryover debt or being quick to term out short-term debt to improve working capital. Before you restructure debt, make sure the underlying problem is fixed. Carryover debt usually occurs because the farmer didn’t make enough from crop/livestock sales to pay all term debt, operating lines, and living expenses. Given that revenue isn’t likely to grow in the next few years, improving cash flow is about expense control. Has the operation cut input costs, cash rents (this is the big one), and living costs to a level they can produce enough profits to cover their debt payments and family living? If so, then they are a perfect candidate for a restructure. If those tough choices have not been made and the operation won’t operate profitably, then you are likely to find yourself with even more carryover, more debt, and far fewer options not far down the road.

3. Income taxes may become an issue. Section 179 deductions were very helpful to reduce/eliminate income taxes in the past. But with far fewer pieces of equipment being purchased, those deductions have decreased significantly. Prepaying expenses and holding over grain sales can put off taxes for a while but, at some point, the timing can get tougher and some operations will now show taxable income when their accrual earnings may be negative. Those tax payments are often not planned for and can create a significant cash outflow at exactly the wrong time. It’s important that you encourage your borrowers to work with their tax professionals to plan as far ahead as possible to minimize any tax consequences.

4. Be empathetic and be realistic. Many of your borrowers were on top of the world a few short years ago. Everything they did went well and equipment dealers (and friendly bankers) made expansion with few tax consequences a reality. With today’s reality of weak (if any) earnings and less ability to add debt, it has become a very stressful time for many farmers and their families. It’s a lot tougher to be a banker too. Good bankers help their customers succeed. It’s not always easy and it’s often stressful, but letting customers operate unprofitably and not trying to help them make tough decisions usually only makes the problem get worse. It’s so important to be empathetic with your borrowers and to have a thick skin when they get mad. They may seem like they’re mad at you when they are really frustrated about their current situation. However difficult the conversation may seem today, it’s a far easier conversation than to have to tell someone that they have to quit farming and start over.

Ag lending is a key part of many banks’ loan portfolios and is important to their local market. Even in these tough times, it’s critical to work with your customers and do all you can to help them succeed. At Young & Associates, Inc., we work with many banks with ag portfolios. If we can help you with your loan review, policy reviews, process/underwriting reviews, and improvement plans, give us a call at 1.800.525.9775 or send an email to bviering@younginc.com.

New Prepaid Rule

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance

On October 5, 2016, the CFPB issued a final rule amending Regulations E and Z to create comprehensive consumer protections for prepaid financial products. The result of this rule is that many of you may not continue to offer these accounts, and those of you who do not currently offer the accounts may not want to start. The purpose of this article is not to talk you into or out of these products, but to give you the basic facts so that you can make the best decision for your institution.

The Prepaid Rule runs 1,501 pages, so we can only do an overview in this article. You may also want to look at the following: http://www.consumerfinance.gov/policy-compliance/guidance/implementation-guidance/prepaid

Another site worth your time might be: http://www.consumerfinance.gov/policy-compliance/rulemaking/final-rules/prepaid-accounts-under-electronic-fund-transfer-act-regulation-e-and-truth-lending-act-regulation-z/

Prepaid Accounts
The Prepaid Rule adds the term “prepaid account” to the definition of “account” in Regulation E. Payroll card accounts and government benefit accounts are prepaid accounts under the Prepaid Rule’s definition. Additionally, a prepaid account includes a product that is either of the following, unless a specific exclusion in the Prepaid Rule applies:

  1. An account that is marketed or labeled as “prepaid” and is redeemable upon presentation at multiple, unaffiliated merchants for goods and services or usable at automated teller machines (ATMs); or
  2. An account that meets all of the following:
    1. Is issued on a prepaid basis in a specified amount or is capable of being loaded with funds after issuance
    2. Whose primary function is to conduct transactions with multiple, unaffiliated merchants for goods or services, to conduct transactions at ATMs, or to conduct person-to-person (P2P) transfers
    3. Is not a checking account, a share draft account, or a negotiable order of withdrawal (NOW) account

There are exceptions to the rule. Under the existing definition of account in Regulation E, an account is subject to Regulation E if it is established primarily for a personal, household, or family purpose. Therefore, an account established for a commercial purpose is not a prepaid account.

Pre-Acquisition Disclosures
The Prepaid Rule contains pre-acquisition disclosure requirements for prepaid accounts. The requirements are detailed. However, there often will be a reseller of these products, meaning that the seller must prepare this disclosure for you. This “short form” disclosure includes general information about the account.

Outside but in close proximity to the short form disclosure, a financial institution must disclose its name, the name of the prepaid account program, any purchase price for the prepaid account, and any fee for activating the prepaid account.

There is also a long form disclosure which sets forth comprehensive fee information as well as certain other key information about the prepaid account.

The Prepaid Rule includes a sample form for the long form disclosure. The long form disclosure must include a long laundry list of items that details every nook and cranny of the account’s use. The Prepaid Rule also requires financial institutions to make disclosures on the access device for the prepaid account, such as a card. If the financial institution
does not provide a physical access device for the prepaid account, it must include these disclosures on the website, mobile application, or other entry point the consumer uses to electronically access the prepaid account.

All these disclosures are in addition to your standard Regulation E initial disclosure. The initial disclosures must include all of the information required to be disclosed in the pre-acquisition long form disclosure.

Error Resolution and Limitations on Liability
Prepaid accounts must comply with Regulation E’s limited liability and error resolution requirements, with some modifications. This may or may not be your problem, depending on who owns the account. But if your third-party vendor must give the customer these rights, the cost will likely go up, possibly making selling these cards a problem.

Periodic Statements and the Periodic Statement Alternative
The Prepaid Rule requires financial institutions to provide periodic statements for prepaid accounts, such as payroll accounts. However, a financial institution is not required to provide periodic statements for a prepaid account if it makes certain information available to a consumer, such as:

  • Account balance information by telephone
  • ƒElectronic account transaction histories for the last 12 months
  • ƒƒWritten account transaction histories for the last 24 months

Overdraft Credit Features
The Prepaid Rule amends Regulations E and Z to regulate overdraft credit features that are offered in connection with prepaid accounts. It adds the term “hybrid prepaid credit card” to Regulation Z and sets forth specific requirements
that apply to hybrid prepaid-credit cards. Doing something like this will materially increase your costs. Of course, there are many more rules on the subject that we cannot include in this article.

Effective Dates
The Prepaid Rule is generally effective on October 1, 2017.

What Should You Do?
Over the next few months, you need to talk with any existing companies that you do business with for this kind of product. They may still be struggling with how they are going to approach this, so you may not get all your answers immediately. But you need to know what your role is going to be after October 1, 2017 so that you can make the best decision for your institution. And all new product offerings, whether internal or external, need to be examined carefully to make sure that you can comply with the rules.

For more information about this article, contact Bill Elliott at 1.800.525.9775
or compliance@younginc.com.

 

 

Dealing with Adverse Impact and Compensation Disparities in Affirmative Action Plans

Written by admin on . Posted in Management & Planning.

By: Mike Lehr, Human Resources Consultant

When clients see adverse impacts in their Affirmative Action Plans (AAP), it is not unusual for them to say, “So Mike, does this mean I have to hire more females and minorities?” This is the wrong question. It should be, “How do we look into this more?”

AAPs are similar to insurance policies. They help us identify risk in our recruiting, hiring, compensation, promotion, and termination policies and practices. If the Equal Employment Opportunity Commission or the Civil Rights Commission investigate a complaint, they will very likely want to see our AAPs. As with insurance, good plans afford us more protection than bad ones do.

When adverse impacts arise with clients, I automatically look at two areas first:

1. Employment practices and activities
2. The plan’s statistics

Employment Practices and Activities
I review employment practices and activities in affected areas first for two reasons. First, too often what should happen differs from what actually happens. There might not be anything wrong with the policy or practice. It just isn’t being followed well. Why change it? This often happens with policies regarding the acceptance of applications and completion of self-identification disclosures.

The second reason why I look at employment practices and activities first is that they give me ideas on where better recordkeeping might help produce better statistics. This makes revisiting the statistics easier and more directed.

This happens often when we dive into the specifics of a job. Since community bankers often wear many hats, weighting the job against several census codes rather than just one is better. Also, since many community banks serve rural communities, the census sample for a job might be too small to be representative. A next best code can come into play then.

Plan Statistics
When it comes to the plan’s statistics, too often they are based on what is easy to track and figure. This shows up most in the job groups used to categorize jobs, the availability of candidates for openings (promoting from within versus hiring from outside), and the census codes used to compare banks’ jobs with the outside world.

I’m not a fan of redoing calculations after the results. I am a fan of saying, “In order to understand this and our options better, how can we improve our data collection for next year?” It’s similar to analyzing a credit. If there are questionable items, we ask for more information.

As an example, I often recommend dividing up the Professional job group (2) into Lending Professionals (2.1) and Administrative Professionals (2.2). Lending and credit jobs can be in the first group, and accounting, finance, marketing, trust, and other non-lending related jobs can be in the second.

Since lending is a specialized skill to banking and is often sales-related, it frequently creates adverse impacts and compensation disparities for the Professional job group. This can happen if census data is small but not enough so to justify alternative census codes.

Granted, the adverse impact might not disappear. Knowing it’s focused on lending or administrative professionals does help though. Rather than carefully monitoring practices in the entire Professional Job Group, we might only need to focus on a sub-set of it.

Additionally, for the same reasons, I often recommend splitting up the Administrative Support Group (5.0) into three groups such as Ancillary (or Executive) Administrative Support (5.1), Operational Support (5.2), and Retail Administrative Support (5.3).

Often, 75 percent of the jobs in Retail Administrative Support are tellers. They are introductory jobs often filled from outside. More promotions-from-within occur with the other administrative support groups. This pattern affects availability and compensation calculations.

Compensation
From a statistical perspective, I also focus on compensation because it’s grayer than clients often think it is. Even The Code of Federal Regulations (see § 1620.13 through § 1620.19) admits that what is equal pay for equal work “cannot be precisely defined.”

Furthermore, “‘equal’ does not mean ‘identical.’” It is defined by the job’s requirements in terms of skill, effort, and responsibility, not the qualifications of the person unless they specifically impact those requirements. That means two jobs with different titles could be “equal.” That means having better qualifications does not matter unless those qualifications are important to the job.

That is why it helps to begin compensation analyses with job groups, not jobs with the same title. The latter could easily give a false sense of security. Starting at the global level and working down forces us to really look at what makes jobs unequal. AAPs with workable job groups and census codes can help prioritize the jobs and the job descriptions we need to rework or revisit with legal counsel.

Conclusion
Returning to the original question, AAPs have many ways for us to look into adverse impacts and compensation disparities more. A good plan not only provides us good insurance against adverse actions, it guides and prioritizes us. This saves our time and money.

For more information on Affirmative Action Plans, contact Mike Lehr at 1.800.525.9775 or click here to send an email.

A Capital Plan That Addresses Enterprise Risk Management

Written by admin on . Posted in Management & Planning.

By: Gary J. Young, President and CEO

The need for community banks to complete a Capital Plan has intensified since the Office of the Comptroller of the Currency issued guidance which closely corresponds with the manner in which the FDIC and Federal Reserve assess capital adequacy according to information in their examiner’s handbook. The concept is that the bank (1) assess capital adequacy in relation to its unique overall risks, and (2) plan for maintaining appropriate capital levels in all economic environments. A bank should maintain a sufficient level of capital based on the associated risk at the bank and within the economic environment comprised within the bank’s market. This sounds a lot like Enterprise Risk Management. In fact, I believe that Enterprise Risk Management is morphing into Capital Planning based on risk.

This article outlines the methodology that Young & Associates. Inc. recommends in meeting this guidance.

Step 1 – Developing a Base Case
A five-year projection of asset generation and capital formation (earnings less dividends) would be used to project the future tier-1 leverage ratio and risk-based capital ratios. This is the base case scenario. Within this scenario, minimum capital adequacy standards will be established. At this point, there will be no additional capital for risk. As an example, for the tier-1 leverage ratio, the bank might establish a 5.0 percent minimum plus a 1.5 percent additional for unknown risk. This approach would be similar to the Basil III calculation. This would establish a 6.5 percent leverage ratio minimum. This example is for the leverage ratio only. A separate calculation would be needed to examine risk-based capital.

Step 2 – Identification and Evaluation of Risk
The focus here will be in identifying and evaluating all risk within the Enterprise:

  • Credit risk
  • Operational risk
  • Interest rate risk
  • Liquidity risk
  • Strategic risk
  • Reputation risk
  • Price risk
  • Compliance risk

The risk would be assigned a level (i.e., extreme, high, moderate, and low) and a trend (i.e., decreasing, stable, or increasing). Based on these assignments, additional capital may be added to the base. In the analysis of risk you should examine the current position, as well as potential risk in a stressed environment. You should also look closely at regulatory examinations, audit reports, and observation of current systems. Consider assigning additional capital for each position within the risk levels. It is acceptable and advisable that differing risk areas would have differing impacts on capital need. As an example, credit risk might have a greater capital contribution than price risk. Let’s assume that an additional 1.25 percent in capital is required based on the bank’s risk profile. This is similar to the use of Qualitative Factors in the Allowance for Loans and Lease Losses. Added to the 6.5 percent from above, the new capital adequacy level based on risk would be 7.75 percent.

It is possible that your directors would want the leverage ratio to exceed 7.75 percent. Let’s assume that percentage is 9.0 percent. While directors want 9.0 percent, those directors could also state that based on our risk compared with others, 7.75 percent is the measure for regulatory capital adequacy. This is not inconsistent.

Step 3 – Capital after Lending Stress
Both the FDIC and the OCC have suggested models for banks to stress capital based on stress from loan losses by loan classification. Young & Associates, Inc. strongly recommends that the appropriate model should be included in your bank’s planning process. The goal is for the model to indicate that the bank could survive a significant stress. This will also help in formulating your capital contingency which is discussed as Step 4.

 Step 4 – Contingency Planning for Stressed Events
If development of the base case and identification of risk is perfect with no internal or external errors, there would be no need for a contingency plan. However, as we all know, plans don’t work perfectly. Therefore, it is critical to stress all assumptions in the development of the base case and in the identification and evaluation of risk. The stress or worst-case scenario in these areas will determine the amount of capital needed to be raised. The analysis would then examine all realistic possibilities for increasing capital including, but not limited to:

  • Reducing assets from the base case
  • Asset diversification (impacts risk-based capital)
  • All profitability enhancement measures
  • Dividend reduction, if applicable
  • Branch sale, if applicable
  • Downstream cash from holding company
  • Capital raise from existing shareholders
  • Capital raise from new shareholders
  • Additional holding company debt
  • Sale of the bank

A brief word for mutual companies that are now regulated by the OCC: Many of the capital raising opportunities do not exist for a mutual. We would suggest that this is an additional risk for these banks. We would suggest that an additional 0.5 percent, or so, of additional capital is necessary for mutual banks compared with stock banks.

Step 5 – Policy
All of the preceding will be placed in policy and would include:

  • Assignment of roles and responsibilities
  • Process for monitoring risk tolerance levels, capital adequacy, and status of capital planning
  • Key planning assumptions and methodologies, as well as limitations and uncertainties
  • Risk exposures and concentrations that could impair or influence capital
  • Measures that will be taken based on differing stress events
  • Actions that will be taken based on stress testing

Young & Associates, Inc. has been working with banks to develop capital adequacy standards, a capital contingency, and the related policies. In addition, we have developed a product that will help you complete this risk assessment on your own in as little as one day. You can find this product by clicking here, or you can call our office. If you have any questions about this article or would like to discuss having Young & Associates assist your bank, please call Gary J. Young, President and CEO, at 330.283.4121, or click here to send an email.

Regulatory Attention on CRE Portfolios is Rising

Written by admin on . Posted in Lending & Loan Review.

By: Tommy Troyer, Senior Consultant and Loan Review Manager

Over the last several months, it has become increasingly difficult to miss the fact that the federal regulatory agencies (the FDIC, Federal Reserve, and OCC) believe that credit risk is on the rise across the banking industry and particularly within Commercial Real Estate (CRE) portfolios. While industry-wide developments are of course not necessarily reflective of the situation of any single bank, it is the case that regulatory concerns about building credit risk in CRE portfolios makes it more likely that your bank’s CRE policies, underwriting, and portfolio management will be closely scrutinized in your next safety and soundness exam. Note that in this context, CRE refers to what are sometimes called non-owner occupied commercial real estate loans: loans for which the sale of the property, take-out financing, or third-party rental/lease income are the primary sources of repayment.

Recent Comments on Increasing CRE Risk
On December 18, 2015, all three federal bank regulatory agencies issued the interagency Statement on Prudent Risk Management for Commercial Real Estate Lending, an existing guidance on CRE lending. In fact, the statement itself contains no new guidance or regulatory expectations. Its purposes, instead, appear to be to “remind financial institutions of existing regulatory guidance on prudent risk management practices” for CRE and, perhaps more importantly, to highlight the belief that credit risk in CRE portfolios is increasing and must be carefully monitored and managed. The guidance highlights several reasons to believe that CRE portfolios may experience some strain over the next several years. These include both market factors (historically low capitalization rates are cited) and findings from recent exams (easing of underwriting standards along several dimensions, increasing frequencies of underwriting policy exceptions, and insufficient monitoring of market conditions).

The new interagency statement is far from the only suggestion of increased concern regarding the CRE market. The OCC’s Semiannual Risk Perspective for Fall 2015 cites easing underwriting standards, increasing CRE concentrations (especially in multifamily), and for community banks, strong growth in CRE lending as possible risks. The December 2015 – January 2016 RMA Journal includes the final installment of the publication’s annual rundown of “Today’s Top Credit Risk Issues.” Multifamily lending makes the list, suggesting that the Risk Management Association, a respected industry group unaffiliated with any financial regulators, also sees notable risk in the CRE market.

The fact that the CRE market remains competitive in many areas, combined with low interest rates, has thus far meant that several traditional but lagging indicators of credit risk (for example, delinquency and non-accrual rates) have not yet shown signs of weakening. Nonetheless, as has been demonstrated in past credit cycles, the risk factors cited above can often lead to increases in credit risk that do eventually result in deteriorating asset quality and increasing charge-offs.

Prudent CRE Risk Management for Community Banks
The good news is that the keys to effectively managing risks in the CRE portfolio are not mysteries and are achievable for any disciplined and committed community bank. The recent interagency statement provides a good summary. It notes that, in part, banks that successfully manage CRE risk:

  • Establish and adhere to appropriate policies, underwriting standards, and concentration limits
  • Conduct accurate cash flow analysis on the project, borrower, and global levels at underwriting and on an ongoing basis
  • Effectively monitor market developments (supply and demand, vacancy and rental rates, etc.)
  • Implement appropriate appraisal review and collateral valuation processes

In addition to the factors described above, two additional critical features of CRE risk management, CRE Stress Testing and Independent Loan Review, are mentioned. These processes can be performed internally by community banks, but due to resource and other constraints may be both more efficient and more effective if outsourced.

Stress Testing the CRE Portfolio
The interagency statement notes that “market and scenario analyses” that “quantify the potential impact of changing economic conditions on asset quality, earnings, and capital” are an important aspect of CRE risk management. This is a reference to stress testing the CRE portfolio. Further, the 2006 interagency Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices states that any institution with a CRE concentration “should perform portfolio-level stress tests.” Even if your bank does not meet the concentration thresholds defined in the 2006 guidance for identifying institutions with “potentially…significant CRE concentration risk,” stress testing the CRE portfolio can have a number of important benefits. By quantifying the impact of several adverse scenarios on asset quality, earnings, and capital, a CRE stress test can inform your bank’s strategic and capital planning processes, your internally established credit concentration limits and practices, and your credit policy and underwriting requirements.

Young & Associates, Inc. offers a CRE Portfolio Stress Testing service that provides an insightful and efficient stress testing solution. Our service uses data specific to your bank’s portfolio to stress your CRE portfolio across several factors. Our report will assist in quantifying the possible impact to earnings and capital that could result from decreases in collateral value, property net operating incomes, or increases in interest rates. In the current environment in which interest rate increases are likely over the next several years and decreases in collateral values are at least a distinct possibility, understanding your bank’s possible exposure is key to maintaining a safe and sound bank and demonstrating effective risk management to your examiners. Our CRE Stress Testing service is performed remotely, meaning that no travel expenses are associated with the service. More importantly, once the project has been discussed and you have provided a response to our initial data request, bank management can remain free to work on the many other initiatives that require attention, while we make use of our existing systems and expertise, making the stress testing process an efficient one. Our service includes a detailed report documenting the results of the stress test and, if desired, a phone presentation of the findings to management or the board.

Independent Loan Review
An effective independent loan review function is critical to assessing asset quality in the CRE portfolio, determining the accuracy and effectiveness of both underwriting and the ongoing monitoring of CRE credits, and identifying whether exceptions to credit policies or underwriting standards are being appropriately identified and approved by the bank. Any issues identified by loan review can be proactively addressed by the bank, helping to ensure risk mitigation is in place before the issues are identified by examiners or are revealed by deteriorating asset quality.

Most community banks find that their size and the requirement that loan review be performed by a qualified, independent party means that outsourcing loan review is the best option. Young & Associates, Inc. has extensive experience providing loan reviews for community banks. Our loan review of a sample of your CRE portfolio may identify individual credits of concern, but more importantly, will provide perspective regarding whether your credit standards, credit analysis, and ongoing monitoring of existing credits are adequate for the nature of your CRE portfolio. In this way, our findings not only inform management and the board about existing risks in the portfolio, but provide recommendations for effectively managing that risk. We can perform loan reviews on-site or, if your technological capabilities allow, remotely, allowing you to reduce or eliminate the travel expenses associated with the loan review.

For information regarding Young & Associates, Inc.’s CRE Stress Testing service, please contact Kyle Curtis at 1.800.525.9775 or click here to send an email. For information regarding Young & Associates, Inc.’s Independent Loan Review service, please contact Tommy Troyer at 1.800.525.9775 or click here to send an email.

Do You Know Where Your Data Went Last Night?

Written by admin on . Posted in Information Technology.

By: Mike Detrow, CISSP, Senior Consultant and Manager of IT

Maybe your data went to a football game on an employee’s smart phone. Or, perhaps your data met some international friends at an offsite backup location used by one of your service providers. In either case, if you do not know how your data moves and where your data is stored, you cannot protect it.

During our IT Audit engagements, it is not uncommon to see bank employees storing or transferring non-public information (NPI) using services such as Google Drive or Dropbox. This creates a very dangerous situation if one of these services suffers a data breach or the data is synchronized to personal devices infected with malware. In most of these cases, senior management does not understand how employees are handling NPI.

The importance of understanding and controlling NPI data flow and data storage is emphasized in the newly released version of the FFIEC’s Information Technology Management Handbook, as well as in the declarative statements to meet the Baseline maturity level within the Cybersecurity Assessment Tool. This article will discuss a process that can be used to document the data flow and data storage locations used within your institution and those used by your third-party service providers.

Here’s a way this could be used to illustrate the way that an institution can document data flow and data storage. You will first identify each Service or Application that uses NPI. Some examples of these services and applications include: core processing, lending platform, internet banking, and online loan applications. Next, you will identify the Vendor(s) associated with each service or application. The Process Type is used to identify the various processes that are performed using the specific service or application that may use different methods for accessing the data or result in data being transmitted through different connectivity types. An example of different process types can be illustrated with internet banking where data may flow between the core processing system and the internet banking system through a dedicated circuit, but customers access the internet banking system through a home internet connection. The Type of Data will most often be customer NPI, but may also include proprietary institution data. Data can be accessed in numerous ways including: institution workstations, institution servers, employee mobile devices, customer PCs, and customer mobile devices. The Connectivity Type may include: dedicated circuits, virtual private networks (VPN), local area networks (LAN), wide area networks (WAN), wireless networks, or the internet. Controls in Transit may include: encryption, firewall rules, patch management, and intrusion prevention systems (IPS). The Primary Storage Location(s) should include known locations where the data is stored such as: application or database servers, data backup devices, service provider datacenters, and service provider backup locations. The Optional Storage Location(s) should consider other places where data can be stored such as: removable media, an employee’s workstation, mobile devices, Dropbox, and Google Drive. Identifying the Optional Storage Location(s) may take a significant amount of time, as this step will involve discussions with application administrators to understand the options for exporting data and discussions with employees to understand their processes for transferring and storing data. A review of this information may lead to the implementation of additional controls to block the use of unapproved sharing and storage services.

Controls at Rest may include: encryption, physical security, and environmental controls. The Access Rights column should identify who can access the data at any point in time, which may include institution employees, service provider employees, and subcontractors used by a service provider.

This may seem like a daunting task to complete, and it may take a significant amount of time depending on the size and complexity of your institution. One option for implementing this process is to start with your annual vendor review process rather than trying to complete the process for all of your services and applications at one time. When you are gathering and reviewing documentation from each service provider, complete the table shown above for the service or application provided by that service provider. Documentation for internally managed systems and applications can also be completed over a period of time.

Upon completion of this process, you should have a full understanding of how your data moves between devices and where the data is stored. This information will allow you to justify the risk ratings within your information security risk assessment and identify additional controls that need to be implemented to properly protect your data.

For more information on this article, contact Mike Detrow at 1.800.525.9775 or click here to send an email.

5 Ways to Create Compliance Depth

Written by admin on . Posted in Compliance & Regulations.

By: Adam Witmer, CRCM, Compliance Consultant

As football season is now in full swing, many die-hard fans find themselves viewing the player roster of their favorite teams. They do this because they are curious, not about the obvious starters, but about those who are there to back up the starters. Football fans are often interested in the depth of skill their team has retained.

Just like an NFL team has a depth chart of skilled back-up players, it is important to have compliance “depth” within our financial institutions. This is especially true today as examiners have been shifting their expectations of compliance from a one-person dictatorship approach to a fully functioning “compliance management system” (CMS).

With so many new rule changes coming out by the Consumer Financial Protection Bureau, financial institutions can no longer depend on a single individual to be the sole person knowledgeable of compliance regulations. Having a depth of compliance knowledge ̶ both in quantity (number of employees) and quality (individual knowledge) ̶ is more important today than ever before. Therefore, financial institution leaders should consider building greater depth of compliance within their teams.

The following are five ways that every financial institution can build depth into the compliance function of their organizations.

A Formal Compliance Management System (CMS) Model
One of the best ways to infuse compliance depth into a financial institution is to develop a formal compliance management system (CMS) model which ultimately steers the institution’s compliance activities. While most financial institutions have some sort of compliance management system in place – a risk assessment, training, audit and/or monitoring, designating a compliance officer, and managing complaints – we have found that many of these programs are often informal in nature and don’t always establish depth in the overall program.

A formal CMS model is an intentionally designed program that goes above and beyond the core elements of a compliance management system – the model acts as the infrastructure for a compliance program. Generally, a CMS model will produce certain results:

  • Continuity of compliance, regardless of change
  • Pro-active compliance management
  • Clear communication of the CMS to examiners, directors, and additional parties
  • Integration of compliance into applicable job functions of the organization
  • Early detection of compliance issues
  • Strong regulatory change management

The idea is that a formal CMS model helps to ensure that systems, controls, and procedures are effectively implemented and maintained, which helps to naturally build depth into the compliance structure of an organization.

Integration
Another way any financial institution can create compliance depth is to proactively integrate compliance into applicable job functions of the organization. Years ago, compliance could often be approached as an add-on or after-thought to the main task at hand. For example, prior to the late 1960’s and 1970’s, creditors didn’t really have to worry about lending fairly among minorities, protected classes, or even different income levels. Over the years, however, fair lending has evolved so much that organizations that don’t have effective systems, procedures, and controls to ensure fair lending compliance can easily place themselves in a high-risk position for fair lending violations.

Integration can occur in a number of ways. First, policies and procedures can be enhanced to include compliance components. Secondly, controls and testing can include applicable compliance elements. Finally, compliance can become an essential part of employee expectations, such as the requirement of training and even consideration in performance evaluations.

When a financial institution integrates compliance into each applicable job function, a depth of compliance is naturally infused into the organization. This is exactly why many financial institutions are adopting a formal CMS model under which they operate.

Compliance Council
For well over a decade now, we at Young and Associates, Inc. have been advocating for the creation of a Compliance Council in many of our client financial institutions. A compliance council is a group of employees, often middle to senior management, who come together on a regular basis to provide oversite of the compliance function of the organization. While only a few financial institutions operate with just a compliance council (rather than having a designated compliance officer), many of those that do have a designated compliance officer also operate with a compliance council.

There are several reasons why a financial institution will operate with a compliance council in addition to having a designated compliance officer. First, the compliance council helps to provide support for the compliance officer. In today’s regulatory environment, it is often unreasonable for any financial institution to place all responsibility of regulatory compliance on the shoulders of one compliance officer. Therefore, a compliance council can help to distribute the compliance burden and help support the compliance officer.

In addition to providing support, a compliance council also helps to enhance communication in relation to compliance activities. While different departments within a financial institution often operate somewhat independently, a compliance council can help to bring various department managers together while focusing on a uniform goal of compliance.

A compliance council can be an integral component for building compliance depth and this is why many CMS models have a compliance council at the center of their model.

Succession Planning
Just as every NFL team has a depth chart that outlines who is ready to play a certain position, financial institutions can create compliance depth by establishing and maintaining a formal
succession plan for each applicable compliance function. While a compliance succession plan doesn’t need to be complex or even robust, having a clearly designated back-up person for each major compliance function helps to establish greater depth.

To establish depth, a succession plan should designate a back-up person for each significant area of compliance and outline who would assume responsibility in the event that the primary employee responsible for that area is unable to perform their duties. When a back-up person is formally designated and appropriately cross-trained, a CMS model will effectively continue without any major breaches in continuity, meaning that a greater depth of compliance is established.

Training
The final and probably most obvious way to create compliance depth is to conduct enhanced compliance training. Compliance depth can be added through training in two main ways: organizational training and individual training.
First, organizational training can be expanded to integrate compliance into the training rather than treating compliance as an afterthought. Therefore, compliance components should be included in new employee orientations, annual training initiatives, and even sales and other employee specific training sessions.

Secondly, training can increase compliance depth when employees, other than just the compliance team, receive in-depth training on compliance regulations that affect their job functions. For example, a loan processor manager may be able to greatly benefit from in-depth training on Regulation Z, while a lender may benefit on training specific to Regulation O.

Regardless of the type, training is a tool that helps to build compliance depth within an organization.

Summary
Creating compliance depth is going to become an even more important strategy for financial institutions as regulatory expectations continue to expand and evolve. In creating compliance depth, organizations will enhance their overall compliance posture by ensuring compliance continuity when employee positions change, providing better communication regarding the compliance function, infusing necessary components of compliance into each job function, and providing better communication to affected parties regarding the organizations compliance program.

Just as every sports team works to ensure that they have a depth of skilled players, financial institutions who establish compliance depth – through steps like establishing a formal CMS model – are going to fair much better in the long run than those who do not.

Moving Closer to a Guaranteed Statement of Costs – Integrated Disclosures

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance

The new Integrated Disclosures will be upon us in a few short months and will create some unique difficulties for financial institutions. In the distant past, creditors gave the applicants a Good Faith Estimate. However, the United States Department of Housing and Urban Development (HUD) decided that the information was too scattered, etc., and in 2009 announced a new more consolidated format. The goal that HUD had was laudable, but their form really did not improve the situation much, if at all.

Upon the passage of the Dodd-Frank Act, a new federal agency, the Consumer Financial Protection Bureau was told to remedy this situation once again, and specifically to combine the Good Faith Estimate and early Truth in Lending Disclosure (into the Loan Estimate), as well as combine the HUD-1 and final Truth in Lending Disclosure (into the Closing Disclosure). The new forms are an improvement from the current forms, but are also quite complex. The teaching manual that Young & Associates is using for live training runs several hundred pages to explain how to complete the 8 pages of new forms.

Creditors currently have three categories of charges that exist on the Good Faith Estimate – those that have to be correct, those that (as a group) have to increase no more than 10%, and those that represent the creditor’s best guess (typically escrow, insurance, and odd days interest).

The new forms and instructions maintain the “best guess” category as it exists in the current format, so we will not discuss this category further. The issue is with the first two categories – settlement service charges that must be correct and those that must as a group be within 10%.

Settlement Service Charges

Under the current rule, some settlement service charges must be correct. These items include charges that are fully within the creditor’s control – typically their own charges or the mortgage broker’s charges. Beginning August 1, the new rule will still include the creditor’s own charges, but also expand this area as follows:

  • Amounts payable to the creditor’s affiliates and the mortgage broker’s affiliates
  • Settlement services for which the creditor will not allow the consumer to shop.  These would include:
    • Appraiser
    • Credit bureau
    • Tax service companies
    • PMI companies
    • Governmental fees for government programs
    • Flood determination fees
    • And perhaps others.

These fees will have to be correct. This is not likely to create much difficulty, as these charges are rarely an issue. For instance, if the creditor only uses two appraisers, every Good Faith Estimate generated now will list the fee for the appraiser that charges the highest amount.

The problem is that all of these items now are removed from the 10% calculation, meaning that the “cushion” that creditors have had for 10% tolerance items will decrease, as the calculation relies on items subject to the 10% tolerance, and those items are shrinking.

You will note that the second bullet point above included settlement services for which the consumer is not permitted to shop. This creates another level of risk for creditors. For instance, if the creditor does not allow the consumer to shop for a title company, then the title company fees also must be accurate, as this fee moves from the “10%” category to the “must be correct” category. This would apply to any other service for which the consumer is not permitted to shop. So the reality is that if you decide to not allow your consumer to shop for any settlement service, every fee will have to be correct, and the only settlement service charge that will appear in your “10%” category will be filing fees.

The only protection here is to allow the consumer to shop. The phrase “allowing the consumer to shop” does not mean giving them a list and making them pick settlement service providers off the list. If creditors do that, then the creditor has not allowed the consumer to shop. Allowing them to shop means giving them a list of settlement service providers (which you should already have at least partially developed), and telling the consumer that they can shop for these services. Often, the response from the consumer will be to say, “I don’t care, use whoever you want.” If this happens, then the creditor may use their “regular” provider, and the settlement service remains in the 10% category. There is a difference between forcing them to choose off a list and the consumer abdicating their shopping rights.

Of course, the best position for the creditor is when the consumer does shop and hires another competent provider for a settlement service. As soon as they decide to do so, the consumer agrees to assume the entire liability for paying that provider. The creditor discloses what the creditor’s provider would charge, and whatever the final fee is, the consumer must pay it with no risk to the creditor.

The regulation is quite clear that in order to explain to the consumer that they have a right to shop for a specific settlement service, the service and one provider must appear on the settlement service provider list. This list, and what needs to appear on it, will now be dictated by a new form, which will become part of the application disclosures.

Preparing for the New System

To prepare for this new system, creditors need to assure that they do the following:

  • Determine settlement service providers for each service that the creditor might EVER require, even if it only is required once a year.
  • Determine what the charge will be, or determine a method to calculate the charge so that the creditor can get it “right” on the Loan Estimate. Creditors will have to understand that for settlement services that are only required every few months, they may have to telephone the provider prior to completing the Loan Estimate if they have not used that provider recently.
  • Work with settlement service providers who add on multiple fees from closing to closing. This area is mostly limited to title companies who have all sorts of small and miscellaneous fees. The discussion should probably be about how to remove these fees, because sooner or later the creditor may well have to pay them, given the smaller “10%” window.

This new structure need not create a massive increase in risk, provided you prepare for it now. Think about the providers, how they calculate their charges, and how you will assure that your staff will know what these charges will be. Just like the current Good Faith Estimate, if the first Loan Estimate has fatal flaws, there will be no legal way to repair the damage.

Integrated Disclosure Review

Young & Associates, Inc. offers an Integrated Disclosure Review service for sample documents and sample loans as you prepare for this transition and set up your loan types. You will need to provide an appropriate narrative to us that explains the loan and its terms, then provide the Loan Estimate and the Closing Disclosure. The purpose of this review is to determine that the loan type is properly set up and ready to go before the mandatory August 1 deadline. Young & Associates, Inc. will not validate APRs and other similar items. For more information, click here.

Reg Z Policy

We will also be releasing our new Regulation Z mortgage loan policy on or about June 15, allowing time for customization of the policy and board approval prior to the mandatory August 1, 2015 date. For more information, contact Bryan Fetty at bfetty@younginc.com or 1.800.525.9775.

The Importance of User Access Reviews

Written by admin on . Posted in Information Technology.

By: Mike Detrow, CISSP, Senior Consultant and Manager of IT

The FFIEC has emphasized the importance of reviewing user access granted within all of the IT systems in use at a financial institution, including but not limited to: the network operating system (Active Directory®), core processing system, new account and lending platforms, document imaging system, internet banking system, and wire transfer system through its recent statement about compromised credentials. The frequency of these reviews will depend on the size and complexity of the financial institution; however, it is a good practice to perform an annual review at a minimum. User access reviews will help to identify accounts that have been assigned excessive privileges, accounts with access that have not been updated to reflect job position changes, accounts that do not require password changes in accordance with the institution’s policies, and dormant accounts. Failing to perform user access reviews on a regular basis will place the institution at a higher risk for:

  • A terminated employee gaining remote access to the network or email system
  • Segregation of duties issues if an employee moves to a new department, but retains system privileges from the previous department
  • Misuse of dormant administrative accounts that are still active
  • System compromise through the use of vendor passwords that never expire

The user access review process should include an employee that is independent of the system administration role for each IT system to verify that an administrator is not assigning excessive privileges to users or creating hidden accounts to use for illicit activities.

For some systems, the process to obtain all of the security details in an easy-to-understand report can be difficult. This is the case with Active Directory unless additional tools are used to compile the information into a simple report. To simplify the process of reviewing Active Directory accounts, Young & Associates, Inc. has developed the Account Auditor for Active Directory. This tool makes it easy for financial institutions to generate the following security reports:

  • A listing of all of the user accounts within Active Directory
  • Group memberships for each account
  • Dormant accounts
  • Disabled accounts
  • Accounts with passwords that do not expire
  • Accounts with passwords that have not been changed within the past year

The Account Auditor for Active Directory will simplify your network operating system user account review process, reduce IT Audit findings, and is designed to work with your Windows® server operating system to generate your information quickly and easily. There’s no new software to install! It available for just $100.  Click here for more details.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question