Mortgage rules underscore need for compliance systems

There is little indication that there will be a delay of the Jan. 10, 2014, effective date for the majority of the new mortgage rules promulgated by the Consumer Financial Protection Bureau. The rules encompass significant changes to Regulation Z with regard to ability-to-repay, qualified mortgages, and home ownership counseling. CFPB rules also amended Regulation X addressing a variety of loan servicer functions such as correction of errors and furnishing information at the request of consumers.

The initial discussions regarding implementation were heavily focused on understanding the new rules, but as the effective date nears one particular aspect of the regulations has become  critical—ensuring compliance management systems (CMS) are in place.

The focus on compliance management by CFPB is evident in the bureau's own statement that, "[N]early every examination or targeted review conducted by the CFPB contains an assessment of an entity’s CMS, whether it is an assessment of how the entity manages its compliance program enterprise-wide, or how the entity meets its consumer compliance responsibilities within a specific product line." [CFPB Supervisory Highlights, Summer 2013]

What elements of CMS will CFPB likely be focused on? What can you learn about CMS from other institutions preparing for the upcoming effective date?

CFPB's regulations regarding compliance management can be broken into four distinct categories:

• required management oversight

• implementation of a dedicated compliance program

• a consumer complaint management program

• an independent compliance audit process

Management oversight

CFPB has made it clear that companies must establish a compliance function within the entity, stating in its Supervisory Highlights publication that: "Compliance management is vital to the prevention of violations of Federal consumer financial laws and the resulting harm to consumers."  

As a result, entities are required to designate a chief compliance officer with authority and accountability necessary to implement the compliance management system. A chief compliance officer should provide reports of compliance risks and other issues to the board of directors or other managerial authority of the entity.

Dedicated compliance program

The bureau expects providers of consumer financial products to have a formal, written compliance program containing four elements: policies and procedures; training; monitoring; and corrective action policies.

For the policies and procedures aspect of a dedicated compliance program, the bureau will be looking for formal, written documents that instruct employees on how to comply with regulations governing each product offered by the lender. The institution must also ensure that policies and procedures remain current and are updated as new products are offered or existing products are modified.

Employees must have regular training on compliance responsibilities. The bureau has indicated that training programs should be commensurate with entity size and risk profile depending on products offered.

The compliance program must contain a monitoring aspect such as a system of periodic monitoring reviews. These reviews should be designed to ensure matters such as consumer contact are being handled in accordance with the new regulations. As with all compliance, monitoring will allow entities to identify deficiencies in compliance within operations and promptly correct them. If monitoring reviews a weakness or problem, management must implement corrective action to prevent problems from reoccurring.

Consumer complaint management program

The new servicing regulations require established channels for consumer complaints to reach entity, mechanisms to ensure prompt resolution of complaints, and the recording and categorization of complaints and inquiries. CFPB will review records of complaints received along with corresponding information regarding their resolution.

Independent compliance audits

While not required by a specific regulation, the CFPB has indicated that it expects to be able to review independent compliance audits. The audits should be conducted by a third party completely independent of internal compliance program.

Real world implementation

What steps are institutions taking to prepare for the multiple CMS requirements outlined above? 

The answers seem to differ based on the size of the institution. A consultant for many community banks recently stated that many of her clients continued to believe that the effective date would be delayed, allowing additional time to prepare. While it has become apparent that the effective date will not change, only half of the community banks at a recent meeting with the consultant had even been contacted by vendors to discuss necessary changes to software for basic loan origination. The consultant expressed concern that many community banks simply do not have the resources to handle implementation of rules which will change how the bank does business on a day-to-day basis.

In terms of how she is advising community banks, the consultant said that she is focusing compliance managers on four main topics: (1) understanding and implementing the qualified mortgage rules; (2) training on loan officer compensation changes; (3) developing policies and procedures for the servicer rules if the bank is not subject to the small servicer exemption; and (4) continually going back to the management team to ensure that the CMS is subject to management oversight.

Large institutions such as regional banks appear to be approaching the effective date differently. A compliance officer for a large institution told me that the bank has been preparing for implementation of the new rules since they were approved and the bank's initial focus was on fully incorporating the new rules into its existing compliance management system. She stated that the bank has a full-time dedicated person in each department to ensure compliance with the mortgage servicing rules alone. She also stated the bank had updated its customer complaint system and hired additional staff to ensure that complaints could be researched and resolved within the new timing requirements.

About the author

Courtney Gilmer is a bankruptcy and creditors' rights shareholder in the Nashville office of Baker, Donelson, Bearman, Caldwell & Berkowitz, PC. She is currently co-chair of the firm's Consumer Financial Protection Bureau working committee. She represents lenders, businesses, secured creditors, and creditor committees in bankruptcy proceedings, financial transactions, corporate reorganizations, and state and federal court litigation.