exHiBit;5: best Practices
Common Remedial Actions and Regulator Expectations
conduct a risk assessment of lending products considering front end and back end
processes. update risk assessments periodically, e.g., annually or with changes in
products, services, or delivery systems.
Institute a process to ensure the institution’s fair lending risk tolerance is articulated
and understood by all stakeholders; for example, the board of directors and senior
management can approve and disseminate a policy directive communicating
expectations, accountabilities, and consequences for noncompliance. third-party
providers are included as a stakeholder group because these entities are increasingly
at the center of fair lending violations and therefore warrant clear and direct
communication about compliance performance expectations.
a. establish policies that outline lending and related guidelines, standards, and
b. develop procedures that provide sufficient detail to guide staff and align day-to-day
practices with policies designed to comply with fair lending laws.
c. conduct training to instruct staff and promote an understanding of the laws,
particularly the prohibition provisions and how they apply to day-to-day operating
procedures. training should be at least annual, and supplemented by interim
instruction to accommodate changes in policies, procedures, rules, staffing, etc.
provisions of some consent decrees suggest training for third parties acting on
behalf of the organization.
a. designate personnel for sufficient oversight of processes to ensure compliance.
b. monitor complaints and incorporate the intelligence gleaned from them into
internal review planning, training, and other risk mitigation processes.
c. conduct second reviews of credit decisions—i.e., approvals, exceptions to policy,
d. periodically review marketing, solicitations, and loan application processing
e. conduct a macro fair lending analysis of pricing and denial patterns. the focus of
assessment can be performance by geography (branch, region, minority census
tracts versus nonminority) or source (dealer or broker).
f. conduct a comparative file analysis to assess exposures pertaining to underwriting,
pricing, or terms and conditions.
provide risk reporting mIs to the board and senior management concerning results
of fair lending reviews, industry developments, regulatory changes, and trends that
affect product lines. provide reports periodically, but at least annually, and report
information in the context of how it fares against the institution’s articulated risk
foreclosures. This information no doubt further fueled the DOJ’s
agenda, which includes targeting loan modification practices.
The tone from the top suggests there is risk exposure to be detected.
In hindsight, compliance professionals benefit from past fair
lending cases, which provide insight to help reassess programs at
their institutions and the opportunity to get out in front of their
regulators. To that end, Exhibit 5 recaps key risk management
activities that are based on commonly observed provisions in DOJ
consent orders and other regulator actions. The good news is that
these practices, at least to some degree, exist at most organizations,
and therefore may necessitate only some program tweaking.