Lending is a difficult business – it’s hard enough dealing with ordinary risks in consumer lending. But lenders also deal with overwhelming, ever-changing regulations. Fortunately, there are ways to mitigate the risk. One of the best is ensuring that data used in evaluating loans is complete and accurate. Then you avoid stumbling over tripwires set by a maze of complex and changing regulations.
Federal lending regulations include:
- Equal Credit Opportunity Act (Regulation B) – ensures applicants aren’t discriminated against in a credit transaction.
- Electronic Fund Transfers (Regulation E) – protects consumers using electronic fund and remittance transfers.
- Fair Debt Collection Practices Act (Regulation F) – prescribes Federal rules governing the debt collectors
- Fair Credit Reporting (Regulation V)
- Truth in Lending (Regulation Z)
- Bank Secrecy Act
If those aren’t enough regulations, every state has regulations affecting consumer credit provision. And, those rules — federal and state — are subject to change. Staying current and compliant is expensive and time-consuming.
There are two key strategies lenders use to stay compliant. In the first – “reactive compliance,” lenders define policies, conduct business, and produce compliance reports. The reports form the foundation for correcting missteps and adjusting policies to resolve systemic errors.
The second strategy – “proactive compliance,” still requires the essential elements of policy definition, business operation, and reporting, but there’s a fundamental difference. The design of business processes builds in compliance. Lenders using Informed for Consumer (personal), Auto, and Student loans benefit from built-in compliance features. This means that compliance is happening even when not top of mind, and risk and security metrics are addressed.
While building an inhouse compliance function is expensive, failure to comply is far more expensive. Last year, the CFPB levied fines of $19.2m on one lender for credit reporting errors. The risks of these penalties justify investing in compliance, and financial penalties are only part of the expense.
Lenders need consider:
- Reputational cost: Facts become known when lenders are penalized for non-compliance. The associated negative publicity drives business away.
- Operational cost: Amongst the penalties for non-compliance are a requirement for implementing stricter controls or submitting to more frequent audits.
- Revenue loss: Reduced productivity due to operational changes and decline in demand due to reputational damage both hurt revenue.
- Increasing audit scope: Cybersecurity vulnerability scanning and risk assessments are costly
- Enforcing access and information flow to protect it from non- security functions. This reduces expense and resources required to maintain the systems and decrease scope of audits.
Penalties for regulatory failings suggest the need for a “compliance business plan.” A complete plan includes:
- An executive mandate for compliance strategy and policy
- An organization including a senior Compliance Officer
- Defined and automated compliance procedures
- Regular and comprehensive training and education
- Internal monitoring and auditing
- Standards enforcement with well-publicized disciplinary guidelines
- Prompt corrective actions for detected problems
- Appropriate use of external support services
“Appropriate use of external support services” includes software solutions. Among the business processes AI-based software supports are:
- Compliance management
- Audit automation
- Regulatory currency
- Data quality assurance
Business models for Consumer Lending are in transition and digital is expanding. Lenders are restructuring workflows and customer experiences. Externalizing compliance activities is one way to accelerate transitions and manage a significant cost element.
Lenders must build a roadmap to automated compliance in the ever-shifting regulatory environment because automation is key to cost management and profit protection. Risk exposure, business needs, and compliance must be discussed at all levels of the organization. Look for guidance on assessing risks, prioritizing them and associated controls and ranking their level of impact. Senior management and stakeholders will then have clear line of sight to the impacts of risk and a path to compliance.