By Liza Warner, CPA, CFS, CRMA and Karen Cullen, CRCM
As the days and months pass, compliance officers often reflect on the bank’s compliance program, its accomplishments, and what is yet to come. In the case of customer account servicing, the message is clear. Quality and fairness in servicing continues to be in the spotlight. Customers expect high-quality service and regulators continue to focus on ensuring products and services are provided in a fair and equitable manner. The industry is faced with an evolving landscape budding with new products and services that offer unique and creative features and benefits. Compliance officers must ensure they continue to help the bank successfully navigate that landscape by identifying and mitigating compliance risk in all aspects of account servicing, including fair lending and UDAAP. Weaving regulatory requirements throughout the servicing process will enhance service quality making sure the bank exceeds customer expectations, differentiates itself in the marketplace and avoids regulatory land mines. Every bank desires customer loyalty and it is up to those who service customer accounts—from the front line to the back office—to make certain customers stay.
Fair Servicing Risk
For a bank to identify and mitigate this risk, its managers, operations teams, and compliance personnel must understand the servicing processes, associated compliance requirements, and compliance risks. Because servicing activities vary by customer and are highly dependent on both the people and the systems involved in the day-to-day maintenance of accounts, robust procedures and guidelines are essential for a bank to minimize its compliance risk and ensure high levels of customer service.
For example, when reviewing payment processing, a keen understanding of the related sub-processes for loan payment applications (including payment adjustments, interest rate adjustments, and assessment of late payment fees) is important to identifying all potential risks. Procedures addressing both main and sub-processes should include practical steps and requirements to address the comprehensive risks identified and ensure that controls are focused on accuracy and compliance. That in turn will help make sure customers are treated consistently, accurately and fairly.
Common Issues
Account servicing has been an ongoing focus for several years and some of the issues that regulators have identified include undesirable practices around administration of add-on products, bonus/rewards programs, student loan servicing, automobile loan servicing, and of course mortgage servicing. The Consumer Financial Protection Bureau (CFBP) in its Supervisory Highlights issuances and prudential regulators through their examinations have identified several areas where fair servicing is a concern. Servicing requirements come from a number of rules and regulations. Banks should review their servicing functions and make sure these failures are not an issue.
- Online bill payment—Failure to clearly notify customers (payors) that their online bill payments may be debited to their account on a date sooner than the date selected if a paper check is issued because the payee does not accept electronic checks. The payee may cash the paper check on a date sooner than the scheduled online payment date causing the payor to incur overdrafts and overdraft fees.
- Deposit account maintenance—Failure to ensure customer communication and disclosures accurately reflect available funds and account balance information. Disclosures and deposit systems must also accurately reflect the proper order of transaction posting within deposit accounts in order for customers to avoid excessive overdrafts and related fees.
- Payment processing—Failure to obtain proper authorization to debit loan payments from a borrower’s bank account. Special attention should be given to this during collections and loss mitigation activities.
- Late Fees—Failure to assess late fees properly, in alignment with disclosures. Improperly assessing late fees as a percentage of principal, interest, taxes, and insurance instead of only principal and interest as stated in the loan agreement. Failure to ensure systems are programmed to assess fees only, as a percentage of the installment of principal and interest that is overdue, but not more than a stated dollar amount (e.g., 5% of the installment of principal and interest overdue, but not more than $15.00). Failure to ensure late fees are within maximum limits allowable under applicable state laws.
- Interest rates and application of introductory rates—Failure to properly assess advertised interest rates for introductory periods and balance transfers. Failure to properly administer bonus offers. Failure to correctly calculate interest by including add-on fees and costs with the principal balance.
- Credit Reporting—Failure to obtain consumer reports with a permissible purpose as required by the Fair Credit Reporting Act; furnishing inaccurate consumer credit information to credit reporting agencies (CRAs); failing to promptly update or correct information furnished to CRAs, providing information to CRAs without providing notice that the information was disputed by the consumer; and failing to implement written policies and procedures to support accurate information provided to CRAs.
- Collections—Failure to calculate the correct amount due; claiming collateral that is not associated with the loan; and threatening action that is not contractually legal. Failure to comply with the requirements of the Fair Debt Collection Practices Act. Even banks that collect their own loans with no third-party debt collection vendors should ensure FDCPA requirements are followed as best practices.
- Add-on products—Failure to ensure the customer receives services that are commensurate with the fees charged for an add-on product such as identity theft protection or debt cancellation, and failure to implement procedures to monitor activities of third-party add-on providers.
- Loss mitigation/workout—Failure to offer all available options to a borrower and failure to communicate what is required to successfully process the loss mitigation option requested. Failure to implement compensation programs for loss mitigation personnel that ensure personnel are not incented to encourage loss mitigation options that are not in the borrower’s best interest.
- Servicing Transfers—Demonstrating that comprehensive procedures are in place, have been validated and are transparent to the borrower, is critical. Verifying that loans in loss mitigation at the time of the servicing transfer are properly identified and flagged for follow-up is crucial for preventing dual tracking situations and potential borrower harm. (These are also referred to as also referred to as “in-flight”, where underwriting of the loss mitigation application is in process and a decision is pending, or the loan is currently in a temporary or permanent repayment plan.)
- Language barriers—In November 2017, the CFPB issued Spotlight on serving limited English proficient (LEP) consumers to address language access in the consumer financial marketplace. Although the CFPB has not yet issued official guidance on this topic, failure of banks to understand the market demographics and make-up of its customer base may create fair servicing risk. Based on the size of the institution and its geographic reach, consideration should be given to services in a foreign language including documented materials, translation, and customer service personnel who speak a predominant foreign language based on market demographics.
Addressing Fair Servicing Risk
Because of the breadth of servicing interactions and activities, banks must first understand where risks occur. Focus should include activities that are critical to a servicing process and present the highest risk of compliance or service failure. Controls must be designed to mitigate both the compliance and operational risk and be periodically tested to verify that they continue to operate as intended. Ineffective controls can lead to errors that may impact one account or many account—especially if the error is a result of a systems programming issue. Preventive and detective controls and the processes they align with should be periodically evaluated for effectiveness to help avoid difficult and costly remediation.
The following preventive and detective controls are integral to a robust and well-functioning compliance management system within the servicing function.
Preventative Controls
- Management and board oversight (tone at the top).
- Detailed policies and procedures.
- Job-specific training on regulatory requirements, policies, and procedures.
- Compliance review of new products during development and prior to product launch.
- System controls including hard stops and warnings.
- User acceptance testing prior to going live with system enhancements.
- A documented and established change management process that includes review of new regulations, regulatory newsletters, and enforcement actions.
Detective Controls
- First line quality assurance review and business analytics (key performance indicators, key risk indicators) for timely identification of errors and ongoing trend analysis.
- Second line compliance monitoring to ensure first line processes and monitoring efforts are effective in identifying errors and potential risks.
- Third line internal audit will ensure the bank’s compliance management system is robust and effective. The last check before regulatory examinations.
- Customer feedback including focus groups and consumer complaint data.
Second line compliance monitoring and third line internal audit play instrumental roles in ensuring that controls are both mitigating risk and providing effective identification of errors. Customer feedback is also key to awareness of potential servicing issues. Feedback comes in all forms and does not necessarily need to be tied only to complaints. For example, did the bank just launch a new rewards program and customers are calling or emailing with questions that indicate confusion about how they earn rewards? This could be an early indication that the program may not be operating as intended or that customer marketing was not clear or was misleading. Additionally, pay attention to internal reporting. Unusual changes or spikes in delinquency rates or payment patterns could indicate an issue with the servicing system or failure to process payments in a timely manner.
Servicing and Fair Lending
Compliance issues in the loan servicing process may increase a bank’s fair lending risk profile. The Equal Credit Opportunity Act (ECOA) and Regulation B make it unlawful to discriminate against any borrower in any aspect of a credit transaction, including loan servicing, on the basis of race, color, religion, national origin, sex or marital status, age (provided the borrower has the capacity to enter a contract), because all or part of the borrower’s income is derived from any public assistance program, or because the borrower has in good faith exercised any right under the Consumer Credit Protection Act. ECOA applies to servicers that are creditors, such as those who participate in a credit decision about whether to approve a mortgage loan modification. Within the servicing process, payment programs, interest rate reductions, modification options, and fee waivers all represent decision points that present potential fair lending risk.
The procedures CFPB examiners follow to evaluate a servicer’s compliance performance are detailed in the CFPB Supervision and Examination Manual. Understanding these procedures and incorporating their intent within the bank’s fair lending compliance management system (CMS) will not only help provide better customer service but it should also help mitigate fair lending risk. Banks should review the following ECOA-specific exam procedures against the bank’s fair lending CMS to determine and address potential fair lending risk:
- Optional Products and Services (e.g., debt cancellation, bi-weekly payment plans, payment protection, or credit protection). Determine whether each optional product or service is offered by the bank. Take a close look at how these services are provided once the customer has chosen to participate in them to ensure they are serviced in a manner consistent with ECOA. Targeted marketing of these products on the basis of race, for example, may indicate an increased risk of potential ECOA violations and require further inquiry. Or be aware of the potential for any disparate treatment effects for what may turn out to be classes of customers who obtain them even if there was no intentional targeting to any class of customer by the bank.
- Servicing Policies and Procedures. Review servicing policies and procedures to ensure they are facially neutral and do not pose an adverse effect on a prohibited basis group. Approved policies should be clearly stated, and procedures should provide the appropriate level of guidance for employees so that discretion is limited. If exceptions are allowed, documentation, approval, monitoring and reporting of exceptions should be in place to mitigate the risk of disparate treatment.
- Disparate Treatment in Loss Mitigation. Review a sample of consumer servicing records in default or at imminent risk of default to assess loss mitigation activity. Be mindful of activities that may indicate disparate treatment of consumers in violation of ECOA. Review the procedures outlined in the CFPB’s ECOA Examination Manual, and the Interagency Fair Lending Examination Procedures and loss mitigation requirements addressed in the Real Estate Settlement Procedures Act and Truth in Lending Act.
- Disparate Impact in Loss Mitigation. If examiners determine a review for disparate impact is warranted, they will analyze information and data related to loss mitigation outcomes for borrowers who are part of a prohibited basis group against the pool of delinquent borrowers. Items subject to review include: reinstatements, repayment plans, forbearance, loan modifications, short sales, deed-in-lieu, and foreclosure. Loan modification attributes will be reviewed for compliance including interest rate, principal, and monthly payment reductions. They will also examine the rate and timing of foreclosure activities to assess consistent levels of assistance across all delinquent borrowers with a focus on those within prohibited basis groups.
- Limited English Proficiency (LEP) Borrowers. Review policies and procedures for servicing loans to borrowers with LEP. Does the bank address the following:
- Identification of borrowers who may require non-English language assistance;
- Options for customer service calls in a language other than English;
- Availability of customer service personnel able to help in a language other than English; and
- Translations of English language documents to LEP borrowers?
Because servicing involves many complex processes that are unique to borrower situations, fair servicing risks and controls are more difficult to identify than other operational processes. The compliance team must take a holistic and proactive approach to identifying potentially unfair, deceptive, or abusive acts or practices related to products and the servicing of those products. Having a good grasp of servicing operations, risks and controls, and areas of regulatory focus will help facilitate identification of critical activities and the associated risks and controls. Strong detective controls will help ensure controls and processes continue to operate as management intended—fairly and with the highest level of quality.
Liza Warner, CPA, CFS, CRMA, is a managing director at CrossCheck Compliance LLC and a bank internal audit, compliance and risk management executive with over 30 years of experience in the financial and professional services industries. Previously Liza was the chief compliance and operational risk officer for a mid-size regional bank and has consulted with institutions of all sizes on their internal audit and compliance needs. She started her career in the internal audit function of what is now one of the largest national banks. Liza can be reached at [email protected].
Karen Cullen, CRCM, is a director at CrossCheck Compliance LLC and a compliance and fair lending leader with over 25 years in financial services including fair and responsible banking, mortgage banking and electronic payment services. She has expertise in compliance program implementation, quality control program management, fair and responsible banking program management, risk management, process development and improvement, training, and team member development. Previously, Karen held compliance leadership roles at mid-size regional and large banks. Karen can be reached at [email protected].
This article originally appeared in the July/August 2019 issue of ABA Bank Compliance magazine.