By Haydn Richards and Heather Hutchings
Compliance departments come in all shapes and sizes. Some companies have multi-person teams exclusively devoted to compliance while others place responsibility for compliance with a single individual whose duties encompass multiple areas. While business-minded executives are realizing with increasing frequency the necessity of a robust compliance operation, the reality remains that compliance is not a revenue-generating business line, and despite the best intentions of executive management, you likely find yourself operating with fewer resources than you would in an ideal world. To that end, we have put together a few suggestions to help you maximize the resources you have and tap into resources you might not have considered in an effort to do your job more efficiently and effectively while maintaining your sanity.
Building Internal Tools That Work for You
As a compliance or legal professional with limited assistance, you need to make sure that you have the right tools at your disposal, and part of that process may be taking a few extra minutes to record what you’re already doing to save yourself time and energy in the future. For example, does a regular part of your day or your staff’s day consist of answering questions from mortgage loan originators (“MLOs”)? We find that our clients often ask us the same or similar questions, and those questions are an outgrowth of the duplicative questions that the internal compliance department is receiving from multiple MLOs. Many MLOs read the same blogs and participate in the same message boards, so while an MLO in your Toledo, Ohio branch hatches an idea seemingly independently, an MLO in your Springfield, Missouri branch may be coming up with the a similar plan from reading the same information on the Internet. To save you time, consider creating a knowledge database or reserve that MLOs could access in advance of making any inquiry. Each time you receive a new question from the field that has the potential for broader applicability, record the question and the result in the database. This knowledge base would allow those MLOs to access inquiries before taking up the valuable time of your compliance team. If you spend a little extra time as inquiries arise, you may find that you’re saving more time on the back-end.
Making generalized guidance available to your MLOs may not be an idea that you are comfortable embracing. All companies have some MLOs who will push the limits, and if you are concerned that a compliance Q&A database could be subject to manipulation, draft the document for use by you and your compliance team members only. Instead of reinventing the wheel every time an inquiry comes in, you can consult the database and determine whether there is information that you can reuse or retool. This can help minimize the amount of time you spend researching and responding to duplicate or similar inquiries.
Most compliance professionals’ daily lives consist of much more than responding to one-off questions posed by the field. In order to make your internal tools work for you and your compliance team, it is imperative that MLOs and other operational professionals respect the amount of time that you have. In order to encourage this observance, consider implementing policies and procedures that define the time periods during which MLOs and operational professionals can reach out to the compliance team. For example, you could establish a two-hour window during each day that you will field questions and respond to inquiries received by email. Exceptions for emergency situations, such as a question of whether a particular loan can close in the next hour even though there is a disclosure error, will have to be made, but the expectation that you will drop everything you are doing to review a proposed advertisement or a marketing services agreement should be extinguished. Ensure the support of management to allow you to prioritize the order of your responses, even if that means an MLO does not receive a next-day response to his or her question. Without management support, you will not be in a position to push back on operations personnel when needed, and such support is essential to ensure that you can address the appropriate compliance inquiries that have a degree of seriousness. This is not to say, of course, that questions of a pressing nature should be ignored; rather, you should not be expected to place the “the guy down the street pays his MLOs in this manner, why aren’t we doing that” query ahead of the “does this error on the TIL mean we need to redisclose and wait another three days before closing” question.
Implementing a Streamlined Approach to Risk Evaluation
Generally, we find that the two sectors of a business that have the greatest institutional knowledge and, therefore, the most complete understanding of a company’s risk profile and historical compliance concerns are executive management and its compliance professionals. Because you have that institutional knowledge and understand the areas that pose the greatest risk to the company, it is important to understand how best to deploy your resources to eliminate the greatest amount of risk to the company in as brief a time as possible.
Keep in mind that operational folks naturally will disagree with you about the greatest areas of risk. Operational personnel are most concerned with producing (i.e., originating loans, maximizing servicing revenue, etc.), and often production and risk grow in tandem. Your job is to ensure that as production continues to grow, it does so in a compliant manner. Sometimes this means you have to reign in operations in order to mitigate compliance risks. But, with limited resources, how can you best do this? We suggest the following approach:
- Consider Past Areas of Compliance Concern or Ongoing Areas of Concern. Which areas has the company historically had difficulty with? Has the company demonstrated that certain laws or segments of its business continue to have compliance difficulties? For example, if examinations regularly reveal compliance deficiencies in connection with the company’s retail business but its wholesale business does not have similar issues, a focus on the retail business is appropriate.
- Consider all CFPB Enforcement Actions and Major State Regulatory Actions. Regulatory agencies like to leverage off of the work that has been undertaken by other regulatory agencies. When you are examined, you can expect that they will be looking for compliance infractions that are identical to those that their fellow agencies have entered into with your company in the recent past and also those that have been identified in prominent actions by sister regulatory agencies that have impacted other companies in the mortgage industry.
- Consider External Areas of Concern. It is without question that one of the primary sources of complaint that we hear from our clients is that their loan origination system (“LOS”) is insufficient in some manner. Sometimes this results in the compliance team having to spend greater resources in maintenance than would otherwise be necessary. Nevertheless, when a company must deploy resources to fix a third party product, the number of resources devoted to “company-resulting” concerns decreases. Therefore, you should be as involved as possible with vendor management to ensure that you have a say in whether contracts should be renegotiated or terminated for compliance failures or other reasons.
- Evaluate Consumer Complaints and Internal and External Quality Control Surveys: All too often, we hear of industry members failing to review consumer complaint information for trends. Similarly, internal and external quality control reports often identify areas or practices that could be improved for the company. Without having a process in place to capture the information obtained in these surveys, problems are likely to recur. Therefore, it is important to monitor these areas but to do so in a manner that is as efficient as possible. One option would be to have team members responsible for creating reports on complaints or quality control measures prepare an executive summary that highlights key findings that require attention. Doing so may limit the amount of time that you must spend reviewing broader reports, while ensuring that key issues are evaluated and acted upon.
- Maintain a wishlist. You are likely well aware that you seldom get all of the resources you request in trying to build out and bolster the company’s compliance operations. Nevertheless, as time passes and priorities change, there may be opportunities to revisit areas that may not receive immediate action. By keeping a “wishlist”, you can ask management to reconsider your suggestions that may not have been accepted at one time. Just because the answer is “no” now does not mean that management will not be more receptive under different circumstances.
Taking Advantage of Available Compliance Resources
It goes without saying that all compliance professionals have free resources that provide compliance assistance and guidance and that professionals must take heed of those resources. Countless law firms, including our own, have newsletters, blogs, and other resources available to all those who are interested. These resources frequently provide updates on current events, but also may provide strategy suggestions so that a company’s compliance needs can be met. In utilizing these resources, make sure that you are relying on a reputable source with a good working knowledge of the mortgage industry.
Perhaps the most valuable free compliance resources available are those that the regulatory agencies make available. Increasingly, regulatory agencies are reticent to provide clear and concise guidance concerning a company’s particular compliance questions and obligations, but this does not mean that generalized guidance from regulators is not available. For example key regulatory agencies, such as the CFPB, have made their examination guidelines available. These examination guidelines are roadmaps to allow compliance professionals to understand exactly what can be expected during an examination.
In our view, a study of the CFPB Examination Guideline, supplemented by examination guidelines available from other regulatory agencies, such as the OCC, is essential. However, simply reading and reviewing the guidelines will not be sufficient. Instead, the compliance professional should identify areas of concern internally at the company based upon overall compliance risk and incorporating an understanding of where weaknesses have been identified in the past. Then, once these areas are identified, the appropriate modules of the CFPB Examination Guideline should be consulted and changes should be implemented based upon what is addressed in the guidelines. Companies can “teach to the test” – the regulatory agencies have publicly posted what and how they will examine; ensure your compliance processes will not demonstrate areas of weakness in these areas. Moreover, since we recognize that limited resources dictate that not everything can be undertaken at once, we suggest that you appropriately prioritize your efforts based upon areas of risk. Consider that areas that result in significant potential compliance infractions for your company (e.g., a RESPA section 8 violation) and/or areas that would pose significant consumer harm are those that should receive the greatest priority.
Finding Similar Professionals to Network with and Exchange Ideas
As outside counsel, much of our daily lives consists of answering “one off” questions concerning interesting and important compliance issues. Those questions range from whether a particular state license may allow a company to hold mortgage servicing rights in a given state, whether certain behavior could result in fair lending concerns, and whether a specific fee might be included within the points and fees test for a Qualified Mortgage. Outside counsel can certainly be an important resource, but often a compliance question may not need outside counsel’s finesse. Many times the answer to an issue is not black and white, and the most useful information you can collect is the approach that similarly situated companies are taking on the topic. Other times you may simply want to discuss issues and trends that compatriots in the compliance space may be experiencing. As a result, it is important for compliance professionals to network and have colleagues at other entities who can discuss problems and situations with each other. Take advantage of the conferences you attend to make connections with like-minded individuals who work for your company’s competitors. This is not to say that you should rely upon those colleagues for legal advice, nor do we advocate the “everyone else is doing it” approach. Nevertheless, we think that having the opportunity to exchange ideas with professionals at other entities can only improve your ability to deliver solid compliance guidance to your company. In an age where getting it wrong could result in a bet-the-company enforcement action but a too conservative approach means the company will not remain viable, it is important for the compliance department to provide the business unit with advice that does not place the company on the extreme side of either end of the spectrum. Consulting with other compliance professionals helps to gauge your position on the continuum.
Establishing a Relationship with the Right Outside Counsel
The main goal of this article is to help you maximize what likely are limited resources, both from a time and cost perspective. The reality is, however, part of maximizing these resources sometimes means engaging outside counsel’s assistance. The number of outside counsel available in the mortgage regulatory compliance field is growing, which means that your options for finding the right fit and making sure your legal service providers are responding to your particular needs are also expanding. It is critical to have a relationship with outside counsel that understands your business model, your risk tolerance, and your legal needs. If you are not getting timely, cost-effective, responsive service that helps you do your job better, consider seeing who else may be able to better meet your needs. Talk to your industry friends for recommendations, and do not be afraid to use more than one law firm to help with your diverse issues. Your legal spend may be very small, but if you are able to establish a relationship with a trusted advisor that you can call upon as the need arises, you may find that you are able to stay nimble and responsive to your business while using the limited funds you have available for the particularly difficult questions.
Heather C. Hutchings is a member in Dykema’s Financial Services Regulatory and Compliance practice. Ms. Hutchings focuses her practice on consumer financial services laws and regulations affecting banks and other financial institutions, non-chartered mortgage lenders and servicers, consumer finance companies, and mortgage brokers.
Haydn J. Richards, Jr. is the Director of Dykema’s Financial Industry Group and a member of its Financial Services Regulatory and Compliance practice. Mr. Richards advises members of the financial services industry on state and federal regulatory matters, including licensing matters and counseling financial service companies regarding CFPB preparedness and implementation strategies for the CFPB’s new regulations.
The post Safeguarding Your Employer: Suggestions for a Compliance Professional with Limited Resources appeared first on Mortgage Compliance Magazine.