MGMT IANCE MANAGEMENT
By carl g. Pry, crcM
Simplifying the Fair Lending Risk Assessment
CcreaTing a Fair lending risK assessMenT no longer seems
optional; examiners expect that each bank will assess its risk of having
fair lending issues before the examination. This shouldn’t be a surprise—
compliance in general is (not so slowly) evolving toward risk-based models.
From Bsa risk assessments to red flag guidelines, banks are now expected
to evaluate their own potential for problems. and because fair lending is
squarely in the crosshairs of legislators and regulators alike as the no. 1
compliance issue in 2009, we have the recipe for a new “requirement.”
So what should this fair lending risk
assessment look like? Unfortunately,
there’s been little concrete guidance
from the agencies. There have been
some unofficial comments from vari-
ous officials and some educational
materials, but no template to utilize.
That’s partially on purpose: it’s up to
each bank to identify and measure its
own inherent and managed risk.
So if you’re staring at a blank sheet
of paper, where should you start? The
process can be synthesized into a few
necessary steps:
1. Identify your decision points—
determine inherent risk.
At its simplest, the fair lending risk
assessment should first measure and
evaluate inherent risk, which is the
intersection of the possibility of violating any fair lending–related rule or
regulation (Reg. B, FHA, UDAP, and
to a lesser extent HMDA and CRA)
with where those possibilities lie within your bank. It should then consider
efforts to mitigate those inherent risks
(by way of controls) to determine residual risk. But you must first identify
where the inherent risks are.
To do this, ask where any type of
lending-related decision can be made—
which and how products are developed,
how loans are marketed and advertised,
decisioned, underwritten, serviced, and
so on. It’s a holistic approach to your
operations. Identify each organizational
point where decision-making authority
resides: each department, division, busi-
ness line, channel, etc.
Evaluate this within the context of
your environment. Look at the demo-
graphic and financial characteristics of
your market area; consider whether
you adequately serve that area and
have the proper mix of products to
do so with an eye toward disparate
treatment and impact.
Look at both objective factors, in-
cluding the volume of loans made in
each decision center, and subjective
factors such as exception authority. Pay
particular attention to pricing discretion
and influence over product selection. Al-
so consider third-party relationships—
vendors, brokers, dealers, and service
providers you associate with—that
could present fair lending risk.
dures). This has the broadest applicability, as the anti-discrimination
rules cover all areas. Don’t forget
about commercial loan and servicing areas; actions taken after a loan
is closed can be just as discriminatory as those made during the
underwriting process.
■ Fair Housing Act (FHA). This applies
to any activity related to residential
housing loans. Commercial activities
count here, too, and as with Reg. B,
servicing decisions such as modifications and foreclosures must be
considered. This is rapidly becoming
a focal point in fair lending exams.
■ CRA and HMDA. These are more applicable to step 4 below, but recognize
that data you report under these rules
comprises the ground floor of most
fair lending exams, because you’re
providing ready-made data to the
examiners for analysis. Data integrity
issues increase fair lending risk.
■ UDAP. This is a developing area of
regulation, but the premise here is
that discriminatory practices are
by their very nature unfair and
deceptive.
2. Rate the rules and regulations.
Armed with this fair lending–centric
view of your organization, now consider the rules and regulations those
areas and personnel must contend
with. Don’t just look at each rule as a
whole, but break it down into its components, paying particular attention
to new developments and enforcement trends. Rate the organization
points identified in the first step.
■ ECOA/Reg. B (including the Interagency Fair Lending Exam Proce-
3. Evaluate your controls—
determine managed risk.
Consider your efforts to mitigate the
risks (where and what) identified in
the first two steps. Look at your policies and procedures, and compare
them with your actual practices by utilizing audit reports, self-assessments,
exam findings, and so forth. Also assess
management’s attitudes toward fair
lending risk.
This part of the risk assessment
evaluates your effectiveness in ensuring that any disparities are the result of
purely financial factors, not any sort of
