Managing Regulatory Compliance Risk
in Loan Collections
Risk Assessment
As with every area that is subject to
intense compliance pressures, the first
step in managing risk in the loss mitigation and collection areas is to conduct a
risk assessment. The applicable laws and
regulations will determine the proper
scope of the risk assessment. Laws and
regulations that could apply to collection activities include:
■ ■ State-specific collection laws
■ ■ Fair Debt Collection Practices Act
(While most financial institutions are
not technically subject to the act, it provides a standard of fair practice in collections that regulatory agencies tend to
use as a best practice expectation.)
■ ■ Regulation Z (Truth in Lending Act)
and Regulation X (Real Estate Settlement Procedures Act), including the
new servicing rules
■ ■ Regulation B (Equal Credit Opportunity Act)
■ ■ Fair Credit Reporting Act (FCRA)
■ ■ Fair Housing Act
■ ■ Servicemembers Civil Relief Act
■ ■ Privacy/information sharing
regulations
■ ■ Vendor management guidance and
expectations from regulatory agencies
■ ■ Unfair, deceptive, or abusive acts and
practices (UDAAP) regulations
■ ■ Protecting Tenants at Foreclosure Act
To perform an appropriately com-
prehensive risk assessment, a financial
institution must identify all of the de-
partments and individuals, including
any third parties, which are involved in
loss mitigation and collection, from the
issuance of collection letters to foreclo-
sure or litigation processes. The bank
should collect information about how
each of these “touch points” operates
and the steps involved in each depart-
ment’s role. Interviews with stakehold-
ers (for example, the managers who
direct different functions) are advisable.
The goal is to understand the entire collection process.
Analyzing the loss mitigation and collection processes should include several
key questions, including:
■ ■ Are procedures sufficient to make sure
that all technical regulatory requirements
are met, including Regulation Z, Regulation B, and FCRA disclosures, as well as
other application process requirements?
■ ■ Is there a process to verify that both
the institution’s own employees and
its vendors are in compliance with the
law and the institution’s best practice
expectations?
■ ■ Are there sufficient procedures,
standards, and controls to make sure
similarly situated applicants are treated
consistently throughout the entire col-
lection process, including the initiation
of foreclosure, repossession, or other
litigation?
■ ■ Are applicants provided with clear,
complete, and timely disclosures
throughout the process (including
disclosures regarding program alternatives and the implications of selected
alternatives)?
The risk assessment also should include an analysis of third-party vendors.
The analysis must reflect current regulatory expectations regarding the level of
initial and ongoing due diligence for
vendors, which can vary depending on
the risk associated with the vendor. A
vendor that merely mails collection letters will have a lower level of risk than
one that makes direct contact with borrowers. If a vendor is actually responsible
for collecting debts, the financial institution needs a process to make sure that
the vendor is complying with the Fair
Debt Collection Practices Act and the
CFPB’s new debt collection rule.
gap identification and
Remediation
A financial institution can use the results
of its risk assessment to identify gaps
where risk is likely to result, such as:
■ ■ Lack of a defined loss mitigation
process and written procedures.
Without defined process steps, there is a high
risk of inconsistent treatment. Procedures should define at which point in
time in the collection process and under
which conditions loss mitigation options
will be offered. Particularly with mortgage secured credit, procedures should
require documentation of the loss mitigation options that were offered. Prior
to foreclosure, repossession, or litigation,
there should be a review of the collection
process to confirm that appropriate loss
iN THE WAKE OF WIDESPREAD COVERAGE and criticism of some financial institutions’ foreclosure and collection practices, regulatory agencies are increasingly focused on compliance in the loss mitigation and loan collection areas, particularly in those banks that use third-party vendors for
such processes. With the new rules from the Consumer Financial Protection
Bureau (CFPB) addressing mortgage servicing policies, procedures, and
requirements taking effect January 2014, the heightened scrutiny is expected
to continue. That will make it more important than ever to effectively manage
compliance risk in the loss mitigation and collection areas.
