The CRA Examination Process Explained
The Community Reinvestment Act (CRA) was enacted by Congress in 1977 to ensure depository institutions are meeting the credit needs of the local communities. Depository institutions undergo CRA exams about every 3 years, depending on past performance. Every business quarter, the Federal Deposit Insurance Corporation (FDIC) releases the CRA Examination Schedule by region and lists the information about each bank that is being examined. There are multiple agencies that conduct CRA examinations including The Federal Reserve System, FDIC, The Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS).
There are 3 phases to a CRA examination:
1. Pre-examination planning: Examiners gather information from the FDIC records and contact the financial institution to request specific information and documents.
2. Review and analysis: Examiners evaluate an organization’s compliance management system and its effectiveness. They will analyze any weaknesses and violations. Examiners will also assess risk to consumers based on your FI’s practices.
3. Communicating findings: Examiners will discuss their findings with management and provide a Report of Examination that documents both the strengths and weaknesses of your FI’s CMS.
Here’s how to make sure your FI is prepared for a successful CRA exam:
Know what examiners are looking for
If you want to have a successful CRA exam, you need to know exactly what the examiner will be looking for: potential for fair lending violations. According to the American Bankers Association, “fair lending practices prohibit discrimination based on race, color, religion, national origin, sex, marital status, age, source of income, or whether a person exercises rights granted under the Consumer Credit Protection Act.”
An examiner will look at your FI from a variety of angles. Examiners use both risk-focused and process-oriented approaches during their evaluation. A risk-focused approach investigates operational areas where compliance errors present the greatest potential risk to cause consumer harm. Risk-focusing looks at products, services, markets, structure, and operations to evaluate the quality of an institution’s compliance management system. A process-oriented approach will investigate your internal methods to ensure compliance with laws and regulations.
An examiner will create a compliance risk profile of your institution using the risk-focusing approach. They will also assess the quality of your institution’s compliance management system (CMS) and consider the inherent risks as they relate to the complexity of your institution’s business operations and product offerings. (Larger banks are expected to have more risk and therefore more complex compliance programs.) An examiner will also test certain transactions based on what they deem to have a high risk of causing consumers harm or where your institution’s compliance efforts seem weak.
Evaluate the compliance management system (CMS)
The next thing an examiner will look at while evaluating an institution's CMS is management’s oversight of the CMS and the level of resources dedicated to compliance. Examiners want to ensure that your institution is doing everything possible to detect, prevent, and avoid compliance risks.
The FDIC clearly states that “conclusions about the adequacy of a bank’s CMS must be based on the effectiveness of those elements that are in place, taken as a whole, for that bank’s particular operations.” This means that just because a smaller bank doesn’t have as comprehensive of a CMS as a large bank doesn’t mean they will receive a lower score – as long as there are no major compliance issues. Institutions need to implement compliance programs that fit their size and complexity. If your compliance program is minimal but prevents violations, your CRA score won’t be affected.
Examiners will then evaluate your FI’s compliance program. This includes policies and procedures as well as products, services, and activities that your institution takes part in. Examiners will also look at the responsiveness and effectiveness of the consumer complaint process. Examiners want to make sure your institution is doing its due diligence.
Examiners focus on a few key areas of a bank’s operations when assessing compliance. The FDIC lists the following as the main areas they evaluate:
- The commitment of the board of directors, management, and staff to compliance.
- Qualifications of the compliance officer or designated staff.
- Scope and effectiveness of compliance policies and procedures.
- The effectiveness of training.
- Thoroughness of monitoring and any internal/external reviews or audits.
- Responsiveness of the Board and management to the findings of internal/external reviews and to the findings of the previous examination.
So now that we know what an examiner is looking for, we can prepare ahead of time by enacting certain policies and procedures to limit any instances of unintentional fair lending violations. Conducting both pre- and post-closing audits are a great way to ensure any errors are caught and corrected. Software such as Compliance EAGLE and Ncommunity were created specifically for this.
Grading an institution
CRA ratings are made available to the public after an examination is concluded. During the evaluation phase, an institution’s strong performance in certain areas does have the ability to compensate for poor performance in others. Your CRA rating will affect how often your bank undergoes examinations: FIs that perform well are examined every three years on average.
The CRA rating is as follows:
Outstanding: A financial institution has a record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.
Satisfactory: An institution has a satisfactory record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.
Needs to Improve: An institution in this group needs to improve its overall record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.
Substantial Noncompliance: An institution in this group has a substantially deficient record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.
Although most financial institutions are used to undergoing CRA exams, the process can still be resource intensive—and stressful. Our Ncommunity solution enables your compliance team to see what examiners see, by providing detailed reports and analysis of an institution’s lending data.
Topics: Lending Compliance