Staying informed of the ever-changing rules and regulations of the mortgage industry is no easy task. With the CFPB closing in on several organizations, encompassing both lenders and vendors, these organizations must be aware of potential difficulties. The following are potential pitfalls mortgage lenders may experience in the face of the recent changes in mortgage regulations:
1. Relying on perception and reputation of vendor instead of adequately overseeing them
It is critical that companies establish strong business relationships with their third party independent providers because the CFPB is specifically concerned with companies failing to appropriately monitor them. Thus, the CFPB is requiring companies to continuously monitor their third party vendors with audits and adequate oversight. These entities can be great assets for the company by promoting cost savings through outsourcing, contributing industry knowledge and experience, as well as offering insight regarding competitors’ practices. Although third party vendors can be excellent resources, in addition to relying on vendors’ assurances of compliance, lenders should conduct their own thorough due diligence and request and review third-party vendors’ policies, procedures, internal controls, and training materials to ensure proper compliance with regulations.
2. Overconfidence in their knowledge of the compliance regulations
With the publicity surrounding regulatory changes and information readily available to lenders, it may seem easy for companies to assume they understand and comprehend all of the regulations. With the overhaul of the regulations, the knowledge and experience slate has essentially been wiped clean and there is now a level playing field for all mortgage professionals. Consequently, experienced professionals and seasoned veterans, with many years of experience and mortgage knowledge, rate as novices in the field. Despite implementing a proficient compliance management system, it would be wise to continue to stay abreast of the new regulatory changes, formulate a well-thought out plan, and perhaps seek expert regulatory counsel or consultants to help interpret the rules and provide your company with additional compliance guidelines. This will ensure all bases are covered, and will minimize any compliance deficiencies.
3. Overreliance on internal software systems to bridge the knowledge gap of compliance professionals
In today’s society, technology plays a prominent role. However, it can be to a company’s detriment to solely rely on technology, through their internal software systems, to stay in compliance with rules and regulations. In this situation, the venerable phrase, “trust, but verify,” is appropriate. It is imperative that employees are smarter than, or as smart as, the technological resources that their company utilizes. Instead of obtaining the answer from the system, employees should understand why the answer is correct, or incorrect, the reasoning, as well as be able to identify errors. Notwithstanding, innovative technology may be able to ease this concern if the technology allows variables and not just black and white responses.
4. Not having proper security controls in place to protect non-public personal information (NPPI)
Safeguarding personally identifiable information (PII) is vital. Companies may encounter complications when they depend upon the strength of representations and warranties in their contracts with third parties. Being proactive and diligent in locking down a company’s PII significantly enhances a company’s overall privacy posture and ensures protection of the nature of its daily operations. When contracting with third parties, companies should be vigilant and make sure their contracts address security measures, to a point they are comfortable with (i.e., badge access to offices, locks on doors, data encryption, clean desk procedures).
5. Inadequate training
Regulatory enforcement agencies, such as the CFPB, conduct thorough examinations to ensure employees of mortgage businesses have been competently trained with CFPB requirements and regulatory laws like RESPA and TILA. Third-party vendors count on compliance training provided by lenders, which establishes a responsibility on behalf of the lenders to act in accordance with their vendors’ reliance. If not, vendors are afforded the opportunity to train themselves, which may lead to compliance vulnerability on the part of both entities as a result of deficient employee training. Lenders should take matters into their own hands and implement a thorough and frequent training program that is consistent with the company’s policies and procedures. Companies should then either provide similar education to their third-party vendors, or review the vendors’ training procedures to ensure both entities are compliant.
6. Viewing regulators as the enemy instead of using them as a resource
Now, more than ever, regulators are offering organizations the opportunity to collaborate. The CFPB works to balance implementing burdensome regulations with protecting the consumer. This collaborative climate affords organizations the opportunity to leverage the knowledge and experience of regulators to ensure their comprehension of the regulations and to maximize their compliance. Companies should take advantage of this climate and leverage this valuable resource to enhance their compliance expertise. Companies will benefit by getting more involved with the regulators, attending committee meetings and seminars, commenting on legislation, and viewing the regulators as friend rather than foe.
