Lending compliance is always evolving—and financial institutions need to be prepared to grow as well. The best way to accomplish this goal is with a strong lending compliance program that can quickly and thoroughly adapt and respond to any lending compliance risk.
What is the difference between having an evolved dynamic lending compliance program and one that barely complies? It requires a proactive change management process, proper resources, and these seven elements:
1. Board and management lending compliance risk awareness. Board and management oversight is an essential component to any good lending compliance program. Leadership should be aware of the key compliance lending risks facing the institution and understand whether it’s within the institution’s overall risk tolerance. The board is also responsible for creating a culture of risk management. A robust lending compliance program will have a tone set from the top.
2. Mechanisms for managing lending compliance risk. The board and management do not discover lending compliance risk without help—they not only appoint but rely on individuals responsible for identifying, assessing, mitigating, and monitoring risk to give them reports. A robust lending compliance program includes every step of the risk management lifecycle (identification, assessment, mitigation, monitoring, and reporting).
Lending compliance risk management should be proactive—uncovering risk as it evolves so your institution can embed controls to protect itself from potential harm and take advantage of opportunities.
3. Lending compliance risk should be considered when making strategic plans and decisions. Strategic decisions consider risk—which includes lending compliance risk.
Let’s say an institution wanted to enter the small business lending market because it sees an opportunity through the Paycheck Protection Program (PPP). It is a business decision that requires looking further than revenue or marketing expenses. It also needs to consider the potential lending compliance risks, which include things like fair lending and Community Reinvestment Act (CRA). Adequate controls need to be considered and put in place and focus on things like data analytics to analyze data for potential discrimination and tools for understanding CRA assessment areas.
The same conversation needs to be held for any new lending initiative, whether it is expanding mortgage lending to a new market or offering an alternative to payday loans. Ignoring lending compliance risk when developing strategy leaves a financial institution exposed and open to scrutiny. A strong lending compliance program will include both a focus on fair lending and loan loss when considering strategy.
4. Consistent, effective change management. Whether it is changes to existing laws and regulations or brand-new mandates, a great lending compliance program has an established process for managing change. It is not just a best practice—it’s a required element of any compliance management system (CMS).
Change management processes should identify changes, assess whether they apply to your institution, and have a process for implementing them when they do—especially if the change will impact existing policies and procedures or requires new ones to be written and implemented. If policies change the change, management should also address training and monitor implementation to be sure it is effective and working as intended.
When a change to TRID or other mortgage policy is announced, your institution should be able to replicate its existing blueprint for implementation and not have to reinvent the wheel.
5. Risk management training. Managing lending compliance risk is not a task that can be limited to a single individual or department. Lending, compliance, marketing, vendor management, and operations all have a role to play—but they can only fill that role when they know what to do.
Robust lending compliance programs provide regular training to staff, so they are aware of their responsibilities and how to carry them out.
6. Constructive relationships with regulators and examiners. The best lending compliance programs are the ones where staff views regulatory agencies and examiners as partners in compliance, not adversaries. The regulatory agencies want your institution to be safe and sound—and they also want to see them succeed. Smart institutions see regulators and examiners as teachers and educators. Each interaction is an opportunity to pick their brains about the risks and challenges other institutions are seeing and best practices for meeting them.
A robust lending compliance program will build bridges and relationships to increase success.
7. Audit ready. Robust lending compliance programs are organized, centralized, and documented. They track all lending compliance-related activity, creating an audit trail that makes it easy to prepare for exams and audits. All the information needed to answer questions should be readily available.
A robust lending compliance program embraces the three lines of defense.
Want to learn more about controlling lending compliance risk? We’ve got more insights.