Anyone who has worked in the mortgage arena for any length of time knows that mortgage audits are inevitable. But even if you know that audits are a reality of the job, are you actually prepared?
Luckily, we're here to give you an idea about that—five ideas, in fact.
The Federal Financial Institutions Examination Council (FFIEC)
Working in the mortgage field, you are no doubt familiar with this group. The FFIEC has the power to develop and prescribe uniform principles and standards for examinations of financial institutions. The Council provides training for examiners at both the federal and state levels. It also provides guidance on compliance audits to the financial services industry through its member agencies.
Don't Reinvent the Wheel. Utilize Risk Assessment Models.
Several of the regulatory agencies with jurisdiction over financial institutions provide assessment models that can help with risk management. In addition, some industry organizations and commercial companies offer similar models. Just to name a few:
- Consumer Financial Protection Bureau (CFPB) in its Supervision and Examination manual
- Federal Reserve (the Fed) in its Community Bank Risk-Focused Consumer Compliance Supervision Program
- Federal Deposit Insurance Corporation (FDIC), Comptroller of the Treasury (OCC) and National Credit Union Association
These organizations all publish guidance on risk assessment programs that will help you demonstrate your institution's risk as it is, not as the board wishes it would be.
In addition, ComplianceAlliance.com offers a Mortgage Compliance Checklist Tool to help mortgage companies comply with the various lending regulation requirements.
Compliance Risk Assessment
Compliance examinations, these days, rely less on identifying non-compliant transactions and more on assessing risk and evaluating the financial institution's components that manage, mitigate, or prevent risk. Your financial institution's risk assessment should focus on its structure, policies, and procedures; how actively your board participates in oversight; and of course, your products and services.
Here are three basic questions your compliance risk assessment should answer:
- First, identify your worst case scenario—not just now but in the future.
- What controls does your institution have in place?
- How well do your controls limit the impact of non-compliance?
- How big is the gap between the worse case scenario and the controls you have in place? That gap is the risk that you want to reduce to as small a point as possible.
What Characteristics to Assess
The following are the characteristics that you want to identify with respect to:
- Each of Your Institution's Products: Identify the volume and activity—whether it's a new product or an old one. Determine how complicated the product is and whether you intend to make changes or have recently made changes to the product.
- Your Institution's Internal Operations: Identify how large your staff is, your turnover rates, whether the organization operates with centralized management or not, whether the staff and the organization's culture are compliance driven, and whether the organization has a robust internal monitoring system. Also review recent compliance risk assessment efforts.
- Third-Party Service Providers: Identify compliance monitoring and due diligence efforts.
- Each of Your Services: Identify any unfair, deceptive, abusive acts or practices as required by regulatory agencies.
- Your Consumer Complaint Process: Identify response time and efficacy, and review the record-keeping policy with respect to complaints.
The Federal Compliance Laws for Financial Institutions
The American Bar Association provides its members with a list of the Federal laws that require financial institutions to comply with their rules and regulations and that cover mortgage audits. Just to remind you how regulated the mortgage industry truly is, here is a sampling:
- Truth in Lending (Regulation Z) disclosure statements
- Equal Credit Opportunity Act (Regulation B)
- Fair Credit Reporting Act
- Federal Reserve Board Regulation, Fair Credit Practices Rule
- Fair Debt Collection Practices Act
- ServiceMembers Civil Relief Act
To read an analysis of the accuracy of the CFPB's mortgage compliant data, see National Mortgage Professional Magazine's article from February 2017, entitled "Analysis: How Accurate is CFPB Mortgage Complaint Data?"
To learn more about compliance for mortgage companies, please contact us. We are your resource for all your mortgage company audit compliance questions.