7 minute read
A Fast-Moving Target
A Fast-Moving Target
THE EVOLVING BUSINESS OF COMPLIANCE MANAGEMENT
By LEONARD RYAN, QUESTSOFT
If loan production provides the life blood of the modern lending enterprise, it’s the compliance department that keeps the company from bleeding to death. That’s what it can feel like when a regulator finds a compliance problem that has been hiding in your loan production process and impacted hundreds or even thousands of borrowers.
Believe it or not, there was a time when keeping a financial institution in compliance was much simpler. Today, the fast pace of new technology adoption and an enhanced regulatory focus on protecting consumers at any cost has changed the way we manage compliance.
Our business is all about providing tools and technology that make compliance management easier for lenders, but failure to fully embrace the concepts in this article can render even the best tools ineffective. Before I get into that, let me explain why compliance today is a fast-moving target and why it will likely be that way from now on.
TWO REASONS COMPLIANCE IS REALLY HARD
Every time a new or modified rule is implemented by any regulatory agency, compliance officers must react. What we’re beginning to realize across the industry is that complications can also arise anytime a lender makes a change to the loan production tech stack. And issues related to that are happening more and more often.
Today’s compliance management programs must monitor more than just changes coming out of the industry’s regulatory agencies. They also must monitor and measure the impacts of every change the company makes to its technology, products, and processes, as well as any changes its technology partners make to the tools the lender is currently using.
Over the past few years, we have watched lenders rapidly adopt new digital processes for loan origination. While that has not, in and of itself, changed the dynamics of compliance, it has introduced additional compliance risk to the loan origination process. As these new tools are added to the lender’s tech stack, the compliance management team must spring into action.
Introducing unintended compliance problems into the lender’s process when updating technology is something we’re seeing more often. For instance, a lender could implement business rules inside systems to streamline processes, but that change could negatively impact compliance risk management efforts.
In fact, the rapid rate of change in digital origination technology means that it is now statistically more likely that a lender will unintentionally increase compliance risk than implement effective controls. Of course, companies like ours are constantly monitoring changes in the lender’s technology to identify and adapt compliance controls to limit risk. This allows earlier detection and quicker correction of compliance issues within loan records.
THE IMPACT OF EVER-EVOLVING TECHNOLOGY
Automation has delivered a great many advantages to the mortgage industry and the borrowers it serves. Technology has largely delivered on its promise of better, faster, and cheaper, though not all tools have delivered all three, or even two.
Automating a broken process is a sure way to fail in enhancing profitability and limiting compliance risk.
Because every change made to a technology carries with it the risk of inserting an unintentional violation of law into the lender’s process, and because technology is constantly changing, the lender’s process for compliance management has necessarily evolved. Today, lenders must monitor their people, processes, and technology on a constant basis, ever vigilant for the compliance issue that can be the precursor to many future problems.
For example, we recently assisted a lender in building an integration to our reg-tech tool. Throughout the implementation, we monitored the lender’s compliance and just before the lender flipped the switch, we identified a high incidence of loans coming back with noncompliance flags. The lender went in search of possible human error but instead found that a different technology vendor had, in the process of adding a new feature to a tool, inadvertently adjusted calculations that were now causing loans to fall out of compliance.
Had we not been in the process of completing our own integration and monitoring all lending activity as part of that process, the root cause might not have been found and the new automation installed by the lender’s technology partner could have led to a great many compliance violations. A problem that could have wreaked havoc for months was found and corrected in a matter of days, but only because the lender’s process was being actively monitored.
This is the future of compliance management.
HOW WE DEAL WITH COMPLIANCE AS A MOVING TARGET
In the past, lending compliance was part of the quality control process. A subset of loans was checked by humans in the QA/ QC department. Documents in the loan file would be compared to a compliance checklist. Workers would stare and compare. That process falls woefully short today.
Automation has changed the scope of noncompliance risk. No longer are these errors the result of an individual making a mistake on an individual loan, although this may still happen. More often, they are unintended consequences of changes made in the lender’s origination technology.
We don’t expect to see the pace of new technology adoption slow anytime soon. There are too many advantages these tools still have to offer. This is true in terms of lower costs and higher efficiencies, but also in terms of compliance. Regtech has been instrumental in helping lenders systematically and dynamically monitor for compliance risk. But to achieve this benefit, the technology must be programmed correctly and monitored carefully. A mistake in the programming can lead to automating noncompliance.
This means that instead of noncompliance problems cropping up in a few loans across the enterprise, one misstep can result in regulators identifying a weak compliance program.
To manage compliance in this environment, lenders can’t rely on human checkers looking at a subset of the company’s loan production manually. Lenders need an effective compliance management solution to deal with this level of complexity.
Therefore lending compliance today is about using technology to constantly check results so that management is notified immediately about potential issues and corrective action needed. It’s important to note that noncompliance flags can be false positives and a good compliance management system is never a pure technology-based solution.
THREE KEYS TO BETTER COMPLIANCE MANAGEMENT
So, what then constitutes an effective system for compliance management? We find three keys to better compliance management that should be made a part of any lender system.
• Good compliance management requires the right mental attitude. I don’t mean like a prize fighter getting ready to get into the ring. I mean understanding that compliance isn’t an “us versus them” proposition.
So many lender shops are permeated with the attitude that the compliance team is out to kill deals. This attitude can lead some to withhold information or to otherwise work against compliance management, increasing the lender’s risk of noncompliance.
While it is true that lenders should be very careful to ensure that compliance
decisions are not causing the company to lose business from borrowers that qualify, compliance should always be considered a “win-win” situation within the enterprise.
• The old end-of-the-line compliance cycle must be thrown out in favor or checking loans as soon as they come in the door and then periodically throughout the loan origination process. In addition, the lender must shift from a process of checking a few loans to using technology to test every loan that flows through the lender’s pipeline.
Compliance monitoring must become a constant practice because the lender will not know in advance when a system change will inadvertently lead to increased compliance risk.
For instance, the Home Mortgage Disclosure Act (HMDA) is the basis for much of the loan reporting lenders are required to complete. But increasingly, various states are requesting access to the lender’s information that may or may not conform to the lender’s existing HMDA reporting.
Today, about half of the data elements required on a state’s NMLS mortgage call report line up with data elements already reported for HMDA while another third are related but referred to differently by individual states. Finally, the lender may be required to provide additional information on the call report that represents a sub-delineation of an existing data element.
Instead of the cash-out refinance purpose reported for HMDA, we may see a cash out loan that has a more specific requirement for the state call report. This kind of complexity will only increase as government agencies at all levels seek ever more information about the lender’s business and the impact on consumers.
• A good compliance system will be designed around the lender’s business model and not the other way around. We have found that sitting down with company management and learning how they operate their lending business is an important first step in compliance system design and implementation.
The right compliance technology partner will be flexible enough to adapt their existing tools to the lender’s needs without exposing their clients to unnecessary risk. Lenders can’t afford to settle for anything less.
