“So what are CFPB’s expectations and what can you do to not only pass the examination, but also leap frog to competitive advantage in domain of ‘customer experience?’”
Compliance Best Practices: Using ThirdParty Providers Can be an Example By Kathalin Carvalho
JUNE 2013 n Washington Mortgage Professional Magazine n
NationalMortgageProfessional.com
56
It is not a secret that banks and nonbanks establish business relationships with service providers to help carry out different tasks associated with maintaining a loan. Furthermore, service providers may also contract specialty firms for services that they cannot support or that they do not have the expertise to conduct autonomously. These specialty firms, or third-party providers, now face increased scrutiny from servicers as a result of the current government regulations and initiatives by agencies, such as the Consumer Financial Protection Bureau (CFPB). Now, banks are required to effectively vet these third-party providers or be held financially responsible for any resulting mistakes. Using third-party providers creates reputational, operational and compliance risk for servicers, and failure to maintain an adequate compliance program by the provider may jeopardize current and potential business relationships. Therefore, it is critical that thirdparty providers implement action plans to overcome the aforementioned risks
and strategize the compliance structure of their shops. Servicers’ initial thoughts may be that it costs too much, we do not have the staff, we do not have in-house expertise, a compliance officer is too costly, or our company is not that big. Regardless, the regulations do not consider these scenarios but compliance is worth the investment. In order to address these issues, a company should go back to the basics. Experience with domestic and international financial institutions as well as different types of services and products can shed some light on the basic elements of a successful compliance program. These elements include:
they are the most commonly important. The level of sophistication of a program will depend on the number of clients, size of the company, internal resources and the exposure the company has to local, national and/or international regulations.
Compliance best practices
There are numerous requirements associated with serving legal documents and these vary from state to state and even county to county. A good licensed investigator should be bilingual and be able to conduct searches in all 50 states and for a variety of areas–banking, legal (foreclosures and collections) and loan servicing. Advanced data tracking and reporting technology can also offer clients superior search and reporting capabilities. So many companies provide specialty services for a variety of the banking and legal industries, which opens these companies to scrutiny by 1) Establishing standards and proce- clients and multiple government agencies. Therefore, it is crucial to dures; maintain a corporate compliance pro2) Compliance oversight; gram that allows the company to sat3) Communication and training; isfy industry requirements while cul4) Monitoring and reporting; and tivating an organizational compliance 5) Independent review. culture through accountability of These elements may vary from business leaders and staff, continuing company to company but in general education and robust reporting processes. The program should manage risk every day. A company’s corporate compliance program should conform to the general principles previously mentioned and recommendations established in the financial industry. The firm should also adhere to other compliance best practices recognized by government agencies and private industry. A company’s corporate compliance program should be built on three pillars–prevention, detection and response–that address compliance risks. The role of the any compliance department should be to assess the regulatory and other industry requirements, detect opportunities for improvement and respond to events that are contrary to the intent
of the law and internal policies and procedures. Each of the elements of the company’s corporate compliance program should be embedded in these three pillars and assists the compliance department to achieve its mission of ensuring the company is compliant.
How to start Here are a few steps to take in developing a successful corporate compliance program: 1) Take a hard look at your business, products and services. 2) Become familiar with current practices. 3) Study recent audits, investigations or other independent reviews conducted on your company and see if opportunities for improvement have been identified. 4) Schedule meetings company owner(s), board of directors/managers or senior management to discuss their “compliance appetite;” are they conservative, neutral or aggressive about compliance? This will help you recognize the level of compliance oversight that needs to be proposed for the business. 5) Document the results or discussions and research and start drafting a compliance plan or program that includes the basic elements mentioned previously. 6) Be sure to review current policies and procedures that cover business practices, and if the company does not have one, create an action plan to develop these documents. 7) Determine who will be in charge of overseeing the compliance and risk efforts and monitoring the processes for the company. It would be prudent to leverage the existing resources, such as information technology personnel, managers, human resources, etc. and determine if any elements of the program can be performed collaboratively with these areas. Your company may need to invest in software to monitor business activities. It will depend on the number of clients the company maintains