Chief Investment Officer
Commercial Loan Automation
We do not need reminding that the regulators hold our license to operate in their hands. In fact, today they have even greater control over our business, particularly when it comes to penalties, both financial and non-financial. Recent staggering fines and compliance-related restrictions on branching and acquisitions should be a reminder to us all of the importance of compliance.
I realize that Compliance isn't a revenue-generating activity. It is however, a necessary investment that will allow you to engage in the broadest range of revenue-generating activities. We can debate whether full compliance enhances safety and soundness (or not), but to me that's beside the point. The fact is that the cost of compliance, as high as it is, is lower than the cost of non-compliance.
This article highlights recent compliance "hot topics". It doesn't mean that old standbys such as BSA, HMDA or flood certificates are off the radar screen. Those can still put you in the penalty box for several years, which means you will watch the world consolidating before your eyes without the ability to participate in the action. However, I wanted to focus on what's new. Unfortunately, there is plenty of news...
- Vendor management. The definition of vendor management has been broadened greatly. Traditional vendor management focused on safety and soundness, ensuring that your vendors are financially sound enough to continue providing mission-critical services. That definition has been extended to becoming responsible for vendor actions with respect to consumer protection. You are now responsible for the actions of vendors such as foreclosure management helpers from collectors and attorneys to lawn mowers and sow removers. It is your responsibility to ensure that these vendors treat the consumers fairly and with equality, and that you maintain foreclosed properties in low and moderate income neighborhoods the same way you do posh areas, using similar quality vendors.
Traditional vendor management was extended to vendor activities to a degree, e.g. examining money-service businesses to ensure they follow the same "know your customer" regulations as we do. These requirements go well beyond that point, leading to vendor risk rating and documentation. We are now responsible for the consumer-related compliance of our vendors, from Affinion to your F&I guy at the auto dealership. This is a sea-change that must be heeded.
- Overdrafts. Overdraft programs might become a thing of the past. Whether dynamic or static, the regulators don't like them. The CFPB is completing a study of 9 large banks and their overdraft programs. While the programs are still permissible, certain best practices emerged:
- Do not automatically enroll your customers in your program.
- Include a hard cutoff in your program - a number or dollar amount of overdraft fees at which the customer is removed from the program.
- Send the customer first notice about their overdraft behavior and offer remedial help after 6 overdraft occurrences within a rolling 12 months period. That number is an FDIC-recommended number, but has not been adopted by other agencies.
- Be careful of "shadow programs", e.g. having your RMs waiving the fees routinely. There should be no other criteria beyond the program itself.
- It's unclear whether disclosing the program limit (say, an overdraft opportunity of $500) is good or bad. There are arguments for both sides.
- Add-ons. Banks sell add-on products from third-party vendors to their customers. The most common products are credit-life insurance, identity theft and a coupon plan. These have come under regulatory scrutiny in recent months. Among the activities they are looking at are:
- Marketing practices by both the bank and the vendor (since the bank is held accountable for vendor performance and conduct).
- Vendor fulfillment (for example, some vendors make enrollment so difficult that the customer doesn't fully enroll but the bank still charges them monthly fees, while both customer and bank believe the customer is enrolled in the program but the vendor does not).
- Aggressive renewal practices.
- Scripting. For example, credit add-on product scripting should not include scripts that indicate the product can help improve the customer's credit history, nor can they represent the product as insurance. At the same time, veering off-script, even to respond to a customer question, is also frowned upon.
- Rebuttal limitation. If the customer says "no", only one rebuttal is acceptable. Beyond that is considered pressure to buy.
- No assumptive closes, not even "let's get you enrolled".
- Sales incentive programs should consider compliance in addition to productivity for these products.
- The acid test for this product is when you answer this question: "Would I buy and pay for this product?"
- UDAAP. Unfair, Deceptive, Abusive acts are unfortunately in the mind of the beholder. You can be in compliance with all the requirements and disclosures and still have an issue, given the huge judgment component to this act.
- Some regulators are looking for a UDAP officer of a customer advocacy person on your staff (the typical title is Fair & Responsible Banking Officer).
- Establish corporate policies regarding fairness principles and standards.
- Identify all customer touch-points enterprise-wide to ensure your customers are treated according to your fairness policy.
- Ensure all your products and business practices affecting consumers comply with your policy, including marketing practices.
- Document your process.
- Consider UDAAP implications of new products and services.
- Fair lending. The definition of Fair Lending has also expanded and now includes all marketing, product offerings and physical presence of the bank. If you have a jumbo mortgage program with a special price, it might cause concern if not offered to all customers in all markets. Red lining is a main fair lending focus item during the exam as well. I understand there are many business issues related to this expectation and others enumerated here, but I'm just reporting what I know. Don't shoot the messenger.
- Review your assessment areas and census tracts adjacent to it annually.
- Re-evaluate assessment areas as soon as the 2010 census data comes out.
- Consider your lending patterns and how you can explain them.
- Ensure you have a strong outreach program for marketing your products.
- Ensure you minimize pricing exceptions and underwriting discretions; they significantly increase your fair lending risk. Support the business justification for each case, document heavily and ensure the percentage of your loans with exceptions is small.
- Complaint management. This is an emerging area of interest (and overhead). First, you need to define what constitutes a complaint. While a restrictive definition might seem best, regulatory perspective might differ. All complaints must be centrally logged and classified, filed and responded to. The compliance area shouldn't be the respondent to these complaints, but should review responses to ensure they are consistent with the spirit of your policies. The regulators review your compliance management and will cite you for it if not up to expectations.
- Spousal guarantees. This regulation has been on the books for a while, but it now is in the examiners' cross-hairs. Ensure that all spousal guarantees, including during renewals, have a business relationship to the borrowing entity. Most violations this year were found on commercial and agricultural loans.
Compliance is perceived by many line people as a function that inhibits their ability to operate and success. In reality it is an essential staff area without which the bank is unlikely to be able to realize its profit potential in the coming years. The key to success is proactive posture and thorough knowledge of the regulatory expectations. And, as I said, the current cost, although high, is lower than the cost of non-compliance.