As a mortgage compliance professional, you accumulate massive amounts of data through regulatory reading and research, discussions with staff and management in business sectors, monitoring and review functions, and many other day-to-day activities.

What should you do with all that data? Who needs to know, and, more importantly, what does Senior Management or the financial institution’s board of directors need to know?

Most data that mortgage compliance professionals receive should be documented or maintained in some manner. Regulatory changes must be analyzed and communicated with affected parties. Documentation of the process is a critical part of effectuating compliance. Results of monitoring or reviews must be assimilated, communicated to affected stakeholders, and documented for follow-up and regulatory examinations.

Then, there is the mortgage compliance professional’s communication with Senior Management and/or the board of directors (cumulatively “board”). What should be reported and when?

“Directors are responsible for providing their banks with a compliance risk management program that includes preventive, detective, and corrective measures to ensure compliance with banking laws and regulations. Preventive measures are those that help prevent violations from even occurring, which may include:

  • policies
  • procedures;
  • internal controls; and
  • training.”[1]

If we extrapolate the essence of the Federal Reserve Board’s guidance for bank directors to the broader mortgage industry, we can apply the guidance to executive and senior management and to boards of directors of financial institutions that are engaged in the mortgage business.

The board is responsible for the compliance risk management program. Period.

The board should be presented with information about how the compliance requirements of the financial institution are achieved – the Compliance Management System (CMS), compliance officer, etc. The board doesn’t need to get into the weeds, though. Compliance reporting to the board should be at the level of information germane to the board’s need to manage compliance risk, and information to be reported should be prioritized and categorized based on risk to the financial institution, unless otherwise requested. Compliance officers might consider segregating risks into enterprise-wide risks, business unit risks, and emerging risks, with priority given to enterprise-wide risks. The financial institution’s risk assessment score for issues that have surfaced might be a good guide to which information should be communicated directly to the board and which information can be sufficiently handled by the management chain.

When mortgage compliance officers report to the board about compliance problems, they should use a consistent, logical format with which the information can be framed and presented to engage the board as effectively as possible. Consider this format as an example:

Regulatory Requirement: Provide a brief explanation of what laws or regulations apply to the situation and what was required to comply.

Financial Institution Compliance: Provide the details of what the financial institution’s practices are/were that were in violation, giving examples, if needed.

Risk Assessment: Provide an assessment of the risk or potential risk to the 1) enterprise, 2) business unit, and 3) areas potentially affected by emerging issues. Describe risk exposure based on gravity of the noncompliance and extent to which violations occurred (transactions, time period, etc.).

Corrective Measures: Describe corrective measures that have been taken, those outstanding, and those requiring board direction. If monetary restitution is a factor, provide an estimate of the cumulative effect from the files/time frame affected. Discuss the potential impact the issue may have on the next regulatory examination, including violations of laws or regulations, monetary costs, enforcement actions, and reputational risk, and mitigating actions the financial institution might take, if any.

A financial institution’s governing body, whether it is executive-level management or a formally-formed board of directors, must be knowledgeable about the content and operation of the compliance program and should exercise reasonable oversight to implement it and ensure its effectiveness. Reporting should provide the board or senior management the tools to accomplish those responsibilities.


Around the Industry:

Effective Now:

CFPB issues interim rule on early intervention notices sent to consumers who have requested to not be contacted under the Fair Debt Collection Protection Act.


How do you implement the Three C’s of Compliance? See this for help.



[1] Basics for Bank Directors, Federal Reserve Bank of Kansas City, Division of Supervision and Risk Management, 2016,


Be Sociable, Share!

Source link

This Content is Generated from RSS Feeds, if your content is featured and you would like to be removed, please Contact Us

Tech Shop Offers

Music and Hifi Offers

Money and Loans

Get the very best deal on Loans, Credit Cards, Bank Accounts and Mortgages.

Motor Insurance Quote

Get a Quick Motor Insurance Quote and Compare from over 65 Providers.

Home Insurance and More

Compare Home Insurance from over 65 Insurance Providers to guarantee you the best deal.

Life Insurance and More

Get a Quick Life Insurance Quote and Compare Deals from UK's well known Insurance Providers.

Travel Insurance Quotes