On Compliance: Regulatory Hotspots Update

Editor’s note: On Aug. 16, NCUA requested comment on its Regulatory Reform Agenda.

Last year CUES published an article we wrote on compliance hotspots. One of the biggest changes to ever impact mortgage lending took place in 2015, the disclosure integration of Truth in Lending and the Real Estate Settlement Procedures Act. Other important focus areas for compliance departments included money service businesses, compliance with the Bank Secrecy Act, compliance management expectations and the complaint management process. Here’s an update for credit unions about each of these areas.

TRID

TRID went into effect in October 2015 and had a significant impact on the way financial institutions including credit unions closed real estate loans. Most credit unions relied on loan origination software to help them navigate the TRID disclosure requirements. The quality and completeness of TRID compliance is closely tied to the thoroughness of the LOS. 

Since 2015, we have seen a significant increase in real estate lending compliance violations as a direct result of TRID. There has been a relatively steep learning curve for TRID. We find technical violations, timing violations, and potentially reimbursable violations. 

Technical violations comprise the majority of the issues we’ve discovered during our TRID testing. These violations primarily consist of areas on the loan estimate or closing disclosure that either were not completed or were not completed correctly. The violations often occur because of some issue with the LOS. It generally seems to be characters not mapping from the LOS to the form correctly. We see where fields on the loan estimate and closing disclosure are mistakenly left blank. Specifically, the most common errors include missing the National Mortgage Licensing System number on the loan estimate (when applicable), missing either the issue or closing date on the closing disclosure, or leaving the check boxes on page 4 of the closing disclosure blank. 

Timing violations are exactly what you think; the credit union did not provide disclosures according to the timing requirements in TRID. These violations are often the result of staff misunderstanding and/or not knowing the specific TRID requirements. One of the most common timing violations is the loan estimate is not provided within three business days of receiving an application. This error often occurs because staff is not aware that once you receive the six pieces of information to constitute a TRID application, the timer starts. Under Regulation Z, 12 CFR 1026.2(a)(3), an application “consists of the submission of the consumer's name, the consumer's income, the consumer's social security number to obtain a credit report, the property address, an estimate of the value of the property, and the mortgage loan amount sought.” 

Potentially reimbursable violations are the least common issues that we have found with TRID. These violations almost always involve a mistake with fees being disclosed on the loan estimate and closing disclosure. Not all of the issues resulted in reimbursement to the borrower, but they potentially could have that result. 

Lender credits have been a disclosure nightmare since the RESPA rule was changed in 2010. The Consumer Financial Protection Bureau retained the U.S. Department of Housing and Urban Development’s problematic way of disclosing lender credits with TRID. In short, the TRID rules generally prohibit the creditor from decreasing the amount of a lender credit from the loan estimate to the closing disclosure. 

The violations commonly occur when a creditor is trying to do a no-cost loan. In these instances, the creditor will issue a lender credit to cover the amount of closing costs on the loan estimate. When the closing disclosure is created, the amount of the closing costs is less than what was on the loan estimate. The creditor mistakenly lowers the amount of the lender credit to match the lower closing costs. The one exception to reducing the lender credit occurs when the lender credit is dependent on the interest rate and the rate has not been locked. Subsequently locking the rate does allow for a reduction in the lender credit, if the credit was dependent on the interest rate.

The Intersection of MSBs and BSA 

MSBs generally provide products and services such as money orders, traveler’s checks, currency exchange and check cashing. Given that they involve cash and currency and a corresponding greater risk of fraud and money laundering, more due diligence is required to manage that risk and avoid BSA violations.

The phenomenon among mega-banks known as “de-risking” increases the likelihood MSBs will approach credit unions to establish account relationships. De-risking is where some mega-banks decide that the BSA risk to them is too great in providing account services to certain entities, such as MSBs. The result is that MSBs reach out more to community-based financial institutions such as credit unions for account relationships. 
Credit unions continue to work with more MSBs and subsequently are taking on more BSA risk. Examiners are looking closer at MSBs for BSA compliance. It is imperative that any credit union working with an MSB understand and monitor the risk. Credit unions should also verify that the MSB is having independent testing conducted and has a BSA compliance program.

Compliance Management Expectations

Examiners are still very much focused on the process by which credit unions manage regulatory compliance. There is no doubt that examiners believe credit unions cannot adequately manage compliance without a formal compliance management system. CFPB often points out that inadequate compliance management systems lead to serious compliance violations.
 
The four components of an effective compliance management system are board and management oversight, a compliance program, a consumer complaint management system, and a compliance audit program. It is not enough for a credit union to tell examiners that they have all four components. Instead, credit unions should have written evidence of all four components. 

Complaint Management Process

Complaint management is more important now than ever before. Examiners are specifically testing compliance management policies, procedures and processes. The procedures should specifically describe how the credit union will respond if a member alleges that the credit union was unfair in handling a particular transaction or service. When the credit union receives the notification, regardless of how it arrives, it should have a specific process to follow for handling the complaint and determining the root cause. 

The complaint management process should include a written policy and procedures to record, categorize, analyze, investigate, resolve and respond to each compliant appropriately and in a timely fashion. All staff should be trained to understand the appropriate internal channels to work through if and when they receive a complaint. Each complaint should result in a written response.
Your complaint management system should specifically define a complaint. Complaints should cover verbal notifications and those received through social media.

Examiners focus on whether credit unions do a root cause analysis for complaints. Your credit union should be not only addressing the complaint itself but also the root cause of the complaint. Look to see if other members are impacted by the root cause of the complaint. If so, identify members impacted and determine how to fix the broader issue. 

John Zasada is principal with CliftonLarsonAllen, Minneapolis.