Do You Know Your Risk Appetite?

Do you Know Your Risk Appetite?

As part of the development of a comprehensive compliance management program, there are specific roles for senior management and another set of roles for the Board of Directors.  Senior management has a functional role that includes the development of written policies and procedures that are then presented to the Board for approval.   On the other hand, the Board of Director’s role includes setting limits and overall policy guidelines.  Among the most important roles of the Board is to determine the overall risk appetite of the institution.   Traditionally, the way that the Board fulfills this function is by developing a risk appetite statement with metrics for measuring adherence to the risk limits.  For Community Banks and small financial institutions, the idea of a risk appetite statement and metrics may seem like a case of overkill.  However, development of the risk appetite framework can be an invaluable tool for strategic planning and resource allocation.

In one way or another, all financial institutions are making a statement about their risk appetite.  Some choose to consider appropriate risk levels directly and many more do so indirectly.  Each product and service that is offered at an institution, vis-a-vis the resources that are dedicated to compliance create a statement of sorts.   When an institution decides to offer products and services, compliance risks attach regardless of what those products are.  The compliance culture that is developed to support products and services is, a form of a risk statement.  The less emphasis that is placed on compliance the higher the risk that the institution is willing to take.   In many cases, when institutions get into significant regulatory trouble, the root cause is an imbalance between risk appetite and risk management.  Offering a new product without the proper systems in place to monitor compliance and without staff that has the expertise to administer it, is the same as a statement that the risk appetite is high.

Principles Associated with the Risk Appetite Framework

The idea here is that the Board, with the assistance of Senior Management should develop the “rules of the road” for your institution.  If there are certain levels of risk that the institution is/isn’t willing to take, then the Board should clearly state that position.  The same is true for risk that the Board may be willing to take after consideration and approval.   For example, the Board may state that it does not want the financial institution to make auto loans at all.  However, the best customer of the institution tells a loan officer that he wants a car loan for his son.    The loan officer believes that the customer may be lost of he isn’t accommodated.   The auto loan is presented to the Board for approval and an exception may be made.

The basic principles for a risk appetite should include at least four considerations:

  1. The capital level of the institution; Since capital is ultimately what keeps the institution alive a healthy level of capital must be a consideration in the overall willingness to accept risk.
  2. Compensation of staff; The extent to which staff compensation are tied to profits is a risk management consideration. Incentives should be weighted toward the idea that profit should be achieved within the risk framework of the institution
  3. Customer Service; As mentioned above there are times when meeting the needs of the customer base that the institution is trying to maintain may require actions that are out of the ordinary. The ability of your institution to meet those needs should be considered in the risk appetite framework.   If your customer base happens to be high risk, then the products and services that you will offer are also high risk.  [1]
  4. Compliance; For each consideration of risk, there should be a consideration of the resources that will be allocated to mitigate the associated potential for regulatory violations.

The risk appetite framework should be developed to balance the interplay of the four principle areas of consideration.  For example, a higher level of capital should mean that the level of risk appetite is higher than when capital is low.  Considerations of customer service have to be tempered by capital levels; and so it goes.

Compliance as Part of the Risk Appetite    

There are many institutions that consider themselves either low risk or no risk for compliance issues because limited retail products and service are offered.   However, compliance is part of this overall process regardless of whether or not you’re in a retail institution.  There are ALWAYS compliance issues.  Regulations such as the Equal Credit Opportunity Act, Anti-money laundering regulations and Unfair Deceptive Abusive Acts or Practices regulations apply to all financial institutions.

In any financial institution, there are competing interests, and the need to achieve and maintain profitability is often the counterbalance to taking increased risk.   Banking is after all at its essence, the management of risk.   When the competing interests are out of balance, the trouble starts.  Today many financial institutions find themselves searching for sources of income that are different from the traditional positive net interest margins.   The search for nontraditional income has led to consideration of products such as short term loans, MSB’s and mobile banking.   Each of these products have a level of inherent risk as well as substantial potential for profits.  However, the compliance apparatus in place at a financial institution can either significantly raise or reduce the level of inherent risk.   Over the past several years, institutions have found themselves in regulatory trouble by offering products that they either do not fully understand or have the necessary ability to administrate.

There are many examples of institutions that have allowed the push for profits to far outstrip the compliance program.  In fact, on the websites of each of the major regulatory agencies, there are examples of enforcement actions that have been taken as the result of failure to properly maintain a compliance program.

Using the risk framework to help with prioritizing  

When a risk appetite framework is developed and implemented even by a small financial institution, the overall effect on compliance is positive.  The process for developing the framework forces a level of consideration and discipline on the Board and senior management that is useful.  The risk appetite process is conducted by comparing the products and services that that the institutions wishes to offer with its ability to safely offer those products and services.

When a new product is considered, it should receive the same level of thought and consideration.  High risk products are not in of themselves a regulatory “no-no”.   For each additional product or service, the risk appetite of the Board should be considered along with the necessary expenditure on compliance resources.

Remember the overall state of your CMP says a great deal about your risk appetite.


[1] Please note- there are no regulatory bans on high risk customer or clients- just a requirement that the high risks are properly managed.

Why is There a Diversity Section in the Dodd Frank Act?

Why is there a Diversity Section in the Dodd-Frank Act?  

The Dodd–Frank Wall Street Reform and Consumer Protection Act of 2010 was one of the most sweeping banking laws that have been enacted in many years.  Of course, the legislation was passed against the backdrop of one the largest financial crises in world history.  The legislation has many sections and several of the provisions have been heavily discussed.   However, one section of the act, Section 342, has not received much discussion or fanfare at all.  What is Section 342?  It is the section that establishes the Office of Minority and Women Inclusion.

Are you Aware that the FFIEC has released Guidance Standards for Diversity in Hiring and Procurement? 

On Oct. 25, 2013, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corp., National Credit Union Administration, Consumer Financial Protection Bureau, and Securities and Exchange Commission (SEC) which is collectively known as the FFIEC, issued a proposed interagency policy statement on diversity.   Section 342 of the Dodd-Frank Act requires these agencies to develop standards for regulated entities to assess diversity. The final rule was issued and took effect on June 10, 2015.

First Things First-What is this all about? 

One of the things that the Dodd-Frank Act addresses is the effort being made by financial institutions in the area of inclusion of women and minorities in the overall hiring and procurement processes.  The legislative discussion of Section 342 of the Dodd-Frank Act helps to describe what it is that this section of the law is designed to do.

The Agencies believe that a goal of Section 342 is to promote transparency and awareness of diversity policies and practices within the entities regulated by the Agencies. The establishment of standards will provide guidance to the regulated entities and the public for assessing the diversity policies and practices of regulated entities. In addition, by facilitating greater awareness and transparency of the diversity policies and practices of regulated entities, the standards will provide the public a greater ability to assess diversity policies and practices of regulated entities. The Agencies recognize that greater diversity and inclusion promotes stronger, more effective, and more innovative businesses, as well as opportunities to serve a wider range of customers.[1]

Put another way, the Dodd-Frank Act is trying to get financial institutions to get to know their entire assessment area not only as customers, but as potential employees and contractors.   We believe that this fits in with a larger direction to financial institutions that they should get to know the credit and financial needs of the communities they serve.   Much like the Community Reinvestment Act, there is nothing in the law or the guidance that directs institutions to lower standards or to set quotas.  Instead, the idea here is to make sure that the employment and procurement processes are inclusive.   The fact is that there are many “diamonds in the rough” that go overlooked and as a result, are unbanked or underemployed.

Will This Require a Whole new Reporting Process?

The guidance requires an annual statement on the diversity practices of the Banks and credit unions.  Based upon the standards in the rule, it is not likely that a whole new data collection regime will be required.  Instead, it will be the duty of the Board and senior management to include diversity considerations in the strategic plan and ongoing monitoring of performance.

According to the proposed guidance, the expectation will be that institutions will

  • Include diversity and inclusion considerations in the strategic plan
  • Will have a diversity and inclusion plan that is reviewed and approved by the Board
  • Will have regular reports to the Board on progress
  • Will provide training to all affected staff
  • Will designate a senior officer as the person responsible for overseeing and implementing the plan

What does Diversity Mean? 

For purposes of this definition, “minority” is defined as Black Americans, Native Americans, Hispanic Americans, and Asian Americans, which is consistent with the definition of “minority” in sSection 342(g)(3) of the Act.

The final Policy Statement also states that this definition of diversity “does not preclude an entity from using a broader definition with regard to these standards.” This language is intended to be sufficiently flexible to encompass other groups if an entity wants to define the term more broadly. For example, a broader definition may include the categories referenced by the Equal Employment Opportunity Commission (EEOC) in its Employer Information Report EEO-1 (EEO-1 Report), [2] as well as individuals with disabilities, veterans, and LGBT individuals.

While this may seem like a long list of new requirements, in our opinion that is not the case at all.  When developing a strategic plan and assessing the credit needs of the community, the idea of diversity should be part and parcel of the basic considerations and projections.  It is clear that regulators will increasingly focus on financial institutions ability to identify the financial needs of the communities they serve and to match how the banks activities meet those needs.  In addition, we believe that examiners will ask financial institutions to document the reasons why they are not able to offer certain products.  The same will be true in the area of hiring and procurement.  Financial institutions will need to be able to document diversity efforts and to have a good explanation for the lack of diversity.

It should be emphasized that we do not believe that this guidance is leading towards hiring or procurement quotas.  Instead, the requirement will be for complete and clear documentation of the efforts made to ensure that diverse candidates are being considered.

Why is this a Good Thing? 

Diversity has been, and will always be a strength.  Of course a diverse loan portfolio is one that can absorb fluctuations in various industries without much turmoil.   Diverse ideas and experiences have always lead to innovation.  In point of fact, there has been a history of exclusion of several communities of potential customers by financial intuitions for some time.  The whole point of the Community Reinvestment Act was to get financial institutions to look at all communities for potential clients.

Earvin “Magic” Johnson has developed a multi-Billion-dollar business based upon the idea that diversity is strength.  His companies have invested in neighborhoods that were traditionally under banked and lacked access to funding.  The success of this company is a good example of how strategic diversity creates opportunities in communities that often get overlooked.


One of the more controversial points of the regulation is that it appears to rely on self-assessments.  There are no examinations standards that are mentioned in the guidance.  While some commenters decried the idea that self-policing is too vague; it appears that the expectation is that financial institutions will develop a policy, monitor compliance with that policy and make the results available to the public.

Self–assessment is both an opportunity and a curse.  The opportunity exists for an institution to self-define itself.  By setting standards that are based on a comprehensive understanding of the community vis-à-vis the capabilities of the bank, an institution has the opportunity to create a strong impression with regulators.  At the end of the day this is what regulators will willingly accept and applaud.


While it is too early to tell whether the final guidance will have significant costs associated with it, it is obvious that there will be an emphasis on diversity planning and programs for financial institutions. We suggest that the approach should be part of the overall strategic planning process

[1]  Joint Standards for Assessing Diversity Policies and Practices of Regulated Entities

[2] Ibid

Why IS There a Community Reinvestment Act?

Why IS there a Community Reinvestment Act?  

As anyone in compliance can attest to, there are myriad consumer compliance regulations.  For bankers, these regulations are regarded as anything from a nuisance, to the very bane of the existence of banks.  However, in point of fact, there are no bank consumer regulations that were not earned by the misbehavior of banks in the past.  Like it or not these regulations exist to prevent bad behavior and/or to encourage certain practices.   We believe that one of the keys to strengthening a compliance program is to get your staff to understand why regulations exist and what it is the regulations are designed to accomplish.  To further this cause, we have determined that we will from time to time through the year; address these questions about various banking regulations.  We call this series “Why IS there….”


The Community Reinvestment Act (“CRA”) is probably one of the most misunderstood and unfairly maligned of all of the consumer protection regulations.  Since its enactment, the CRA has been characterized as the regulation that makes financial institutions make “bad loans”.     It is not all uncommon to hear financial institutions refer to their problems loans as “CRA loans”.  Ironically, the preamble of the regulation makes it clear that there is nothing in the regulation that encourages bad loans.

The CRA is actually a part of a series of financial institution laws and regulations that were aimed directly at lack of credit availability in low to moderate income areas.   The CRA followed similar laws passed to reduce discrimination in the credit and housing markets including the Fair Housing Act of 1968, the Equal Credit Opportunity Act of 1974 and the Home Mortgage Disclosure Act of 1975 (HMDA). The Fair Housing Act and the Equal Credit Opportunity Act prohibit discrimination on the basis of race, sex, or other personal characteristics. The Home Mortgage Disclosure Act requires that financial institutions publicly disclose mortgage lending and application data. In contrast with those acts, the CRA seeks to ensure the provision of credit to all parts of a community, regardless of the relative wealth or poverty of a neighborhood.

All of these regulations were enacted to address the ongoing concerns caused by insufficient credit in low to moderate income areas.   In 2007 Ben Bernanke, then Chairman of the Federal Reserve discussed the need for the enactment of the CRA:

Several social and economic factors help explain why credit to lower-income neighborhoods was limited at that time. First, racial discrimination in lending undoubtedly adversely affected local communities. Discriminatory lending practices have deep historical roots. The term “redlining,” which refers to the practice of designating certain lower-income or minority neighborhoods as ineligible for credit, appears to have originated in 1935, when the Federal Home Loan Bank Board asked the Home Owners’ Loan Corporation to create “residential security maps” for 239 cities that would indicate the level of security for real estate investments in each surveyed city.1 The resulting maps designated four categories of lending and investment risk, each with a letter and color designation. Type “D” areas, those considered to be the riskiest for lending and which included many neighborhoods with predominantly African-American populations, were color-coded red on the maps–hence the term “redlining” (Federal Home Loan Bank Board, 1937). Private lenders reportedly constructed similar maps that were used to determine credit availability and terms. The 1961 Report on Housing by the U.S. Commission on Civil Rights reported practices that included requiring high down payments and rapid amortization schedules for African-American borrowers as well as blanket refusals to lend in particular areas.[1]

In addition to the problems caused by redlining, one of the main concerns that the Community Reinvestment Act was designed to address was the problem created by deposits being taken and not being reinvested in the same communities.

Congress became concerned with the geographical mismatch of deposit-taking and lending activities for a variety of reasons.   Deposits serve as a primary source of borrowed funds that banks may use to facilitate their lending. Hence, there was concern that deposits collected from local neighborhoods were being used to fund out-of-state as well as various international lending activities at the expense of addressing the local area’s housing, agricultural, and small business credit needs.[2]

Part of what Congress recognized by passage of the CRA is the role that financial institutions play in the development (or lack thereof) of communities.

According to some in Congress, the granting of a public bank charter should translate into a continuing obligation for that bank to serve the credit needs of the public where it was chartered.  Consequently, the CRA was enacted to “re-affirm the obligation of federally chartered or insured financial institutions to serve the convenience and needs of their service areas” and “to help meet the credit needs of the localities in which they are chartered, consistent with the prudent operation of the institution.” [3]

Despite its reputation otherwise, the Community Reinvestment Act doesn’t require any specific type of lending.  It does ask financial institutions to identify the credit needs of the community in which it is located and to do all that is possible to meet those credit needs.

Since it was first passed there have been relatively few changes in the regulation itself.  There HAVE been changes in the way it is administrated.  The most significant of these changes are:

  • Making evaluations public- The Financial Institutions Reform, Recovery and Enforcement Act of 1989 made the results of every CRA examination available to the public for review.
  • Differentiating between small, medium and large banks – In 1995, the CRA regulations were changed so that the smaller the institution, the more streamlined the CRA examination would be.

CRA Requirements  

Despite the size of the lending institutions, there are three tests on which CRA performance is judged.   The three tests are:

  • Lending Performance– at its most basic, this is a test that considers the size and resources of the financial institution. In addition, the economic opportunities that exist in the service area of the institutional are considered.  These factors are then compared to the level and distribution of loans that the institution originated.   Special attention is paid to geographic distribution of loans.  The idea here is to make sure that certain neighborhoods are not being left out of lending.
  • Investment Performance – This reviews the level of activity of a financial institution in overall community development. Community development can be accomplished through lending or investing in funds that are aimed at community development.  The definition of what does and does not qualify as community development has been a matter of controversy for several years and may be revised soon.
  • Service – The third test for CRA performance considers the amount services that financial institutions offer in low to moderate areas. Factors considered include things such as the record of opening and closing retail bank branches, particularly those that serve LMI geographies and individuals, the availability and effectiveness of alternative systems for delivering retail banking services in LMI geographies and to LMI individuals, range of retail banking services in each geography classification, extent of community development services provided and the innovativeness and responsiveness of community development services

Small institutions that are under $304 million[4] in assets have the option of deciding whether or not they want their performance under the last two tests reviewed.     For each of these tests there are degrees of activity that can be rated on a scale that goes from “substantial noncompliance” to “outstanding”.

There is nothing in any of these tests that requires a financial institution to make bad loans or even to seek out risky investments.  Instead, the directive of the CRA is that an institution should do all it can to identify opportunities for investments and services within all the communities that it serves.  Put another way, the CRA is asking financial institutions to find the “diamond in the rough” in low to moderate income communities.

CRA in the News 

As the 2008 -2010 financial crises began to subside, and experts began to look for causes, the CRA became a favorite villain for many.  Opponents of CRA placed the blame for predatory and subprime lending on the need to meet the requirements of CRA.  The argument goes that banks and financial institutions made risky loans to unqualified borrowers because that is what is required by the CRA.  There have been many scholarly articles and journal entries that have bene written to address this topic- and the recent movie ‘The Big Short’ also includes a great deal of information.  Despite the arguments there has been little to no effort made to significantly change the regulation.

The Community Reinvestment Act was passed at a time when financial institutions refused to invest in low to moderate income areas.   The main goal of this regulation is to get financial institutions to become good neighbors and to do their best to find customer who might otherwise be overlooked.

[1] The Community Reinvestment Act: Its Evolution and New Challenges  Chairman Ben S. Bernanke

At the Community Affairs Research Conference, Washington, D.C.  March 30, 2007

[2] The Effectiveness of the Community Reinvestment Act Darryl E. Getter   Congressional Research service 2015

[3] Ibid

[4] The figure for the smallest institutions is adjusted annually based upon the Consumer Price Index.

Getting to the Root of the Problem-An Important Step Towards Strong Compliance

Getting to the Root of the Problem- An important Step to Strong Compliance

The compliance examiners are coming!  It is time to get everything together to prepare for the onslaught right?   Time to review every consumer loan that has been made and every account that has been opened in the last 12 months, right? Not necessarily; the compliance examination is really an evaluation of the effectiveness of your compliance management program (“CMP”).  By approaching your examinations and audits in the same manner, the response to the news of an upcoming review becomes (almost) welcome.

The Elements of the CMP

There is really no “one size fits all” way to set up a strong compliance program.  There are, however, basic components that all compliance management systems need.  These components are often called the pillars of the CMP.  The pillars are:

  • Board Oversight
  • Policies and procedures
  • Management Information systems including risk monitoring
  • Internal Controls

The relative importance of each of these pillars depends on the risk levels at individual banks.  The compliance examination is a test of how well the bank has identified these risks and deployed resources.   For example, in a bank that has highly experienced and trained staff coupled with low turnover, the need for fully detailed procedures may be minimal.  On the other hand, at a bank where new products are being offered regularly, the need for training can be critical.   The central question is whether or not the institution has identified the risks of a compliance finding and having done so, taken steps to mitigate risks.

Making the CMP fit Your Institution  
Making sure that your CMP is right-sized starts with an evaluation of the products that are being offered and the inherent risk in that activity.  For example, consumer lending comes with a level of risk.  Missed deadlines, improper disclosures or misinterpretations of the requirements of the regulations are risks that are inherent in a consumer portfolio.   In addition to the risks inherent in the portfolio are the risks associated with the manner in which the institution conducts it consumer business.   Are risk assessments conducted when a product is going to be added or terminated?  In many cases, either decisions can create risks.  For example, the decision to cease HELOC’s may create a fair lending issue; while the decision to start making HELOC’s has to be made in light of the knowledge and abilities of the staff that will be making the loans and the staff that will be reviewing for compliance.

As a best practice, compliance has to be a part of the overall business and strategic plan of a financial institution.  The CMP has to be flexible enough to absorb changes at the bank while remaining effective and strong.
The True Test of the CMP

Probably the most efficient way to determine the strengths and weakness of the CMP is by reviewing the findings of internal audits and examinations.  When reviewing these findings what is most important is getting to the root of the problem.  Moreover, not only the findings, but the recommendations  for improvement that can be found in examination and audit reports  can be used to help “tell the story”  of the effectiveness of the CMP.  It is very important to determine the root cause the finding.  Generally, the answer will be extremely helpful in addressing the problem.  There are times when the finding is the result of a staff member having a bad day.  On those bad days, even the secondary review may not quite catch the problem.  For the most part, these are the types of findings that should not keep you up at night.
The findings that cause concerns are the ones that result from lack of knowledge or lack of information about the requirements of a regulation.  These findings are systemic and tend to raise the antenna of auditors and examiners.  Unfortunately, too often the tendency is to respond to this kind of finding by agreeing with it and promising to take immediate steps to address it.  Without knowing the root cause of the problem, the fix becomes the banking version of sticking one’s finger in the dyke to avoid a flood.

Addressing Findings  

We suggest a five step process to truly address findings and strengthen the CMP.

  1. Make sure that the compliance staff truly understands the nature of the finding.  This may sound obvious, but far too many times there is a great deal loss in translation between the readout and the final report.  If staff feels like what was discussed at the exit doesn’t match the final report, here is a communication concern.  We recommend fighting the urge to dismiss the auditor/examiner as a crank!  Call the agency making the report and get clarification to make sure that the concern that is being express is understood by staff.
  2. Develop an understanding of the root cause of the finding.  Does this finding represent a problem with our training?  Perhaps we have not deployed our personnel in the most effective manner.  It is critical that management and the compliance team develop an understanding or why this finding occurred to most effectively address it.
  3. Assign a personal responsible along with an action plan and benchmark due dates.   Developing the plan of action and setting dates develops an accountability for ensuring that the matter is addressed.
  4. Assign an individual to monitor progress in addressing findings.  We also recommend that this person should report directly to the Audit Committee of the Board of Directors.  This builds further accountability into the system.
  5. Validate the response.   Before an item can be removed from the tracking list, there should be an independent validation of the response.  For example, if training was the issue; the response should not be simply that all staff have now taken the training.  The process should include a review of the training materials to ensure that they are sufficient, feedback from staff members taking the training, and finally a quality control check of the area affected.

Not only does determining the root cause of a problem make the response more effective, but in doing so, the CMP will be strengthened.  For example, It may be easy to see a problem with disclosing right of recession disclosures.  It may be harder to see that the problem is not the people at all, but that the training they received is confusing and ineffective.  Only by diving into the root cause of the problem can the CMP be fully effective.

Should Small Financial Institutions Perform Compliance Risk Assessments?

Why Should Small Financial Institutions Perform Risk Assessments?   

The concept of risk assessments is often associated with large banks and financial institutions – but it shouldn’t be.  Oftentimes, the ugly truth about risk assessments is that they are prepared specifically to meet a regulatory requirement and not much more.  Perform an annual risk assessment for BSA, get it approved and for the most part, put it away and don’t think about it again until the next year.

Risk assessments can, and should be, used as a tool in the overall compliance toolkit.   When a compliance risk assessment if properly completed and deployed it have many uses including audit planning,  cost reduction, training development and resource allocation to name a few.   Ultimately, the risk assessment should be used as the bedrock of a strong compliance program.

The Component Parts of a strong Compliance Risk Assessment

Past examination and audit results– It goes without saying that the past can be prelude to the future, especially in the area of compliance.   Prior findings are an immediate indication of problems in the compliance program.   It is important that the root cause of the finding is determined and addressed.  The compliance risk assessment has to include a description of the cause of the findings and the steps being taken to mitigate the risk of a repeat.  We recommend that the action has to be more than additional training.    Training tends to be the number one answer and of course it is important.  However, without testing to determine whether or not the training is effective, the risk of repeat findings remains high.  It should also be noted that a lack of past findings does not necessarily mean that that the coast is clear.  Each compliance area should be reviewed and rated regardless of whether there were past findings.   In some cases, there are findings that are lying in wait and have not yet been discovered.

Changes in staff and management– change is inevitable and along with changes comes the possibility that additional training should be implemented or that the resources available to staff should also change.  For example, supposed the head of note operations is brand new.  This new manager will want to process loans using her/his own system.  Loan staff who may be used to doing compliance checks at certain times during the loan origination process might become confused.  This increases the possibility of findings or mistakes.   Your compliance risk assessment should take into account the risks associated with changes and how best to address them

Changes in products, customers or branches– continuing on with the idea that change is going to happen, it is important that your risk assessment consider all the different aspects of changes that have occurred or will occur in the Bank during the year.  This will include any new products or services, new vendors, marketing campaigns that are designed to entice new types of customers.  The risk assessment should consider what resources will be required and how they should best be deployed.  Before new products are introduced, the compliance team has to consider the time necessary to make sure that all of the processes are in place.  New advertising means both technical and fair lending compliance considerations.

Changes in Regulations– Over the past five years, there have been a huge number of changes to regulations, guidance and directives from Federal and State agencies.  Many of these changes do not impact small financial institutions directly, but many do.  Moreover, there are often regulations that are finalized in one year that don’t become effective until the following year.   Part of your risk assessment process has to consider changes that affect your bank or will affect you bank.   As a best practice, it is advisable to review the annual report of your regulator to determine the areas of focused that are planned for the year.  Most regulators are transparent with this information and their publications will indicate areas of examiner focus for the upcoming year.

Monitoring systems in place – finally, the systems that you use to monitor compliance should be considered.  For many small institutions, this system is comprised of word of mouth and the results of audits and examinations.   Part of your assessment should include a plan to do some basic testing of compliance on a regular basis.  After all an ounce of prevention……

The Analysis

Once you have gathered all of the information necessary for completing the analysis, we suggest using analyses that doesn’t necessary assign numbers to risk, but prioritizes the potential for findings.  Remember the effectiveness of your compliance program is ultimately judged by the level and frequency of findings.   The effective risk assessment reviews those areas that are most likely to result and findings and develops a plan for reduction.

Inherent Risk

For each regulation that applies to your institution, you must first determine the level of inherent risk.  According to the Federal Reserve Bank, inherent risk can be defined this way:

Inherent consumer compliance risk is the risk associated with product and service offerings, practices, or other activities that could result in significant consumer harm or contribute to an institution’s noncompliance with consumer protection laws and regulations. It is the risk these activities pose absent controls or other mitigating factors.[1]

Your compliance risk assessment should consider the inherent risk associated with each product that is offered.  For each regulation, consideration should be given to the penalties associated with a violation.  As a best practice, the likelihood of review of the area by regulators should also be factored into the overall level of inherent risk.  For example, flood insurance is an area that is likely to be examined each and every time the examiners conduct a review and this should factor into the overall inherent risk rating of the area.

Effectiveness of Controls  

Once the inherent risk has been established, the next step is to assess the overall effectiveness of internal controls.  Your internal controls are the policies, procedures, training and monitoring that are performed on a regular basis.   This includes audits and internal reviews that are performed by the compliance department.

To complete the analysis it is necessary to be self-reflective honest and brutal!  If staff is weak in its understanding of the requirements of Regulation B, it is necessary to state that and make a plan to address the weakness.   If more training is necessary or if, heaven forbid, a consultant is needed in certain areas, it really is appropriate as part of the assessment to say so and attempt to make the case to management.  We have found that the cost of compliance goes up geometrically when a bank is faced with enforcement action.  It is much more efficient to seek the assistance when there are only potential problems as opposed to when actual problems have been found.

Residual Risk  

Residual risk is defined as the possibility that compliance findings will occur after consideration of the effectiveness of controls.  The less effective the controls, the higher the residual risk.   Again, it is critical that the assessment in this area is one that has to be brutally honest.  If overall controls, are not what they should be, the weaknesses that exist should be reflected in the risk assessment.  The goal of the assessment is to determine the areas that have the highest levels of risk and to allocate resources accordingly.

Using the Document

The compliance risk assessment is like a Swiss army knife- it has several uses.   First, the compliance risk assessment should be used to help with the planning and scoping of audits for the year.  The highest areas of risk should receive the greatest scrutiny by the auditors.  Mover, the highest risk areas should be scheduled for review as early in the year as possible so that remediation efforts can be commenced and tested.

Rather than setting a basic training schedule, use the assessment to make sure that classes are focused on areas where the risk assessment has shown the potential for problems.    The risk assessment can also be used to set the priorities for which policies and procedures need to be updated and in what order.  The compliance risk assessment is a good tool for measuring the level and quality of compliance resources. As part of the risk assessment process, the level and quality of resources must be considered.   As the process is concluded, it is natural to use the results to develop specific requests for additional staff, software, training or other resources that are necessary to maintain a strong compliance program.

Creating the Compliance Environment

Probably the greatest untapped asset for any compliance officer is the staff at your institution.  Without the support and input of the people who are actually contacting customers and performing day to day operations, the effectiveness of your compliance program will be greatly limited.    Of course one of the greatest impediments to getting the “buy-in” of staff is the perception that many in the banking industry have of compliance.  There is generally dislike and disdain for anything compliance related.  Compliance rules have been developed over time in response to unfair and sometimes immoral behavior on the part of banks.  Most of the regulations have a history that is interesting and can help explain what it is that the regulation is attempting to address.  Taking the time to discuss the history of the regulations and what it is that they are trying to address can go a long way toward getting staff involvement.

Making sure that senior management accepts the importance of compliance and the costs of non- compliance can help increase support.

A comprehensive compliance risk assessment should be the key to a strong compliance program.


The Case for Non-Qualified Mortgages: Part Two

The Case for Non-Qualified Mortgages – A Two Part series

Part Two- The Case of Non-qualified Mortgages


In the first part of the article we noted that the ability to repay rules make a demarcation between “qualified” and non-qualified mortgages.   Qualified mortgages must have the following characteristics:

  • The borrowers debt to income ration cannot exceed 43 percent
  • The points and fees on the loan cannot exceed the cap established in the regulation[1]
  • May not have balloon payments
  • May not contain interest only payments
  • May not exceed 30 years

We noted that if the loan terms do not meet these parameters, then the loan is considered nonqualified and a lender must meet the ability to repay standards.  The ability to repay standards include specific components which are designed to document that a lender has established the borrower’s ability to repay a loan under the worst case circumstances of the terms of the loans.

We noted further that many lending institutions have taken the stance that in the face of these rules, they will only make qualifying mortgages.  However, several prudential regulators have made it clear that avoiding nonqualified mortgages was not the intention of the regulation.   On the contrary, there are several legitimate reasons why “thinking outside the box” and making nonqualified mortgages should be considered.

Why make Non-Qualified Mortgages 

For purposes of this discussion, it is important to point out that the borrowers who require nonqualified loans fit into two rather extreme categories.  There are the very wealthy borrowers whose financial characteristics don’t fit into the traditional borrowers.  These are borrowers who may have highly liquid assets, but irregular income.  Or perhaps these borrowers want a “bridge” loan to buy a house while they await completion of a large business transaction that will result in an influx of cash.   For these borrowers the need for nonqualified mortgages is largely an accommodation.

The second set of borrowers are the potential homeowners in low to moderate income areas.   These borrowers tend to be outside of the qualified loan parameters through economic circumstances that without some level of assistance will result in continued struggle.   It is this second set of borrowers that we have in mind in the remaining discussion.

Increased interest margins– Non qualified loans generally present a higher level of risk than qualified loans.  As a result, higher loan fees and rates are appropriate.   This is in no way meant to say that lenders can return to the bad old days of predatory lending.  Remember that the regulatory requirement is that the lender must prove that they have documented the borrowers’ ability to repay the loan.  The calculation must be made while considering the worst case scenario for the borrower. [2]

When considering these loans, it is also important to remember that with the proper underwriting, even though there is higher risk, the performance of loans in lower to moderate income neighborhoods has been actually equal to or better than the performance of other neighborhoods.  For example, a study performed by the Federal Reserve Bank found that during the financial meltdown of 2008;

Federal Reserve researchers also report that subprime mortgages made in CRA-eligible neighborhoods perform at least as well as those made in similar non-CRA-eligible neighborhoods, that a Large national affordable mortgage program has substantially lower defaults than the subprime segment, and that the majority of recent foreclosure filings have occurred in non-CRA eligible middle- and upper-income neighborhoods. [3]

Reduced Competition – Just because so many financial institutions have eschewed the non-qualified mortgage doesn’t mean that the need for these loans has disappeared.  In fact, the fear of what might happen with non QM’s has left a void.   As a result there is actually a strong market for non QM’s and the lender who decides to enter the market can have the virtual “pick of the litter”.

In 2013, three former regulators with the CFPB saw this opportunity and launched an investment firm that provides financing for investors in the Non QM resale market.    The first venture of the firm was to launch a wholesale mortgage company. The venture table funds non-QM loans and assume all the risks from the lenders.

Minimal Infrastructure Changes – The whole point of the ATR rule is that lenders must develop sound systems for determining that a borrower can repay a loan.  The essence of the regulation is acting in a safe and sound manner.  For those institutions that wish to thrive and survive, safe and sound policies and procedures should be a daily practice.  The steps that are required to meet the ATR rule should be second nature

Meeting the Credit Needs of the Community – Many lenders talk about meeting the credit needs of the community in their Community Reinvestment Act statements.  Of course, more often than not, this statement is theoretical and can’t really be documented.   A program that allows first time homebuyers with a legitimate chance at asset acquisition is one of the largest credit needs of most communities across the country.  There are a number of institutions that have recognized this need and have developed successful lending programs that are couple with credit counseling.  The results have been excellent.    Both Time Federal Savings of Medford Wisconsin and Geddes Federal Savings in Syracuse NY have implemented non QM programs for first time homebuyers with unquestioned success.

The CRA rewards innovation– for lending institutions that are subject to the Community Reinvestment act, there is a strong reward for innovative lending practices.

“[The] ending Test also favors the use of innovative or flexible lending practices “in a safe and sound manner to address the credit needs of low- or moderate-income individuals or geographies.”[4]

The development of a lending program that allows nontraditional borrowers to obtain mortgages can lead to an outstanding CRA rating.

In the end, there is absolutely no reason to run away from Non-qualified mortgages.   The potential for good results far outweighs the risk.

[1] These caps are specified in the regulation and vary depending on the size of the loan.

[2] In this case, worst case means, when all of the highest rate increases and fees have kicked in.

[3] Glenn Canner and Neil Bhutta, Memo to Sandra Braunstein “Staff Analysis of the Relationship between the CRA and the Subprime Crisis”

(November 21, 2008), available at

[4] Federal Financial Institutions Examination Council (FFIEC), “A Guide to CRA Data Collection and Reporting,” (January 2001), available at

The Case For Non-Qualified Mortgages-Part One

The Case for Non-Qualified Mortgages – A Two Part Series

Part One- Qualified Loans and the Ability to Repay Rule

Starting in January of 2014, the Ability to Repay /Qualified Mortgage Rule took Effect.  This rule established a standard for closed end consumer credit secured by residential real estate.  The rule establishes “qualifying” loans and non-qualifying loans.   Since the time that the rule was implemented, many if not most lenders have decided to stay away from non-qualified loans.  However, there is a case to be made that “non-qualifying” loans should be considered.

Some Quick History

The ability to repay rule was enacted in direct response to the financial crises of 2009.  In particular, one of the lending practices that was popular at the time was the practice for “low documentation” or “no documentation”, or “stated income” loans.   These are loans that are approved with little to no documentation of the borrower’s ability to repay the loan.  In fact, the lender would simply take the borrower at his or her word that they had sufficient income to pay the loan without checking further.  As we are all painfully aware, these practices lead to record numbers of defaults on loans, foreclosures and in generally, economic upheaval.

The Dodd Frank Act has provisions that are designed to stop many of these practices.  It should be noted that the legislation was also designed to benefit both sides of a transaction.  In exchange for sticking to the qualified mortgage parameters, the lender was given some legal protections against a lawsuit by the borrower in case of foreclosure.   For a loan that is considered a qualified loan, the bank can enjoy the legal presumption that it performed all of the documentation necessary to have determined the borrower’s ability to repay the loan.  This is very important in a lawsuit for foreclosure on the loan because one of the strongest defenses that a borrower might have is that the bank did not act in good faith in granting the loan and is therefore not entitled to foreclosure.

The rule establishes standards that lending institutions must meet for mortgage loans to be considered qualifying.

Qualifying Loans  

The ability to repay rule has one big safe harbor; if a loan is considered a qualifying loan, then the lender does not have to meet the other requirements of the ability to repay rule.   For a loan to be qualifying:

  • The borrowers debt to income ration cannot exceed 43 percent
  • The points and fees on the loan cannot exceed the cap established in the regulation[1]
  • May not have balloon payments
  • May not contain interest only payments
  • May not exceed 30 years

Again, If the loan is a qualifying loan, the assumption is made that the lender has established the ability to repay, and the borrower could not use a bad faith defense in an action of foreclosure.

There is an exception to this rule that allows for small lenders with assets of less than $1 billion and who serve mostly rural and underserved communities.  For these institutions the 43% debt to income ratio can be exceeded.     There are some other exclusion also that time will be discussed at another time and place.

Impact on the Mortgage Market 

Many banks have also used the QM/ATR rule as a shield to protect against the claims that mortgage loans to low income (often minority) borrowers have been hurt by the rule.    Like many things that involve federal rules, the truth is far more complicated than that.  The rules were definitely designed to stop predatory lending practices.  Predatory loans take advantage of borrowers by starting out with rates and terms that are unrealistic to get the borrower approved.  Once the loan is approved, the lender collects fees and the loan itself often becomes irrelevant.  As we discovered in the financial meltdown, the loans made by predatory lenders (often called sub-prime) had little to no chance of being repaid and as soon as the full terms of the loan were realized, borrowers were no longer able to make payments and the mortgages collapsed into foreclosure.  Predatory lenders were more than happy to make these transactions because there was a robust market for selling the toxic loans to others and by the time they went into foreclosure, the loan was somebody else’s headache.    [2]

In the event that the loan an institution wants to make doesn’t meet the qualified mortgage parameters, then the “ability to Repay” rule applies.   This rule, more commonly known as the ATR rule, requires that a lender must consider several factors to determine a borrower’s ability to repay.  These factors include:

  1. Current or reasonably expected income or assets (other than the value of the property that secures the loan) that the consumer will rely on to repay the loan;
  2. Current employment status (if you rely on employment income when assessing the consumer’s ability to repay);
  3. Monthly mortgage payment for this loan. Monthly payment on any simultaneous loans secured by the same property;
  4. Monthly payments for property taxes and insurance that you require the consumer to buy, and certain other costs related to the property such as homeowners association fees or ground rent;
  5. Debts, alimony, and child- support obligations;
  6. Monthly debt-to-income ratio or residual income, that you calculated using the total of all of the mortgage and non-mortgage obligations listed above, as a ratio of gross monthly income;
  7. Credit history

The ATR rule does not ban any particular loan features or transaction types, but a particular loan to a particular consumer is not permissible if the creditor does not make a reasonable, good-faith determination that the consumer has the ability to repay. Thus, the rule helps ensure underwriting practices are reasonable.

When the ability to repay rule first took effect, many lenders immediately took the position that they would issue only qualified loans.  The rationale has been that these loans not only possess the necessary protections, but they also appear to be the preferred loans of the regulators.    Put another way, many traditional lenders such as banks and credit unions, seem to take the position that regulators did not want them to make unqualified loans.

More recently however, regulatory agencies have been showing a desire to get lenders to consider the possibility that nonqualified loans can still be considered both safe and sound.  For example,

“Scott Strockoz, a deputy regional director for the FDIC also said that the regulators would take a flexible view of non-qualified mortgages that banks do decide to issue, particularly if the bank can demonstrate that the mortgage is still well-written and even if they fall outside of the parameters that would make it a qualified mortgage.  He acknowledged, however, that some institutions were already pledging to steer clear out of the space because of potential litigation risks or other concerns” [3]

The Comptroller of the Currency also noted regulators “don’t want to see our institutions not make non-QM loans – we were pretty clear that we did not see that as being a safety and soundness issue for those institutions.”[4]

The point here is that with right set of internal controls, Non QM loans are not only safe and sound, regulators have an expectation that financial institutions will continue making these loans.

Non-Qualified Mortgages- a Tale of Two Borrowers  

There are currently two markets that are developing in the non QM mortgage area.  The first is for the nontraditional wealthy borrower.  In many cases, this borrower may not fit the traditional QM parameters.  They may have a great deal of cash set aside, but minimal ongoing income for example.

Matthew Ostrander, CEO of Parkside Lending emphasized that some non-QM loans can be safer than QM loans. He described two scenarios.  The first is a non-QM borrower with a $1 million income, 70% LTV and a 760 FICO score, but with a 55 DTI that falls outside of QM requirements.   These borrowers are finding that there is a very strong market for QM loans.   These loans tend to be “bridge” financing that allows the borrower an opportunity to purchase housing that will eventually be refinanced with a more traditional (qualified loan) at some time in the future when the borrower is ready.

The second sets of non QM borrowers are first time home buyers for whom the QM represents something or a bar.  This is a borrower with a $50,000 income, 43 debt-to-income ratio, 97% loan-to-value and a 620 credit score.  These are also the borrowers who were set upon during the financial crisis of 2008.  The truth is that these borrowers represent both an opportunity and a risk.  However, these characteristics should not be a bar to offering mortgages.   The caution here is that the underwriting requirements should be realistic and should reflect the risk appetite of the bank.

Congressman Barney Frank commented on this dichotomy:

Chairman Frank was emphatic: “Yes, it is a problem when people get mortgages they shouldn’t get. It has been a historically greater problem that some people couldn’t get mortgages they should get. I will guarantee … that doesn’t happen.”[5]

There are actually many good reasons why a financial institution should consider non-qualified mortgages.  In part Two, we will discuss those reasons

[1] These caps are specified in the regulation and vary depending on the size of the loan.

[2] The Movie, “The Big Short” provides and excellent description o predatory lending practices.

[3] Regulators nudge banks on non-QM lending,  Rob  Soupkup  April 2014  Finpro

[4] Ibid

[5] American Banker “Dodd-Frank’s ‘Qualified Mortgage’ Was Intended to Be Broad”  Raymond Natter April 25, 2012

What to do When the Regulators Have a Finding

What to do when the regulators have a finding


If you are or have been in the compliance arena you are familiar with this scenario; The examiners have just come to your office with a most somber countenance.   They are here to report a significant finding that has resulted from their review.  You have several options, you can:

  1. Hide under your desk and hope they go away
  2. Engage in histrionics and accuse them of picking on your bank
  3. Threaten to sue
  4. Listen closely to what they are saying and ask a series of questions that will allow you to deal with the finding in an effective manner

The fact is that findings happen!  The fact also is that there are findings and there are FINDINGS!   The way you deal with each of these will greatly impact your compliance life.    There are a number of critical steps that your institution can take that will allow your response to have the greatest impact.

Step One- What, Exactly is the Finding? 

It is critical to find out all you can from the examiner when they are presenting the finding.  In many cases, findings are the result of a miscommunication or misunderstanding of questions being asked.   For example, at one bank, an examiner asked where flood insurance policies are stored and was told they are kept in the loan file.   However, the person who gave this answer was unaware that the procedure had been changed and flood loan policies were now kept in a different place.  In this case, the examiners originally were ready to cite the bank for several violations of the flood rules because the information in the loan files was stale.  It is very important to determine form the outset the exact nature of the violation being cited.

Along these lines, it is important determine the specific regulation, guidance or rule that has been violated.  By going to the source of the regulatory requirement, you can get the clearest picture.   As part of this process, it is also useful to get an understanding of whether or not the rule in question is new or has been around for some time.  While it is generally true that the older the rule, the bigger the concern that is being cited as a finding, there are circumstances where this may not be the case.   For example, a reinterpretation of a rule has the same impact as a new rule.   There are sometimes areas that receive new or increased focus.  For example, the requirement that a flood insurance customer receive notice of being a flood area every time a loan is modified, is a requirement that has recently received greater attention, even though the requirement has been in place for many years.

The source of the finding can be a critical consideration when determining the level of enforcement action.

Even though it is understandable, we recommend that your never use the “I was never cited for this before” answer.    You drive faster than the speed limit on the freeway on a regular basis.  This doesn’t mean that it is okay and you would try that answer with a highway patrolman!

At the end of the day, make sure that you can explain the violation to someone else as a test to ensure that you understand the issue.

Step Two- Why did this Happen? 

A frequent mistake that institutions make is to simply fix the problem that is cited in the regulation – i.e., missing disclosures; we will simply start making the disclosures going forward.  The problem with this approach is that it is simply a bandage.  It doesn’t necessarily address the real concern that may have caused the finding in the first place.   The next step in managing a finding is getting to the root of the problem that caused it.

There are several questions to ask when determining the root cause of a finding.  Was it a training issue or were policies and procedures outdated and inefficient?  One the most important questions to ask is whether or not the problem is systemic or limited to an individual staff member or business line.  Is the root of the problem that we don’t understand what the regulation is asking or is it more the case that training needs to be reinforced?    Determining the root cause of a finding allows the institution to frame the magnitude of the issue and to build a response that is appropriate.

Step Three- Is this indicative of a bigger problem?

Once the root cause of a finding has been determined, it is necessary to determine if the findings are an indication of a much bigger problem.   There are as many reasons that findings occur as there are findings.  However, some reasons are indicative of a much larger problem.  For example, if the root cause of the problem is that the institutions was simply unaware of changes to the regulation, there is a fundamental flaw in the overall compliance management program.  This does not mean that your compliance staff is incompetent.  There are many regulations that are coming at financial institutions on a regular basis.  There have to be sufficient resources to ensure that the changes in regulations are communicated and necessary procedures implemented.

In the alternative, perhaps the issue is one of training.  Many institutions use online training programs.  These programs are a cost effective means to training staff and are widely accepted by regulators.   There are however, times when the on-line training may not be sufficient.  In many cases, the opportunity to receive in person training that details the history and goals of a regulation is the best most effective way to reduce findings and violations.

The compliance examination of your institution is ultimately a test of the effectiveness of the compliance management program.   The role of the program at its core should be to identify and to mitigate risks.  If the system that you have developed is not capable of performing this function effectively, findings are indicative of a much bigger problem.

Step Four – Communicating

It is important to communicate the finding(s) to senior management and the Board so that they are fully informed.   As a best practice, the root cause and the proposed solution should be communicated simultaneously.  Communicating the understanding of the finding as well as the plan for fixing the problem is an excellent way to demonstrate to the regulators that you understand the breadth and depth of the concern.  The relationship built on trust and communication will go a long way where there are severe findings. especially if the findings are servere.

Step Five – Find out as soon as you can what the regulatory implications will be

As we noted earlier, there are findings and there are FINDINGS!  In some cases, the finding can simply be a matter of a small correction.  In other cases, the examiner many find that a pattern and practice of violations exists.  In these cases, the examiner can recommend enforcement actions up to and including civil money penalties.    For example, it is critical to find out from the examiners whether or not they will consider a finding a repeat finding.  Repeat findings are an indication of general weakness in the compliance program and are always considered grave, no matter the area of the finding.  In this way, a minor or technical finding can become a matter requiring attention or even the basis for a supervisory letter.   The regulatory implications of the finding must also be communicated to senior management.

Suppose you Don’t Agree

We are aware that many financial institutions either don’t agree or that have misgivings about a finding, but go along to get along.  While this practice may seem to make life easier, it is not actually the most prudent path to take.   ASK for clarification– this is not to be argumentative, but without doing so, you can lock yourself into an untenable position.  In the event that the examiner may be asking something of the institution that is infeasible (e.g. acquiring a new software program).  This is also why it is important to understand the source of the finding- if it is an interpretation or the regulation, there is likely to be a change in the next examination; different examination teams have different interpretations of the regulation.  Ultimately, a forceful yet respectful disagreement is a good thing and is respected by the regulators.

All of the regulators have a system in place to allow for appeals of decisions in those instances where both parties may agree to disagree.

Pick Your Battles

Remember that the compliance review is ultimately an analysis of the compliance management program.  Individual findings do not necessarily indicate a fundamental weakness of the CMP.  Make sure that you keep the difference between findings and FINDINGS in mind.


Why is there a Home Mortgage Disclosure Act?

Why IS there a Regulation C? 

As anyone in compliance can attest to, there are myriad consumer compliance regulations.  For financial institutions, these regulations are regarded as anything from a nuisance, to the very bane of their existence.  However, in point of fact, there are no consumer regulations that that have not been earned  by misbehavior  in the past.  Like it or not these regulations exist to prevent bad behavior and/or to encourage certain practices.   We believe that one of the keys to strengthening a compliance program is to encourage your staff to understand why these regulations exist and what it is the regulations are designed to accomplish.  To further this cause, we have determined that, from time to time throughout the year; address these questions about various banking regulations.  We call this series “Why is there….”


The Home Mortgage Disclosure Act and its implementing regulation, Regulation C are one of the regulations that were enacted as the result of past bad behavior.  This law came into being during a time when a great deal of attention was being paid to the lending practices of financial institutions in urban areas.  In the late 1950’s and early 1960’s Congress conducted several hearings on the lending practices of banks and financial institutions.  In particular, many financial institutions were engaged in practices that were starving some communities from mortgage credit.  One of the most pernicious practices was called “redlining”.  It was called redlining because some government agencies and financial institutions would literally take a map of a city and draw red-lines around neighborhoods that were not to be considered for mortgages.   The areas that were red-lined were neighborhoods that had majority racial minorities.  Without proper mortgages and stable home-owners, neighborhoods decline, decay and eventually become what we know as ghettos.   Economists noted that the practice of redlining caused “disinvestment “in the redlined communities.   In other words, deposits were being taken in from the redlined area, but those same funds were being loaned out in other areas.  Money was flowing from one community and then distributed elsewhere.

A second practice that received attention was the refusal to grant credit to women without the co-signature of a spouse or male relative.   Single women that would otherwise qualify for mortgages were being denied consideration by policy of financial institutions.    During this time period both single women and minority families were being denied mortgages simply by the policies of lending institutions.

The government hearings on mortgage lending resulted in the passage of several pieces of legislation aimed directly at opening the mortgage credit market to women and minorities.  Among the legislation that passed during this period were the Fair Housing Act and the Equal Credit Opportunity Act.

The net effect of these two powerful pieces of legislation was to help to open the credit application process for minorities and women.   However, unfortunately, just the opportunity to apply for credit is not a guaranty of fair treatment or a positive outcome.  It soon became evident that financial institutions had taken a different approach to denying credit.

Financial institutions began taking applications for women and minority applicants and  changed written lending policies so that  neighborhoods weren’t excluding in writing.   Despite these changes, the experience of   women and minorities remained the same; little to no credit was granted.   As a result, Congress decided in 1975 that that the experiences of minority and women borrowers who apply for mortgages should be recorded.   Towards that end, HMDA was created.

HMDA 1.0

The practice of redlining and disinvesting in communities was the first target of HMDA.  The initial idea was to get banks to disclose the total amounts of loans that they made in specific areas.   Congress theorized that redlining would be quickly unmasked as banks would have to show the places where the loans were made.  It would become evident that certain neighborhoods were getting no loans.    The problem here was that the Banks did not have to show individual loans; only the total amount of loans in a given census tract.  Financial institutions did not have to show the individual loans, and as a result, a few loans strategically placed could give the impression of strong community service when this was not that case at all.  For example, a one million dollar loan to a business in the census tract could give the impression that a bank was investing this in the community.   Ultimately, the first version of HMDA proved to be ineffective in addressing redlining.

HMDA 2.0

Starting in the late 1970’s the mortgage industry experienced significant change.  Banks and Savings & Loans that had dominated the market began to experience competition.  Finance companies, mortgage bankers and other financial institutions began to enter the home loan market.  These lenders were aggressive and as a result many of the redlining and disinvestment practices that had been in place were simply overrun by the demand for more and more mortgages.

However, this did not end the need for disclosure of lending information.   The experience of women and minorities in getting mortgages was still less than satisfactory.  The focus of regulatory agencies changed from redlining to the lending practices of individual institutions.  By collecting information about the experience of borrowers at individual institutions, the regulatory agencies theorized that valuable information could be gleaned about how people in protected classes were being treated.

Information collected had to account for the fact that, more than just banks were providing mortgage funding.   In the late 1980s, HMDA was amended and the information that all lenders had to collect was increased to include racial, ethnic, and gender information, as well as income for each applicant.  In addition, both rejected and accepted applications for loans that did not close was added to the information that financial institutions must collect. [1]

HMDA 3.0

The mortgage industry continued to grow and change and as it did, the types of mortgages being offered also changed.  By the turn of the century, the question wasn’t about people in protected classes being denied credit.  Instead, it was more the type of credit being offered.  In the early part of the decade the number of adjustable rate mortgage ballooned.  Many of these products had “teaser rates” which were significantly below the actual rate that would be paid on the loan.  This decade saw “predatory lending” practices explode.  Predatory lending is in essence, the practice of making loans with complicated high rates and fees to unsophisticated borrowers.  The unsuspecting borrower believes that he/she is paying a low loan rate when in fact, at the time the loan adjusts, the rate is several times higher.  A huge number of these loans were included in the financial meltdown of 2008.

The third iteration of HMDA was then, the result of changed practices by mortgage lenders.  In early 2000 the main issue was no longer discrimination in approvals or denials, but in pricing (predatory lending).  HMDA was again amended to add the information about pricing and lien status.   In an effort to improve the quality of HMDA data, the revised regulation also tightened the definitions of different types of loans and required the collection of racial and ethnic monitoring information in telephone applications

HMDA  3.5

The most recent changes in HMDA don’t necessarily represent wholesale change in lending practices.  Instead additional data is being collected with the idea that more data points can be used to study differences in the experiences of women and minorities when they apply for mortgages.   These changes are a reflection of the fact that the data form HMDA is actually being reviewed and used for studies of lending behavior.

So What Do They Do With the Information? 

When the information is collected by the regulators, it is actually used by many different agencies for various purposes.  Community advocacy groups use the information to bolster arguments about various issues they wish to emphasize.  The government uses the information for economic studies and as a basis for amending regulations and laws.  HMDA information has been at the heart of many studies about lending discrimination.  Many argue that the information collected by HMDA doesn’t tell the full story of whether or not a borrower suffered discrimination.  It does however, raise a threshold issue and it is often the case that HMDA is used to determine whether further study is indicated.   As recently as last week, a study was published that, unfortunately concludes that there are still severe racial disparities in the granting of mortgages.[2]

The HMDA LAR is used to create the database that is used by all of these agencies and for all of these studies.   This is why the examiners are so fussy about getting those entries correct!

HMDA to the Defense

The same information can be used to defend an institutions record.  When compliance programs work the way that they should, the experiences of all who apply for credit will look the same.  By using the information from the HMDA LAR  it is possible for a financial institution can show that each and every applicant gets the same consideration.

So at the end of the day, when you are frustrated with those picky regulators insisting that each entry is correct, remember that you are adding information to a very important and consequential study.    It really is important that we get it right.

[1] The Home Mortgage Disclosure Act: Its History, Evolution, and Limitations†  By: Joseph M. Kolar and Jonathan D. Jerison

[2]“Report: Profound Racial Disparities in Mortgage Lending Seen in Oakland”  Darwin BondGraham.  East Bay Express February 24, 2016


Changing the Way We Think About Compliance

Changing the Way We Think About Compliance       

Compliance, Compliance, COMPLIANCE!   Sometimes just saying the word can evoke a dramatic response from financial institution management.    Even though there has long been talk of a separate set of regulations for community banks, no such changes are in the offing.  For now and the immediate future, community banks and small financial institutions will face increasing expectations in the area of compliance.    Moreover, the costs of compliance can be prohibitive.  This is especially true if your bank has experienced compliance problems in the past.

Despite the gloom and doom and through all of the curses there are actually reasons to support compliance regulations.    Wait, what did you say?

History as a Guide

A quick review of the history of some of the most far-reaching consumer regulations yields a familiar pattern.  In each case, banks and financial institutions engaged in unfair or unreasonable practices.  Eventually, a public outcry was raised and legislation was passed in response.   The history of the Truth in Lending Act   (Regulation Z) provides a good example.

Starting in the late 1950’s the United States saw a tremendous growth in the amount of credit.  In fact, in a study the US House of Representatives estimated that the amount of credit in the United States from the end of World War II to the end of 1968 grew from $5.6 billion to $96 billion.   [1]

The growth in credit was fueled by consumer credit and in particular, a growing middle class that created a huge demand for housing, cars and various other products that went with acquiring the American Dream.   As time passed more and more stories of consumers being misled about by use of terms like “easy payments”, “low monthly charges” or “take three years to pay”.   The borrowers found out that even though they thought they were paying an interest rate of 1.25 %; with add-ons, fees and interest payments that were calculated using deceptive formulas, the rate was actually as much as three times what they thought.

Congress began to investigate the growing level of consumer debt and eventually in 1968; the Truth in Lending Act was first passed.  Congress was clear about what they were trying to do:

“The Congress finds that economic stabilization would be enhanced and the competition among the various financial institutions and other firms engaged in the extension of consumer credit would be strengthened by the informed use of credit.  The informed use of credit results from an awareness of the cost thereof by consumers. It is the purpose of this subchapter to assure a meaningful disclosure of credit terms so that the consumer will be able to compare more readily the various credit terms available to him and avoid the uninformed use of credit, and to protect the consumer against inaccurate and unfair credit billing and credit card practices.” [2]

The regulations that have been implemented as part of the Dodd Frank Act have a similar history.  The most recent financial meltdown was caused in part by the lack of oversight and by financial products that far outpaced the reach of the regulations.  Dodd Frank is the most recent legislative response to the public outcry about the behavior of banks and financial institutions.

Of course, it is also clear that the behavior that caused the most recent meltdown was not being practiced at community banks.  It is unfortunate that the whole industry is often painted with a broad brush.  However, the fact is that the public does not make much of a distinction between large banks and community banks.  The reputation of the industry suffered mightily during the meltdown.  The good news is that the regulations have helped to restore the confidence of the public in that financial system.   Therefore, while regulations may be bothersome, they do support the industry.

Overall Effects

Sometimes, we focus on the negative to the point that it is hard to see the overall positive impacts of regulations.   One of the positive effects of compliance regulations is that is goes a long way toward “leveling the playing field” among financial institutions.   RESPA (the Real Estate Settlement Procedures Act) provides a good example.  The focus of this regulation is to get financial institutions to disclose the costs of getting a mortgage in the same format throughout the country.   The real costs associated with a mortgage, the arrangements that a bank has with third parties and the amount that is being charged for insurance taxes and professional reports that are being obtained all have to be listed in the same way for all potential lenders.  In this manner, the borrower is supposed to be able to line up the offers and compare costs.  This is ultimately good news for community banks.  The public gets a chance to see what exactly your lending program is and how it compares to your competitors.  The overall effect of this legislation is to make it harder for unscrupulous lending outfits to make outrageous claims about the costs of their mortgages.   This begins to level the playing field for all banks.

There are other regulations that can help the reputation of your institution.  For example, the public reporting requirements for the Community Reinvestment Act and the Home Mortgage Disclosure Act can result in positive information about your bank.    A strong record of lending within the assessment area and focusing on reinvigoration of neighborhoods is a certainly a positive for an institution’s reputation.

Protections not just for Customers

In some cases, consumer regulations provide protection not just for consumers but also for banks.  The most recent qualifying mortgage and ability to repay rules present a good case.  These rules are designed to require additional disclosures for borrowers that have loans with high interest rates.   In addition to the disclosure requirements, the regulations establish a safe harbor for banks that make loans within the “qualifying mortgage” limits.  This part of the regulation actually provides a strong protection for banks.  The ability to repay rules establish that when a bank makes a loan that is below the established  loan to value and debt to income levels, then  the bank will enjoy the presumption that the loan was made in good faith.  This presumption is very valuable in that it can greatly reduce the litigation costs associated with mortgage loans.  Moreover, as long as a bank makes only “qualifying mortgages’ the level of regulatory scrutiny  will likely be lower than in the instance of banks that make high priced loans. [3]

The next time you hear a conversation about how bad consumer regulations are, we suggest that you take a step back.  Consider that the regulations are generally well earned, that they provide stability and can tend to level the playing field for community banks.  Also, please consider the idea that in at least some cases, these regulations provide protections for banks.  You may not turn out to be a consumer zealot, but we think you will give compliance regulations a different, more accepting look.

[1]  Griffith L. Garwood, A Look at the Truth in Lending – Five Years after, 14 Santa Clara Lawyer 491 (1974).

[2]  See Preamble to 15 U.S.C. 1601 (1970)

[3] Of course, a strong case can be made for the origination of non-qualified loans.   This case will be presented in subsequent blogs

Your Partner in Balancing Compliance