ABA Bank Compliance - July/August 2019

be given to services in a foreign language including documented materials, translation, and customer service personnel who speak a predominant foreign language based on market demographics.

Addressing Fair Servicing Risk

Because of the breadth of servicing interactions and activities, banks must first understand where risks occur. Focus should include activities that are critical to a servicing process and present the highest risk of compliance or service failure. Controls must be designed to mitigate both the compliance and operational risk and be periodically tested to verify that they continue to operate as intended. Ineffective controls can lead to errors that may impact one account or many account—especially if the error is a result of a systems programming issue. Preventive and detective controls and the processes they align with should be periodically evaluated for effectiveness to help avoid difficult and costly remediation.

The preventive and detective controls in the box below, are integral to a robust and well-functioning compliance management system within the servicing function.

Second line compliance monitoring and third line internal audit play instrumental roles in ensuring that controls are both mitigating risk and providing effective identification of errors. Customer feedback is also key to awareness of potential servicing issues. Feedback comes in all forms and does not necessarily need to be tied only to complaints. For example, did the bank just launch a new rewards program and customers are calling or emailing with questions that indicate confusion about how they earn rewards? This could be an early indication that the program may not be operating as intended or that customer marketing was not clear or was misleading. Additionally, pay attention to internal reporting. Unusual changes or spikes in delinquency rates or payment patterns could indicate an issue with the servicing system or failure to process payments in a timely manner.

Servicing and Fair Lending

Compliance issues in the loan servicing process may increase a bank’s fair lending risk profile. The Equal Credit Opportunity Act (ECOA) and Regulation B make it unlawful to discriminate against any borrower in any aspect of a credit transaction, including loan servicing, on the basis of race, color, religion, national origin, sex or marital status, age (provided the borrower has the capacity to enter a contract), because all or part of the borrower’s income is derived from any public assistance program, or because the borrower has in good faith exercised any right under the Consumer Credit Protection Act. ECOA applies to servicers that are creditors, such as those who participate in a credit decision about whether to approve a mortgage loan modification. Within the servicing process, payment programs, interest rate reductions, modification options, and fee waivers all represent decision points that present potential fair lending risk.

The procedures CFPB examiners follow to evaluate a servicer’s compliance performance are detailed in the CFPB Supervision and Examination Manual. Understanding these procedures and incorporating their intent within the bank’s fair lending compliance management system (CMS) will not only help provide better customer service but it should also help mitigate fair lending risk. Banks should review the following ECOA-specific exam procedures against the bank’s fair lending CMS to determine and address potential fair lending risk:

Compliance officers must ensure they continue
to help the bank successfully navigate the
landscape by identifying and mitigating
compliance risk in all aspects of account
servicing, including fair lending and UDAAP.
Preventive Controls

■ ■ Management and Board oversight (tone at the top).

■ ■ Detailed policies and procedures.

■ ■ Job-specific training on regulatory requirements, policies, and procedures.

■ ■ Compliance review of new products during development and prior to product launch.

■ ■ System controls including hard stops and warnings.

■ ■ User acceptance testing prior to going live with system enhancements.

■ ■ A documented and established change management process that includes review of new regulations, regulatory newsletters, and enforcement actions

Detective Controls

■ ■ First line quality assurance review and business analytics (key performance indicators, key risk indicators) for timely identification of errors and ongoing trend analysis.

■ ■ Second line compliance monitoring to ensure first line processes and monitoring efforts are effective in identifying errors and potential risks.

■ ■ Third line internal audit will ensure the bank’s compliance management system is robust and effective. The last check before regulatory examinations.