CFPB Regulations and Your Compliance Management System

PERSON OF THE WEEK: New rules from the Consumer Financial Protection Bureau (CFPB) require that all mortgage lenders maintain compliance management systems (CMS) – which is not, as some people think, software but rather a set of practices and policies that ensure a lender is meeting regulatory compliance in all areas of federal consumer financial law.

Essentially, a CMS is a plan for how a lender will meet compliance. The plan’s structure is relative to the lender’s business model. And the plan must change as regulations change, are reinterpreted, or as the lender’s business model changes.

Continuity’s software platform is used to automate as many parts of a lender’s CMS as possible – or, put another way, as many parts as the lender wishes – but its purpose is to do so holistically. Among its key features and capabilities is its ability to house hundreds of pre-built procedures spanning dozens of program areas.

It includes procedures for examination areas including consumer compliance, BSA/AML, lending operations, deposit operations, and Community Reinvestment Act and Fair Lending compliance, and also contains a large collection of risk assessments including BSA, Fair Lending, electronic banking, identify theft, and more.

Such tools have become critical in order for lenders to effectively meet compliance because they aid greatly when to comes time for a compliance audit. Because a majority of the tasks associated with compliance are automated and tracked by the platform, it provides a powerful tool for delivering compliance data to examiners.

Such tools also have also enabled lenders to take a much more holistic approach to compliance. So much so, they have led to the development of what Continuity calls the “Unified Compliance Management System” (UCMS) model.

To learn more about this new model, MortgageOrb recently interviewed Pam Perdue, chief regulatory officer and executive vice president for Continuity.

Q: What is this “holistic” approach to regulatory compliance we are starting to hear about?

Perdue: The holistic approach relies on adopting the UCMS model, which allows lenders to quickly adapt to and implement any type of regulatory change. Whether those changes come from the outside, such as the recent HMDA implementation deadline, or are internal adjustments, like the addition of an office or a shift in key personnel, applying the UCMS model ensures nothing falls through the cracks.

An effective CMS includes the preventive, detective and corrective controls a lender needs to have in place. It’s “unified” because everything is in one place, and thought about as part of a process and an integrated framework, rather than scattered on disparate systems with various owners and vague accountability.

The UCMS model starts when a change occurs. First comes an understanding of the risk that a new regulation poses to the organization, then adapting its policies to comply. After re-evaluating organizational policies, building new or updating existing procedures is critical. Implementing technology upgrades and providing training for employees impacted by the regulation comes next. Finally, ensuring that monitoring and audit programs have incorporated the new or revised standards completes the change cycle.

Executing this step-by-step process not just helpful when a new regulation is issued, it promotes efficiency throughout the compliance function. Even if no changes to the rule occur, lenders need to preserve evidence that they have done their best to ensure compliance, in case they encounter future regulatory or legal challenges about their performance. A solid CMS is essential to a lender’s ability to defend itself against allegations or accusations of wrongdoing, whether the source is a single angry consumer, a regulator on the warpath or a group of hungry class-action plaintiffs.

In addition, being able to work backward through the cycle when something goes wrong, is helpful at ensuring thorough remediation. Doing so exposes lapses in monitoring or training that may have occurred, or places where system upgrades may have been to blame. Inspecting procedures and policies to see where they may have contributed to weaknesses in execution ensures the root causes for deficiencies are properly identified and addressed. Again – nothing falls through the cracks using the UCMS Model.

Q: What are some of the common mistakes in lenders’ approaches to regulatory compliance?

Perdue: Common mistakes we see over and over again fall into three categories: over-reliance on one or a few staff; failure to embed compliance into business processes; and lack of standardized compliance processes.

Many lenders exhibit a very disjointed, almost haphazard, approach to managing compliance. These lenders often rely on one or a few mid-level executives to answer for the organization’s compliance program, instead of involving all of upper management to help to build a culture of compliance. Furthermore, placing the entire burden of regulatory interpretation and application in the hands of a select few increases the risk that something will be overlooked or misinterpreted along the way.

A second common mistake is thinking of compliance as an added step. Viewing compliance as a “necessary evil” relegates it to always being an afterthought. The most effective organizations embed the compliance work steps into their processes for originating, funding and servicing loans, so that it is just another step in doing business. Not only does this combination tend to streamline the workflow, it also promotes better compliance outcomes.

Third is standardization. Many lenders have built their compliance programs around the misconception that merely checking the right boxes for individual regulations is enough. Lenders following this reactionary approach to each new regulation tend to have costly and time-intensive practices, since compliance is treated differently each time, and is often not integrated seamlessly throughout the organization. This type of “reactionary” approach relies on time-consuming manual processes that, even if they are accurate, may deliver compliance at too high of a cost.

Consistently applying the unified CMS model reduces the time, energy and expense – as well as the hassle and worry – over addressing and implementing regulatory or other types of change. A poorly executed compliance program can expose the lenders to penalties and the loss of borrowers’ trust.

Q: Since passage of the Dodd-Frank Act, lenders and servicers have had to ramp up staff hiring to keep up with regulatory compliance. Has that helped or has it created a new set of issues?

Perdue: Hiring more people seems like an easy and obvious solution to capacity challenges. However, a peek beneath the surface reveals that adding new staff creates its own series of challenges and constraints.

Of course, there are the obvious distractions of recruitment: finding qualified, competent people in a highly competitive marketplace and given any applicable geographic constraints. But beyond this – and especially during busy periods – training new hires distracts key staff from their own work.

Even though more people may lessen the overall burden over time, these human resources are expensive financially and psychologically up-front, because they consume others’ time. I have observed that combining the right technology and key staff yields a more effective compliance management system than just staff alone. When lenders embrace the idea – however wrong it is – that the only solution to a capacity problem is to add staff, then they have effectively ensured the problem will persist in perpetuity.

Why? Because they have not actually made processes more efficient or outcomes more accurate. Adding technology forces the standardization of consistent and repeatable approaches, which can really ramp up operations in a lean and effective way.

Leave a Reply

Your email address will not be published. Required fields are marked *

Web Statistics