tag:blogger.com,1999:blog-91716531858592336362024-03-05T00:03:36.281-05:00Lenders Compliance GroupLenders Compliance Group, the first, full-service mortgage risk management firm in the United States. Compliance updates and timely alerts regarding residential mortgage compliance.Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comBlogger324125tag:blogger.com,1999:blog-9171653185859233636.post-88216124991172163342020-05-26T11:35:00.001-04:002020-05-26T11:35:34.128-04:00Checklist & Workbook: Business Continuity Plan, Includes COVID-19 Pandemic Response - Update # 7<span style="font-family: Arial, Helvetica, sans-serif;">We have updated the <b>Business Continuity Plan Checklist & Workbook, Includes COVID-19 Pandemic Response</b> ("Checklist"). </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;"><b>I am pleased to announce the publication of <u>Update # 7</u>.</b></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">We published the initial Checklist on Monday, March 16th, consisting of 60 pages. Today’s update is 207 pages and contains many <u>new sections</u>, <u>updates</u>, and <u>additional resources</u>.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">New sections include outlines and guidelines, as follows:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">- Coronavirus Economic Stabilization Act (CESA) </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">- Paycheck Protection Program (PPP)</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">- Paycheck Protection Program (PPP) - Dicta</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">- Links to State Issuances for Remote Activities</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">- Business Interruption Insurance - Checklist</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">The Checklist is being provided on a <b><i>complimentary basis</i></b>. It is our view that companies in need of immediate guidance should be able to get it <u>without cost</u> in the midst of a pandemic. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">You can request the most recent version <a href="https://lenderscompliancegroup.com/9.html"><b>HERE</b></a>. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Let’s continue to work together for the benefit of one another, our families, companies, communities, and cherished consumers.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Best wishes,</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Jonathan</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Jonathan Foxx, Ph.D., MBA</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Chairman & Managing Director</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;">Lenders Compliance Group</span>Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-7386391273591280542020-04-09T16:41:00.000-04:002020-04-10T16:38:34.098-04:00Webinar: Checklist & Workbook - Business Continuity Plan and COVID-19 Pandemic Response<br />
<div class="MsoNormal" style="text-align: center;">
<span style="color: #073763; font-family: "arial" , "helvetica" , sans-serif;"><b><u>Announcement</u></b></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Message from Jonathan Foxx, Ph.D., MBA, </span></span></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Chairman & Managing Director</span></span></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Lenders Compliance Group</span></span></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: center;">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">We are presenting a <b><u>Free Webinar</u></b>,
entitled</span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: center;">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Navigating the </b></span></span></div>
<div class="MsoNormal" style="text-align: center;">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Checklist & Workbook</b></span></span></div>
<div class="MsoNormal" style="text-align: center;">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Business Continuity Plan
and </b></span></span></div>
<div class="MsoNormal" style="text-align: center;">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><b>COVID-19 Pandemic Response</b>.<o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div class="MsoNormal" style="text-align: center;">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #cc0000;">Webinar: Thursday, April 16, 2020, 1PM-ET</span></span></span></div>
<div class="MsoNormal" style="text-align: center;">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #cc0000;"><br /></span></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://lenderscompliancegroup.formstack.com/forms/webinarbcp"><img border="0" data-original-height="184" data-original-width="490" height="75" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbM41SyAOFcGYzTHsnWa7KXnabyYUrAR3l6D7_Y2DNzXABlD49bBT33PrsMUzNmXwLmRiE1J4BichyphenhyphenxtdQrL1fd1UdMKdA47CDem2JPPfX4XEF-g7YzvILRavWlUbcz9_72n7k6qM4Lgo/s200/Webinar-1-AS-500x242-BCP-BFEDIT_NOTEXT_CROPPED.jpg" width="200" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal" style="text-align: center;">
<div style="text-align: left;">
<span style="font-family: arial, helvetica, sans-serif;">We pioneered and authored the </span><a href="https://lenderscompliancegroup.com/9.html" style="font-family: arial, helvetica, sans-serif;">Checklist &Workbook</a><span style="font-family: arial, helvetica, sans-serif;">. </span></div>
</div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Now we want to let you know how to navigate it. <o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">This webinar is your chance to learn how to use
the Checklist!<o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Since its publication on March 16<sup>th</sup>,
we have received thousands of downloads.<o:p></o:p></span></span></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The Checklist now consists of 6 Modules and 180 pages!</span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #cc0000;">Demand is going to be high, seating is limited,
so register now while there’s still space!</span><o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">COVID-19 has made us take a close look at this
pandemic response in the context of a Business Continuity Plan. <o:p></o:p></span></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Here’s what you get when you attend <b>Navigating
the Checklist & Workbook</b>:</span></div>
<div class="MsoNormal">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="text-indent: -0.25in;">Update # 6 – new release – you will
receive it </span><u style="text-indent: -0.25in;">before</u><span style="text-indent: -0.25in;"> anyone else!</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Subject Matter Experts will present critical
insights and guidance.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Written questions during the webinar answered
individually after the webinar.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Slides</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Recording </span></li>
</ul>
<br />
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">As I pointed out, we have limited seating for
this event. Please register as soon as possible.<o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: center;">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="color: #cc0000; font-family: "arial" , "helvetica" , sans-serif;">Webinar: Thursday, April 16, 2020, 1PM-ET</span></span></div>
<div class="MsoNormal" style="text-align: center;">
<br /></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Let’s continue to work together for the sake
of our companies, employees, and families.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-ascii-font-family: Calibri; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman"; mso-hansi-font-family: Calibri; mso-hansi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Best wishes!</span></span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-35748286302402873142020-03-16T14:22:00.000-04:002020-03-16T14:45:00.867-04:00Lenders Compliance Group issues complimentary Business Continuity Plan Checklist (Includes COVID-19 Pandemic Response)<span style="color: blue;"><a href="https://www.prlog.org/12814740-lenders-compliance-group-issues-complimentary-business-continuity-plan-checklist-and-workbook-includes-covid-19-pandemic-response.html"><b><span style="line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;">PRESS RELEASE</span></span></b></a></span><br />
<b><span style="color: #444444; line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></b>
<b><span style="color: #444444; line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Modules directly address the specific requirements needed to maintain
business continuity in general as well as provide business continuity during
the COVID-19 Pandemic in particular.</span></span></b><br />
<br />
<span style="color: #111111;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Lenders Compliance
Group (LCG), the first and only full-service compliance firm with a suite of
compliance solutions for residential mortgage lenders and originators, has
issued today a valuable tool, entitled <b><i>Business Continuity Plan
Checklist & Workbook (Includes COVID-19 Pandemic Response)</i></b><i>.</i><br />
<br />
The checklist is a valuable development tool to chart the progress in
developing a <b>Business Continuity Plan</b>. This is a 60-page,
form-fillable document that provides the basic compliance elements and due
diligence essentials at this most critical time in the outbreak of the COVID-19
Pandemic.<br />
<br />
There are distinct differences between pandemic planning and traditional
business continuity planning. Pandemic planning presents unique challenges.
Unlike natural disasters, technical disasters, malicious acts, or terrorist
events, the impact of a pandemic is much more difficult to determine because of
the anticipated difference in scale and duration.<br />
<br />
<b>Lenders Compliance Group is providing the <i>Business Continuity Plan
Checklist & Workbook (Includes COVID-19 Pandemic Response) on a
complimentary basis to the financial services industry.</i></b><br />
<br />
There are five modules, as follows:<br />
<br />
Module 1: Business Continuity Team</span></span><br />
<br />
<span style="color: #111111;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Module 2: Facilities Continuity</span></span><br />
<br />
<span style="color: #111111;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Module 3: Recovery Requirements</span></span><br />
<br />
<span style="color: #111111;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Module 4: Pandemic Planning for COVID-19</span></span><br />
<br />
<span style="color: #111111;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Module 5: Generalized Pandemic Response based on NYS Model<br />
<br />
Additional sections, some of which contain subsections, provide:</span></span><br />
<ul type="disc">
<li><span style="color: #111111; font-family: "arial" , "helvetica" , sans-serif;">Team Alert List</span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Employee Call List Instructions<o:p></o:p></span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Critical Vendors List (Sample Format)<o:p></o:p></span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Key Customer Description<o:p></o:p></span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Meeting Place Description<o:p></o:p></span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l0 level1 lfo1; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Model Risk Matrix (Sample Format)<o:p></o:p></span></li>
</ul>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="color: #111111;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The <b><i>Business
Continuity Plan Checklist & Workbook (Includes COVID-19 Pandemic Response)</i></b> is
meant as a means toward building a functionally adequate Business Continuity
Plan. Each financial institution is different and processes will vary. However,
management should consider how to accomplish the following:<br />
<!--[if !supportLineBreakNewLine]--><br />
<!--[endif]--><o:p></o:p></span></span></div>
<ul type="disc">
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l1 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Prevention and preparedness;<o:p></o:p></span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l1 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Reconciling recovery times with business unit
requirements;<o:p></o:p></span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l1 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Disaster declaration and plan implementation processes;<o:p></o:p></span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l1 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Recovery progress reporting; and<o:p></o:p></span></li>
<li class="MsoNormal" style="color: #111111; line-height: normal; mso-list: l1 level1 lfo2; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; tab-stops: list .5in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Testing of the plans.<o:p></o:p></span></li>
</ul>
<b><span style="color: #111111; line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Lenders Compliance Group
has established a dedicated form to request a complimentary copy of the <i>Business
Continuity Plan Checklist & Workbook (Includes COVID-19 Pandemic Response)</i> directly
from its website Home Page at</span></span></b><span style="color: #111111; line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;"> <a href="https://lenderscompliancegroup.com/"><span style="color: #6080f0;">www.LendersComplianceGroup.com</span></a>.</span>
<!--[if !supportLineBreakNewLine]--><br />
<!--[endif]--></span>Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-46652772749411307662020-03-11T16:44:00.000-04:002020-03-11T16:50:12.732-04:00Announcement: NYS/DFS issues Guidance and Requirements for Coronavirus Risk<span style="font-family: "arial" , "helvetica" , sans-serif;">The New York State Department of Financial Services (DFS) has issued guidance and a request for assurance to ensure that financial institutions are identifying, monitoring, and managing the potential financial risk arising from the spread of a novel coronavirus known as “COVID-19”.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">To that end, DFS is requiring each regulated institution to submit a response to DFS describing the institution’s plan regarding managing the potential financial risk arising from COVID-19. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><br /></b></span>
<br />
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Responses are to be provided to DFS as soon as possible, </b></span></div>
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>but in no event later than thirty (30) days from March 10, 2020.</b> </span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">We have previously published information to manage the coronavirus risk to financial institutions <a href="https://lenderscompliancegroup.com/7.html"><b>HERE</b></a>.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The issuance, Guidance to New York State Regulated Institutions and Request for Assurance Relating to Potential Financial Risk Arising from the Outbreak of the Novel Coronavirus, sets forth specific compliance requirements.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Review the NYS/DFS Industry Letter </b></span></div>
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.dfs.ny.gov/industry_guidance/industry_letters/il20200310_financial_risk_coronavirus"><b>HERE</b></a></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">According to the Department of Financial Services, it is critical that your risk management programs include a plan to assess and monitor the potential financial risk that may arise from the outbreak of COVID-19. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Such a plan, at a minimum, should include the following assessments:</span><br />
<br />
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Assessment of the credit risk ratings of the customers, counterparties and business sectors impacted by COVID-19;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Assessment of the credit exposure to customers, counterparties and business sectors impacted by COVID-19, arising from lending, trading, investing, hedging and other financial transactions, including any credit modifications, extensions and restructurings (including capitalizations of interest);</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Assessment of the scope and the size of credits adversely impacted by COVID-19 that currently are in, or potentially may move to, non-performing/delinquent status, including consideration of stress testing and/or sensitivity analysis of loan portfolios and the adequacy of loan loss reserves;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Assessment of the valuation of assets and investments that may be, or have been, impacted by COVID-19; </span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Assessment of the overall impact of COVID-19 on earnings, profits, capital, and liquidity (including impact on loan-to-deposit ratio) of your institutions; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Assessment of reasonable and prudent steps to assist those adversely impacted by COVID-19. </span></li>
</ol>
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">The boards of directors or the equivalents of your institutions are responsible for ensuring that appropriate plans are in place and that sufficient resources are allocated to implement such plans. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The senior management of institutions is responsible for ensuring effective policies, processes and procedures are in place to execute the plan and for communicating the plan throughout the institution to ensure consistency in approach so that employees understand their roles and responsibilities. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">If you need assistance, we can help with a cost-effective <u>Busines Continuity Plan</u>. We also provide a <u>Disaster Recovery & Business Continuity Plan</u> or, separately, just the Business Continuity Plan. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">You will work with a Subject Matter Expert to conform the plan to your business model.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">We have reduced our fees for these policies to ensure that financial institutions are able to implement protective and preventive measures as well as comply with regulatory expectations.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Contact us <a href="https://lenderscompliancegroup.formstack.com/forms/drbc"><b>HERE</b></a>! We will send you a presentation and proposal. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Or, send us an email <a href="mailto:compliance@lenderscompliancegroup.com"><b>HERE</b></a> to discuss your particular compliance needs.</span>Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-30457180818777648682020-03-09T12:25:00.000-04:002020-03-26T12:24:49.074-04:00Announcement: Interagency Statement on Pandemic Planning<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><a href="https://lenderscompliancegroup.com/7.html">PRINT THIS</a></b> </span><br />
<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">FFIEC has issued guidance on pandemic planning, entitled </span><a href="https://www.ffiec.gov/press/pandemicguidance.pdf" style="font-family: arial, helvetica, sans-serif;"><i>Interagency Statement on Pandemic Planning (“Guidance”)</i></a><span style="font-family: "arial" , "helvetica" , sans-serif;">. This issuance is meant to heighten the response of financial institutions to the coronavirus pandemic. The Guidance identifies actions
that financial institutions should take to minimize the potential adverse
effects of a pandemic. Specifically, the institution’s business continuity plan
(BCP) should address pandemics and provide for a preventive program, a
documented strategy scaled to the stages of a pandemic outbreak, a
comprehensive framework to ensure the continuance of critical operations, a
testing program and an oversight program to ensure that the plan is reviewed
and updated.</span><br />
<div class="MsoNormal" style="line-height: 15.0pt; margin-top: 6.25pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">We have been notifying you on how to protect your companies, customers, employees,
families, and communities <a href="https://lenderscompliancegroup.com/7.html"><b>HERE</b></a>. Please review those articles and act
accordingly. </span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-top: 6.25pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="letter-spacing: 0.0666667px;">If you want to discuss your specific pandemic preparation requirements, please contact us at </span><a href="mailto:compliance@lenderscompliancegroup.com" style="letter-spacing: 0.0666667px;">compliance@lenderscompliancegroup.com</a><span style="letter-spacing: 0.0666667px;">.</span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-top: 6.25pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">We believe that <u><b>Disaster Recovery and Business Continuity</b></u> should
be combined, but, as the Guidance states “pandemic planning activities should
involve senior business management from all functional, business and product
areas, including administrative, human resources, legal, IT support functions,
and key product lines.”<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The pandemic segment of the BCP must be "sufficiently flexible to
address a wide range of possible effects that could result from a pandemic," and
also be reflective of the institution’s size, complexity, and business
activities. </span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Our position is that there are two types of BCPs: standard and enhanced. </span></span><br />
<br />
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The <b>standard version</b> lacks
due diligence and independent risk assessment but does provide a basic outline
to follow to ensure business continuity. </span></span><br />
<br />
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The <b>enhanced version</b> is preferred by regulators because it contains due diligence and independent risk assessment. The enhanced version is obviously
preferable to the standard version, because it provides specific due diligence, auditing done by subject matter experts, and leads to an independent risk assessment. The risk assessment reveals strengths and weaknesses further provides actionable recommendations. The standard version is less expensive
to draft than the latter, but can be used as a baseline to ensure that your
company is taking some affirmative actions to contain the spread of the coronavirus.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The Guidance is unequivocal in its directives: </span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-bottom: 8.0pt; margin-left: .5in; margin-right: 0in; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.1pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The adverse economic effects of a pandemic could be
significant, both nationally and internationally. Due to their crucial
financial and economic role, <b style="mso-bidi-font-weight: normal;">financial
institutions should have plans in place that describe how they will manage
through a pandemic event</b>. Sound planning should minimize the disruptions to
the local and national economy and should help the institution maintain the
trust and confidence of its customers. [Emphasis in original.]<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black; letter-spacing: 0.1pt;">According to the Guidance, “p</span><span style="color: black; letter-spacing: 0.05pt;">andemic
planning presents unique challenges to financial institution management. Unlike
natural disasters, technical disasters, malicious acts, or terrorist events,
the impact of a pandemic is much more difficult to determine because of the
anticipated difference in scale and duration.”<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The following constitute the actions that
management should be undertaking, per the Guidance:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">1. A <b>preventive program</b> to reduce the
likelihood that an institution’s operations will be significantly affected by a
pandemic event, including the monitoring of potential outbreaks, educating
employees, communicating and coordinating with critical service providers and
suppliers, in addition to providing appropriate hygiene training and tools to
employees.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">2. A <b>documented strategy</b> that provides
for scaling the institution’s pandemic efforts so they are consistent with the
effects of a particular stage of a pandemic outbreak, such as first cases of
humans contracting the disease overseas, first cases within the United States,
and first cases within the organization itself. The strategy will also need to
outline plans that state how to recover from a pandemic wave and proper
preparations for any following wave(s).<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">3. A <b>comprehensive framework of
facilities, systems, or procedures</b> that provide the organization the
capability to continue its critical operations in the event that large numbers of the institution’s staff are unavailable for prolonged periods. Such
procedures could include social distancing to minimize staff contact,
telecommuting, redirecting customers from branch to electronic banking
services, or conducting operations from alternative sites. The framework should
consider the impact of customer reactions and the potential demand for, and
increased reliance on, online banking, telephone banking, ATMs, and call
support services. In addition, consideration should be given to possible
actions by public health and other government authorities that may affect
critical business functions of a financial institution.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">4. A <b>testing program</b> to ensure that
the institution’s pandemic planning practices and capabilities are effective
and will allow critical operations to continue.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">5. An <b>oversight program to ensure ongoing
review and updates</b> to the pandemic plan so that policies, standards, and
procedures include up-to-date, relevant information provided by governmental
sources or by the institution’s monitoring program.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The Guidance provides helpful and important
links to information resources, as follows:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.05pt; margin-top: 5.85pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black; letter-spacing: 0.05pt;">1. The <u>National
Strategy for Pandemic Influenza</u> (National Strategy) and the <u>Implementation
Plan for the National Strategy for Pandemic Influenza </u><span style="mso-spacerun: yes;"> </span>(National Implementation Plan) issued by the
federal government provide a complete guide to pandemic planning. </span></span></div>
<div class="MsoNormal" style="line-height: 15.05pt; margin-top: 5.85pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black; letter-spacing: 0.05pt;">The documents
can be found at </span><a href="https://www.cdc.gov/flu/pandemic-resources/index.htm">https://www.cdc.gov/flu/pandemic-resources/index.htm</a>.</span></div>
<div class="MsoNormal" style="line-height: 15.05pt; margin-top: 5.85pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
</div>
<a name='more'></a><span style="font-family: "arial" , "helvetica" , sans-serif;">2. The Financial Services Sector
Coordinating Committee issued a <u>Statement on Preparations for Avian Flu</u>,
which provides industry-developed guidance for financial institutions preparing
for the potential of a serious influenza epidemic. </span><br />
<div class="MsoNormal" style="line-height: 15.05pt; margin-top: 6.05pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">The document can be found
at </span><a href="https://www.fsscc.org/influenza/financial_planning.jsp."><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">https://www.fsscc.org/influenza/financial_planning.jsp</span></i></a><i style="mso-bidi-font-style: normal;"><u><span style="color: blue;">.</span></u></i><i style="mso-bidi-font-style: normal;"><span style="color: blue;"> </span></i><span style="color: black;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-top: 5.7pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">3. The
Department of Homeland Security (DHS) published <u>The Pandemic Influenza
Preparedness, Response, and Recovery Guide for Critical Infrastructure and Key
Resources</u>. This document is one of the tools DHS developed to enhance
pandemic planning. It provides a source listing of primary government and
pandemic influenza-specific background material, references, and contacts.
Institutions may find the Continuity of Operations – Essential (COP-E) planning
process especially useful. </span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-top: 5.7pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The document can be found at:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 14.1pt; margin-top: 1.2pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.pandemicflu.gov/plan/pdf/cikrpandemicinfluenzaguide.pdf."><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://www.pandemicflu.gov/plan/pdf/cikrpandemicinfluenzaguide.pdf.</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: black;"> </span></i><i style="mso-bidi-font-style: normal;"><u><span style="color: blue;"><o:p></o:p></span></u></i></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">4. The Department of Health and Human Services Center for Disease Control
published <u>Interim Pre-pandemic Planning Guidance: Community Strategy for
Pandemic Influenza Mitigation in the United States – Early, Targeted, Layered
Use of Nonpharmaceutical Interventions</u>. This document provides information
about community actions that may be taken to limit the impact from pandemic
influenza when vaccine and antiviral medications are in short supply or
unavailable. Financial institutions may be asked to plan for the use of the<span style="letter-spacing: .05pt;"> </span>identified interventions to help limit the
spread of a pandemic, prevent disease and death, lessen the impact on the
economy, and keep society functioning. </span></span></div>
<div class="MsoNormal" style="line-height: 13.75pt; margin-top: 6.5pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">The document can be found at </span><a href="http://www.pandemicflu.gov/plan/community/commitigation.html."><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://www.pandemicflu.gov/plan/community/commitigation.html.</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: black;"> </span></i><span style="color: black; letter-spacing: 0.05pt;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-top: 5.95pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">5. The Department of Health and
Human Services (DHHS) has published a series of checklists that are intended to
aid preparation for a pandemic in a coordinated and consistent manner across
all segments of society. Included are checklists for state and local
governments, for U.S. businesses with overseas operations, for the Workplace,
for Individuals and Families, for Schools, for Health Care and for Community
Organizations. </span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-top: 5.95pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">They can also be found at </span><a href="http://www.pandemicflu.gov/"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://www.pandemicflu.gov/.</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: black;"> </span></i><i style="mso-bidi-font-style: normal;"><u><span style="color: blue;"><o:p></o:p></span></u></i></span></div>
<div class="MsoNormal" style="line-height: 14.35pt; margin-top: 12.35pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black; letter-spacing: 0.05pt;">The Guidance provides an outline of staged
preparedness in a section entitled “</span><span style="color: black; letter-spacing: 0.3pt;">Phases:
Planning, Preparing, Responding and Recovering.” This approach is consistent
with identifying a cyclical aspect to process implementation. Each phase
identifies specific challenges and the actions that must be implemented in the
cycle. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 14.35pt; margin-top: 12.35pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.3pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">In addition, the Guidance
suggests that a <u>Business Impact Analysis (“BIA”)</u> should be incorporated into the
BCP which contains the following features:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 3.2pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">1. Assess and prioritize essential
business functions and processes that may be affected by a pandemic;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 5.85pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Identify the potential impact of a
pandemic on the institution's essential business functions and processes, and
supporting resources;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.05pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.1pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">2. Identify
the potential impact of a pandemic on customers: those that could be most
affected and those that could have the greatest impact on the (local) economy;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.0pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">3. Identify the legal and
regulatory requirements for the institution’s business functions and processes;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.0pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">4. Estimate the maximum downtime
associated with the institution’s business functions and processes that may
occur during a pandemic;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.1pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">5. Assess cross-training conducted
for key business positions and processes; and<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.0pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">6. Evaluate the plans of critical
service providers for operating during a pandemic. Financial institutions
should evaluate the plans and monitor the servicers to ensure critical services
are available. Financial institutions may wish to have back-up arrangements to
mitigate any risk. Special attention should be directed at the institution’s
ability to access leased premises and whether sufficient internet access
capacity is available if telecommuting is a key risk mitigation strategy.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.0pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Due diligence and risk assessment are
critical to the overall effectiveness of the BCP. These review requirements provide
the basis of dependable risk management. For instance, the Guidance states that
important pandemic planning should include:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 5.65pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">1. Prioritizing the severity of
potential business disruptions resulting from a pandemic, based on the
institution’s estimate of impact and probability of occurrence on operations;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.1pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">2. Performing a “gap analysis”
that compares existing business processes and procedures with what is needed to
mitigate the severity of potential business disruptions resulting from a
pandemic;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 5.9pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">3. Developing a written pandemic
plan to follow during a possible pandemic event;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 14.9pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.2pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">4. Reviewing and approving the
pandemic plan by the board or a committee thereof and senior management at
least annually; and<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 14.9pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.2pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">5. Communicating and disseminating
the plan and the current status of pandemic phases to employees.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.0pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The role of management is central
to the success of the BCP. As the Guidance states:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: 8.0pt; margin-left: .5in; margin-right: 0in; margin-top: 5.9pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Senior
management is responsible for developing the pandemic plan and translating the
plan into specific policies, processes, and procedures. Senior management is
also responsible for communicating the plan throughout the institution to
ensure consistent understanding of the key elements of the plan and to ensure
that employees understand their role and responsibilities in responding to a
pandemic event. Finally, senior management is responsible for ensuring that the
plan is regularly tested and remains relevant to the scope and complexity of
the institution’s operations.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.0pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The risk assessment should include
not only the factors mentioned above but also must include a review of the
institution’s coordination with (1) outside parties, (2) identification of triggering
events, (3) employee protection strategies, (4) mitigating controls, and (5) remote access.
<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 14.35pt; margin-top: 12.35pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black; letter-spacing: 0.05pt;">The Guidance sets forth the essential features of
applicable risk monitoring and testing criteria, especially since the </span><span style="color: black;">information from medical
and governmental experts about the causes and effects of a pandemic continues
to evolve, an institution’s pandemic plan must be sufficiently flexible to
incorporate new information and risk mitigation approaches.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 14.35pt; margin-top: 12.35pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Such <b>risk monitoring</b> should include:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: .65in; margin-top: 6.0pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">1. Roles and responsibilities of
management, employees, key suppliers, and customers;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.1pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">2. Key pandemic planning
assumptions;<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: .05in; margin-top: 5.8pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">3. Increased reliance on online
banking, telephone banking, and call center services; and<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 15.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 0in; margin-top: 6.1pt; mso-line-height-rule: exactly; tab-stops: .5in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">4. Remote access and telecommuting
capabilities.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black; letter-spacing: 0.1pt;">With respect to <b>testing</b>, the Guidance states
that testing for a pandemic may require variations to the scope of traditional
disaster recovery and business continuity testing, as potential test scenarios
will most likely be different. </span><span style="color: black;">Test results should be reported to management, with appropriate
updates made to the pandemic plan and testing program.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The Guidance provides the following informative
resource links:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">1. The official Federal web site,</span><i style="mso-bidi-font-style: normal;"><u><span style="color: blue;"> </span></u></i><a href="http://www.pandemicflu.gov/"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://www.pandemicflu.gov</span></i></a><span style="color: blue;">,</span><span style="color: black;"> contains the complete text
of the National Strategy for Pandemic Influenza and other important, related
details.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">2. Department of Health and Human Services (DHHS)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 1.9in; margin-top: 0in; text-indent: .25in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.dhhs.gov/nvpo/pandemics/index.html"><i style="mso-bidi-font-style: normal;"><span style="color: blue; letter-spacing: -0.05pt;">http://www.dhhs.gov/nvpo/pandemics/index.html</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: blue; letter-spacing: -0.05pt;"> <o:p></o:p></span></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 1.9in; margin-top: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 1.9in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black; letter-spacing: -0.05pt;">3. Business
Pandemic Influenza Planning Checklist (DHHS)</span><i style="mso-bidi-font-style: normal;"><u><span style="color: blue; letter-spacing: -0.05pt;"><o:p></o:p></span></u></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; text-indent: .25in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.pandemicflu.gov/plan/pdf/businesschecklist.pdf"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://www.pandemicflu.gov/plan/pdf/businesschecklist.pdf</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: blue;"> <br style="mso-special-character: line-break;" />
<!--[if !supportLineBreakNewLine]--><br style="mso-special-character: line-break;" />
<!--[endif]--></span></i><span style="color: black;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">4. Avian Flu Website (DOD)</span><i style="mso-bidi-font-style: normal;"><u><span style="color: blue;"><o:p></o:p></span></u></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://fhp.osd.mil/factsheetDetail.jsp?fact=3"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://fhp.osd.mil/factsheetDetail.jsp?fact=3</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: black;"> </span></i><i style="mso-bidi-font-style: normal;"><u><span style="color: blue;"><o:p></o:p></span></u></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">5. Centers for Disease Control (CDC)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.cdc.gov/flu/avian/index.htm"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://www.cdc.gov/flu/avian/index.htm</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: black;"> </span></i><i style="mso-bidi-font-style: normal;"><u><span style="color: blue;"><o:p></o:p></span></u></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">6. World Health Organization (WHO)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 2.05in; margin-top: 0in; text-indent: .25in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.who.int/csr/disease/avian_influenza/en/"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://www.who.int/csr/disease/avian_influenza/en/</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: blue;"> <o:p></o:p></span></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 2.05in; margin-top: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 2.05in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">7. U.S.
Department of Veterans Affairs (VA) </span><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";"> </span></i></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";"> <a href="http://www.publichealth.va.gov/flu/pandemicflu.htm">http://www.publichealth.va.gov/flu/pandemicflu.htm</a></span></i><i style="mso-bidi-font-style: normal;"><span style="color: black;"><span style="mso-spacerun: yes;"> </span><o:p></o:p></span></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 2.05in; margin-top: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: 2.05in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;">8. Department
of Agriculture (USDA)</span><i style="mso-bidi-font-style: normal;"><u><span style="color: blue;"><o:p></o:p></span></u></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><i>Link not currently active.</i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">9. Department of Labor Occupational Safety and Health
Administration (OSHA)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://www.osha.gov/dsg/guidance/avian-flu.html"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://www.osha.gov/dsg/guidance/avian-flu.html</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: blue;"> <u><o:p></o:p></u></span></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">10. Department of State<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://travel.state.gov/travel/tips/health/health_1181.html"><i style="mso-bidi-font-style: normal;"><span style="color: blue; mso-fareast-font-family: "Times New Roman";">http://travel.state.gov/travel/tips/health/health_1181.html</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: blue;"> <u><o:p></o:p></u></span></i></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">11. U.S. Agency for International Development (USAID)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: .05in; margin-top: 0in; vertical-align: baseline;">
<i style="font-family: Arial, Helvetica, sans-serif;">Link not currently active.</i></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: .2in; margin-top: 0in; vertical-align: baseline;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: .2in; margin-top: 0in; vertical-align: baseline;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif;">12. Security and
Prosperity Partnership of North America (The North America Plan for Avian &
Pandemic Influenza)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: .2in; margin-top: 0in; vertical-align: baseline;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: black;"><span style="mso-spacerun: yes;"> </span><span style="mso-tab-count: 1;"> </span></span><a href="http://www.spp.gov/pdf/nap_flu07.pdf"><i style="mso-bidi-font-style: normal;"><span style="color: blue; letter-spacing: 0.05pt;">http://www.spp.gov/pdf/nap_flu07.pdf</span></i></a><i style="mso-bidi-font-style: normal;"><span style="color: blue; letter-spacing: 0.05pt;"> <u><o:p></o:p></u></span></i></span></div>
<div class="MsoNormal" style="line-height: 14.35pt; margin-top: 12.35pt; mso-line-height-rule: exactly; vertical-align: baseline;">
<span style="color: black; letter-spacing: 0.05pt;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif;">If you want to discuss your specific pandemic preparation requirements, please contact us at <a href="mailto:compliance@lenderscompliancegroup.com">compliance@lenderscompliancegroup.com</a>.</span></o:p></span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-33614122882862442822020-02-28T08:46:00.000-05:002020-02-28T10:33:54.942-05:00Coronavirus: CDC Guidance - An Urgent Message<span style="color: #cc0000; font-family: "arial" , "helvetica" , sans-serif;"><a href="https://lenderscompliancegroup.com/7.html"><b>PRINT THIS</b></a></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">The Center for Disease Control and Prevention (CDC) has issued an alert
regarding the Coronavirus Disease, entitled </span><i style="font-family: arial, helvetica, sans-serif;"><b>Interim Guidance for Businesses
and Employers to Plan and Respond to Coronavirus Disease 2019 (COVID-19),
February 2020</b></i><span style="font-family: "arial" , "helvetica" , sans-serif;">.</span><br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">This Interim Guidance (“Guidance”) is based on what is currently known
about the coronavirus disease 2019 (COVID-19). The CDC will update this Guidance
as needed and as additional information becomes available.<o:p></o:p></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><br /></b></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Read the CDC's Guidance <a href="https://www.cdc.gov/coronavirus/2019-ncov/specific-groups/guidance-business-response.html">HERE</a>.</b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Unfortunately, much is unknown about how the virus that causes COVID-19
spreads. Current knowledge is largely based on what is known about similar
coronaviruses.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The Guidance is meant to help prevent workplace exposures to acute
respiratory illnesses, including COVID-19, in non-healthcare settings. The
guidance also provides planning considerations if there are more widespread,
community outbreaks of COVID-19.<o:p></o:p></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Lenders Compliance Group is willing to help!</b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">At this time, we suggest that you review your <u><b>Disaster Recovery and
Business Continuity Plan</b></u> (“DRBC”), as the impact, features, factors, procedures, and policy requirements relating to COVID-19
should be set forth therein. The plan should include the CDC’s recommended strategies for
employers to implement. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Due to this emergency, if you need help with your DRBC,
Lenders Compliance Group is offering to provide its DRBC review, assessment, risk rating, recommendations, and policy at a 20% discount from our already low fee. If the cost is a bit tough to
manage, we will give you an affordable payment plan. Avoid the manual mills, one-size-fits-all, and fill-in-the-blanks versions. The DRBC must be customized to your institution to be effective and meet regulatory scrutiny!<o:p></o:p></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>To request support with your DRBC, click <a href="https://lenderscompliancegroup.formstack.com/forms/drbc">HERE</a>.</b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #cc0000;">EMPLOYER ACTIONS</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="text-indent: -0.25in;">Ensure the plan is flexible and involve your
employees in developing and reviewing your plan.</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Conduct a focused discussion or exercise using
your plan to find out ahead of time whether the plan has gaps or problems that
need to be corrected.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Share your plan with employees and explain what
human resources policies, workplace and leave flexibilities, and pay and
benefits will be available to them.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Share best practices with other businesses in
your communities (especially those in your supply chain), chambers of commerce,
and associations to improve community response efforts. </span></li>
</ul>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #cc0000;">Response
Plan</span><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: red;"><span style="font-family: "arial" , "helvetica" , sans-serif;">There are
numerous actions that must be implemented <u>now</u>. </span></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: red;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Do not wait! </span></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: red;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Time is not on your
side!</span></span><br />
<div style="text-align: left;">
<span style="color: red;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<div style="text-align: left;">
</div>
<ul>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Identify possible work-related exposure and health risks to your employees.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Review human resources policies to make sure that policies and practices are consistent with public health recommendations and are consistent with existing state and federal workplace laws.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Explore whether you can establish policies and practices, such as flexible worksites (i.e., telecommuting) and flexible work hours (i.e., staggered shifts), to increase the physical distance among employees and between employees and others if state and local health authorities recommend the use of social distancing strategies.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Identify essential business functions, essential jobs or roles, and critical elements within your supply chains (i.e., raw materials, suppliers, subcontractor services/products, and logistics) required to maintain business operations.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Plan for how your business will operate if there is increasing absenteeism or these supply chains are interrupted.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Set up authorities, triggers, and procedures for activating and terminating the company’s infectious disease outbreak response plan, altering business operations (i.e., possibly changing or closing operations in affected areas), and transferring business knowledge to key employees.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Plan to minimize exposure between employees and also between employees and the public, if public health officials call for social distancing.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Establish a process to communicate information to employees and business partners on your infectious disease outbreak response plans and latest COVID-19 information.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Anticipate employee fear, anxiety, rumors, and misinformation, and plan communications accordingly.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">In some communities, early childhood programs and K-12 schools may be dismissed, particularly if COVID-19 worsens. Determine how you will operate if absenteeism spikes from increases in sick employees, those who stay home to care for sick family members, and those who must stay home to watch their children if dismissed from school.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Local conditions will influence the decisions that public health officials make regarding community-level strategies; employers should take the time now to learn about plans in place in each community where they have a business.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">If there is evidence of a COVID-19 outbreak in the US, consider canceling non-essential business travel to additional countries per travel guidance on the CDC website.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Travel restrictions may be enacted by other countries which may limit the ability of employees to return home if they become sick while on travel status.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Consider cancelling large work-related meetings or events.</span></li>
<li style="text-align: left;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Engage state and local health departments to confirm channels of communication and methods for dissemination of local outbreak information.<a name='more'></a></span></li>
</ul>
</div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #cc0000;"><br /></span></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #cc0000;">RECOMMENDED STRATEGIES</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;"><u>Actively encouraging sick employees to stay home:</u></span><br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Employees who have symptoms of acute respiratory
illness are recommended to stay home and not come to work until they are free
of fever (100.4° F [37.8° C] or greater using an oral thermometer), signs of a
fever, and any other symptoms for at least 24 hours, without the use of
fever-reducing or other symptom-altering medicines (e.g. cough suppressants).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Employees should notify their supervisor and
stay home if they are sick.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Ensure that your sick leave policies are
flexible and consistent with public health guidance and that employees are
aware of these policies. Talk with companies that provide your business with
contract or temporary employees about the importance of sick employees staying
home and encourage them to develop non-punitive leave policies.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Do not require a healthcare provider’s note for
employees who are sick with acute respiratory illness to validate their illness
or to return to work, as healthcare provider offices and medical facilities may
be extremely busy and not able to provide such documentation in a timely way.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Employers should maintain flexible policies that
permit employees to stay home to care for a sick family member. Employers
should be aware that more employees may need to stay at home to care for sick
children or other sick family members than is usual.</span></li>
</ul>
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;"><u>Separating sick employees:</u></span><br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">CDC recommends that employees who appear to have
acute respiratory illness symptoms (i.e. cough, shortness of breath) upon
arrival to work or become sick during the day should be separated from other
employees and be sent home immediately. Sick employees should cover their noses
and mouths with a tissue when coughing or sneezing (or an elbow or shoulder if
no tissue is available).</span></li>
</ul>
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;"><u>Emphasizing that employees should stay home when
sick.</u></span><br />
<ul>
<li><span style="text-indent: -0.25in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Place posters that encourage staying home when
sick, cough and sneeze etiquette, and hand hygiene at the entrance to your
workplace and in other workplace areas where they are likely to be seen.</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Provide tissues and no-touch disposal
receptacles for use by employees.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Instruct employees to clean their hands often
with an alcohol-based hand sanitizer that contains at least 60-95% alcohol, or
wash their hands with soap and water for at least 20 seconds. Soap and water
should be used preferentially if hands are visibly dirty.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Provide soap and water and alcohol-based hand
rubs in the workplace. Ensure that adequate supplies are maintained. Place hand
rubs in multiple locations or in conference rooms to encourage hand hygiene.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Visit the coughing and sneezing etiquette and
clean hands webpage for more information.</span></li>
</ul>
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;"><u>Perform routine environmental cleaning:</u></span><br />
<ul>
<li><span style="text-indent: -0.25in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Routinely clean all frequently touched surfaces
in the workplace, such as workstations, countertops, and doorknobs. Use the
cleaning agents that are usually used in these areas and follow the directions
on the label.</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">No additional disinfection beyond routine
cleaning is recommended at this time.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Provide disposable wipes so that commonly used
surfaces (for example, doorknobs, keyboards, remote controls, desks) can be
wiped down by employees before each use.</span></li>
</ul>
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;"><u>Advise employees before traveling to take
certain steps:</u></span><br />
<ul>
<li><span style="text-indent: -0.25in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Check the CDC’s Traveler’s Health Notices for
the latest guidance and recommendations for each country to which you will
travel. Specific travel information for travelers going to and returning from
China, and information for aircrew, can be found at on the CDC website.</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Advise employees to check themselves for
symptoms of acute respiratory illness before starting travel and notify their
supervisor and stay home if they are sick.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Ensure employees who become sick while traveling
or on temporary assignment understand that they should notify their supervisor
and should promptly call a healthcare provider for advice if needed.</span></li>
<li><span style="text-indent: -0.25in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">If outside the United States, sick employees
should follow your company’s policy for obtaining medical care or contact a
healthcare provider or overseas medical assistance company to assist them with
finding an appropriate healthcare provider in that country. A U.S. consular
officer can help locate healthcare services. However, U.S. embassies,
consulates, and military facilities do not have the legal authority,
capability, and resources to evacuate or give medicines, vaccines, or medical
care to private U.S. citizens overseas.</span></span></li>
</ul>
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;"><u>Additional Measures in Response to Currently
Occurring Sporadic Importations of the COVID-19:</u></span><br />
<ul>
<li><span style="text-indent: -0.25in;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Employees who are well but who have a sick
family member at home with COVID-19 should notify their supervisor and refer to
CDC guidance for how to conduct a risk assessment of their potential exposure.</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">If an employee is confirmed to have COVID-19,
employers should inform fellow employees of their possible exposure to COVID-19
in the workplace but maintain confidentiality as required by the Americans with
Disabilities Act (ADA). Employees exposed to a co-worker with confirmed
COVID-19 should refer to CDC guidance for how to conduct a risk assessment of
their potential exposure.</span></li>
</ul>
</div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #cc0000;">IMPORTANT LINKS</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br />
<ul>
<li><span style="text-indent: -0.25in;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.cdc.gov/coronavirus/2019-ncov/about/index.html?CDC_AA_refVal=https%3A%2F%2Fwww.cdc.gov%2Fcoronavirus%2Fabout%2Findex.html"><b>C</b>OVID-19 WEBSITE</a></span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.cdc.gov/coronavirus/2019-ncov/downloads/2019-ncov-factsheet.pdf"><b>W</b>HAT YOU NEED TO KNOW ABOUT COVID-19</a></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.cdc.gov/coronavirus/2019-ncov/downloads/sick-with-2019-nCoV-fact-sheet.pdf"><b>W</b>HAT TO DO IF YOU ARE SICK WITH COVID-19</a></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.cdc.gov/coronavirus/2019-ncov/php/risk-assessment.html"><b>I</b>NTERIM US GUIDANCE FOR RISK ASSESSMENT AND PUBLIC HEALTH MANAGEMENT OF PERSONS WITH POTENTIAL CORONAVIRUS DISEASE 2019 (COVID-19) EXPOSURE IN TRAVEL-ASSOCIATED OR COMMUNITY SETTINGS</a></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://emergency.cdc.gov/HAN/"><b>H</b>EALTH ALERT NETWORK</a></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://wwwnc.cdc.gov/travel"><b>T</b>RAVELERS’ HEALTH WEBSITE</a></span></li>
</ul>
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Ultimately, now is the time to ensure that you are preparing for the
COVID-19 outbreak. According to the medical and scientific consensus, it is
continuing to broaden into a worldwide pandemic. </span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>If you need help with your DRBC,
we are ready and able to help you. Click <a href="https://lenderscompliancegroup.formstack.com/forms/drbc">HERE</a></b>. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Whatever you decide, be proactive in preventing
the spread of the coronavirus disease and take all necessary actions to
ensure that you have mitigated the potential impact on your employees,
community, and on your financial institution.</span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-88636752616926077902020-02-26T11:53:00.000-05:002020-02-26T11:53:36.986-05:00CFPB Posts New FAQs on TRID<span style="font-family: Arial, Helvetica, sans-serif;">The Consumer Financial Protection Bureau (CFPB) has posted Frequently Asked Questions related to the TRID Rule and lender credits. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif;">Visit <a href="https://www.consumerfinance.gov/policy-compliance/guidance/tila-respa-disclosure-rule/tila-respa-integrated-disclosure-faqs/">TILA-RESPA Integrated Disclosure FAQs</a></span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div style="text-align: center;">
<span style="color: #cc0000; font-family: Arial, Helvetica, sans-serif;"><b>Topics Covered</b></span></div>
<br />
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Corrected Closing Disclosures (CDs) and the 3-Business Days waiting period before consummation</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Model Forms</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Construction Loans</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Providing Loan Estimates (LEs) to Consumers</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Lender Credits</span></li>
</ul>
<br />
<div style="text-align: center;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: #cc0000;"><b>Questions</b></span></span></div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div style="text-align: center;">
<span style="color: #073763; font-family: Arial, Helvetica, sans-serif;"><b>Corrected Closing Disclosures</b></span></div>
<br />
<ol>
<li><span style="font-family: Arial, Helvetica, sans-serif;">If there is a change to the disclosed terms after the creditor provides the initial Closing Disclosure, is the creditor required to ensure the consumer receives a corrected Closing Disclosure at least three business days before consummation?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Is a creditor required to ensure that a consumer receives a corrected Closing Disclosure at least three business days before consummation if the APR decreases (i.e., the previously disclosed APR is overstated)?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Does Section 109(a) of the Economic Growth, Regulatory Relief, and Consumer Protection Act affect the timing for consummating a transaction if a creditor is required to provide a corrected Closing Disclosure under the TRID Rule?</span></li>
</ol>
<br />
<div style="text-align: center;">
<span style="color: #0c343d; font-family: Arial, Helvetica, sans-serif;"><b>Model Forms</b></span></div>
<br />
<ol>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Does a creditor’s use of a model form provide a safe harbor if the model form does not reflect a TRID Rule change finalized in 2017?</span></li>
</ol>
<br />
<div style="text-align: center;">
<span style="color: #0c343d; font-family: Arial, Helvetica, sans-serif;"><b>Construction Loans</b></span></div>
<br />
<ol>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Are construction-only loans or construction-permanent loans covered by the TRID Rule?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Are there special disclosure provisions for construction-only or construction-permanent loans under the TRID Rule?</span></li>
</ol>
<br />
<div style="text-align: center;">
<span style="color: #0c343d; font-family: Arial, Helvetica, sans-serif;"><b>Providing Loan Estimates (LEs) to Consumers</b></span></div>
<br />
<ol>
<li><span style="font-family: Arial, Helvetica, sans-serif;">When is a creditor required to provide a Loan Estimate to a consumer?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Can creditors require consumers to provide additional information (other than the six pieces of information that constitute an application under the TRID Rule) in order to receive a Loan Estimate?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Can creditors require consumers to submit verifying documents in order for the consumer to receive a Loan Estimate?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Is the requirement to provide a Loan Estimate triggered if the consumer submits the six pieces of information in order to receive a pre-approval or pre-qualification letter?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">What if a creditor needs to collect additional information (other than the six pieces of information that constitute an application for purposes of the TRID Rule) or verifying documents to process a pre-approval or pre-qualification request?</span></li>
</ol>
<br />
<div style="text-align: center;">
<span style="color: #0c343d; font-family: Arial, Helvetica, sans-serif;"><b>Lender Credits</b></span></div>
<br />
<ol>
<li><span style="font-family: Arial, Helvetica, sans-serif;">What is a lender credit for purposes of the TRID Rule?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">What is the difference between a specific lender credit and a general lender credit?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Is a creditor required to disclose a closing cost and a related lender credit on the Loan Estimate if the creditor will absorb the cost?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Is a creditor required to disclose a closing cost and related lender credit on the Closing Disclosure if the creditor will absorb the cost?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">How are lender credits disclosed on the Loan Estimate?<span style="white-space: pre;"> </span> </span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">How are lender credits disclosed on the Closing Disclosure?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">How does a creditor disclose lender credits for a loan that the creditor refers to as a "no-cost loan"?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">How does a creditor disclose lender credits if the creditor provides a credit, rebate, or reimbursement to offset specific closing costs charged to the consumer?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">How does a creditor disclose lender credits when it is offsetting a certain dollar amount of closing costs charged to the consumer without specifying which costs it is offsetting?</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Can lender credits change?</span></li>
</ol>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><div>
Email: <a href="mailto:Compliance@LendersComplianceGroup.com">Compliance@LendersComplianceGroup.com</a></div>
<div>
Phone: 866-602-6660</div>
<div>
Voicemail: 866-255-6466</div>
</span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-37919485789517420712020-02-12T09:27:00.000-05:002020-02-12T09:30:51.475-05:00Monthly Mortgage Compliance - Semi-Annual Opportunity<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Message from
Jonathan Foxx, Ph.D., MBA </span></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Chairman & Managing Director</span></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Lenders Compliance
Group.</span></span><br />
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #0b5394;">________________________________</span></span></div>
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Twice each year, we
open our doors to new clients to join our family of clientele that use our
monthly mortgage compliance support. </span><span style="color: black;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">During this discount
enrollment period, we discount our already low monthly flat
fee. The timeframe to take advantage of this <u>offer ends on
March 31st</u>. </span><span style="color: black;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">We offer the discount
as an expression of our mission. Let me explain.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">When I started Lenders
Compliance Group in 2006, there were virtually no other mortgage compliance and
risk management companies around. My idea was to offer a team of the top
compliance experts at a fraction of the cost it would be to retain any of them
individually. At first, it was rough going, because companies had become
grudgingly dependent on high fees and high payroll costs. One by one, they joined
us and in time Lenders Compliance Group became the preeminent compliance firm
in the country.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Of course, soon the
copycats popped up, jumping onto what they thought was a big money-making
bandwagon. But I said then, as I say now, 'I welcome competition.' The
hybridization of compliance firms mystified me at first, such as firms that
offered boilerplate policies and procedures for next to nothing but slammed
lenders with excessive monthly fees, law firms that previously had no mortgage
compliance departments all of a sudden sprung up with their various
"compliance divisions," and quality control firms that had no real
mortgage compliance experience except for providing QC auditing yet parleyed
their client list. Unfortunately, and inevitably, many lenders were chiseled,
chastened, but happily came to us. </span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Believe it or not -
and I have said this many times - we choose our clients as much as they choose
us. Not every client is a good fit, and just because they have a lot of money
or clout does not mean they are right for us. We seek lenders that are serious
about implementing compliance, not trying to find a way to twist a regulation
into an unrecognizable shape. We'll sometimes modestly push the compliance
envelope, but only so much! If you conduct compliance on the basis of a
cost/benefit ratio, you're probably not a good fit for us.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">I'm proud of what
we've accomplished, and it all began with monthly compliance support. In
effect, we become an extension of your office!</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">We now provide the largest range of compliance services - all of it hands-on, personal, and direct! But we will always stick by our vision to provide a safe and
sound approach to monthly compliance.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">So, what do you get as
a <u>monthly mortgage compliance</u> client? This -</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><span style="color: #002060;">Low Monthly Flat Fee</span></b><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><span style="color: #002060;">On-going Compliance
Support</span></b><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><span style="color: #002060;">Supervised by
Directors</span></b><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><span style="color: #002060;">Subject Matter Experts</span></b><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><span style="color: #002060;">Unlimited Questions</span></b><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><span style="color: #002060;">Most Policy Documents</span></b><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><span style="color: #002060;">Secure Record Storage</span></b><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b><span style="color: #002060;">Dedicated Team</span></b><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">If you are a lender
that needs cost-effective regulatory compliance guidance relating to mortgage
acts, rules, regulations, and Best Practices, <u>and</u> you are
committed to safety and soundness, you should contact us. We'll provide
independent, reliable, low cost, on-going support to your compliance team!</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">If you miss out on
this opportunity for a reduced fee, we'll be providing the offer again later
this year. The deadline is <u>March 31st</u>. But why wait? </span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Just contact us and
we'll send you a one-page presentation, and you can also speak with me or one
of our Directors to discuss your compliance needs. </span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">If you're interested,
we'll give you a simple form to complete that lets us know a little about your organization, so that we can send you an engagement proposal with appropriate
pricing, staffing, and scope. We're usually able to get started immediately!</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Click the sidebar
button or feel free to contact us at your convenience via email, phone, or even
leaving a voicemail. </span></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;"><br /></span></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Email: C<a href="mailto:ompliance@LendersComplianceGroup.com">ompliance@LendersComplianceGroup.com</a></span><o:p></o:p></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Phone: 866-602-6660</span></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Voicemail: 866-255-6466</span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 4.5pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #002060;">Wishing you all the
best!</span></span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-45580150714410390492019-05-13T13:50:00.000-04:002019-05-13T13:50:10.926-04:00Mortgage Servicers: CFPB Supervisory Highlights Report<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">On March 12, 2019, the Consumer Financial Protection Bureau (CFPB)
released the 18th edition of its Supervisory Highlights report. The report
covers supervision activities completed between June 2018 and November 2018 and
discusses supervisory observations related to automobile loan servicing,
deposits, mortgage servicing, and remittances. <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">I am going to provide a synopsis of the highlights
as they pertain to mortgage servicing. <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">When I read the highlights, I am particularly glad that we help our
mortgage servicer clients to avoid violations.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">If you need assistance, we are the cost-effective solution. <a href="mailto:compliance@lenderscompliancegroup.com">Contact us for more information!</a><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">A highlight from the CFPB should be understood as a violation of federal
banking law. Be careful and vigilant!</span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;"><b>Charging Consumers Unauthorized Amounts</b></span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">One or more examinations observed that servicers charged consumers late
fees greater than the amount permitted by mortgage notes. Examiners identified
several types of affected mortgage notes. For example, certain Federal Housing
Administration (FHA) mortgage notes permit servicers to collect late fees in
the amount of 4.00 percent of the overdue principal and interest. However, on
large numbers of loans, the servicer charged late fees on 4.00 percent of the
overdue principal, interest, taxes, and insurance rather than on only the
principal and interest. Examiners also identified mortgage notes containing
provisions that limit the late fee amount. Programming errors in the servicing
platform and lapses in service provider oversight caused the overcharges. The
examination found that the servicer engaged in an unfair practice. The conduct
caused a substantial injury to consumers because they paid more in late fees
than required by their mortgage notes.</span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;"><b>Misrepresenting Private Mortgage Insurance Cancellation Denial Reasons</b></span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">In relevant part, the Homeowners Protection Act (HPA) requires servicers
to cancel private mortgage insurance (PMI) in connection with a residential
mortgage transaction if certain conditions are met. At one or more servicers,
borrowers who verbally requested PMI cancellation were informed that they were
declined because they had not reached 80 percent loan to value (LTV). Although
the relevant amortization schedules did not yet provide for 80 percent LTV,
examiners found that these borrowers had in fact reached 80 percent LTV based
on actual payments because they had made extra principal payments. Although the
borrowers did not satisfy other criteria necessary to trigger
borrower-initiated cancellation rights under the HPA, such as certifying that
the property is unencumbered by subordinate liens or submitting the requests in
writing, the servicer did not provide these as reasons to borrowers for denying
the requests.</span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">One or more examinations identified servicer representations as
deceptive because they misrepresented the conditions for PMI removal. Consumers
might think that they had miscalculated payments such that they had not yet
reached 80 percent LTV or had misunderstood some other aspect of meeting the
LTV requirement. Note that the HPA does not require servicers to respond to
verbal requests to eliminate PMI, and therefore, the servicer did not violate
the HPA.</span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;"><b>Failing to Exercise Reasonable Diligence to Complete Loss Mitigation
Applications</b></span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">Regulation X requires servicers to exercise reasonable diligence in
obtaining documents and information to complete a loss mitigation application.
In examinations covering 2016 (this is outside the time frame of other
activities in the report), examiners found that one or more servicers did not
meet the Regulation X reasonable diligence requirements. These servicers
offered short-term payment forbearance programs during collection calls to
delinquent borrowers who expressed interest in loss mitigation and submitted financial
information that the servicer would consider in evaluating them for loss
mitigation. However, the servicer did not notify the borrowers that such
short-term payment forbearance programs were based on an incomplete application
evaluation. And near the end of the forbearance period, the servicer did not
contact the borrowers as to whether they wished to complete the applications to
receive a full loss mitigation evaluation. As a result, one or more
examinations found that the servicer violated 12 CFR 1024.41(b)(1) requirements
to exercise reasonable diligence in obtaining documents and information to
complete a loss mitigation application.</span><o:p></o:p></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;"><b>Requirements for Foreclosure Timeline Extensions in
Home Equity Conversion Mortgages</b></span><o:p></o:p></div>
<div style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">One or more examinations reviewed the servicing
of home equity conversion mortgage (HECM) loans, a type of reverse mortgage
insured by the Department of Housing and Urban Development (HUD). Under the
terms of such mortgages, the death of the borrower on the loan constitutes
default, and HUD generally requires HECM servicers to refer such loans to
foreclosure within six months of the death of the borrower to be eligible for
HUD insurance. HUD also allows servicers to request up to two 90-day extensions
to enable successors to purchase the property or market the property for sale
without losing the benefit of HUD insurance. One or more servicers sent a
notice to successors-in-interest after the borrower on the loan died. The
notice stated that the loan balance was due and payable, but that the successor
could qualify for an extension of time to delay or avoid foreclosure. Examiners
found that some successors did not receive a complete list of all the documents
needed to evaluate them for an extension. Some of these successors returned the
form indicating their intentions to purchase the property or market the
property for sale, but did not return all the documents that were needed for
the evaluation. As a result, the servicer did not seek an extension for these
successors.</span></div>
<div style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: "arial" , sans-serif; font-size: 10.0pt;">Jonathan Foxx, PhD, MBA</span></div>
<div style="text-align: justify;">
<span style="font-family: "arial" , sans-serif;"><span style="font-size: 13.3333px;">Managing Director</span></span></div>
<div style="text-align: justify;">
<span style="font-family: "arial" , sans-serif;"><span style="font-size: 13.3333px;">Lenders Compliance Group</span></span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-57449834430291351702019-01-30T09:40:00.001-05:002019-01-30T09:42:08.392-05:00HMDA HIGHLIGHTS: NEW RULES FOR 2018 AND BEYOND<div class="MsoNormal" style="background-color: white; text-align: justify;">
<div class="MsoNormal" style="font-size: 13.2px;">
<span style="font-size: 10pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://lenderscompliancegroup.com/2.html">Jonathan Foxx, PhD, MBA</a></span></span></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;">Chairman & Managing Director</span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13.2px;">
<span style="font-family: "calibri" , sans-serif; font-size: 10.0pt;"><br /></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Filing the HMDA LAR annually often seems like
a Rite of Passage. Most filers vacillate between dread and certitude in their
evaluation of the data integrity, let alone enduring the stress of submitting
the report by the deadline. The acronyms HMDA LAR refer (of course) to the Loan
Application Register (LAR) of the Home Mortgage Disclosure Act (HMDA or “Act”)
and its implementing Regulation C (“Regulation”). By the way, the HMDA acronym
is pronounced “hummda” – not “himmda”. Each year about this time, we get a lot
of calls for HMDA support, especially in LAR preparation and filing. In the
last few years, changes in filing requirements seem to have pushed filers to
the point of reaching for the bottle (of Maalox). But the filing requirements
are not that complicated, though they are now more involved in obtaining data
and include partial exemptions (more on that later).<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">If you don’t think HMDA data is all that
important except to the PhD’s at the Federal Reserve, you should spend some
time with financial institutions who have undergone fair lending examinations.
One of the first data sets a regulator asks for in a fair lending audit happens
to be the HMDA LAR. The data is used to help identify possibly discriminatory
lending patterns, and compliance with the Equal Credit Opportunity Act, the
Fair Housing Act, and the Community Reinvestment Act. Inaccurate HMDA data can
make it difficult for the public and regulators to discover and stop
discrimination in home mortgage lending or for public officials and lenders to
tell whether a community’s credit needs are being met. Yet I was told by a
senior executive that there is nothing to be concerned about these days, given
that under the current Administration there has been a reduction of regulatory
enforcement. The same person told me that regulators have been advised to go
easy on examinees. So, that means you can get away with lowering the compliance
bar. After all, less enforcement means less worries, right? Wrong! <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">The bird of compliance flies on two wings:
examination and enforcement. Examination is intrinsic to supervision; and
enforcement is intrinsic to ensuring implementation of the regulatory
framework. If an examiner finds violations and defects, administrative actions
can ensue. If you want to be a test case, go ahead, tempt the devil, see what
happens! In compliance, virtually all transactions and policies leave tracks.
If “don’t get caught” is your game plan, I am going to tell you straight-out
that you will get caught. Any creditor that fails to comply with a requirement
imposed by the Act or the Regulation is subject to civil liability for actual
and punitive damages in individual or class actions.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[i]</span><!--[endif]--></span> Violations of the Act or
the Regulation also constitute violations of other federal laws. The civil
monetary penalties can be onerous! Last year a financial institution was
ordered to pay a civil money penalty of $1.75 million for persistent and
substantial reporting errors.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ii]</span><!--[endif]--></span> Liability for punitive
damages can apply only to nongovernmental entities and is limited to $10,000 in
individual actions and the lesser of $500,000 or 1 percent of the creditor's
net worth in class actions.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iii]</span><!--[endif]--></span> There is not only
equitable and declaratory relief but also the awarding of costs and reasonable
attorney fees to an aggrieved applicant in a successful action.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iv]</span><!--[endif]--></span> Still want to tempt the
devil?<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">When it comes to HMDA, <a href="https://www.blogger.com/null" name="Bookmark_TAAB"></a><a href="https://www.blogger.com/null" name="Bookmark__1"></a>a financial institution must
make a good faith effort to record all data concerning covered transactions
fully and accurately within 30 days after the end of each calendar quarter.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[v]</span></span><!--[endif]--></span> The
concept of “good faith” is a feature of many statutes, but the notion comes
down to a simple idea: if you operate on the basis of a positive commitment to
fulfill the terms and spirit of a regulation, yet despite doing so you still
had some defects in implementation, regulators will take this into
consideration in determining administrative actions. How would you prove such
good faith? Just show the regulator the compliance tracks which support your
actions and best efforts. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">A financial institution is not
required to record all of its HMDA data for a quarter on a single LAR. Instead,
an institution may record data on a single LAR or may record data on one or
more LARs for different branches or different loan types (such as home purchase
loans, home improvement loans, and loans on multifamily dwellings). <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">A financial institution may
maintain its quarterly records in electronic or any other format, provided it
can make the information available to the regulatory agency in a timely manner
upon request.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[vi]</span></span></span></span></div>
<!--[endif]--><span style="font-family: "calibri" , sans-serif;"><o:p></o:p></span><br />
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Whatever the case, institutions
must submit their LARs to their regulatory agencies by March 1</span><sup style="font-family: calibri, sans-serif;">st</sup><span style="font-family: "calibri" , sans-serif;">
following the calendar year for which they are reporting.</span><span class="MsoEndnoteReference" style="font-family: "calibri" , sans-serif;"><span class="MsoEndnoteReference"><span style="color: black;">[vii]</span></span></span><span style="font-family: "calibri" , sans-serif;"> The
required data requested on the LAR must be entered for each loan origination,
each application acted on, and each loan purchased during the calendar year.</span><span class="MsoEndnoteReference" style="font-family: "calibri" , sans-serif;"><span class="MsoEndnoteReference"><span style="color: black;">[viii]</span></span></span><span style="font-family: "calibri" , sans-serif;"> An
application must be reported in the year when final action is taken.
Originations must be reported in the year they close; if an application has
been approved but not yet closed, it must be reported the next year.</span><span class="MsoEndnoteReference" style="font-family: "calibri" , sans-serif;"><span class="MsoEndnoteReference"><span style="color: black;">[ix]</span></span></span><br />
<span class="MsoEndnoteReference" style="font-family: "calibri" , sans-serif;"><span class="MsoEndnoteReference"><span style="color: black;"></span></span></span><br />
<a name='more'></a></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Beginning in 2020, quarterly
reporting is required for institutions that reported a combined total of at
least 60,000 applications and covered loans in the preceding calendar year
(excluding purchased covered loans). In addition to their annual LAR, these
institutions must submit HMDA data for the first three quarters of the year on
a quarterly basis, with the first submission due May 30, 2020. These
institutions must submit the data within 60 calendar days after the end of each
calendar quarter except the last quarter.</span><span class="MsoEndnoteReference" style="font-family: "calibri" , sans-serif;"><span class="MsoEndnoteReference"><span style="color: black;">[x]</span></span></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">For instance, in calendar year
2019, if a financial institution reports 60,000 covered loans, excluding
purchased covered loans, it must comply with the quarterly reporting
requirement during 2020. Similarly, for calendar year 2019, if a financial
institution reported 20,000 applications and 40,000 covered loans, combined,
excluding purchased loans, it must comply with quarterly reporting in 2020.
But, for calendar year 2020, if a financial institution reports fewer than
60,000 covered loans and applications, combined, excluding purchased loans, it
would not be required to file quarterly reports in 2021.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal">
<div style="font-family: arial, tahoma, helvetica, freesans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">By the way, I am often asked about the last
day to file the HMDA LAR if the deadline falls on a weekend.<a href="https://www.blogger.com/null" name="Bookmark_TAAD"></a><a href="https://www.blogger.com/null" name="Bookmark__3"></a> The answer is, when the last day of submission falls on a Saturday or
Sunday, a submission is considered timely if it is submitted on the next
succeeding Monday.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xi]</span></span><!--[endif]--></span> </span></div>
<div style="font-family: arial, tahoma, helvetica, freesans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;"><br /></span></div>
<span style="font-family: "calibri" , sans-serif;">Now let’s go to the electronic format requirements. For some reason, people are usually spooked by these requirements, especially the intricacies of ensuring data integrity. But such worries are overblown. After all, there is plenty of software around that is already set up to handle the data reporting requirements. Even the Federal Financial Institutions Examination Council (FFIEC) provides very good HMDA software tools.[xii] The Consumer Financial Protection Bureau (CFPB or “Bureau”) has a website page with resources for filers.[xiii]</span><br />
<span style="font-family: "calibri" , sans-serif;"><br /></span>
<span style="font-family: "calibri" , sans-serif;">My firm has an entire group devoted to HMDA data collection reviews, scrubbing for accuracy, and fair lending risk assessments. We come across the data gathering complexities all the time. The big problem is this: garbage in, garbage out! Whatever the software, and whatever the expertise you retain, such as Lenders Compliance Group, it is critical to make sure the data in the loan origination system is accurate. Otherwise, you will be left with all sorts of mismatches and edits, and may also need to conduct a HMDA scrub.</span><br />
<span style="font-family: "calibri" , sans-serif;"><br /></span>
<span style="font-family: "calibri" , sans-serif;">Beginning January 1, 2019 for data collected in 2018, a financial institution must submit its data electronically in the format prescribed by the CFPB at </span><a href="http://www.consumerfinance.gov/hmda" style="font-family: calibri, sans-serif;"><span style="color: blue;">www.consumerfinance.gov/hmda</span></a><span style="font-family: "calibri" , sans-serif;">.</span><br />
<span style="font-family: "calibri" , sans-serif;"><br /></span>
<span style="font-family: "calibri" , sans-serif;">Let me now zoom in to some basics for data collection. Effective January 1, 2019, a financial institution must provide the following basic information in an electronic transmittal sheet with its submission:<span style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"> <o:p></o:p></span></span></div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Its name;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">The calendar year, or
calendar quarter and year, the submission covers;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">The name and contact
information of a person who may be contacted with questions about the
submission;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Its appropriate
Federal agency;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">The total number of
entries contained in the submission;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Its Federal taxpayer
identification number; and,</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Its Legal Entity
Identifier (LEI).<span class="MsoEndnoteReference" style="text-indent: -0.25in;"><span class="MsoEndnoteReference">[xiv]</span></span> </span></li>
</ul>
<span style="font-family: "arial" , "helvetica" , sans-serif;">If you do not kn</span><span style="font-family: "calibri" , sans-serif;">ow about the Legal
Entity Identifier, you might want to check out my White Paper, <i><b>Legal Entity Identifiers and HMDA 2018: Questions and Answers</b>,</i> available in the <a href="https://lenderscompliancegroup.com/20.html">ARTICLES</a> section of the Lenders Compliance
Group’s website (</span><span class="MsoHyperlink" style="font-family: "arial" , "tahoma" , "helvetica" , "freesans" , sans-serif;"><span style="color: blue; font-family: "calibri" , sans-serif;"><a href="http://www.lenderscompliancegroup.com/"><span style="color: blue;">www.lenderscompliancegroup.com</span></a></span></span><span style="font-family: "calibri" , sans-serif;">).<span class="MsoEndnoteReference"><span class="MsoEndnoteReference"><span style="color: black;">[xv]</span></span></span> You
might also be interested in my Magazine Article, <i><b>Home Mortgage Disclosure Act – Big Changes on the Way!</b></i>,<a href="file:///C:/Users/jiflc/Google%20Drive/WRITINGS/1-PUBLISHED%20WORK-Articles/2019/HMDA%20Highlights%20(January%202019)/HMDA%20Highlights-New%20Rules%20for%202018%20and%20Beyond%20(Foxx.NMP-2019.01).docx#_edn16" name="_ednref16" title=""><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"><span style="color: black;">[xvi]</span></span></span></a>
published by National Mortgage Professional Magazine, also available at my
firm’s website.</span><br />
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">As usual, FFIEC publishes an
excellent guide to HMDA data collection and filing, called <i>A Guide to HMDA Reporting: Getting It Right!</i> It was last edited on
January 31, 2018 and may be used for reports to be submitted by March 1, 2019.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xvii]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Beginning with data collected in
2017, LARs must be submitted in a “pipe” (also referred to as a “vertical bar”)
delimited text file format. This means: (1) each data field within each row
must be separated with a pipe character (“|”); (2) zeros need not be added for
the sole purpose of making a data field a specific number of characters; and
(3) the LAR must be a text file with a .txt file format extension.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Text entries in alphanumeric
fields do not need to use all uppercase letters, with the exception of “NA”
when a reporting requirement is not applicable, and the two letter state codes.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">As in the past, the first row of
the LAR must begin with the numeral “1” to indicate that the data fields in row
one contain information relating to the particular institution (that is, the
transmittal sheet), all subsequent rows of the LAR will begin with the numeral
“2” to indicate that the data fields beginning in row two contain data fields
for the LAR with information relating to the reported loan or application, and
each row must end with a carriage return.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Let’s now zoom out a little more
to some high points regarding the submitting of the HMDA LAR.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<a href="https://www.blogger.com/null" name="Bookmark_TAAF"></a><a href="https://www.blogger.com/null" name="Bookmark__5"></a><span style="font-family: "calibri" , sans-serif;">There are new rules for mergers or acquisitions. If the merger or
acquisition takes place in the calendar year, effective January 1, 2019 the
surviving or newly formed financial institution must file quarterly reports,
effective the date of the merger or acquisition, if a combined total of at
least 60,000 covered loans and applications, combined, excluding purchased
loans, is reported for the preceding calendar year by or for the surviving or
newly formed financial institution and each financial institution or branch
office merged or acquired. For instance, let’s say, in 2020, financial
institution A and financial institution B merge to form financial institution
C. Financial institution A reports 40,000 covered loans and applications,
combined, excluding purchased loans, for 2019. Financial institution B reports
21,000 loans and applications, combined, excluding purchased loans, for 2019.
Financial institution C is not required to file quarterly reports, effective
the date of the merger. Similarly, for example, in 2020, financial institution
A acquires a branch office of financial institution B. Financial institution A
reports 58,000 loans and applications, combined excluding purchased loans, for
2019. Financial institution B reports 3,000 loans and applications, combined,
excluding purchased loans, for 2019 for the branch office acquired by Financial
institution A. Financial institution A is required to file quarterly reports in
2020 effective the date of the branch acquisition.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">The year following a merger or acquisition
also has filing rules to follow. Effective January 1,
2019, in the calendar year following a merger or acquisition, the surviving or
newly formed financial institution must file quarterly reports if a combined
total of at least 60,000 loans and applications, combined, excluding purchased
loans, was reported for the preceding calendar year by or for the surviving or
newly formed financial institution and each financial institution or branch
officer merged or acquired. For instance, in 2019, financial institution A and
financial institution B merge to form financial institution C. Financial
institution C reports 21,000 loans and applications, combined, excluding
purchased loans, each for financial institution A, B, and C for 2019, for a
combined total of 63,000 loans and applications. Financial institution C is
required to file quarterly in 2020. Similarly, financial Institution A may
report 58,000 loans and applications, combined, excluding purchased loans, for
2019. Financial institution A or B reports 3,000 loans and applications,
combined, excluding purchased loans, for 2019 for the branch office acquired by
Financial institution A. Financial institution A is required to file quarterly
in 2020.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">By the way, if there is a change in the
regulator as a result of a merger or acquisition, there are important rules. If the appropriate Federal agency for a financial
institution changes (for instance, as a consequence of a merger or a change in
the institution’s charter),<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xviii]</span></span><!--[endif]--></span> the
institution must identify the new appropriate Federal agency in its LAR for the
year of the change. Here would be a typical scenario: if an institution’s
Federal agency changes in February 2018, it must identify the new agency
beginning with the annual submission of its 2018 data by March 1, 2019. An
institution subject to quarterly reporting must identify its new agency
beginning with its submission for the quarter of the change, unless the change
occurs during the fourth quarter. Thus, if the agency changes during February
2020, the institution must identify its new agency beginning with its quarterly
submission for the first quarter of 2020. On the other hand, if the agency
changes during December 2020, the institution must identify the new agency
beginning with the annual submission of its 2020 data by March 1, 2021.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">With regard to the Legal Entity Identifier
associated with a merger or acquisition, effective January 1, 2019, Regulation
C requires a financial institution to provide its Federal Taxpayer
Identification Number with its data submission. If a financial institution
obtains a new number, it should provide the new number in its subsequent data
submission. For example, if two financial institutions that previously reported
HMDA data merge and the surviving institution retained its Legal Entity
Identifier, the LEI, but obtained a new Federal Taxpayer Identification Number,
the surviving institution should report the new Federal Taxpayer Identification
Number with its HMDA data submission.</span><span style="font-family: "calibri" , sans-serif;"><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">One other point, with respect to defining
subsidiaries. A financial institution is a subsidiary
of a bank or savings association, for purposes of reporting HMDA data to the
same agency as the parent, if the bank or savings association holds or controls
an ownership interest in the institution greater than 50 percent.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">The financial institution should
be prepared to retain its HMDA LAR for not less than three years in an
electronic or paper form. Said otherwise, effective January 1, 2019, a
financial institution may satisfy the requirement to retain a copy of its
annual LAR for 3 years by retaining a copy of the LAR in either electronic or
paper form. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Let me clear up some confusion
caused by a CFPB announcement on December 21, 2017, which advised that it did
not intend to require data resubmission for HMDA data collected in 2018 (under
the revised rules that took effect on January 1, 2018) and reported in 2019
“unless data errors are material.” Perhaps the way to understand this issuance
is that the Bureau does not intend to assess penalties with respect to errors
in data collected in 2018 and reported in 2019. In effect, the Bureau seems to
be viewing 2018 as a practice year that will provide financial institutions “an
opportunity to identify any gaps in their implementation of amended Regulation
C and make improvements in their HMDA compliance management systems for future
years.” However, the subject issuance states that “the Bureau does not intend
to require financial institutions to resubmit data <i>unless data errors are material</i>, or to pay penalties with respect
to data errors.” [Emphasis added.] Note the weasel word “intend.” And note,
also, the wiggle room the Bureau leaves itself on resubmissions by inserting
the caveat “unless data errors are material.” Such a position is what horse
races and lawsuits are made of!<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xix]</span></span><!--[endif]--></span> <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">There has been some controversy
about how to understand the partial exemptions. The 2015 HMDA Final Rule
(“Rule”), which amended the Regulation, established a new reporting exclusion
and optional reporting for certain transactions and data points, and it clarified
certain key terms defined in the Rule.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xx]</span></span><!--[endif]--></span> The
Rule established transactional thresholds to determine whether a financial
institution is required to collect and report data on open-end lines of credit
or closed-end mortgage loans, implemented the new data points specified in the
Dodd-Frank Act (“Dodd-Frank”), added additional data points using the Bureau’s
Dodd-Frank authority, and made revisions to pre-existing data points, among
other changes. The Bureau further amended Regulation C in August 2017 (“2017
HMDA Final Rule”) to temporarily increase the threshold for open-end lines of
credit to 500 for calendar years 2018 and 2019 and make certain clarifications
and other changes. On May 24, 2018, the President signed the Act into law.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxi]</span></span><!--[endif]--></span> Keep
this date of May 24, 2018 in mind, as this is the date on which the amended Act
was made official, adding partial exemptions from HMDA’s requirements for
certain transactions made by certain insured depository institutions and
insured credit unions. For the sake of clarity, I will call this final
amendment the “2018 Rule.”<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "calibri" , sans-serif;">The 2018 Rule set forth several
cha</span><span style="font-family: "arial" , "helvetica" , sans-serif;">nges, whose highlights I will enumerate, as follows:</span></span></div>
<div class="MsoNormal">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Adds partial exemptions from HMDA’s requirements for
certain transactions made by certain insured depository institutions and
insured credit unions.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Provides that an insured depository institution or
insured credit union does not need to collect or report certain data with
respect to closed-end mortgage loans if it originated fewer than 500 closed-end
mortgage loans in each of the two preceding calendar years.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Provides that an insured depository institution or
insured credit union does not need to collect or report certain data with
respect to open-end lines of credit if it originated fewer than 500 open-end
lines of credit in each of the two preceding calendar years.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Provides that these partial exemptions are unavailable
to an insured depository institution if it received a rating of “needs to
improve record of meeting community credit needs” during each of its two most
recent Community Reinvestment Act (CRA) examinations or a rating of “substantial
noncompliance in meeting community credit needs” on its most recent CRA
examination.<span class="MsoEndnoteReference"><span class="MsoEndnoteReference"><span style="color: black;">[xxii]</span></span></span> </span></li>
</ol>
<div class="MsoNormal">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The CFPB provided clarification of
the 2018 HMDA requ</span><span style="font-family: "calibri" , sans-serif;">irements with respect to partial exemptions.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxiii]</span></span><!--[endif]--></span> The
guidance clarifies that, for purposes of the partial exemptions, “closed-end
mortgage loan” and “open-end line of credit” mean only those loans or lines of
credit that would otherwise be reportable under HMDA.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxiv]</span></span><!--[endif]--></span> Such
loans are counted towards the respective thresholds to determine whether an
insured depository institution or insured credit union’s closed-end mortgage
loans or open-end lines of credit qualify for a partial exemption. An insured
depository institution or insured credit union must have originated fewer than
500 closed-end mortgage loans in each of the two preceding calendar years for
its closed-end mortgage transactions to qualify for the partial exemption.
Likewise, an insured depository institution or insured credit union must have
originated fewer than 500 open-end lines of credit in each of the two preceding
calendar years for its open-end lines of credit transactions to qualify for the
partial exemption.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxv]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">An insured depository institution
or insured credit union has the option to voluntarily report exempt data points
for transactions that qualify for a partial exemption. An insured depository
institution or insured credit union that opts to voluntarily report an exempt
data point must report all data fields that the specific data point comprises.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxvi]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">In any event, the Bureau seems to
recognize there are going to be transition issues. The 2018 Rule applies to
data collected or reported under HMDA on or after May 24, 2018. An insured
depository institution or insured credit union that is eligible for a partial
exemption for a transaction does not need to collect exempt data points on or
after May 24, 2018. Additionally, such institutions are not required to report
certain data that may have been collected on or before May 24, 2018. For
instance, if an insured depository institution is eligible for a partial
exemption for its closed-end mortgage loans and the institution collected data
for its closed-end mortgage loans prior to May 24, 2018, the institution is not
required to report in 2019 any data covered by the partial exemption for its
closed-end mortgage loans.<span class="MsoEndnoteReference"> <!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxvii]</span></span><!--[endif]--></span>
As mentioned above, an insured depository institution or insured credit union
may opt to voluntarily report data that is covered by a partial exemption.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">If you want to review the HMDA
Data Points that are or are not covered by partial exemptions, I would refer
you to the Filing Instructions Guide.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxviii]</span></span><!--[endif]--></span>
However, the reporting requirements under the Regulation, as amended by the
2015 HMDA Final Rule and 2017 HMDA Final Rule, remain unchanged for these data
points.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">The wheels of HMDA continued to
turn right up to December 21, 2018, when the Bureau issued final policy
guidance describing modifications that the Bureau is going to apply to the
loan-level data that financial institutions report <i>prior</i> to its disclosure to the public. This final policy guidance,
which I will dub “2018 Final HMDA Rule,” applies to HMDA data compiled by
financial institutions in or after 2018.<span class="MsoEndnoteReference"> <!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxix]</span></span><!--[endif]--></span> The main
purpose of the issuance is to notify whether and how HMDA data should be
modified in order to protect applicant and borrower privacy while also
fulfilling HMDA’s public disclosure purposes. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">In other words, certain HMDA data
will be excluded from the public-facing report. Additionally, the publicly
available information will disclose certain information with “reduced precision,”<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxx]</span></span><!--[endif]--></span> for
instance, by disclosing ranges rather than specific values for an applicant’s
age, the amount of the loan, and the number of units in the dwelling.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxi]</span></span><!--[endif]--></span> <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">To accomplish this modification,
the Bureau is changing the proposed treatment of the following data fields: <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; margin-left: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(1) the ratio of the
applicant’s or borrower’s total monthly debt to the total monthly income relied
on in making the credit decision; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; margin-left: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(2) the number of
individual dwelling units related to the property securing the covered loan or,
in the case of an application, proposed to secure the covered loan; and <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; margin-left: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(3) the number of
individual dwelling units related to the property securing the covered loan or,
in the case of an application, proposed to secure the covered loan, that are
income-restricted pursuant to Federal, State, or local affordable housing
programs. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; margin-left: 0.5in;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Thus, the Bureau will be modifying
the public loan-level HMDA data to exclude: <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; text-indent: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(1) the universal loan
identifier or non-universal loan identifier; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; text-indent: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(2) the date the
application was received or the date shown on the application form; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; text-indent: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(3) the date of action
taken by the financial institution on a covered loan or application; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; margin-left: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(4) the address of the
property securing the covered loan or, in the case of an application, proposed
to secure the covered loan; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; text-indent: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(5) the credit score
or scores relied on in making the credit decision; <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; margin-left: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(6) the unique
identifier assigned by the Nationwide Mortgage Licensing System and Registry
(NMLS) for the mortgage loan originator; and <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; margin-left: 0.5in;">
<span style="font-family: "calibri" , sans-serif;">(7) the result
generated by the automated underwriting system used by the financial
institution to evaluate the application.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxii]</span></span><!--[endif]--></span> <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; text-indent: 0.5in;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Additional exclusions are the
free-form text fields used to report the following data: (1) applicant or
borrower race; (2) applicant or borrower ethnicity; (3) the name and version of
the credit scoring model used; (4) the principal reason or reasons the financial
institution denied the application, if applicable; and (5) the automated
underwriting system name.<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">With respect to the reduced
precision,<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxiii]</span></span><!--[endif]--></span>
modification of the public loan-level HMDA data will be accomplished by
reducing the precision of most of the values reported for the following data
fields. For instance, the Bureau will modify the amount of the loan or the
amount applied for by disclosing the midpoint for the $10,000 interval into
which the reported value falls. Another modification would involve the age of
an applicant or borrower by binning reported values into categorical ranges.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxiv]</span></span><!--[endif]--></span> <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">There will be a modification to
the reporting of the DTI ratio, the total monthly debt to the total monthly
income, which is relied on in making the credit decision. No change will take
place for values greater than or equal to 36 percent and less than 50 percent;
however, there the Bureau will bin reported values into the following ranges:
20 percent to less than 30 percent; 30 percent to less than 36 percent; and 50
percent to less than 60 percent; bottom-code reported values under 20 percent;
and top-code reported values of 60 percent or higher.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxv]</span></span><!--[endif]--></span> <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">With respect to the value of the
property securing a covered loan or, in the case of an application, proposed to
secure a covered loan, the Bureau will disclose the midpoint for the $10,000
interval into which the reported value falls. The number of individual dwelling
units related to the property securing a covered loan or, in the case of an
application, proposed to secure a covered loan, the Bureau will bin reported
values into the following ranges: 5 to 24; 25 to 49; 50 to 99; 100 to 149; and
150 and over.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxvi]</span></span><!--[endif]--></span>
<o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Finally, with respect to the
number of individual dwelling units related to the property securing a covered
loan or, in the case of an application, proposed to secure a covered loan, if
these are income-restricted pursuant to Federal, State, or local affordable
housing programs, the Bureau will disclose reported values as a percentage,
rounded to the nearest whole number, of the value reported for the total number
of individual dwelling units related to the property securing the covered loan.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxvii]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<span style="font-family: "calibri" , sans-serif;">Obviously, in matters involving
individual privacy versus the public’s need to know, there is often going to be
a trade-off. The Bureau’s issuance, for instance, contemplates the risk that a
potential adversary, such as an applicant’s or borrower’s neighbor or
acquaintance, may be able to re-identify the HMDA data by relying on personal
knowledge about the applicant or borrower. We should not lose sight of the
purpose of HMDA: it is a disclosure statute – public disclosure of HMDA data is
central to the achievement of HMDA’s goals.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxviii]</span></span><!--[endif]--></span>
The reality is, these modifications to the loan-level HMDA data disclosed to
the public do not completely eliminate privacy risks. So, the trade-off is to
offer the public a broad notion of the loan-level data as a heuristic to
reducing privacy risks to individual applicants and borrowers. <o:p></o:p></span></div>
<div class="MsoNormal" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">
<br /></div>
<span style="font-family: "calibri" , sans-serif;">The rationalization is
based on the view, relied upon by the Bureau, that public loan-level HMDA data
have always displayed a high level of record uniqueness and included fields that
are also found in identified public records.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[xxxix]</span></span><!--[endif]--></span> Given
this premise, the Bureau appears to believe that some degree of
re-identification risk in connection with the public disclosure of the data is
acceptable, because HMDA requires the Bureau to consider not only the risk
posed by disclosure but also the benefits of disclosure to HMDA’s purposes. Consequently,
the initiative seems to endeavor a balance between privacy risk, such as re-identification,
and the disclosure benefits to the public.</span><br />
<span style="font-family: "calibri" , sans-serif;"><br /></span>
<div>
<hr align="left" size="1" style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13.2px;" width="33%" />
<!--[endif]-->
<br />
<div id="edn1">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[i]</span><!--[endif]--></span> 12 CFR
202.16(b); see also the Act §§ 702(g), 706(a), and 706(b) <o:p></o:p></span></div>
</div>
<div id="edn2">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ii]</span><!--[endif]--></span> In the
Matter of Nationstar Mortgage LLC, Consent Order, Administrative Proceeding,
File No. 2017-CFPB-0011, Consumer Financial Protection Bureau<o:p></o:p></span></div>
</div>
<div id="edn3">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iii]</span><!--[endif]--></span> See §§ 702(g), 704(b), 704 (c), and 704 (d) of the Act<o:p></o:p></span></div>
</div>
<div id="edn4">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iv]</span><!--[endif]--></span> § 706(c) and
§ 706(d), respectively<o:p></o:p></span></div>
</div>
<div id="edn5">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[v]</span><!--[endif]--></span> Regulation
C, 12 C.F.R. § 1003.4(a). Other State or Federal regulations may require a
financial institution to record its data on a LAR more frequently. See
Regulation C Commentary 4(f)-2.<o:p></o:p></span></div>
</div>
<div id="edn6">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[vi]</span><!--[endif]--></span> Regulation
C, 12 C.F.R. § 1003.4(f) and Regulation C Commentary 4(f)-1 and-3<o:p></o:p></span></div>
</div>
<div id="edn7">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[vii]</span><!--[endif]--></span> Regulation
C, 12 C.F.R. § 1003.5(a)<o:p></o:p></span></div>
</div>
<div id="edn8">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[viii]</span><!--[endif]--></span> Regulation
C, 12 C.F.R. § 1003.4(a)<o:p></o:p></span></div>
</div>
<div id="edn9">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ix]</span><!--[endif]--></span> Regulation C
Commentary, 12 C.F.R. § 1003.4(a)–1(v) and 4(a)(1)-5.<o:p></o:p></span></div>
</div>
<div id="edn10">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[x]</span><!--[endif]--></span> In April
2017, the CFPB proposed numerous technical revisions to Regulation C to reflect
the fact that this quarterly reporting requirement was not scheduled to take
effect until 2020. See Federal Register 19142, 19162 (April 25, 2017).<o:p></o:p></span></div>
</div>
<div id="edn11">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xi]</span><!--[endif]--></span> Regulation
C, 12 C.F.R. §§ 1003.5(a)(1)(ii)–(iii)<o:p></o:p></span></div>
</div>
<div id="edn12">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xii]</span><!--[endif]--></span> See CRA/HMDA
Software Downloads at <span class="MsoHyperlink"><span style="color: blue;"><a href="https://www.ffiec.gov/software/software.htm"><span style="color: blue;">https://www.ffiec.gov/software/software.htm</span></a></span></span>.
Each software version is year-specific. <o:p></o:p></span></div>
</div>
<div id="edn13">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xiii]</span><!--[endif]--></span> See
Resources for HMDA Filers at <span class="MsoHyperlink"><span style="color: blue;"><a href="https://www.consumerfinance.gov/data-research/hmda/for-filers"><span style="color: blue;">https://www.consumerfinance.gov/data-research/hmda/for-filers</span></a></span></span>.
<o:p></o:p></span></div>
</div>
<div id="edn14">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xiv]</span><!--[endif]--></span> Regulation
C, 12 C.F.R. § 1003.5(a)(3)<o:p></o:p></span></div>
</div>
<div id="edn15">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xv]</span><!--[endif]--></span> Legal Entity
Identifiers and HMDA 2018, Questions and Answers, Foxx, Jonathan, April 7,
2017, available in Articles section of <span class="MsoHyperlink"><span style="color: blue;"><a href="http://www.lenderscompliancegroup.com/"><span style="color: blue;">www.lenderscompliancegroup.com</span></a></span></span>. <o:p></o:p></span></div>
</div>
<div id="edn16">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xvi]</span><!--[endif]--></span> <i>Home Mortgage Disclosure Act: Big Changes on
the Way</i>, Foxx, Jonathan, published in the December 2015 edition of National
Mortgage Professional Magazine, available in Articles section of <span class="MsoHyperlink"><span style="color: blue;"><a href="http://www.lenderscompliancegroup.com/"><span style="color: blue;">www.lenderscompliancegroup.com</span></a></span></span>.
<o:p></o:p></span></div>
</div>
<div id="edn17">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xvii]</span><!--[endif]--></span> <i>A Guide to HMDA Reporting, Getting it
Right!, Federal Financial Institutions Examination Council, Edition Effective
January 1, 2018 (For HMDA Submissions due March 1, 2019)</i>. Resources for
HMDA filers are available at <span class="MsoHyperlink"><span style="color: blue;"><a href="http://www.consumerfinance.gov/data-research/hmda/for-filers"><span style="color: blue;">www.consumerfinance.gov/data-research/hmda/for-filers</span></a></span></span>
and <span class="MsoHyperlink"><span style="color: blue;"><a href="http://www.ffiec.gov/hmda"><span style="color: blue;">www.ffiec.gov/hmda</span></a></span></span>
<o:p></o:p></span></div>
</div>
<div id="edn18">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xviii]</span><!--[endif]--></span> The
enforcement agencies are: the OCC, for any national bank, federal savings
association, or Federal branch or Federal agency of a foreign bank; the FRB,
for any State member bank, any branch or agency of a foreign bank (other than a
Federal branch, Federal agency, or insured State branch of a foreign bank), any
commercial lending company owned or controlled by a foreign bank, and any
organization operating under section 25 or 25A of the Federal Reserve Act; the
FDIC, for any State nonmember insured bank, insured State savings association,
mutual savings bank, insured State branch of a foreign bank, or any other
depository institution not already mentioned; NCUA, for any insured credit
union; and the CFPB, for any company subject to the Consumer Financial Protection
Act of 2010 (Dodd-Frank Act Title 10).
See 12 U.S.C. §§ 2804 and 1813(q).<o:p></o:p></span></div>
</div>
<div id="edn19">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xix]</span><!--[endif]--></span> The CFPB
statement is available at <span class="MsoHyperlink"><span style="color: blue;"><a href="https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-public-statement-home-mortgage-disclosure-act-compliance/"><span style="color: blue;">https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-public-statement-home-mortgage-disclosure-act-compliance/</span></a></span></span>.
<o:p></o:p></span></div>
</div>
<div id="edn20">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xx]</span><!--[endif]--></span> Home
Mortgage Disclosure (Regulation C), 80 FR 66128 (Oct. 28, 2015)<o:p></o:p></span></div>
</div>
<div id="edn21">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxi]</span><!--[endif]--></span> Public Law
No. 115-174, 132 Stat. 1296 (2018)<o:p></o:p></span></div>
</div>
<div id="edn22">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxii]</span><!--[endif]--></span> Community Reinvestment
Act (CRA) requirements are not treated in this article.<o:p></o:p></span></div>
</div>
<div id="edn23">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxiii]</span><!--[endif]--></span> <i>Executive Summary of the 2018 HMDA
Interpretive and Procedural Rule</i>, August 31, 2018, Bureau of Consumer
Financial Protection, formerly known as Consumer Financial Protection Bureau,
and, as of this writing, once again called the Consumer Financial Protection
Bureau.<o:p></o:p></span></div>
</div>
<div id="edn24">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxiv]</span><!--[endif]--></span> The 2018 Rule specifies that a “closed-end mortgage
loan” is any closed-end mortgage loan as defined in 12 CFR § 1003.2(d) that is
not excluded under § 1003.3(c)(1)-(10) or (13), and that “open-end line of
credit” is any open-end line of credit as defined in § 1003.2(o) that is not
excluded under § 1003.3(c)(1)-(10).<o:p></o:p></span></div>
</div>
<div id="edn25">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxv]</span><!--[endif]--></span> Op. cit. 23<o:p></o:p></span></div>
</div>
<div id="edn26">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxvi]</span><!--[endif]--></span> Op. cit. 23<o:p></o:p></span></div>
</div>
<div id="edn27">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxvii]</span><!--[endif]--></span> Op. cit. 23<o:p></o:p></span></div>
</div>
<div id="edn28">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxviii]</span><!--[endif]--></span> <i>Filing Instructions
Guide for HMDA Data Collected in 2018 </i>is available at <span class="MsoHyperlink"><span style="color: blue;"><a href="https://www.consumerfinance.gov/data-research/hmda/for-filers"><span style="color: blue;">https://www.consumerfinance.gov/data-research/hmda/for-filers</span></a></span></span> <o:p></o:p></span></div>
</div>
<div id="edn29">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxix]</span><!--[endif]--></span> The Bureau
released this final policy guidance on its website on December 21, 2018. For
the transmittal statement and final guidance, see <span class="MsoHyperlink"><span style="color: blue;"><a href="https://www.consumerfinance.gov/about-us/newsroom/consumer-financial-protection-bureau-announces-policy-guidance-disclosure-home-mortgage-data"><span style="color: blue;">https://www.consumerfinance.gov/about-us/newsroom/consumer-financial-protection-bureau-announces-policy-guidance-disclosure-home-mortgage-data</span></a></span></span>
<o:p></o:p></span></div>
</div>
<div id="edn30">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxx]</span><!--[endif]--></span> Idem<o:p></o:p></span></div>
</div>
<div id="edn31">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxi]</span><!--[endif]--></span> Idem<o:p></o:p></span></div>
</div>
<div id="edn32">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxii]</span><!--[endif]--></span> <i>Disclosure of Loan-Level HMDA Data</i>,
Bureau of Consumer Financial Protection, December 21, 2018<o:p></o:p></span></div>
</div>
<div id="edn33">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxiii]</span><!--[endif]--></span> Idem<o:p></o:p></span></div>
</div>
<div id="edn34">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxiv]</span><!--[endif]--></span> Binning,
sometimes known as “recoding” or “interval recoding,” allows data to be shown
clustered into ranges rather than as precise values. Top-coding and
bottom-coding mask any value that is above or below a certain threshold. For
instance, 25 to 34; 35 to 44; 45 to 54; 55 to 64; and 65 to 74; with bottom-code
reported values under 25 and top-code reported values over 74; and indicia for
whether the reported value is 62 or higher.<o:p></o:p></span></div>
</div>
<div id="edn35">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxv]</span><!--[endif]--></span> Op. cit. 32<o:p></o:p></span></div>
</div>
<div id="edn36">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxvi]</span><!--[endif]--></span> Op. cit. 32<o:p></o:p></span></div>
</div>
<div id="edn37">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxvii]</span><!--[endif]--></span> Op. cit. 32<o:p></o:p></span></div>
</div>
<div id="edn38">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxviii]</span><!--[endif]--></span> Op. cit. 32,
F 32, 12 CFR 1003.1: “This part implements the Home Mortgage Disclosure Act, <i>which is intended to provide the public with
loan data that can be used</i>:” to help determine whether financial
institutions are serving the housing needs of their communities; to assist
public officials in distributing public-sector investment so as to attract
private investment to areas where it is needed; and to assist in identifying
possible discriminatory lending patterns and enforcing antidiscrimination
statutes. (Emphasis added)<o:p></o:p></span></div>
</div>
<div id="edn39">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xxxix]</span><!--[endif]--></span> Op. cit. 32,
F 33</span></div>
</div>
</div>
</div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-40117100685435361932018-11-19T12:19:00.001-05:002018-11-19T12:20:49.470-05:00Identity Theft Prevention: How to Catch a Thief<br />
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://lenderscompliancegroup.com/2.html">Jonathan Foxx, PhD, MBA</a></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Chairman & Managing Director</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Here are four scenarios involving identity
theft that mortgage originators encounter from time to time. Read them and then
keep them in mind as I discuss how to ask for additional information in order
to prevent identity theft.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: .25in; margin-top: 6.0pt; mso-list: l0 level1 lfo1; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">1.<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">A law enforcement report containing detailed
information about the identity theft and the signature, badge number, or other
identification information of the individual law enforcement official taking
the report should be sufficient on face value to support a victim’s request. </span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Question: Without an identifiable concern, such as an indication
that the report was fraudulent, would it be reasonable for an information
furnisher or Consumer Reporting Agency (CRA) to request additional information
or documentation?<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Answer: It would not be reasonable.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: .25in; margin-top: 6.0pt; mso-list: l0 level1 lfo1; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">2.<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">A consumer might provide a law enforcement report
similar to the above report, but certain important information such as the
consumer’s date of birth or Social Security number may be missing because the
consumer chose not to provide it. </span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Question: The information furnisher or CRA could accept this
report, but would it be reasonable to require that the consumer provide the
missing information?<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Answer:
It would be reasonable.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: .25in; margin-top: 6.0pt; mso-list: l0 level1 lfo1; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">3.<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">A consumer might provide a law enforcement report
generated by an automated system with a simple allegation that an identity
theft occurred to support a request for a tradeline block or cessation of
information furnishing. </span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Question: Would it be reasonable for an information furnisher or
CRA to ask that the consumer fill out and have notarized the Commission’s ID
Theft Affidavit or a similar form and provide some form of identification
documentation?<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Answer: It would be reasonable.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: .25in; margin-top: 6.0pt; mso-list: l0 level1 lfo1; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">4.<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">A consumer might provide a law enforcement report
generated by an automated system with a simple allegation that an identity
theft occurred to support a request for an extended fraud alert. </span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Question: Would it be reasonable for a consumer reporting agency
to require additional documentation or information, such as a notarized affidavit?<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Answer: It would not be reasonable.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">In these scenarios, a
financial institution should be responsive in accordance with certain
guidelines. Specificity of action must be appropriate, reasonable and
proportional to the challenge. However, total reliance on the CRA is inappropriate.</span></span><br />
<a name='more'></a><span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: .25in; margin-top: 6.0pt; text-align: center;">
<u><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Undertaking Evaluative Actions<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 0in; margin-right: .25in; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">In avoiding identity
theft schemes, I suggest that four basic evaluative actions be undertaken,
where a decision is needed to ask for additional information from the consumer.
<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l3 level1 lfo2; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">1)<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Specific dates relating to the identity theft such as
when the loss or theft of personal information occurred or when the fraud(s)
using the personal information occurred, and how the consumer discovered or
otherwise learned of the theft.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l3 level1 lfo2; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">2)<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Identifying information or any other information about
the perpetrator, if known.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l3 level1 lfo2; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">3)<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Name(s) of information furnisher(s), account numbers,
or other relevant account information related to the identity theft.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l3 level1 lfo2; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">4)<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Any other information known to the consumer about the
identity theft.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">When a financial institution is
faced with declining a loan for identity theft, a report should be drafted with
relevant information to support the decision. Simply declining a loan and
issuing an Adverse Action disclosure or alleging identity theft by reporting it
to Financial Crimes Enforcement Network (FinCEN) by filing a Suspicious
Activity Report (SAR) is not sufficient. Regulators and internal auditors
routinely ask for an identity theft report in order to determine the extent to
which an investigation was conducted. Furthermore, such an investigation
demonstrates the institution’s “good faith” commitment to its Anti-Money
Laundering Program, “good faith” being a key demonstrative element in a
regulator’s assessment of the institution’s compliance. Other regulations are
triggered, too, such as those promulgated by the Federal Trade Commission in
its Identity Theft Protection Program as well as the regulations of the Fair
Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act
(FACTA), which is an amendment to the FCRA, primarily to protect consumers against
identity theft. <o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: center;">
<u><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Identity Theft Report<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The identity theft report should
consist of the following components:<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l7 level1 lfo3; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">The allegation of identity theft with as much
specificity as the consumer can provide.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l7 level1 lfo3; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">A copy of an official, valid report filed by the
consumer with a federal, state, or local law enforcement agency, and even the
United States Postal Inspection Service.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[i]</span></span><!--[endif]--></span></span></span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l7 level1 lfo3; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Additional information or documentation that an
information furnisher or consumer reporting agency reasonably requests for the
purpose of determining the validity of the alleged identity theft, provided
that the information furnisher or consumer reporting agency:</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 6.0pt; mso-list: l7 level2 lfo3; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">o<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"> </span></span><!--[endif]--><span style="color: black;">Makes the request not
later than 15 days after the date of receipt of the copy of the identity theft
report form or the request by the consumer for the particular service,
whichever will be the later.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 6.0pt; mso-list: l7 level2 lfo3; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">o<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"> </span></span><!--[endif]--><span style="color: black;">Makes any supplemental
requests for information or documentation and final determination on the
acceptance of the identity theft report within another 15 days after its
initial request for information or documentation.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 6.0pt; mso-list: l7 level2 lfo3; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">o<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"> </span></span><!--[endif]--><span style="color: black;">Has 5 days to make a
final determination on the acceptance of the identity theft report, in the
event that the consumer reporting agency or information furnisher receives any
such additional information or documentation on the 11th day or later within
the 15-day period.</span><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: center;">
<u><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Understanding Identity Theft<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">But what is identity theft? Over time,
this concept has gone through ever wider definitions. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">I propose a simple outline,
helpfully provided by the FACTA.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ii]</span><!--[endif]--></span></span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Identity theft means <span style="color: black;">a fraud committed or attempted using the identifying
information of another person without authority. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">This seems
straight-forward and unambiguous. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">However, the term “identifying
information” leads to a more nuanced definition, because that terms means any
name or number that may be used, alone or in conjunction with any other
information, to identify a specific person, including any:</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l6 level1 lfo4; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Name, Social Security number, date of birth, official
state or government issued driver’s license or identification number, alien
registration number, government passport number, employer or taxpayer identification
number;</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l6 level1 lfo4; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Unique biometric data, such as fingerprint, voice
print, retina or iris image, or other unique physical representation;</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l6 level1 lfo4; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Unique electronic identification number, address, or
routing code; and,</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l6 level1 lfo4; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Telecommunication identifying information or access
device.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Naturally, the process of
determining what constitutes appropriate proof of identity is pivotal in making
a decision about the presence or absence of identity theft.<a href="https://www.blogger.com/null" name="Bookmark_TAABAAD"></a><a href="https://www.blogger.com/null" name="Bookmark__1_c"></a><a href="https://www.blogger.com/null" name="Bookmark_TAABAAE"></a><a href="https://www.blogger.com/null" name="Bookmark__1_d"></a> Consumer reporting
agencies are usually at the forefront of finding ways to establish identity, in
that they are required to <span style="color: black;">develop and implement
reasonable factors involving the information that consumers must provide to
constitute proof of identity.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[iii]</span></span><!--[endif]--></span></span> <o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">These factors must:</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l8 level1 lfo5; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Ensure that the information is sufficient to enable
the CRA to match consumers with their files; and,</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l8 level1 lfo5; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Adjust the information to be commensurate with an
identifiable risk of harm arising from misidentifying the consumer.</span><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: center;">
<u><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Identity Theft Alerts<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">When Lenders
Compliance Group conducts a due diligence review, my firm’s auditors evaluate
the choice of information that our client considers to be reasonable
information for proof of identity.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">One factor is what we
call the “consumer file match,” which is the identification information of the
consumer, including his or her full name (first, middle initial, last, suffix),
any other or previously used names, current and/or recent full address (street
number and name, apt. no., city, state, and zip code), full nine digits of
Social Security number, and/or date of birth.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Another factor we call
“additional proof of identity,” which usually consists of copies of
government-issued identification documents, utility bills, and/or other methods
of authentication of a person’s identity (which may include, but would not be
limited to, answering questions to which only the consumer might be expected to
know the answer).<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Additionally, it is
critical to determine if the consumer has placed a fraud alert on the consumer
report. The two alerts that are required by CRAs to place on consumer reports
are fraud alerts and the active duty alerts.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[iv]</span></span><!--[endif]--></span></span><a href="https://www.blogger.com/null" name="Bookmark_TAAC"></a><a href="https://www.blogger.com/null" name="Bookmark__2"></a><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">A <u>fraud alert</u>
is a notice that the consumer may have been a victim of identity theft or other
fraud.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">An <u>active duty
alert</u> is a notice that the consumer is on active duty in the military.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">There are timing
requirements.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[v]</span></span><!--[endif]--></span></span>
An <u>initial fraud alert</u> must be placed in a consumer’s report for ninety
(90) days at the consumer’s request. If the consumer files an identity theft
report, an <u>extended fraud alert</u> can remain in the consumer’s report for seven
(7) years. An active duty alert will remain in the consumer’s report for twelve
(12) months.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">The initial fraud
alert and active duty alert notify all prospective users of the consumer report
that the consumer does not authorize the establishment of any new credit plan,
increase in credit limit on an existing credit account, or other extension of
credit (other than under an existing open-end credit plan), in the name of the
consumer, or issuance of an additional card on an existing credit account
requested by a consumer unless the lender follows the required procedures.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">If an initial fraud
alert or active duty alert appears on a consumer report, a lender cannot extend
credit unless the user utilizes reasonable policies and procedures to form a
reasonable belief that the user knows the identity of the person making the
request. These policies and procedures can be a heavy lift and often need
competent compliance guidance to navigate.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">If a consumer
requesting the alert has specified a telephone number to be used for identity
verification purposes, before authorizing any new credit plan or extension in
the name of the consumer, the lender must contact the consumer using that
telephone number or take reasonable steps to verify the consumer’s identity and
confirm that the application for a new credit plan is not the result of
identity theft.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Additionally, there is
the “extended fraud alert,” where the consumer’s report must include
information that provides all prospective users of the consumer report with:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l2 level1 lfo6; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Notification that the consumer does not authorize the
establishment of any new credit plan or extension of credit (other than under
an existing limit of an open-end credit plan) in the name of the consumer, or
issuance of an additional card on an existing credit account requested by a
consumer, or any increase in credit limit on an existing credit account
requested by a consumer, unless the lender first contacts the consumer as
specified in the report, and</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l2 level1 lfo6; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">A telephone number or other reasonable contact method
designated by the consumer for lenders to contact the consumer to verify their
identity.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Extended fraud alerts
prohibit lenders from establishing a new credit plan or extension of credit
(other than under an existing limit of an open-end credit plan) in the name of
the consumer. A financial institution may not issue an additional card on an
existing credit account requested by a consumer, or increase credit limit on an
existing credit account requested by a consumer, unless the company contacts
the consumer in person or uses the contact method described in the consumer
report to confirm that the application for a new credit plan or increase in
credit limit, or request for an additional card is not the result of identity
theft.<a href="https://www.blogger.com/null" name="Bookmark_TAAF"></a><a href="https://www.blogger.com/null" name="Bookmark__5"></a><o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: center;">
<u><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Scammers will be Scammers<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">But scammers always
scam and conmen always con. Conman is the short form for “Confidence Man,”
because such an individual has a knack for gaining a mark’s confidence and then
pulling the scam which, in this case, is stealing the mark’s identity. A financial
institution or other business entity that provides credit to an identity thief (or
other person who allegedly has made unauthorized use of a victim’s
identification) must provide a copy of the application and other records it has
(or are maintained by another on the business entity’s behalf) regarding the
transaction (i.e., copies of checks or card sales slips).<a href="file:///C:/Users/jiflc/Google%20Drive/WRITINGS/1-PUBLISHED%20WORK-Articles/2018/Indentity%20Theft%20Prevention%20(11.2018)/Identity%20Theft%20Prevention-How%20to%20Catch%20a%20Thief%20(Foxx%20J-NMP-11.20.18).docx#_edn6" name="_ednref6" style="mso-endnote-id: edn6;" title=""><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[vi]</span></span><!--[endif]--></span></span></a> The
victim’s request must be in writing, contain certain information, and be mailed
to an address specified by the business entity for this purpose.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Intent is important in
identifying and nailing the scammer, because the victim is a consumer whose
means of identification or financial information has been used or transferred
(or has been alleged to have been used or transferred) without the authority of
that consumer<i style="mso-bidi-font-style: normal;">, with the intent to commit,
or to aid or abet, an identity theft or a similar crime.</i><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Where such identity
theft has been determined, the financial institution – and any other business
entity that has provided credit based on allegedly unauthorized use of the
means of identification of the victim – must provide a copy of the application
and business transaction records in its control,<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[vii]</span></span><!--[endif]--></span></span>
evidencing any transaction alleged to be a result of identity theft to:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l1 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">The victim;</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l1 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Any federal, state, or local government law
enforcement agency or officer specified by the victim in such a request; and,</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l1 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Any law enforcement agency investigating the identity
theft and authorized by the victim to take receipt of identity theft records
under this provision.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">There is an important
caveat: the applicable rule does not permit a company to disclose information,
including information to law enforcement, that it is otherwise prohibited from
disclosing under any other provision of federal or state law. That being said,
the law also specifically states that the privacy provisions of the
Gramm-Leach-Bliley Act (GLBA) prohibiting the disclosure of financial
information by the company to third parties cannot be used to deny disclosure
of the required information to the victim.<o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: center;">
<u><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Victim Requests<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">There are three parts involved in
a financial institution’s handling of a victim’s request for a report. These
are basic features of identity theft prevention compliance. The three parts are
the rules involving the victim’s request requirements, the response provided to
the victim, and the action(s) taken by the financial institution.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Firstly, telephonic requests must
be avoided. <a href="https://www.blogger.com/null" name="Bookmark_TAAFAAC"></a><a href="https://www.blogger.com/null" name="Bookmark__5_b"></a><span style="color: black;">The request of a victim for copies of
identity-theft-related records must be in writing and be mailed to an address
specified by the financial institution, if any.</span> During this phase, the <span style="color: black;">financial institution can ask for additional information
from the consumer as part of the request. If asked, the consumer can be
required to include relevant information about any transaction alleged to be a
result of identity theft to facilitate providing the records including, if
known by the victim (or if readily obtainable by the victim), such information
as the date of the application or transaction and any other identifying
information such as an account or transaction number.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Secondly, when the institution
does receive such a request from the consumer, <a href="https://www.blogger.com/null" name="Bookmark_TAAFAAD"></a><a href="https://www.blogger.com/null" name="Bookmark__5_c"></a>i<span style="color: black;">t must provide the
information within thirty (30) days of receiving the request. The information
must be provided free to the consumer, with no charges.</span> <span style="color: black;">However, before providing the information, the company must
first verify the identity of the consumer making the request. If there is a
high degree of confidence that it has satisfactorily established the identity
of the victim making the request, it may then respond by providing the
information. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Caution in this phrase
is critical! As a matter of the institution’s review process, and prior to
releasing the requested information, the victim should be expected to provide
proof of identity with:</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">The presentation of a government-issued identification
card;</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Personally identifying information of the same type that
was provided to the company by the unauthorized person; or</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Personally identifying information that the
institution typically requests from new applicants or for new transactions, at
the time of the victim’s request for information, including any of the above
documentation.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">For establishing the claim of
identity theft, the victim should provide:<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"> </span></span><span style="color: black;">A copy of a police report evidencing the claim of the
victim of identity theft; and</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;"> </span></span><span style="color: black;">A properly completed copy of a standardized affidavit
of identity theft developed and made available by the Commission or an
affidavit of fact that is acceptable to the business entity for that purpose.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Thirdly, the action(s)
taken are the next hurdle. The institution may decide to decline providing the
requested information if, in good faith, it determines that:</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">The FCRA does not require disclosure of the information;</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">After reviewing the information provided by the
consumer to verify their identity, the company does not have a high degree of
confidence in knowing the true identity of the individual requesting the
information;</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">The request for the information is based on a
misrepresentation of fact by the individual requesting the information relevant
to the request for information; or</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l4 level1 lfo8; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">The information requested is Internet navigational
data or similar information about a person’s visit to a web site or online service.</span><a href="https://www.blogger.com/null" name="Bookmark_TAAFAAE"></a><a href="https://www.blogger.com/null" name="Bookmark__5_d"></a><a href="https://www.blogger.com/null" name="Bookmark_TAAG"></a><a href="https://www.blogger.com/null" name="Bookmark__6"></a><o:p></o:p></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: center;">
<u><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Blocking Information<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">There are rules involving the
blocking of information involving identity theft.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[viii]</span><!--[endif]--></span></span> For instance, <span style="color: black;">CRAs must block the reporting of any information in the
file of a consumer that the consumer identifies as information which resulted
from an alleged identity theft, not later than four (4) business days after the
date of receipt by the CRA of:</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l5 level1 lfo9; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">Appropriate proof of the identity of the consumer,</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l5 level1 lfo9; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">A copy of an identity theft report,</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l5 level1 lfo9; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">The identification of such information by the consumer,
and</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 6.0pt; mso-list: l5 level1 lfo9; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-list: Ignore;">·<span style="font-stretch: normal; font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">
</span></span><!--[endif]--><span style="color: black;">A statement by the consumer that the information is
not information relating to any transaction by the consumer.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">In our audit reviews, Lenders
Compliance Group determines if the CRAs comply with applicable regulations by
their prompt furnishing of appropriate information related to findings of identity
theft, proper filing of an identity theft report, and whether a block has been
requested and, if so, the effective dates of the block.<o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: center;">
<u><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Consumer Rights<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Finally, I would like to call attention
to the summary of rights of identity theft victims.<a href="https://www.blogger.com/null" name="Bookmark_TAAH"></a><a href="https://www.blogger.com/null" name="Bookmark__7"></a><a href="https://www.blogger.com/null" name="Bookmark_TAAJ"></a><a href="https://www.blogger.com/null" name="Bookmark__9"></a><a href="https://www.blogger.com/null" name="Bookmark_TAAM"></a><a href="https://www.blogger.com/null" name="Bookmark__12"></a><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ix]</span><!--[endif]--></span></span> <span style="color: black;">The
FTC, in consultation with the federal banking agencies and the National Credit
Union Administration (NCUA), created a model summary of the rights of consumers
that is to be provided to consumers by CRAs for remedying the effects of fraud
or identity theft involving credit, an electronic fund transfer, or an account
or transaction at or with a financial institution or other creditor. In
addition, the FTC revised its <i style="mso-bidi-font-style: normal;">General
Summary of Consumer Rights </i>under the FCRA because of the numerous changes
to consumer rights made by the FACT Act.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[x]</span></span></span></span></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The <i>Summary of Consumer Identity Theft Rights</i><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span> essentially
highlights consumers’ rights in the FACT Act and other FCRA provisions and must
be provided by CRAs to consumers who contact them claiming to be the victims of
identity theft. The revised <i>General
Summary of Consumer Rights</i><a href="file:///C:/Users/jiflc/Google%20Drive/WRITINGS/1-PUBLISHED%20WORK-Articles/2018/Indentity%20Theft%20Prevention%20(11.2018)/Identity%20Theft%20Prevention-How%20to%20Catch%20a%20Thief%20(Foxx%20J-NMP-11.20.18).docx#_edn12" name="_ednref12" title=""><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"><span style="color: black;">[xii]</span></span></span></a> is
required to be provided by CRAs to all consumers when they receive various
disclosures from CRAs.</span></div>
<div style="mso-element: endnote-list;">
<!--[if !supportEndnotes]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br clear="all" />
</span><br />
<hr align="left" size="1" width="33%" />
<!--[endif]-->
<br />
<div id="edn1" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[i]</span><!--[endif]--></span></span> Such
a filing often subjects the person filing the report to criminal penalties
relating to the filing of false information, if, in fact, the information in
the report is false.<o:p></o:p></span></div>
</div>
<div id="edn2" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ii]</span><!--[endif]--></span></span>
12 CFR 1022.3. The Federal Trade Commission (FTC) adopted several definitions
of terms that are used in a number of provisions of the FACT Act.<o:p></o:p></span></div>
</div>
<div id="edn3" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iii]</span><!--[endif]--></span></span> 12
CFR 1022.123. See also 605A, 605B, and 609(a)(1) of the Fair Credit Report Act
(FCRA)<o:p></o:p></span></div>
</div>
<div id="edn4" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iv]</span><!--[endif]--></span></span>
Under section 605A of the FCRA, as added by section 112 of the FACT Act<o:p></o:p></span></div>
</div>
<div id="edn5" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[v]</span><!--[endif]--></span></span> <span style="color: black;">Idem</span><o:p></o:p></span></div>
</div>
<div id="edn6" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[vi]</span><!--[endif]--></span></span>
Under section 609(e) of the FCRA, added by section 151 of the FACT Act<o:p></o:p></span></div>
</div>
<div id="edn7" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[vii]</span><!--[endif]--></span></span>
Whether maintained by the business entity or by another person on behalf of the
business entity. The basis of the allegation involves the culpability provided
in inducing a financial institution or other business entity the consideration
of products, goods, or services to, accepting payment from, or otherwise
entering into a commercial transaction with a person who has allegedly made an
unauthorized use of the victim’s identity.<o:p></o:p></span></div>
</div>
<div id="edn8" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[viii]</span><!--[endif]--></span></span>
Under section 605B of the FCRA, added by section 154 of the FACT Act<o:p></o:p></span></div>
</div>
<div id="edn9" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ix]</span><!--[endif]--></span></span> <span style="color: black;">Section 609(d) of the FCRA sets
forth requirements for the model summary.</span><o:p></o:p></span></div>
</div>
<div id="edn10" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[x]</span><!--[endif]--></span></span> Required
by section 609(c) of the FCRA<o:p></o:p></span></div>
</div>
<div id="edn11" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xi]</span><!--[endif]--></span></span>See
Appendix I to 12 CFR Part 1022<o:p></o:p></span></div>
</div>
<div id="edn12" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xii]</span><!--[endif]--></span></span>
Under the FCRA appears in Appendix K to 12 CFR Part 1022<o:p></o:p></span></div>
<div class="MsoEndnoteText">
<br /></div>
<div class="MsoEndnoteText">
<span style="color: #002060;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">________________________________________________<o:p></o:p></span></span></div>
<div class="MsoEndnoteText">
<br /></div>
<div class="MsoEndnoteText">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: blue; text-transform: uppercase;"><span style="mso-spacerun: yes;"> </span><span style="mso-spacerun: yes;"> </span><span class="MsoHyperlink"><span style="color: blue;"><a href="https://lenderscompliancegroup.com/"><span style="color: blue; mso-bidi-font-family: Calibri;">Lenders Compliance Group®</span></a></span></span></span><span style="color: blue;"> <o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The
first mortgage risk management firms in the United States that provides
professional guidance and support<o:p></o:p></span></b></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">to financial
institutions, banks and nonbanks, in virtually all areas of mortgage banking.<o:p></o:p></span></b></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Pioneer
in residential mortgage compliance, mortgage risk management, and regulatory
guidance.<o:p></o:p></span></b></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<b><span style="line-height: 150%;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Contact<o:p></o:p></span></span></b></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<span style="line-height: 150%;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-spacerun: yes;"> </span><span class="MsoHyperlink"><span style="color: blue;"><a href="mailto:Compliance@LendersComplianceGroup.com"><span style="color: blue; mso-bidi-font-family: Calibri;">Compliance@LendersComplianceGroup.com</span></a></span></span>.<o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<b><span style="line-height: 150%;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Media<o:p></o:p></span></span></b></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: blue; line-height: 150%;"><span style="mso-spacerun: yes;"> </span><span class="MsoHyperlink"><span style="color: blue;"><a href="mailto:Media@LendersComplianceGroup.com"><span style="color: blue; mso-bidi-font-family: Calibri;">Media@LendersComplianceGroup.com</span></a></span></span></span><span style="line-height: 150%;">.<o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<b><span style="line-height: 150%;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Phone<o:p></o:p></span></span></b></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<b><span style="line-height: 150%;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">866-602-6660<o:p></o:p></span></span></b></div>
<div align="center" class="MsoNormal" style="line-height: 150%; text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoHyperlink"><span style="color: blue;"><a href="http://lenderscompliancegroup.com/"><span style="color: blue; mso-bidi-font-family: Calibri;">Lenders Compliance Group</span></a></span></span> | <span class="MsoHyperlink"><span style="color: blue;"><a href="http://brokerscompliancegroup.com/"><span style="color: blue; mso-bidi-font-family: Calibri;">Brokers Compliance Group</span></a></span></span> | <span class="MsoHyperlink"><span style="color: blue;"><a href="http://servicerscompliancegroup.com/"><span style="color: blue; mso-bidi-font-family: Calibri;">Servicers Compliance Group</span></a></span></span><span class="MsoHyperlink"> </span>|
<span class="MsoHyperlink"><span style="color: blue;"><a href="http://vendorscompliancegroup.com/"><span style="color: blue; mso-bidi-font-family: Calibri;">Vendors Compliance Group</span></a></span></span> | <span class="MsoHyperlink"><span style="color: blue;"><a href="http://lcgqc.com/"><span style="color: blue; mso-bidi-font-family: Calibri;">LCG
Quality Control</span></a></span></span><o:p></o:p></span></div>
<div align="center" class="MsoEndnoteText" style="text-align: center;">
<br /></div>
</div>
</div>
<br />Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-42728069204715477822018-10-17T09:27:00.001-04:002018-10-17T09:27:50.145-04:00Credit Committees: Central Hub of Mortgage Banking<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="https://lenderscompliancegroup.com/2.html">Jonathan Foxx, PhD, MBA</a></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Chairman & Managing Director</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Many clients have credit risk management
committees, sometimes referred to as loan committees, lending committees, or
credit committees. Let’s just call them “credit committees” or, for the
purposes of this article, “Committees.” For small mortgage lenders, the
Committees wind up consisting of the owner and perhaps a second company
official. Howsoever this internal entity is configured, it is very important to
ensure continuity between the origination process flow and, where possible, the
interaction with a loan committee that sets policy standards and, as needed,
makes decisions on whether to approve a risky loan transaction.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">When we are retained by a client to review its
departments and functions, for instance to conduct an internal audit or a GSE
readiness audit – one of the factors we consider is the lending function
itself. This activity is in fact actually distributed over many departments.
But the loan flow process must come under a set of review criteria which, when
challenged, often requires resolution by a committee constituted to manage the
loan transaction’s risk.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">First and foremost, it is important to emphasize
that an institution’s quality control, compliance, and audit procedures should
focus on mortgage lending activities that pose high risk. Controls to monitor
compliance with underwriting standards and exceptions to those standards are
especially important.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">To break this down further, the quality control
function should regularly review a sample of loans from all origination
channels. A representative sample of underwriters should be subject to quality
control auditing in order to confirm that policies are being followed. When
control systems or operating practices are found deficient, business-line
managers should be held accountable for correcting deficiencies in a timely
manner. This means, in effect, that the deficiency should be identified,
mitigated through system and training solutions, monitored, and periodically
tested.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Since some loans permit a borrower to defer
principal and, in some cases, interest payments for extended periods,
institutions should have strong controls over accruals, customer service and
collections. Servicing must be an intrinsic part of the loan committee’s
considerations. The exceptions made by servicing and collections personnel
should be carefully monitored to confirm that practices such as re-aging,
payment deferrals, and loan modifications are not inadvertently increasing
risk. One suggestion would be to have servicing and collection personnel
involved in the Committee. At the very least, servicing should be informed of
credit decisions that affect its purview. Customer service and collections
personnel should receive product-specific training on the features and
potential customer issues with these products.</span></div>
<a name='more'></a><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><o:p></o:p></span><br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Third party originators (“TPOs”) are always a
challenge for financial institutions. In this group, I place such TPOs as
mortgage brokers and correspondents. Institutions should have strong systems
and controls in place for establishing and maintaining relationships with third
parties, including procedures for performing due diligence. Oversight of third
parties should involve monitoring the quality of originations so that they
reflect the institution’s lending standards and compliance with applicable laws
and regulations. Monitoring procedures should track the quality of loans by
both origination source and key borrower characteristics. This will help
institutions identify problems such as early payment defaults, incomplete
documentation, and fraud. If appraisal, loan documentation, credit problems or
consumer complaints are discovered, the institution should take immediate
action. Remedial action could include more thorough loan application reviews,
more frequent re-underwriting, or even termination of the third-party
relationship.</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">For the balance of this article, I will describe
some primary vectors that require the Committee’s attention. Comprehensive
procedures should be utilized to evaluate credit risk on a bulk or
transactional basis. Important in drafting such procedures is taking into
consideration a financial institution’s size, complexity and risk profile.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #002060;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">CREDIT
COMMITTEES AND SECONDARY MARKET ACTIVITY<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The interface between credit risk and secondary
market management pertains to several factors, most prominently that the
procedures should be commensurate with the nature of the loan products and
volume of loan origination activity. When Lenders Compliance Group reviews for
secondary market compliance, we always look to ensure that the client has
comprehensive, formally ratified strategies for managing risks. Also, I
recommend that various “contingency plans” be included in how the institution
will respond to reduced demand in the secondary market.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Third-party loan sales are never without some
metric that reflects the measurement of risk: even if a company transfers a
portion of the credit risk, it remains exposed to reputation risk when credit
losses on sold loans or securitization transactions exceed expectations. As a
result, promulgate possible contingency plans for instances where an
institution may deem it necessary to repurchase defaulted mortgage loans to
protect its reputation and maintain access to the markets.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">From the point of view of a regulator, the
repurchase of loans beyond the selling institution’s contractual obligation is
an implicit recourse. Under risk-based capital rules, a repurchasing
institution would be required to maintain risk-based capital against the entire
pool or securitization. Institutions should familiarize themselves with these
guidelines before deciding to support loan pools or buying back loans in
default. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #002060;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">CREDIT
COMMITTEES AND MANAGEMENT REPORTING<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">I can’t overstress the importance of management
reporting and the periodic testing of the reporting systems. Know the risk
profiles of all loan products and provide full accounting of any changes to
such risk! For instance, if the company originates non-traditional mortgages,
reporting systems should allow management to detect any subtle changes in the
risk of this product’s loan portfolio. Among the metrics that should be
reported to management are the elaboration of key loan products, risk-layering
loan features, and certainly borrower characteristics. Reports should also
provide metrics that show the statistical delta for deteriorating performance
in any of the foregoing areas, surely before any such deterioration has
progressed to a point of substantial impact to the portfolio’s or the company’s
financial stability.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Here’s a brief outline of the types of information
that should be set forth in detail in the management report for risk. As an
example, the report would include, but not be limited to:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Loan type (i.e., interest-only loans and payment
option ARMs);</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Risk-layering features (i.e., payment option
ARMs with stated income and interest-only loans with simultaneous second-lien
loans);</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Underwriting characteristics (i.e., LTV, DTI,
credit score); and,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Borrower performance (i.e., payment patterns,
delinquencies, interest accruals). </span></li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">A good report would contain portfolio volume and
performance metrics that track forecasts, internal lending standards and policy
limits. The construct of the report should dig deep into the volume and
performance metrics, even to the sub-portfolio and aggregate portfolio levels.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Many Committees do not know how to evaluate
statistical findings, such as regression analysis. However, most people seem to
have an intuitive feel for variance analyses, which should be performed
regularly to identify exceptions to policies and prescribed thresholds. So, the
Committee should be given a report with variance analysis, inasmuch as it is
critical to the monitoring of portfolio risk characteristics and is an integral
part of establishing and adjusting risk tolerance levels. Without careful
review of such analyses, it is really a lost cause to try to determine how
actual performance deviates from established policies and thresholds.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #002060;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">CREDIT
COMMITTEES AND STRESS TESTING<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Since the huge mortgage meltdown a few years ago,
there has been much banter about stress tests. But, if you think about it,
these tests are just a form of sensitivity analysis. There is no good reason
why competent management would not want to conduct a sensitivity analysis! The
fact is, a financial institution shouldn’t skate away from such analytics.
Based on the size and complexity of the lending operations, banks and nonbanks
should perform sensitivity analysis on key portfolio segments to identify and
quantify events that may lead to an increased risk in a segment or the entire
loan portfolio.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The typical drivers to sensitivity analyses can be
based on many factors, but for lenders in particular the following metrics
would be contained in a stress test repo</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">rt:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Interest rates;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Employment levels;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Economic growth;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Housing value fluctuations, and</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Other factors beyond the institution’s immediate
control. </span></li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If one or more of these metrics deteriorate –
e</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">specially if they deteriorate rapidly! – there might be an immediate need to
assess the potential influence on default rates and loss severity. Where
sensitivity evaluation is on-going, the company is in a better position to
identify, monitor and manage risk, and, mutatis mutandis, move assertively to
develop appropriate and cost-effective loss mitigation strategies. The stress
testing results should provide direct feedback in determining underwriting
standards, product terms, portfolio concentration limits, and capital levels.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #002060;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">CREDIT
COMMITTEES AND ALLL<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Our bank clients are familiar with ALLL, which
stands for “Allowance for Loan and Lease Losses.” But nonbanks would be wise to
make ALLL part of their Committee reviews. Put simply, all financial
institutions, to the extent applicable, should establish an appropriate
allowance for loan and lease losses for the estimated credit losses inherent in
their loan portfolios. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">I tell our bank and nonbank clients to consider the
higher risk of loss posed by layered risks when establishing their ALLL
parameters. In preparing the layered risk metrics, financial institutions must
realize that a limited performance history with any loan products, particularly
in a stressed environment, increases performance uncertainty. Capital levels
should be commensurate with the risk characteristics of the loan portfolios.
Sloppy or overly malleable underwriting standards or poor portfolio performance
may warrant higher capital levels.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">In coordination with the company’s Board of
Directors or Management, the Committee should establish an appropriate ALLL
that takes into consideration the adequacy of capital, and, where needed, loan
portfolios should be segmented into pools with similar credit risk
characteristics. The basic segments typically include:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Collateral and loan characteristics,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Geographic concentrations, and</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Borrower qualifying attributes. </span></li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">But, segmentation should not stop there. Many
institutions differentiate loans by payment and portfolio characteristics, such
as:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Loans on which borrowers usually make only
minimum payments,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Loans with existing balances above original
balances, and</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Loans subject to sizable payment shock. </span></li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The ideal objective is to identify credit quality
indicators that affect the gathering of information for ALLL measurement
purposes. If future loss exposure is to be mitigated adequately, thereby
leading to adjustments in the capital levels, deriving the characteristics
which influence expected performance is an exercise that must be undertaken.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">My firm is retained by financial institutions with
material mortgage banking activities and mortgage servicing assets. We guide
them through the maze of applying sound practices in valuing the mortgage
servicing rights for virtually all mortgage loan products. This valuation
should also not be neglected in ALLL and should follow generally accepted
accounting principles, using reasonable and supportable assumptions.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #002060;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">CREDIT
COMMITTEES AND CONSUMER PROTECTION<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Fundamentally, the Committee is not only a bulwark
for the institution but also acts as a means by which the mortgage loans can be
evaluated for responsiveness to consumer needs as well as flexibility with
respect to borrower eligibility. I can tell you from experience that regulators
are very concerned that consumers may enter into loan transactions without
fully understanding a loan product’s terms. If you think you can rely on
disclosures alone to fulfill your obligations to consumer protection, you
couldn’t be more mistaken.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">For instance, certain loan products have been
advertised and promoted based on their lower initial monthly payments compared
with other types of loans. In this case, the Committee should be reviewing the
advertisements for the loan products. In a year’s time, my firm receives hundreds
of advertisements for review before initiating any contact with the public. Our
clients submit the advertisements for our guidance as a critical component of
their new and existing loan product reviews. For instance, the Committee should
task itself with evaluating promotional materials and other product
descriptions to ensure that information about the costs, terms, features, and
risks can assist consumers in their product selection decisions.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The Committee should be vetting all modalities
involving consumer protection, on a product by product basis. Indeed, any
relevant loan product information relating to consumer protection should be
provided to the Committee in a “timely manner,” which I would describe as a
timeframe before disclosures may be required under any federal or state
regulatory framework.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">In light of these risks, institutions should
implement the following communications directives:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Communications with consumers, including
advertisements, oral statements, promotional materials, and monthly statements,
should provide clear and balanced information about the relative benefits and
risks of these products, including the risk of payment shock and any other
foreseeable risks.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Clear, balanced, and timely communication to
consumers of the risks of loan products will provide consumers with useful
information at crucial decision-making points, such as when they are shopping
for loans or deciding which monthly payment amount to make.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The minimization of potential consumer confusion
and complaints, the fostering of good customer relations, and the reduction of
legal and other risks to the institution. </span></li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">It bears stating that every loan product review
must ensure that all facets of its structure and origination process comply
with all applicable laws and regulations. Federal and state laws, including
laws regarding unfair, deceptive or abusive acts or practices, may apply.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The Committee’s purview is strengthened when the
learning curve keeps narrowing based on experience. If a promotion leads to an incidence
of potential concern to consumer protection, the Committee can use the
knowledge thus gained by being more attentive to providing consumers with
information that is designed to help them make informed decisions when
selecting and using the loan products. Meeting this objective requires
appropriate attention to the timing, content, and clarity of information
presented to consumers.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">For example, if the Committee learns that there are
better timeframes for providing consumers with information that will help them
in selecting products and choosing among payment options, an adjustment in such
notification can be made when a consumer is shopping for a mortgage or at the
point of sale. In other words, consumer protection is active when the consumer
makes an inquiry to the institution about a loan product and receives
information about it, or when marketing relating to loan products is provided
by the institution to the consumer – not just upon the submission of a loan
application or at consummation. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">I have noticed certain consumer protection issues
coming up time and again in Credit Committee meetings. I have sat on bank Audit and Examination
Committee meetings and, where my firm has been retained to conduct an internal
audit, I include these incidences in my report. Here are but a few incidences
that our audits have shown as being reported to the Committee:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Giving consumers unwarranted assurances or
predictions about the future direction of interest rates (and, consequently,
the borrower’s future obligations);</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Making one-sided representations about the cash
savings or expanded buying power to be realized from certain loan products;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Suggesting that initial minimum payments will
cover accrued interest (or principal and interest) charges; and,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Making misleading claims that interest rates or
payment obligations are “fixed.” </span></li>
</ul>
<br />
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #002060;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">CREDIT
COMMITTEES AND ADMINISTRATION<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Virtually all parts of the loan flow process, from
point of sale to securitization, should come under the Committee’s purview,
where it can develop and use strong control systems to monitor that actual
practices are consistent with the policies and procedures relating to the loan
products – which brings me to the subject of the range of control systems and
pathways needed to address compliance and consumer information concerns as well
as safety and soundness considerations.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The Committee must ensure that lending personnel
are trained so that they are able to convey information to consumers about
product terms and risks in a timely, accurate, and balanced manner. As products
evolve and new products are introduced, lending personnel should receive
additional training, as necessary, to continue to be able to convey information
to consumers in this manner. Lending personnel should be monitored to determine
whether they are following these policies and procedures.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">In addition, the Committee should receive real time
and periodic reports of any reviews relating to consumer complaints. Without
such information, the institution has no internal group that is centrally able
to identify potential compliance, reputation, and other risks involving the
extension of credit. Attention should be paid to appropriate legal review and
to evaluating compensation programs to ensure that they do not improperly
encourage lending personnel to direct consumers to particular products.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">With respect to loans that an institution makes,
purchases, or services using a third party, such as a mortgage broker,
correspondent, or other intermediary, the institution should take appropriate
steps to mitigate risks relating to compliance and consumer information.
Therefore, the Committee should be empowered to take steps to manage
third-party originations risks, such as:</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"> </span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Conducting due diligence and establishing other
criteria for entering into and maintaining relationships with such third
parties;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Establishing criteria for third-party
compensation designed to avoid providing incentives for originations
inconsistent with this guidance;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Setting requirements for agreements with such
third parties;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Establishing procedures and systems to monitor
compliance with applicable agreements, institution policies, federal and state
regulations and laws; and,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Implementing appropriate corrective actions in
the event that the third party fails to comply with applicable agreements,
institution policies, or laws. </span></li>
</ul>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The Credit Committee should be considered the
point of convergence and central hub of the management function. All
departmental roads should lead </span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">to it! A financial institution that simply relies
on the loan origination process to move along like cakes on a conveyor belt is
sooner or later going to be caught up in its own complacency.</span>Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-31645423889251596962018-09-18T14:06:00.000-04:002018-09-18T14:06:12.260-04:00Mortgage Fraud Challenges: How to Catch a Crook<br />
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Chairman & Managing Director</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Two of our Directors will be
attending the MBA’s “Risk Management, QA & Fraud Prevention Forum,” held in
Los Angeles, in September. Attending this venue will be Brandy George, who is
the Executive Director of LCG Quality Control and Michael Pfeifer, who is a
Director of Legal and Regulatory Compliance. I remember attending the first
forum many years ago. The attendance was modest. Although risk management was
strengthening, I felt the term risk management was much too broad, as it could
be (and was) applied to many industries. So, I coined the term “Mortgage Risk
Management” and it caught on! My view has been that mortgage banking poses a
unique set of risks that require significant knowledge, experience, and
expertise. Turns out, this insight has been reinforced over the years. Now,
this event is highly attended and is brimming with new ways to handle quality
assurance, mortgage fraud prevention, and risk management oversight.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">As I contemplated this forthcoming
conference, I thought of the difficulties that mortgage originators have in
handling the challenges of mortgage fraud in particular. This is a nasty
business and not for the faint hearted! When my firm conducts audits of the
loan flow process, it is not unusual to find gaps – perhaps ‘chasms’ is a
better word! – in a company’s procedures for managing mortgage fraud risk. It
still surprises me, after so many decades in mortgage banking compliance and
financial institution management, that the fraudsters seem to have no limit to
their scheming, conniving, crafty, wily, and underhanded cunning. These guys
are as slippery as a darkly oleaginous grease slick.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Maybe I can’t stop these swindlers
and shysters from doing what they do, but I can let you know some of the
lessons my firm, Lenders Compliance Group®, has learned in knowing how to
identify and trap them. I may not have all the answers, but I sure do have a
lot of experience in hooking the crook. So, come with me on a brief walk
through the mortgage fraud maze, as I jot down some of my reflections, and
perhaps you should consider using some of my ideas to fine-tune your own
mortgage fraud prevention procedures.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Let’s start with a simple outline
of what fraudsters do!<o:p></o:p></span></span></div>
<div align="right" class="MsoNormal" style="text-align: right;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Committing"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Committing Fraud</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">During the mortgage lending
process, a fraudster is a person who knowingly does any of the following:</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<br /></div>
<ul style="margin-top: 0in;" type="disc">
<li class="MsoNormal" style="line-height: 150%; mso-list: l5 level1 lfo1; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Makes, uses, or facilitates any deliberate
misstatement, misrepresentation, or omission with the intention that it be
relied upon by a mortgage lender, borrower, or any other party to the
mortgage lending process;</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l5 level1 lfo1; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Receives any proceeds or any other funds in
connection with a closing involving mortgage fraud; or</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l5 level1 lfo1; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Files or causes to be filed with the county
recorder, any document that contains a deliberate misstatement,
misrepresentation, or omission.</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">In my view, there are two types of mortgage
fraud: the first is fraud for property, and the second is fraud for profit.</span><br />
<a name='more'></a><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The first type <a href="https://www.blogger.com/null" name="Bookmark_TAAD"></a><a href="https://www.blogger.com/null" name="Bookmark__3"></a>is where f<span style="color: black;">raud occurs for
property (i.e., housing) and usually entails some kind of misrepresentations (for
instance, employment history, claimed income) by the applicant solely to
purchase property for a primary residence, generally. Schemes usually involve a
single loan. Although applicants may embellish income and conceal debt, their
intent is to repay the loan.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The second type is even more pernicious. <a href="https://www.blogger.com/null" name="Bookmark_TAADAAD"></a><a href="https://www.blogger.com/null" name="Bookmark__3_c"></a><span style="color: black;">Fraud for profit causes much concern to law enforcement and the mortgage
industry. Often, this type of fraud involves multiple loans and elaborate
schemes to gain illicit proceeds from property sales. Gross misrepresentations
of appraisals and loan documents are most common, and loan applicants are
frequently paid for their participation. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">You may not like to read this, but
FinCEN long ago reported that perpetrators are often industry professionals who
are familiar with the mortgage loan process and know how to exploit
vulnerabilities in the system. These professionals can include accountants,
mortgage brokers and lenders. When my firm conducts audits, we do not assume
that the fraudsters are only external actors. Unfortunately, there are numerous
instances of internal actors who know how to game the procedures, often leading
to injurious outcomes. To commit fraud, industry professionals often
misrepresent factors in multiple loan transactions, such as borrower income,
debt, assets, and employment.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Indeed, fraud for profit often
impacts more than one financial institution and involves co-conspirators who
corroborate fabricated information. Think of such examples as documenting their
misrepresentations through inflated appraisals and inaccurate employment
histories. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Here is a very brief list of
malevolent stratagems that fraudsters employ to carry out their schemes:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<ul style="margin-top: 0in;" type="disc">
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">False claims</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Omission of information</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Inflated credit scores (authorized user scam)</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Fraudulent warranty deeds</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Fraudulent quitclaim deeds</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Falsified tax returns</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Bogus bank statements</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Phony company</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Collusion</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Pyramiding to conceal misappropriation</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Rented assets</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Purchased false documentation</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Mortgage loan from another lender or seller held
second</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l1 level1 lfo2; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Limited verification programs (NIV, No Ratio,
NINA, No Doc)</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Reporting"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Reporting Fraud</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">So, what do you do if you catch a crook?</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Mortgage fraud is
investigated by the Federal Bureau of Investigation and can be punishable by up
to 30 years in federal prison or $1,000,000 fine, or both. It is illegal for a
person to make any false statement regarding income, assets, debt, or matters
of identification, or to willfully overvalue any land or property in a loan and
credit application, for the purpose of influencing in any way the action of a
financial institution.</span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">There
are specific statutes that get triggered. <span style="color: black;">Applicable
federal criminal statutes include:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<ul style="margin-top: 0in;" type="disc">
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Statements or
entries generally;<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[1]</span></span><!--[endif]--></span></span></span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">HUD and Federal
Housing Administration transactions;<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[2]</span></span><!--[endif]--></span></span></span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Loan and credit
applications, generally;<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[3]</span></span><!--[endif]--></span></span></span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Fraud and related
activity in connection with identification documents;<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[4]</span></span><!--[endif]--></span></span></span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Frauds and
swindles by mail;<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[5]</span></span><!--[endif]--></span></span></span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Fictitious name
or address;<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[6]</span></span><!--[endif]--></span></span></span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Fraud by wire;<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[7]</span></span><!--[endif]--></span></span></span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Bank fraud;<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[8]</span></span><!--[endif]--></span></span>
and,</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l0 level1 lfo3; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">False social
security number.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[9]</span></span><!--[endif]--></span></span></span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
</ul>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">When mortgage fraud is
suspected, criminal charges can include identity theft, grand theft, wire
fraud, money laundering, and forgery, to name a few, each of which carries its
own brand of civil monetary and criminal penalties. Because of the growth in
mortgage fraud, some states have moved to establish their own mortgage fraud
laws. To pick but one, the Georgia Residential Mortgage Fraud Act, for
instance, provides a definition of residential mortgage fraud and outlines
terms of punishment for violation of the law.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[10]</span></span><!--[endif]--></span></span></span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">This state law amends
the Georgia Racketeer Influenced and Corrupt Organizations Act (RICO) to
include residential mortgage fraud within the definition of racketeering
activity. Under the statute, the crime of residential mortgage fraud is
committed when people make deliberate misstatements or omissions during the
mortgage lending process, with the intention that it will be relied on or, if
they receive proceeds from a closing that they knew resulted from these types
of omissions or lies.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">The Georgia law provides
for felony penalties of 1 to 10 years in jail and/or a $5,000 fine. If a
pattern of fraud is found, the penalties become 3 to 20 years in jail and/or a
fine of $100,000. The law also provides that property that comes under the
bill’s provisions is subject to forfeiture.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Some states are
following Georgia’s example, while others are working on variations of what
Georgia enacted. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Some of these
variations, nevertheless, set forth some common features, such as:</span><o:p></o:p></span></div>
<ul style="margin-top: 0in;" type="disc">
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; mso-list: l15 level1 lfo4; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Requiring a person convicted of mortgage fraud to pay
restitution to the victim,</span><o:p></o:p></span></li>
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; mso-list: l15 level1 lfo4; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Creating a mortgage lending fraud protection fund,</span><o:p></o:p></span></li>
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; mso-list: l15 level1 lfo4; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Requiring the Attorney General to develop mortgage fraud
prosecution guidelines,</span><o:p></o:p></span></li>
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; mso-list: l15 level1 lfo4; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Creating optional disclosures to borrowers and third parties
(i.e., stating mortgage fraud is a criminal offense)</span><o:p></o:p></span></li>
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; mso-list: l15 level1 lfo4; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Incorporating mortgage fraud into existing criminal or civil
statutes,</span><o:p></o:p></span></li>
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; mso-list: l15 level1 lfo4; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Narrowing mortgage fraud to apply only to certain mortgage
professionals or acts, and</span><o:p></o:p></span></li>
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; mso-list: l15 level1 lfo4; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Creating new investigatory and enforcement provisions.</span><o:p></o:p></span></li>
</ul>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">It is worth noting
that the MBA has gone on record saying that individual state mortgage fraud
laws may make prosecution more difficult until sufficient case law is available
for attorneys and judges under the new provisions. The view is that existing
federal laws have been used to successfully prosecute mortgage fraud cases.
Furthermore, it is also argued some states that allow private right of action
against mortgage fraud perpetrators may create frivolous lawsuits without
producing material reduction in mortgage fraud. I’m not so sure I agree with
this view. After all, state banking departments have a legal obligation to exam
their licensees for the purpose of protecting the consumer. In their role as
consumer protection and advocacy agencies, state banking departments recognize
that mortgage fraud is one of the most devastating plagues affecting
individuals and entire communities. Although litigation has been building, it’s
hard to tell when there will be case law to prevail in the prosecution of
mortgage fraud. Meanwhile, the fraudsters keep spinning their yarn!<o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="line-height: 13.0pt; margin-top: 10.0pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Solving"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Solving
Fraud</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">I do
not think mortgage fraud is going away! Then again, neither is thunderstorms.
But that doesn’t mean we should ignore taking an umbrella when a storm is on
the way! Therefore, I am going to spend the rest of this article discussion
solutions to reducing mortgage fraud. Emphasis will be placed on identifying
and reducing fraud. <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">I believe there are three primary solutions to preventing mortgage
fraud. When we do our audits, sometimes I see the outcome of poorly written or
improperly implemented procedures in the loan flow process. I say to myself,
“If only they had done this,” or “If only they had done that!” The issues
always seem to come down to having solutions that are time-tested.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The three solutions are:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 3.0pt; text-align: justify;">
<br /></div>
<ol start="1" style="margin-top: 0in;" type="1">
<li class="MsoNormal" style="color: black; line-height: 150%; mso-list: l18 level1 lfo5; text-align: justify;"><span style="line-height: 150%;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Expanding the underwriting process,<o:p></o:p></span></span></li>
<li class="MsoNormal" style="color: black; line-height: 150%; mso-list: l18 level1 lfo5; text-align: justify;"><span style="line-height: 150%;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Considering predictive models that reject loans in
pre-funding, and<o:p></o:p></span></span></li>
<li class="MsoNormal" style="color: black; mso-list: l18 level1 lfo5; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Implementing Red Flag training, fraud
prevention control reviews, and fraud detection questionnaires.<o:p></o:p></span></li>
</ol>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="color: black; line-height: 150%;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">I supposed the first
two are somewhat obvious. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: 150%; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">The underwriting
process should include:</span><span style="line-height: 150%;"><o:p></o:p></span></span></div>
<ul style="margin-top: 0in;" type="disc">
<li class="MsoNormal" style="line-height: 150%; mso-list: l7 level1 lfo6; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Authenticating
and verifying all documents;</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l7 level1 lfo6; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Using notaries
for signatures;</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l7 level1 lfo6; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Confirming values;</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l7 level1 lfo6; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Confirming
appraiser identities;</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="line-height: 150%; mso-list: l7 level1 lfo6; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black; line-height: 150%;">Confirming real
estate; and</span><span style="line-height: 150%;"><o:p></o:p></span></span></li>
<li class="MsoNormal" style="mso-list: l7 level1 lfo6; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Verify almost everything.</span><o:p></o:p></span></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Predictive models are relatively new in the mortgage field. There
are models that can predict if a lender’s pre-funded loans, if booked, would
stop paying within the first six months. Some analytics can show that mortgage
early payment defaults can be linked to a significant misrepresentation on the
original loan application, such as:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<ul style="margin-top: 0in;" type="disc">
<li class="MsoNormal" style="mso-list: l17 level1 lfo7; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Income inflated by a significant
percent;</span><o:p></o:p></span></li>
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; mso-list: l17 level1 lfo7; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Appraisals overvaluing the property by an excessive percent;
and</span><o:p></o:p></span></li>
<li class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; mso-list: l17 level1 lfo7; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Fictitious employers and/or falsified tax returns.</span><o:p></o:p></span></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">On the obverse, there are models that show loans containing
egregious misrepresentations were more likely to default in the first six
months than loans - but did not.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The
third solution – implementing Red Flag training, fraud prevention control
reviews, and fraud detection questionnaires – is the “big bucket” solution. I
am going to set forth an outline that could help you conceptualize the
challenges involving mortgage fraud, as it relates to this third prong. <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Red"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Red Flags</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The
term "Red Flags" is often associated with potentially suspicious
activities for both money laundering and terrorist financing. Since mortgage
fraud is a preferred means by which money laundering takes place, it is
important to review the Red Flags list compiled by the Financial Crimes
Enforcement Network (FinCEN).<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[11]</span><!--[endif]--></span></span>
Although these lists are not all-inclusive, they should be consulted and used
as a way to remain sensitized to the ways that fraudsters use mortgage fraud
for a host of illicit purposes, such as money laundering and terrorist
financing schemes.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The
Federal Trade Commission (FTC) has set forth its own Red Flags Rule<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[12]</span><!--[endif]--></span></span>
to help prevent identity theft. The FTC also provides a very helpful list. It
provides twenty-six Red Flags in these five areas: (1) Alerts, Notifications or
Warnings from a Consumer Reporting Agency; (2) Suspicious Documents; (3) Suspicious
Personal Identifying Information; (4) Unusual Use of, or Suspicious Activity
Related to, the Covered Account; and (5) Notice from Customers, Victims of
Identity Theft, Law Enforcement Authorities, or Other Persons Regarding
Possible Identity Theft in Connection With Covered Accounts Held by the Financial
Institution or Creditor.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[13]</span><!--[endif]--></span></span><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Bookmark_TAACAAB"></a><a href="https://www.blogger.com/null" name="Bookmark__2_a"></a><span style="color: black;">Most important to
mortgage fraud prevention is the use of Red Flags and controlling for them
throughout the mortgage loan process. Lenders Compliance Group® believes controlling
for a wide range of risks is so critical to a company’s survival that we
established a Director’s position for it, which is held by Michelle Leigh,
CRCM, Director of Regulatory Audits and Controls. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The
following is a “checklist” approach that you can perform in the loan
origination process. Many of these Red Flags come from many years of audits and
due diligence reviews. You may need a firm such as Lenders Compliance Group® to
conduct a comprehensive and independent audit; however, there really is no
reason why you can’t undertake many aspects of this kind of review on your own.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Where"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060;">Where to begin? Applications!</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Red Flags
begin right at the point of sale, that is, when the loan application is taken. <span style="color: black;">The mortgage application is the initial document completed
by the borrower that provides the financial institution with comprehensive
information concerning the borrower’s identity, financial position and
employment history.</span><a href="https://www.blogger.com/null" name="Bookmark_TAACAAC"></a><a href="https://www.blogger.com/null" name="Bookmark__2_b"></a><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Application Red Flags include the following:</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The application is unsigned or
undated, or power of attorney is used.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The borrower cannot execute
documents — investigate if formal supporting documentation exists.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Signatures on credit documents are
illegible and no supporting identification exists.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Price and date of purchase is not
indicated.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower is selling his current residence
but does not provide documents to support a sale.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Down payment is not in cash (i.e.,
source of deposit is a promissory note or repayment of a personal loan).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower has high income with
little or no personal property.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower’s age is not consistent
with the number of years of employment.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower has an unreasonable
accumulation of assets compared to income or has a large amount of
unsubstantiated assets.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower claims to have no debt.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower owns an excessive amount
of real estate.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">New housing expense exceeds 150
percent of current housing expense.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A post office box is the only
indicated address for the borrower’s employer.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The same telephone number is used
for the borrower’s home and business.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Application date and verification
form dates are not consistent.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Patterns or similarities are
apparent from applications received from a specific seller or broker — certain
brokers are unusually active in a soft real estate market.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Concentration of loans to
individuals related to a specific project is noted.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower does not guarantee the
loan or will not sign in an individual capacity.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower’s income is not
consistent with job type.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Employer is an unrealistic
commuting distance from property.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Years of education are not
consistent with borrower’s profession.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Borrower is buying investment
properties with no primary residence.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Transaction resulted in a large
cash-out refinance as a percent of the loan amount.</span> </li>
</ul>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="How"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">How to avoid application fraud? Take
control!</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Controlling
for application fraud includes the following actions:</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish an employee training
program that provides instruction on understanding common mortgage fraud
schemes and recognizing Red Flags.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct pre-funding reviews on new
production.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Closely monitor new brokers,
correspondents, and products.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Track performance using scorecard
criteria. Typical tracking data includes:</span></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Default rates,</span></li>
</ul>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Pre-purchase cycle
times,</span></li>
</ul>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Loan quality
indicators such as underwriting exceptions, and</span></li>
</ul>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Key data changes prior
to approval.</span></li>
</ul>
</blockquote>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Verify the source of down payment
funds by directly contacting the institution where funds are shown deposited.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Closely analyze the borrower’s
financial information for unusual items or trends.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Independently verify employment by
researching the location and phone number of the business</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Employ pre-funding and
post-closing reviews to detect any inconsistencies within the transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct risk-based quality control
audits prior to funding.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Ensure that prior liens are
immediately paid from new loan proceeds.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Assess the volume of critical
post-closing missing documents, determining the potential for repurchase
recourse, and evaluating reserve adequacy.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Monitor the real estate markets
from the locale in which the institution’s mortgage loans originated.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish a periodic independent
audit of mortgage loan operations.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Provide fraud updates/alerts to
employees.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Review patterns on declined loans
(i.e., individual social security number, appraiser, real estate agent, loan
officer, broker, etc.).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish a fraud hotline for
anonymous fraud tips.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Increase the use of original
supporting documentation on third party transactions (i.e., wholesale and
correspondent originations).</span> </li>
</ul>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="CheckCollateral"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Check the
Collateral for Appraisal Fraud!</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">An appraisal is a written report that is supposed to be
independently and impartially prepared by a qualified individual, stating an
opinion of market value of a property as of a specific date. But fraudsters
have found multiple ways to mess with appraisals.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Appraisal Red Flags include the following:</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The appraiser is a frequent or
large volume borrower at the financial institution.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The appraiser owns property in the
project being appraised. This is a violation of the appraisal regulations and
raises concerns about appraiser independence and bias.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The most recent assessed tax value
does not correlate with the appraisal’s market value.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The appraiser used is not on the
institution’s designated list of approved appraisers.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The appraiser is from outside the
area (and may not be familiar with local property values – understanding of
local market nuances is critical to an accurate property valuation).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An appraisal is ordered by a party
to the transaction other than the financial institution, such as the buyer,
seller, or broker.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An appraisal is ordered before the
sales contract is written.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Certain information is left blank,
such as the borrower, client, or occupant.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The appraised value is contingent
upon curing some property defects (i.e., drainage problems or a zoning change).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Comparables are not verified as
recorded, or are submitted by a potentially biased party, such as the seller or
broker.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Old comparables (usually 9 to 12
months old) are used in a “hot” market.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Comparables are an excessive
distance from the subject property or are not in the subject property’s general
area.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Comparables all contain similar
value adjustments or are all adjusted in the same direction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">All comparables are on properties
appraised by the same appraiser.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Unusual or too few comparables are
used.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Similar comparables are used
across multiple transactions.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Comparables and valuations are
stretched to attain desired loan-to-value parameters.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Excessive adjustments are made in
an urban or suburban area, when the marketing time is less than six months.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Appreciation is noted in a stable
or in declining areas.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Large unjustified valuation
adjustments are shown.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The land constitutes a large
percentage of the value.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The market approach greatly
exceeds the replacement cost approach.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Overall adjustments are in excess
of 25 percent.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Photos do not match the
description of the property.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Photos of comparables look
familiar.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Photos reveal items not disclosed
in the appraisal, such as a commercial property next door, railroad tracks,
etc.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Items with the potential for
negative valuation adjustments (i.e., power lines, railroad tracks, landfills)
are avoided in appraisal photos.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Loan amounts are disclosed to the
appraiser.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">File documentation is inadequate
to determine whether appraisals were properly scrutinized or supported by
additional appraisal reviews.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The appraisal fee is based on a
percentage of the appraised value.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Independent reviews of external
fee appraisals are never conducted.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">One or more sales of the same
property have occurred within a specified period (say, 6 to 12 months) and
exceed certain value increases (usually 10 percent or more value increase).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A fax of the appraisal is used in
lieu of the original, containing signature and certification of appraiser.</span><b><span style="font-variant-caps: small-caps; font-variant-east-asian: normal; font-variant-numeric: normal;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> </span></o:p></span></b></li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="ControllingAppraisal"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Controlling
for Appraisal Fraud</span></b></a><a href="https://www.blogger.com/null" name="Bookmark_TAACAAE"></a><a href="https://www.blogger.com/null" name="Bookmark__2_d"></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Amongst the most important appraisal controls, the following should
be considered non-negotiable actions:</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establishing an employee training
program that provides a good overview of common mortgage fraud schemes, the
appraisal regulation, the real-estate lending standards regulation, appraisal
techniques, and Red Flag recognition</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Implementing a strong appraisal
and evaluation compliance review process that is incorporated into the
pre-funding quality assurance program.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Ensuring reviewers identify
violations of regulations and noncompliance with real estate lending standards
and other interagency guidance.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establishing an approved appraiser
list for use by retail, broker, and correspondent origination channels. This
list should be generated and controlled by a unit independent of production.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Obtaining a current copy of each appraiser’s
license or certificate.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Implementing “watchlist” and
monitoring systems for appraisers who exhibit suspect practices, issues, and
values.</span></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Note: include a post-closing
review to detect any transaction inconsistencies.</span></li>
</ul>
</blockquote>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establishing a “suspended” or
“terminated” list of appraisers who have provided unreliable valuations or
improper practices.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Implementing controls to ensure
that “terminated” appraisers are prohibited from engaging in future
transactions with the financial institution, its brokers, and correspondents.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Implementing third-party appraisal
controls to ensure compliance with regulatory guidance, specifically as it
applies to appraisals and evaluations ordered by loan brokers, correspondents,
or other institutions.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Developing appraisal requirements
based on transaction risks.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Statistically testing the
appropriateness of appraisals obtained by brokers and correspondents by
obtaining independent AVMs and appraisals.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establishing an independent
appraisal review/collateral valuation unit to research valuation discrepancies
and provide technical oversight.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Reviewing the appraisal’s
three-year sales history to determine if land flips are occurring.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Performing detailed research on
each appraiser’s business history and financial condition.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Physically verifying the location
and condition of selected subject properties and comparables.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Monitoring real estate market
values in areas that generate a high volume of mortgage loans and where concentrations
exist.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Employing pre- and post-closing
quality control reviews to detect inconsistencies within the transaction and
hold production units financially accountable for proper documentation and
quality.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conducting periodic independent
audits of mortgage loan operations.</span> </li>
</ul>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Catching"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Catching Credit Report Fraud</span></b></a><a href="https://www.blogger.com/null" name="Bookmark_TAACAAF"></a><a href="https://www.blogger.com/null" name="Bookmark__2_e"></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">A credit report is an evaluation of an individual’s debt repayment
history.</span> But there are obvious and not-so-obvious
Red Flags involving credit reports. To name a few, consider the following:</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The absence of a credit history
can indicate the use of an alias and/or multiple social security numbers.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A borrower recently paying all
accounts in full (this can indicate an undisclosed consolidation loan).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Indebtedness disclosed on the
application differs from that in the credit report.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The length of time items remain on
file is inconsistent with the buyer’s age.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The borrower claims substantial
income but only has credit experience with finance companies.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">All trade lines were opened at the
same time with no explanation.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A pattern of delinquencies exists
that is inconsistent with the letter of explanation.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Recent inquiries from other
mortgage lenders are noted.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">AKA (also known as) or DBA (doing
business as) are indicated.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The borrower cannot be reached at
his place of business.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The financial institution cannot
confirm the borrower’s employment.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Debt-to-Income (DTI) ratios are
right at maximum approval limits.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Employment information/history on
the loan application is not consistent with the verification of employment
form.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Credit bureau alerts exist for
social security number discrepancies, address mismatches, or fraud victim
alerts.</span><b style="text-align: justify;"><span style="font-variant-caps: small-caps; font-variant-east-asian: normal; font-variant-numeric: normal;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> </span></o:p></span></b></li>
</ul>
<div align="center" class="MsoNormal" style="margin-left: .25in; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="ControllingCredit"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Controlling
Credit Report Fraud: Common Sense Tactics</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="margin-left: .25in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-left: .25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Credit report controls must include
the following actions and decisions.</span></span></div>
<div class="MsoNormal" style="margin-left: .25in; text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish an employee training
program that provides instruction on understanding common mortgage fraud
schemes, analyzing credit reports, and recognizing Red Flags.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Include an analysis of the credit
report in the pre-funding quality assurance program.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Make direct inquiries to the
borrower and creditors to get an explanation of unusual or inconsistent
information.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Obtain an updated credit report if
the one received is older than six months.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Independently verify employment by
researching the location and phone number of business.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Implement a post-closing review to
detect any inconsistencies within the transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish a periodic independent
audit of mortgage loan operations.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Define DTI calculation criteria
and conduct training to ensure consistency and data integrity.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Clarify non-borrower spouse
issues, such as community property issues and the impact of bankruptcy and
debts on the borrower’s repayment capacity.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Ensure lease obligations are
reflected in borrower debts and repayment capacity.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct real estate verification
of credit to ensure accuracy of broker/correspondent provided credit reports.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Obtain more than one report from
multiple repositories available to corroborate the initial credit report if
data appears questionable.</span><a href="https://www.blogger.com/null" name="Escrow" style="text-align: center;"><b><span style="color: #002060; font-variant-caps: small-caps; font-variant-east-asian: normal; font-variant-numeric: normal;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> </span></o:p></span></b></a></li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-bookmark: Escrow;"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Escrow
and Closing: Weak Links in Fraud Prevention</span></b></span><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">A closing or settlement is the act of transferring ownership of a
property from seller to buyer in accordance with the sales contract.</span> <span style="color: black;">Escrow is an
agreement between two or more parties that requires certain instruments or
property be placed with a third party for safekeeping, pending the fulfillment
or performance of a specific act or condition. This stage of the loan
origination process is fraught with mortgage fraud calamities. Not every marker
of fraud means fraud has happened; but almost every occurrence of fraud has a
marker. <o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Consider these Red Flags as representative of an immense number of
monstrous abuses.</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Related parties are
involved in the transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The business entity acting as the seller
may be controlled by or is related to the borrower.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Right of assignment is included
that may hide the borrower’s actual identity.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Power of attorney is used, and
there is no documented explanation about why the borrower cannot execute
documents.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The buyer is required to use a
specific broker or lender.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The sale is subject to the seller
acquiring title.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The sales price is changed to
“fit” the appraisal.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">No amendments are made to escrow.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A house is purchased that is not
subject to inspection.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Unusual amendments are made to the
original transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Cash is paid to the seller outside
of an escrow arrangement.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Cash proceeds are paid to the
borrower in a purchase transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Zero funds are due from the buyer.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Funds are paid to undisclosed
third parties, indicating that there may be potential obligations by these
parties.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Odd amounts are paid as escrow
deposits or down payment.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Multiple mortgages are paid off.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The terms of the closed mortgage
differ from terms approved by the underwriter.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Unusual credits or disbursements
are shown on settlement statements.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Discrepancies exist between the settlement
statement and escrow instructions.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A difference exists between sales
price on the settlement and sales contract.</span><b><span style="font-variant-caps: small-caps; font-variant-east-asian: normal; font-variant-numeric: normal;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> </span></o:p></span></b></li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Fending"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Fending Off Escrow and Closing Fraud</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large; text-indent: -0.25in;">Escrow and closing
controls include the following ac</span><span style="text-indent: -0.25in;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">tions:</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish an employee training
program that provides an understanding of common mortgage fraud schemes, proper
closing procedures, and recognizing Red Flags.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Provide the closing agent with
instructions specific to each mortgage transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Instruct the closing agent to
accept certified funds only from the financial institution that is the verified
depository.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Require the closing agent to
notify the financial institution if the agent has knowledge of a previous,
concurrent, or subsequent transaction involving the borrower or the subject
property.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Obtain a specific transaction
closing protection letter from the closing agent.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Implement controls to ensure loan
proceeds fully discharge all debts and prior liens as required.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Employ pre- and post-closing
reviews to detect any inconsistencies within the transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct periodic independent
audits of mortgage loan operations.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Use IRS Form 4506 on all loans to
facilitate full investigation of future fraud allegations.</span><b><span style="font-variant-caps: small-caps; font-variant-east-asian: normal; font-variant-numeric: normal;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> </span></o:p></span></b></li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="FraudMortgage"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Fraud
committed by Mortgage Originators</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">For the sake of providing a relatively uncontroversial definition
of a mortgage originator for this outline, I would define one as a person who,
for a fee, originates and places loans with a financial institution or an
investor but does not service the loan. A m</span>ortgage
originator may use its own funds, or funds borrowed from a warehouse lender, to
fund mortgages. After a mortgage is originated, a mortgage originator might
retain the mortgage in portfolio or might sell it to an investor. <span style="color: black;">That’s a very broad-based definition and should suffice to
discuss how fraud is committed by mortgage originators.<span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[14]</span></span><!--[endif]--></span></span></span><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Consider the Red Flags we have identified over many years of
audits, including schemes known to compliance personnel, regulators, and risk
management firms such as Lenders Compliance Group®. Indeed, the list just
grazes the huge number of fraudulent treacheries belabored by mortgage originators.</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">No attempt is made to determine
the financial condition of the mortgage originators or obtain references and
background information.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A close relationship exists
between the mortgage originators, appraiser, and lender, raising independence
questions.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The broker acts as an advocate for
the borrower instead of serving as the financial institution’s
representative/agent.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">High “yield spread premiums” are
paid by the financial institution.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Original documents are not
provided to the funding financial institution within a reasonable time.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An unusually high volume of loans
with maximum loan-to-value limits have been originated by one mortgage originator.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An uncommonly large number of
foreclosures, delinquencies, early payment defaults, prepayments, missing
documents, high-risk fraud characteristics, quality control findings, or
compliance problems exist on loans purchased from any mortgage originator.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A large volume of loans from one mortgage
originator arrives using the same appraiser.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">High repurchase volume exists for
a specific mortgage originator.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Numerous applications from a
particular mortgage originator are provided possessing unique similarities.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A high volume of loans exists in
the name of trustees, holding companies, or offshore companies.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An unusually large increase is
noted in overall volume of loans during a short time period.</span> </li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="ControllingMortgage"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Controlling
Out-of-Control Mortgage Originators</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct an initial
acceptance review and obtaining documentation to support mortgage originator
approval.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Review the mortgage originator’s
financial information as stringently as for other real estate borrowers.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Ensure the financial institution’s
mortgage originator agreements requiring mortgage originators to act as the
financial institution’s representative/agent.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Independently verify the mortgage
originator’s background information by checking business history outside of
given references.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Obtain a new credit report for the
mortgage originator and checking for recent debt at other financial
institutions.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Obtain resumes of principal
officers, primary loan processors, and key employees.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct state license verification.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct criminal background checks
and adverse data base searches.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct an annual real
estate-certification of mortgage originators.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct pre-funding reviews on all
new production utilizing a pre-funding checklist.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Conduct quality control (QC)
underwriting reviews.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Base mortgage originator
compensation incentives on credit quality, documentation completeness,
prepayments, fraud, and compliance.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish measurable criteria that
trigger recourse to the mortgage originator, such as misrepresentation, fraud,
early payment defaults, failure to promptly deliver documents, and prepayments
(loan churning).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Hold mortgage originators and
third-party contract underwriters responsible for gross negligence, willful
misconduct, and errors/omissions that materially restrict salability or reduce
loan value.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish a mortgage originator
scorecard to monitor volume, prepayments, credit quality, fallout, FICO scores,
LTVs, DTIs, delinquencies, early payment defaults, foreclosures, fraud,
documentation deficiencies, repurchases, uninsured government loans, timely
loan package delivery, concentrations, and QC findings.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Perform detailed vintage analysis,
and tracking delinquencies and prepayments by number and dollar volume.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Closely monitor the total number
of loans and products from a single mortgage originator.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish an employee training
program that provides instruction on understanding common mortgage fraud
schemes and the roles of a mortgage originator and on recognizing Red Flags.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish a periodic audit of the originated
mortgage loan operations, with specific focus on the approval process.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Perform social security number
validation procedures to validate borrower identity.</span><b><span style="font-variant-caps: small-caps; font-variant-east-asian: normal; font-variant-numeric: normal;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> </span></o:p></span></b></li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<a href="https://www.blogger.com/null" name="CheckingTitle"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Checking
for Title Insurance Fraud<o:p></o:p></span></span></b></a></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="mso-bookmark: CheckingTitle;"></span>
</span><br />
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Title insurance refers to an insurance policy that protects the
holder, lender, and/or owner from loss sustained by defects in the title. One
way to understand this conduit to fraud is to realize it is a perfect access
point for such chicanery. When a property is purchased, a lender and/or owner
would require a title search and a title report (i.e., opinion), a document
stating the status of the title, noting the existence of liens, easements,
covenants, or other claims and defects. Considering the range of possibilities
for wrong-doing, what could go wrong?</span><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">Title insurance fraud has numerous Red Flags, of which the
following are often committed by fraudsters who are “caught in the act.”</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The seller either is not on the
title or is not the same as shown on the appraisal or sales contract.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The seller owned the property for
a short time with cash out on the sale.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The buyer has a pre-existing
financial interest in the property.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The chain of title includes the
buyer, realtor, or mortgage originator.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The title insurance or opinion was
prepared for and/or mailed to a party other than the lender.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Income tax or similar liens are
noted against the borrower on refinances.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Delinquent property taxes exist.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A notice of default is recorded.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A modification agreement is
apparent on an existing loan(s).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A judgment exists against the
borrower and is not shown on the credit report.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Lien holders are not shown on the
settlement statement.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The title policy is not issued on
the property with the lien or on the whole property.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Faxes of documents are used rather
than originals or certified copies.</span> </li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="ThreeBasic"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Three Basic Rules for Controlling Title Insurance
Fraud</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish an employee training
program that provides instruction on understanding common mortgage fraud
schemes, evaluating title insurance/opinions, and recognizing Red Flags.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Include a review of
the title commitment in the pre-funding quality assurance program.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Review the final title
policy and checking for discrepancies with the original title commitment.</span></li>
</ol>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Compare the final
title policy with other closing documents, like the settlement; statement, to
ensure consistency regarding the first lien holder, lien amount, property size
and location, and other pertinent information;</span></li>
</ul>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Employ a post-closing
review to detect any inconsistencies within the transaction; and</span></li>
</ul>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish a periodic
independent audit of mortgage loan operations.</span><b style="text-align: center;"><span style="color: #002060; font-variant-caps: small-caps; font-variant-east-asian: normal; font-variant-numeric: normal;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> </span></o:p></span></b></li>
</ul>
</blockquote>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="VerificationVOE"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Verifications
Fraud: VOE</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Many companies tend to see verifications as the primary way to get
scammed by fraudsters. Obviously, given what I have outlined thus far, that is
not the case. Nevertheless, verifications are pesky gateways to fraud that many
underwriters encounter. The verification of employment is an independent
corroboration of an individual’s employment and income to substantiate what an
applicant has reported on his mortgage application. Because the borrower’s
income eligibility is central to loan approval, mortgage fraud locks onto it
like a heat seeking missile.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="color: black;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Examples of VOE fraud abounds, but these Red Flags can be
in-your-face beguiling.</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Similarities in names,
like the seller and applicant, are noted.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The verification source is
inappropriate (i.e., secretary or relative).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The VOE is not on original
letterhead or a standard FNMA/FHLMC form.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The VOE is completed the same day
it is ordered, indicating it may have been hand-carried or completed before the
initial application date.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An illegible signature exists with
no further identification provided.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The employer uses only a mail drop
or post office box address.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The employer is out of town, which
may signal a nonexistent firm.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The business entity is not in good
standing with the state or registered with applicable regulatory agencies.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An overlap exists with current and
prior employment.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The borrower changed professions
in moving to current employer.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Excessive praise is noted in the
remarks section of response.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Round dollar amounts are used in
year-to-date or past earnings.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Income is not commensurate with
stated employment, years of experience, or type of employment.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Income is primarily
commission-based, which can indicate self-employment.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The borrower is a business
professional, which can be another indication of self-employment.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The borrower’s interest in the
property is not logical given its distance from the place of employment.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The borrower has a recent large
increase in income or started a new job for which he does not appear qualified.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Forms received contain last minute
changes.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Faxes of documents are used in
lieu or originals.</span><b style="text-align: center;"><span style="color: #002060; font-variant-caps: small-caps; font-variant-east-asian: normal; font-variant-numeric: normal;"><o:p><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> </span></o:p></span></b></li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="ControllingVOE"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Controlling
for VOE Fraud</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish an employee
training program that provides instruction on common mortgage fraud schemes,
performing proper VOE, and recognizing Red Flags.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Detail specific employment
verification procedures in the pre-funding quality assurance program.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Independently verify employment by
researching the location and phone number of the business.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Ensure the address information on
W-2 forms and tax returns match data provided on the application.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Determine if the employer is
within a logical distance from subject property.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Employ a post-closing review to
detect any inconsistencies within the transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish a periodic independent
audit of mortgage loan operations.</span> </li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="VerificationVOD"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Verifications
Fraud: VOD</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="Bookmark_TAACAAK"></a><a href="https://www.blogger.com/null" name="Bookmark__2_j"></a><span style="color: black;">Deposit verification
is part of the class of asset verifications. The VOD permits an independent
assessment of the status of an individual’s depository accounts to corroborate
what an applicant has reported on the mortgage loan application.</span><o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="color: black;">For schemers, VODs provide a rich mine of fraud tactics, such as
the following ruses.</span></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The VOD is completed on the same
day it was ordered.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Deletions or cross-outs exist on
the VOD.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">No date stamp was affixed to the
VOD by the depository to indicate the date it was received.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The buyer has no deposit accounts,
but a VOD is in the file.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The deposit account is not in the
borrower’s name or is a joint account with a third party.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The borrower’s account balance at
the financial institution is insufficient to close the transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The deposit account is new or has
a round dollar balance.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The closing check is drawn on a
different financial institution.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An existing loan is secured by the
checking or savings account.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An illegible signature exists with
no further identification provided.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Significant balance changes are
noted in depository accounts during the two months prior to the date of
verification.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The checking account balance is
excessive versus the savings account balance.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The checking account’s average
two-month balance exactly equals the present balance.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Funds for the down payment are
only on deposit for a short period.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Young borrowers have a substantial
amount of cash in the financial institution.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A low-income borrower has a large
amount of cash in the financial institution.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An IRA is shown as a source of
down payment funds.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The down payment source is held in
a non-depository “depository,” such as an escrow trust account, title company,
etc.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">An escrow receipt is used as
verification, which may have been from a personal check that has not yet
cleared, or a check returned due to insufficient funds.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The VOD is not folded, indicating
it may have been hand carried.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The VOD is not on original
financial institution letterhead or a recognized form.</span> </li>
</ul>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="ControllingVOD"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Controlling
for VOD Fraud</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish an employee
training program that provides instructions on common mortgage fraud schemes,
performing proper VOD, and recognizing Red Flags.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Detail specific deposit
verification procedures in the pre-funding quality assurance program.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Independently verify the
legitimacy of the depository by researching its location and phone number.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Validate borrower provided
information on the application by making direct inquiries to the depository
regarding the account’s name, age, average balance, number of monthly
transactions, recent large dollar transactions, etc.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Employ a post-closing review to
detect any inconsistencies within the transaction.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Establish a periodic independent
audit of mortgage loan operations.</span> </li>
</ul>
<br />
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="https://www.blogger.com/null" name="FraudDetection"><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;">Fraud
Detection - Questionnaires</span></b></a><b style="mso-bidi-font-weight: normal;"><span style="color: #002060; font-variant: small-caps;"><o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">In risk
management, questions are sometimes more important than answers. Or, to put a
fine point on it, the framing of questions relating to mortgage fraud is sometimes
more important than the range of possible answers. If the right questions are
asked, the company is in a better position to determine its fraud detection
strategies. Having a set of basics, like the outline I have provided, is one of
many steps to identify and control for mortgage fraud. However, these are not questionnaires!<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">A savvy
lender must develop fraud detection questionnaires for at least the following
areas: loan applications, appraisals, credit reports, sales contracts, title
policies, chain of title, income and employment verification, asset
verification, closing procedures and settlement statements. Over many years, Lenders
Compliance Group® has developed extensive fraud detection questionnaires that
assist us in conducting our audits and drafting appropriate policies and
procedures. In developing a program to monitor and mitigate mortgage fraud, it
is in the company’s best interests to periodically build and continually update
its own fraud detection questionnaires.<o:p></o:p></span></div>
<div style="mso-element: endnote-list;">
<!--[if !supportEndnotes]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br clear="all" />
</span><br />
<hr align="left" size="1" width="33%" />
<!--[endif]-->
<br />
<div id="edn1" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[1]</span><!--[endif]--></span></span>
18 USC 1001<o:p></o:p></span></div>
</div>
<div id="edn2" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[2]</span><!--[endif]--></span></span>
18 USC 1010<o:p></o:p></span></div>
</div>
<div id="edn3" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[3]</span><!--[endif]--></span></span>
18 USC 1014<o:p></o:p></span></div>
</div>
<div id="edn4" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[4]</span><!--[endif]--></span></span>
18 USC 1028<o:p></o:p></span></div>
</div>
<div id="edn5" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[5]</span><!--[endif]--></span></span>
18 USC 1341<o:p></o:p></span></div>
</div>
<div id="edn6" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[6]</span><!--[endif]--></span></span>
18 USC 1342<o:p></o:p></span></div>
</div>
<div id="edn7" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[7]</span><!--[endif]--></span></span>
18 USC 1343<o:p></o:p></span></div>
</div>
<div id="edn8" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[8]</span><!--[endif]--></span></span>
18 USC 1344<o:p></o:p></span></div>
</div>
<div id="edn9" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[9]</span><!--[endif]--></span></span>
42 USC 408(a)<o:p></o:p></span></div>
</div>
<div id="edn10" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[10]</span><!--[endif]--></span></span>
Georgia Residential Mortgage Fraud Act, SB 100<o:p></o:p></span></div>
</div>
<div id="edn11" style="mso-element: endnote;">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[11]</span><!--[endif]--></span></span> <i style="mso-bidi-font-style: normal;">Appendix F: Money Laundering and Terrorist Financing "Red
Flags"</i>, Bank Secrecy Act, Anti-Money Laundering Examination Manual<o:p></o:p></span></div>
</div>
<div id="edn12" style="mso-element: endnote;">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[12]</span><!--[endif]--></span></span> Along with other
government agencies, such as the National Credit Union Administration (NCUA)<o:p></o:p></span></div>
</div>
<div id="edn13" style="mso-element: endnote;">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[13]</span><!--[endif]--></span></span> <i style="mso-bidi-font-style: normal;">Supplement A to Appendix A</i>, Appendix A to Part
681, “Interagency Guidelines on Identity Theft Detection, Prevention, and
Mitigation,” 72 FR 63771, Nov. 9, 2007, as amended at 74 FR 22646, May 14, 2009<o:p></o:p></span></div>
</div>
<div id="edn14" style="mso-element: endnote;">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span class="MsoEndnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[14]</span><!--[endif]--></span></span> Mortgage servicers are excluded for the
purposes of defining a mortgage originator.<o:p></o:p></span></div>
<div class="MsoEndnoteText">
<br /></div>
<div align="right" class="MsoEndnoteText" style="text-align: right;">
<br /></div>
</div>
</div>
<br />Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-40997006123749775272018-05-30T09:45:00.000-04:002018-05-30T09:45:26.129-04:00Six Compliance Topics from Lenders about TRID<div class="MsoNormal">
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Over time TRID
has settled in to a routine set of policies and procedures. Even so, some
questions persist, and we are in a good position to know about these topics
because we get inquiries from our many clients. Because of our clients’
inquiries, we are able often to know what regulatory compliance issues are most
important in the loan origination and servicing processes. Our experts respond
case-by-case, but the overall research is shared, as needed, with our
clientele. Our collection of research is huge and we offer our knowledge,
experience, and expertise to our clients in order to ensure that they receive
the very best guidance – a commitment that Lenders Compliance Group is
recognized for keeping!<o:p></o:p></span></div>
</div>
<div class="MsoNormal">
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
</div>
<div class="MsoNormal">
<div style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">In this outline, we provide six topics that have been raised several times over the last few
years.</span></div>
</div>
<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><b>1. The
Basics: Loans Subject to 12 CFR 1026.19(e) and (f)</b><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The TRID rule consolidates four previous disclosures required under TILA and RESPA for closed-end credit transactions secured by real property into two forms:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-a Loan Estimate that must be delivered or placed in the mail no later than the third business day after receiving the consumer’s application, and</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-a Closing Disclosure that must be provided to the consumer at least three business days prior to consummation.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The new disclosures apply to most closed-end consumer credit transactions secured by real property.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Credit extended to certain trusts for tax or estate planning purposes is not exempt from the TILA-RESPA rule.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">However, some specific categories of loans are excluded from the rule. Specifically, the rule does not apply to home equity lines of credit (HELOCs), reverse mortgages, or mortgages secured by a mobile home or by a dwelling that is not attached to real property (i.e., land).</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">You may not use the new disclosures on applications received before August 1, 2015, and you may not use them after August 1, 2015, on loans listed above that are exempt. Therefore, you cannot use them on reverse mortgages or on loans for mobile homes not attached to real property.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">You must use existing forms and follow the rules in 12 CFR 1026.18.</span></div>
<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><b>2. Timing
for Delivery of the Loan Estimate</b><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Generally, the creditor is responsible for ensuring that it delivers or places in the mail the Loan Estimate form no later than the third business day after receiving the consumer’s application and seven business days before the consummation of the loan.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If a mortgage broker receives a consumer’s application, the mortgage broker may provide the Loan Estimate to the consumer on the creditor’s behalf. [12 CFR 1026.19(e)(1)(ii)]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If the broker provides the Loan Estimate, it satisfies your obligation; however, you are still responsible for any errors or defects, and so third-party provider management is crucial.</span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"></span><br />
<a name='more'></a><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><b>3. Waiver
of the Seven-Business-Day Waiting Period</b><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The consumer may modify or waive the seven-business-day waiting period after receiving the Loan Estimate if the consumer has a bona fide personal financial emergency that necessitates consummating the credit transaction before the end of the waiting period. See 12 CFR 1026.19(e)(1)(v) and its comment for examples of bona fide personal financial emergencies and information about how the waiver must be given to you.</span></div>
<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><b>4. Definition
of an Application for Purposes of the Loan Estimate</b><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">This definition of an application is similar to the definition given under Regulation X. However, the Consumer Financial Protection Bureau (CFPB) eliminated the “catch-all” element of the old definition, that is, “any other information deemed necessary by the loan originator.”</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">An application means the submission of a consumer’s financial information for purposes of obtaining an extension of credit. For transactions subject to 12 CFR 1026.19(e), (f), or (g), an application consists of the submission of the following six pieces of information:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-The consumer’s name</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-The consumer’s income</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-The consumer’s social security number to obtain a credit report</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-The property address</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-An estimate of the value of the property</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-The mortgage loan amount sought</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">You may collect additional information you need to extend credit, but when you receive these six items, you must deliver the Loan Estimate.</span></div>
<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><b>5. Content
of the Loan Estimate [12 CFR 1026.37]</b></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The Loan Estimate consists of three pages. Page 1 of the Loan Estimate includes general information about the creditor and consumer, a Loan Terms table with descriptions of applicable information about the loan, a Projected Payments table, a Costs at Closing table, and a link for consumers to obtain more information about loans secured by real property at a web site maintained by the CFPB.</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Four main categories of charges are disclosed on page 2 of the Loan Estimate:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-A good faith itemization of the Loan Costs and Other Costs associated with the loan. [§ 1026.37(f) and (g)]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-A Calculating Cash to Close table to show the consumer how the amount of cash needed at closing is calculated. [§ 1026.37(h)]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">For transactions with adjustable monthly payments, an Adjustable Payment (AP) Table with relevant information about how the monthly payments will change. [§ 1026.37(i)]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">For transactions with adjustable interest rates, an Adjustable Interest Rate (AIR) Table with relevant information about how the interest rate will change. [§ 1026.37(j)]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Page 3 of the Loan Estimate contains Contact information, a Comparisons table, Other Considerations table, and, if desired, a Signature Statement for the consumer to sign to acknowledge receipt. See 12 CFR 1026.37(k), (l), (m), and (n). In this section of the Loan Estimate you will find the appraisal disclosures required by Regulation B and a statement of whether you will transfer servicing formerly required under RESPA for first liens. </span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Furthermore, the Loan Estimate and Closing Disclosure along with the application and the security agreement also require the name and National Mortgage Licensing System (NMLS) number of the loan originator. [12 CFR 1026.36(g)] The identification (ID) required to be given to a consumer before a loan originator can act is required by the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act), implemented by Regulation G [12 CFR 1007].</span></div>
<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><b>6. Closing
Disclosure</b><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: 13.0pt; margin-top: 6.0pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">For loans that require a Loan Estimate and that proceed to closing, creditors must provide a new final disclosure reflecting the actual terms of the transaction called the Closing Disclosure. The form integrates and replaces the HUD-1 and the final TIL disclosure for these transactions. The creditor is generally required to ensure that the consumer receives the Closing Disclosure no later than three business days before consummation of the loan. [12 CFR 1026.19(f)(1)(ii)]</span><br />
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The Closing Disclosure generally must contain the actual terms and costs of the transaction. You may estimate disclosures using the best information reasonably available when the actual term or cost is not reasonably available to the creditor at the time the disclosure is made. However, you must act in good faith and use due diligence in obtaining the information. You may, in most cases, rely on the representations of other parties in obtaining the information, including, for example, the settlement agent. You must provide corrected disclosures containing the actual terms of the transaction at or before consummation. In general, the Closing Disclosure must be in writing and contain the information set forth in 12 CFR 1026.38.</span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-55069653739960464362017-12-14T10:01:00.000-05:002017-12-14T10:01:02.144-05:00Risk Management Principles<div class="MsoBodyText" style="text-align: left;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">WHITE PAPER</span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Chairman and Managing Director</span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">A number of years ago I coined the term “Mortgage Risk Management,” in order to differentiate managing mortgage risk from the many other types of risk management. At that time, risk management was associated mostly with such areas as pharmaceutical companies, stock brokers, and information technology firms. My view was that mortgage loan originations and mortgage servicing present a unique set of risks to consumers, loan originators, mortgage servicers, and those industries and individuals that depend on the foregoing for their financial well-being. The term became popular and is in now in commonplace use.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">But I also realized that managing mortgage risk would require a strong commitment on the part of companies, because regulatory oversight would fluctuate, often prey to the prevailing politics, and that meant companies had to build out an environment where managing risk could be joined to complying with the regulations themselves. I felt that a company could be successful in managing its mortgage risk if it developed a “Culture of Compliance.”<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn1" name="_ednref1" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[i]</span><!--[endif]--></span></a> I wrote articles on the Culture of Compliance and gave numerous talks on this subject. In due course, the term was picked up by regulators and made a feature of everyday parlance. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">I think consumers, mortgage loan originators, and regulators read my articles and attend my lectures because I strive to give everyone a fair shake. I call it like I see it, without fear of whether some view or another is stepping on somebody’s sacred political toes. Sometimes there really is a right and a wrong, irrespective of the controversy surrounding a regulatory mandate. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">My standard is simple: doing all we can to protect the consumer is the only way to protect the viability of the mortgage loan originator and mortgage servicer in the long run.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">And the only effective way to ensure that the originator or servicer is protected is to manage its risk. That is the basis for the formation of our firm so many years ago. Lenders Compliance Group®, which has grown to a national mortgage risk management firm over the years, has never lost its original mission to not only provide comprehensive risk management to mortgage industry participants but also offer ways and means to help build a Culture of Compliance for our clients.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Every loan originator and mortgage servicer should be a consumer advocate. Consumers will flock to the companies that present the very best standards of ethics and reliability. If any originating or servicing entity waits for a regulatory agency to tell it what to do on behalf of consumer financial protection, it has already lost the right to expect the consumer’s loyalty.</span></div>
<a name='more'></a><br />
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Recently, one of those regulatory agencies, the Office of the Comptroller of the Currency’s (OCC), issued a bulletin, entitled “New, Modified, or Expanded Bank Products and Services” (“Bulletin”).</span><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn2" name="_ednref2" style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;" title=""><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"> Announced in October 2017, the Bulletin offers an excellent understanding of risk management from a regulator’s point of view. The Bulletin is meant to emphasize how best to manage the risk posed to financial institutions when they offer new, modified, or expanded products and services.</span><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn3" name="_ednref3" style="font-family: Arial, Helvetica, sans-serif; font-size: x-large;" title=""><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"> These so-called “new activities” pose significant risks to financial institutions and, by extension, to consumers, businesses, and communities. In this White Paper, I will provide some highlights and insights involving the Bulletin, adding suggestions for ways and means to implement the regulatory guidance effectively.</span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If a financial institution is considering new activities, whether individual product roll-outs or establishing an entire origination or servicing platform, the need to manage and limit risk is ever present. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Certainly, regulators audit new activities consistent with regulatory guidelines. Consequently, a regulatory examination includes the effect of new activities on the financial institution’s risk profile and the effectiveness of the company’s risk management system, including due diligence and on-going monitoring efforts. Therefore, management might consider discussing plans with its regulator before developing and implementing new activities, most particularly if the new activities constitute substantial deviations from the company’s existing business plans or the institution has recently been the subject of relevant administrative action.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">New Activities<o:p></o:p></span></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">In the first place, let’s review a set of definitions that come under the rubric of “new activities.” These are “new,” “modified,” and “expanding” products and services. It is important to categorically distinguish each of them, because each in its own way makes specific demands on risk and, by extension, the Culture of Compliance.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">“New” is a product or service that differs from previous offerings and may result from relationships with third-parties. New products and services are not just those offered for the first time, but include those offerings that were previously discontinued yet re-offered again after a substantial period of time has passed. New products and services are usually the result of responding competitively in the marketplace, but also may actually be solutions for new financial markets, to gain a temporary advantage amongst competitors, add new convenience and capabilities for customers, or manage certain risks for customers.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">“Modified” is the product or service that involves taking an existing product or service and substantially changing it in nature, terms, purpose, scale, or use. Wherever a change takes place, risk increases, sometimes exorbitantly!<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Finally, “expanded” is a product or service that is not within a financial institution’s own customer base, financial market, or delivery channel.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Roll-Outs<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If a financial institution is considering implementing any of the above new activities, either by introducing a new product or service or establishing a new channel for originating a product or service, I suggest remembering that the regulator is going to do a deep dive and will take into consideration whether and to what extent risk management has been carefully, methodically, and fully engendered.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">When a financial institution undertakes new activities, it should establish appropriate risk management processes, such procedures meant to effectively measure, monitor, and control the risks associated with them. Sometimes, implementation outstrips the development. This is hazardous to compliance administration. Strategic plans should always address the costs associated with new activities, but “costs” are not limited to monetary factors. I would say that costs must include the initial development and implementation overhead, increased expenses associated with control functions, management information systems (“MIS”), training, auditing, and compliance programs.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Indeed, management is responsible for the design, implementation, and ongoing monitoring of the financial institution’s risk management system, but before introducing new activities, management should establish appropriate policies and procedures that outline the standards, responsibilities, processes, and internal controls for ensuring that risks are well understood and mitigated within reasonable parameters. The Board of Directors and/or management should oversee management’s implementation of the risk management system, including execution of control programs and appropriate audit parameters over new activities. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">To fail at a proper roll-out of a product, service, or channel is to incur quite a bit of risk. Errors are often expensive, debilitating to employees, triggering losses and unintended consequences, thereby provoking challenges to every risk category – such as strategic, reputation, credit, operational, compliance, and liquidity risks – and damaging the regulatory relationship. If a financial institution does not manage its product or service roll-out appropriately, it marks itself as unable to achieve business plan objectives, manage systems and control problems, possibly a violator of applicable laws and regulations, and a prey for litigators. Regulators will notice the effects relatively quickly and can go so far as to prevent the product, service, channel, or platform from continuing to exist in whole or in part. From a regulatory point of view, the safety and soundness issues presented in an improper roll-out are enormously complex, leading almost necessarily to administrative actions, especially of the financial institution has a history of improper roll-outs!<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">I’m going to outline the risk exposures presented by new activities, using the salient risk categories which a regulator would apply to such endeavors. If a financial institution lets implementation outpace the development, it is virtually axiomatic that there will be an insufficient and incomplete assessment of risk that will inexorably lead to an impaired and inadequate implementation of oversight and control. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Risk Categories<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The following outline provides synopses of risk exposure by evaluating risk using the same categories that regulators use in regulatory examinations.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Strategic Risk<o:p></o:p></span></u></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">This is the risk posed to the current or projected financial condition and resilience arising from adverse business decisions, poor implementation of those decisions, or deficient responsiveness to changes in the financial services industry or operating environment.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Strategic risk almost always increases when new activities are not compatible with the financial institution’s risk appetite or strategic plan or do not provide an adequate return on investment. When our firm provides a Risk Appetite Statement, we take into consideration such factors as whether the company engages in new activities without performing adequate due diligence, including upfront expense analysis, and whether management does or does not have adequate resources, expertise, and experience to properly implement and oversee the new activities.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Reputation Risk<o:p></o:p></span></u></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">This risk category seems relatively intuitive to most executive managements, but it is far more than what it seems. Of course, it includes the hit to current or projected financial condition and resilience arising from negative public opinion, just like Strategic Risk. But it also is triggered where the new activities are offered without management’s full understanding of consumers’ needs or goals, let alone the appropriateness of the activities for the consumers or the effect on them.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">We often see an increase to Reputation Risk when management, in an effort to achieve higher revenues, permits the offering of complex products or services that incorporate practices or operations that differ from the company’s existing strategies, expertise, compliance culture, or ethical standards. If management permits or fails to notice poor service, inappropriate sales practices, or employee misconduct, it can easily run the risk of inadequately protecting consumer data or prompting violations of consumer protection, such as Bank Secrecy Act or anti-money laundering laws or regulations, which then opens additional exposure to litigation, adverse publicity, or loss of business.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Credit Risk<o:p></o:p></span></u></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">In this category we find a nexus between the current or projected financial condition of an institution and the resilience arising from an obligor’s failure to meet the terms of any contract or failure to perform as agreed. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Credit Risk will certainly increase in the presence of ineffective due diligence and lax oversight of third- parties that market or originate loans on behalf of the financial institution. Often, this failure leads to low-quality loan product originations. Identifying the factors contributing to this risk category include how third-party service providers solicit and refer customers, conduct underwriting analysis, or implement loan product programs on the institution’s behalf. Credit Risk, as a risk category subject to regulatory review, is a key risk found in activities in which success depends on counterparty, issuer, or borrower performance.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn4" name="_ednref4" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iv]</span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Operational Risk<o:p></o:p></span></u></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">This risk category is particularly pernicious and devastating, as it points to the difficulty in mitigating risk associated with inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn5" name="_ednref5" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[v]</span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">In our reviews, we have found operational risk increases when new activities do not align with the company’s operational capacity, internal controls, or strategic objectives or affect the ability to maintain confidentiality, integrity, or availability of customer data. This is no small matter! A review should begin with the purpose of identifying a management failure somewhere along the line, caused usually by insufficient expertise to manage new activities. But that’s the easy part! <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Sometimes, new activities are not effectively implemented through well-controlled “Change Management” processes, nor even implemented by new information technologies or processes; indeed, such defects lead to adverse results in the offering of new activities. Unfortunately, my firm has been presented with new activities being rolled out where there is no appreciable Change Management process even in place! We then scramble to ensure that the Operational Risk is correctly adjusted, so as to reduce the effects of its elevated impact. It is worth emphasizing, however, that a company’s internal controls and audit plan may not be commensurate with the risks associated with the new activities.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Compliance Risk<o:p></o:p></span></u></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">This is where the Culture of Compliance finds its roots! Obviously, Compliance Risk involves violations of laws or regulations or non-conformance with prescribed practices, internal policies and procedures, or ethical standards. But just following the law does not fully mitigate risk! A company can promulgate all the rules it would like to see enforced, but if there is a fragile Culture of Compliance, those rules are no more than puffery and pontification.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Managing Compliance Risk is the cement that holds the company together. This risk increases when new activities are developed and implemented without adequately considering compliance with laws, regulations, ethical standards, or the company’s policies and procedures. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The need to identify and mitigate Compliance Risk should happen in the roll-out process, thereby ensuring the chances that proper controls will be in place prior to the products and services being offered to consumers. In our practice, we have seen how new activities, where not properly managed, go from ‘flourishing flowers’ to ‘choking weeds,’ gradually cutting off the life of many other products and services. This is because, as new activities are developed and implemented, the potential for violations or non-compliance will increase, especially if the company’s risk management system does not include appropriate audit and control features that evaluate and monitor for Compliance<span style="letter-spacing: 1.0pt;"> </span>Risk. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The inevitable fallout from this dereliction of duty can lead to instances where the privacy of customer records is not protected or there are conflicts of interest between the financial institution and affiliated third-parties. As to any weak link in affected third-party relationships, one of several remedies would be to ensure procedures are engaged to ascertain that the company’s third-party service providers and third-party originators have implemented appropriate compliance management, third-party relationship management, and information security programs.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Liquidity Risk<o:p></o:p></span></u></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The risk here may be stated in no uncertain terms: it refers to the inability to meet obligations when they come due. Liquidity Risk will increase when implementing new activities, because these include a slew of financial mechanisms, such as investment alternatives for retail depositors or even sophisticated off-balance-sheet products with complicated cash-flow implications. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">More often, though, Liquidity Risk is exacerbated because an offered product or service affects current or future funding costs, introduces or increases the volatility of asset/liability mismatches that are inappropriately hedged or managed, increases the rate of credit-sensitive liabilities, or affects a company’s ability to meet collateral obligations.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Risk Management Principles<o:p></o:p></span></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The concept of <u>Risk Management Principles</u> has been a feature of regulatory compliance for a very long time.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn6" name="_ednref6" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[vi]</span><!--[endif]--></span></a> At their most rudimentary level, these principles call for management to design an effective risk management system that identifies, measures, monitors, reports, and controls risks when developing and implementing new activities. Every financial institution, bank or nonbank, should apply these principles to the overall compliance administration structure. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">There are four Risk Management Principles.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">These are:</span></div>
<div class="MsoBodyText">
</div>
<ol>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Adequate <u style="text-align: justify; text-indent: -0.25in;">due diligence and approvals</u><span style="text-align: justify; text-indent: -0.25in;"> before introducing a new</span><span style="letter-spacing: 2.1pt; text-align: justify; text-indent: -0.25in;"> </span><span style="text-align: justify; text-indent: -0.25in;">activity;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><u style="text-align: justify; text-indent: -0.25in;">Policies and procedures</u><span style="text-align: justify; text-indent: -0.25in;"> to properly identify, measure, monitor, report, and control</span><span style="letter-spacing: 2.25pt; text-align: justify; text-indent: -0.25in;"> </span><span style="text-align: justify; text-indent: -0.25in;">risks;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Effective <u style="text-align: justify; text-indent: -0.25in;">change management</u><span style="text-align: justify; text-indent: -0.25in;"> for new activities or affected processes and technologies; and</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Ongoing <u style="text-align: justify; text-indent: -0.25in;">performance monitoring</u><span style="text-align: justify; text-indent: -0.25in;"> and review systems.</span> </span></li>
</ol>
<br />
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">I am going to provide a generic understanding of these principles, but keep in mind that while all financial institutions should include these components in their risk management systems for new activities, the sophistication of risk management systems must reflect the company’s size, complexity, and risk profile. An analysis of a risk management system should be deployed by using competent compliance professionals thoroughly familiar with risk management requirements.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">I have written<span style="color: blue;"> </span>elsewhere on managing risk according to aspects of the Risk Management Principles;<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn7" name="_ednref7" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[vii]</span><!--[endif]--></span></a> essentially, risk management systems should be sufficiently robust to keep pace with additional complexities of planned activities, and would include internal stakeholders from business units and individuals with expertise in applicable functional areas, such as legal, information technology, information security, audit, risk management, and compliance.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Risk Management Principle # 1: Due Diligence and<span style="letter-spacing: 1.25pt;"> </span>Approvals<o:p></o:p></span></u></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Management and the Board of Directors should understand the rationale for engaging in new activities and how proposed new activities meet the company’s strategic objectives. Care should be taken to ensure that the due diligence review is broad enough to encompass the full exposure to the risks and benefits before any implementation commences.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">A typical due diligence review should include, but not necessarily be limited to, the following undertakings. This is a “check the box” approach that is basic to such reviews.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">- </span>Identify the customer demand for the proposed new<span style="letter-spacing: 2.55pt;"> </span>activities.</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Assess whether the risks associated with the proposed new activities are consistent with the company’s strategic plan, risk profile, and risk appetite.</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Assess how the new activity affects the company’s current and projected capital position; in other words, to identify risks, concerns, and necessary controls, by consulting with relevant functional areas, such as:</span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Credit, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Asset management, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Payments, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Compliance, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Accounting, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Audit, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Independent risk management, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Legal, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Operations, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Information technology, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Information security, <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Marketing, and <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; mso-list: l1 level3 lfo2; text-align: justify; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Treasury or Asset-Liability committee.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Determine the requirements of applicable laws and regulations and consider the principles set forth in agency guidance.</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Identify potential conflicts of interest, actual or perceived, using such information to assess any potential negative effect on the company’s reputation.</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Appropriately protect any intellectual property rights.</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Determine the expertise needed to effectively manage the new activities (i.e., the need to hire or otherwise acquire additional expertise).</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Determine the operational infrastructure requirements to support the new activities (such as controls and technology architecture).</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">Conduct appropriate research and analysis on relevant third-party service providers.</span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">But the due diligence and approval process does not ever stop, even if all the boxes are checked! The financial institution should develop a business and financial plan that includes expected costs. In addition, the review would consider sales revenue targets, an assessment of the company’s competitive position if it engages in the new activities, objectives and strategies for how the new activities will be brought to market, consideration of fair access to financial services and fair treatment of customers in all aspects related to the new<span style="letter-spacing: 1.4pt;"> </span>activities, and performance or risk metrics that signal the need to pursue an exit strategy.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">And, indeed, an exit strategy should be considered! Viable alternatives ought to be positioned or contemplated in the event an exit from the new activities is needed, especially if such new activities demonstrate a weakness from a performance monitoring review.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Although the Board of Directors may delegate daily managerial duties to others, it is still ultimately responsible for providing the appropriate oversight to ensure that the company operates in a safe and sound manner and in compliance with applicable laws and regulations. There is no escaping the mandates of governance. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Thus, in fulfilling its responsibilities, the Board of Directors should hold management accountable for appropriate policies and due diligence processes for new activities. This requires a set of procedures that make it incumbent on management to inform the Board of Directors of all material new activities, including due diligence findings. Plans that clearly articulate and appropriately manage risks and returns, such as through a Risk Appetite Statement, should be presented to the Board of Directors on a periodic basis. <o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Risk Management Principle # 2: Policies, Procedures, and<span style="letter-spacing: 1.5pt;"> </span>Controls<o:p></o:p></span></u></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Management should establish and implement policies and procedures that provide guidance on risk management of new activities. Policies and procedures should outline not only the processes, roles and responsibilities throughout departments and functions but also any standards required to ensure implementation of and adherence to an adequate risk management system. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If a financial institution cannot check each and every one of the following boxes, it is in clear and present danger to its own viability. Read through these factors to understand the demands of implementing Risk Management Principle # 2.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Expand or amend, as appropriate, existing policies and procedures to adequately address the new activities. </span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;"> This means:</span></div>
<div class="MsoBodyText" style="margin-left: 1in; text-align: left; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Identifying policies and procedures relating to key business lines,<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1in; text-align: left; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Establishing management’s responsibility for monitoring the process, and <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1in; text-align: left; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Providing for exception reporting.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Develop and deploy MIS as necessary to monitor adherence to established objectives and properly evaluate the new activities:<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1in; text-align: left; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->If warranted, effectuate a timely response. <o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Incorporate the new activities into the institution’s independent risk management; in other words:<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1in; text-align: left; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Ensure that the compliance management system and audit processes conform to policies, procedures and customer safeguards.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Periodically review the adequacy of third-party risk management policies and procedures.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Risk Management Principle # 3: Change<span style="letter-spacing: .9pt;"> </span>Management<o:p></o:p></span></u></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Occasionally, when we discuss Change Management with a client, we discover that there is hardly any such mechanism in place. To my way of thinking, this is unfathomable, as the lack of Change Management procedures virtually exposes the financial institution to nearly limitless risk across all risk categories. Change Management is not some mysterious process devoid of logistical application. When properly deployed, it provides the foundation of effective corporate governance. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Effective Change Management processes enable a company to manage and control the implementation of new or modified operational processes. It makes it possible for new technologies to be added to the institution’s existing technology architecture. Change Management processes always should include </span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">reviews by appropriate risk management, line managers, and senior managers in applicable business units (viz., including lending, finance, treasury, deposits, sales, underwriting, secondary, servicing, payments, compliance, audit, legal, technology, and information security). No new or modified operational process should be implemented until the foregoing departments have been consulted.</span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Change Management is effectively implemented when:<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Proper testing takes place on new or modified operational systems, processes, and<span style="letter-spacing: 2.55pt;"> </span>technology.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Risk parameters and exception reporting is approved by appropriate management.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Mechanisms are adopted for ensuring that delivery to customers occurs as intended.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- An exit strategy is ratified by the Board of Directors that identifies and limits the adverse effect to the company and its customers in the event of a failed or flawed implementation.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l0 level1 lfo4; text-indent: -.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Employee training is provided for the new or modified operational process associated with the new activities.<o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<u><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Risk Management Principle # 4: Performance and<span style="letter-spacing: 1.25pt;"> </span>Monitoring<o:p></o:p></span></u></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Where there is no monitoring and testing, there can be no performance metric. If the only performance criterion is the pecuniary bottom line, the financial institution has denoted its willingness to accept excessive risk. However, if management has appropriate performance and monitoring systems, including MIS, to assess whether the activities meet operational and strategic expectations and legal requirements, the company is usually able to gauge its risk appetite. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Monitoring systems must always determine the limits on the size of risk exposure that the Board of Directors and management are willing to accept with the addition of new activities. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Consider these check boxes, beginning with the risk appetite itself, such as:<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Ratifying the limits on the size of risk exposure to the new activities (viz., “Risk Appetite”).</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Identifying specific objectives and performance criteria to evaluate whether the new activities are successful:</span></div>
<div class="MsoBodyText" style="margin-left: 1in; text-align: left; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->Being sure to include processes to periodically compare actual results with projections, such as:<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 1.5in; text-align: left; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">-<span style="font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]-->quantitative and qualitative benchmarks to detect and address adverse trends or concerns in a timely manner.<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Testing processes to periodically monitor the effectiveness of operational controls and safeguards.</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Testing processes to periodically ensure compliance with applicable laws, regulatory requirements, and the institution’s policies and procedures (i.e., potential risks for unfair or deceptive acts or</span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large; letter-spacing: 1.05pt; text-indent: -0.25in;"> </span><span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">practices).</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">- Specifying the “triggers” to changes in the business plan for the new activities, based on performance results.</span></div>
<div class="MsoBodyText" style="margin-left: 0.5in; text-align: left; text-indent: -0.25in;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large; text-indent: -0.25in;">- Ratifying a cohesive exit strategy for activities that fail to achieve projections.</span></div>
<div class="MsoBodyText">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Third-Party Relationship Risk Management<o:p></o:p></span></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">I should like to provide a few observations about third-party risk management, which I define as any business arrangement between the financial institution and another entity, by contract or otherwise.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn8" name="_ednref8" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[viii]</span><!--[endif]--></span></a><span style="color: #4444ba; mso-text-raise: 3.5pt; position: relative; top: -3.5pt;"> </span>We have extensive experience in vetting third-parties through our Vendors Compliance Group,<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn9" name="_ednref9" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[ix]</span></span><!--[endif]--></span></a> which provides not only compilation of documents but, unlike many auditors retained for such purposes, also conducts an actual due diligence review of each vendor subject to audit. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">A financial institution’s management of third-party relationships should include comprehensive oversight of third-party relationships, particularly those involving critical activities.<span style="color: #4444ba; mso-text-raise: 3.5pt; position: relative; top: -3.5pt;"> </span>Critical activities are significant company functions, significant shared services, or other activities that could cause an institution to face significant risk. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Risk is increased if the third-party service provider or the company’s relationship with the third-party service provider fails to meet expectations, causes significant customer impact, requires significant investment in resources to implement the relationship and manage risk, or could have major impact on the financial institution’s operations – especially if the company must find an alternate third-party or if the outsourced activity must be brought in-house. We have found that the nexus between third-parties and new activities is a critical juncture, but will vary in risk exposure as they may pertain to payments, clearing, settlements, custody, information technology, and other operational areas.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn10" name="_ednref10" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black;">[x]</span></span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Effective risk management processes should be commensurate with the level of risk, risk tolerance and complexity of a company’s third-party relationships. A third-party service provider’s inferior performance or service may result in loss of business, increased legal costs, and heightened risks, including credit, operational, compliance,<span style="letter-spacing: .3pt;"> </span>strategic,<span style="letter-spacing: .3pt;"> </span>and<span style="letter-spacing: .3pt;"> </span>reputational risks.<span style="letter-spacing: .3pt;"> </span>Such<span style="letter-spacing: .3pt;"> </span>risks<span style="letter-spacing: .3pt;"> may </span>be<span style="letter-spacing: .3pt;"> </span>exacerbated<span style="letter-spacing: .3pt;"> </span>by<span style="letter-spacing: .3pt;"> </span>so-called<span style="letter-spacing: .3pt;"> </span>“turnkey”<span style="letter-spacing: .3pt;"> or “plug and play” </span>arrangements for products or services or the use of “white label” product branding. If there is a difference between “turnkey” and “white label,” it seems that often a “turnkey” product or service is provided to a financial institution fully complete and ready for immediate use with no modifications, whereas “white label” products or services may be modified or customized and offered under the institution’s own brand name. Whatever the case, there is inherently elevated risk in “turnkey” and “white label” activities, given that they are essentially designed for minimal involvement by the financial institution in administering the new activities.<span style="color: #4444ba; mso-text-raise: 3.5pt; position: relative; top: -3.5pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">When contracting with third-party service providers, company management should understand the risks associated with the new activities and conduct adequate due diligence of service providers. Due diligence includes assessing a service provider’s management, reputation, product or service performance, and may also include its financial condition.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn11" name="_ednref11" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xi]</span><!--[endif]--></span></a><span style="color: #4444ba; mso-text-raise: 3.5pt; position: relative; top: -3.5pt;"> <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The degree of due diligence should be commensurate with the level of risk and complexity of the third-party relationship. Regulators are not satisfied with compilation of documents. They expect to see actual due diligence reviews conducted by the institution as part of the on-boarding and maintenance of third-party relationships. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Importantly, management should determine whether service providers and the company’s new activities align with the financial institution’s strategic plans and risk appetite. To accomplish this endeavor, the company must implement an on-going and effective third-party risk management program for service providers. Regulators refer to this process as the “third-party relationship’s life cycle,” so as to emphasize the risk management monitoring process that should continue throughout the course of the relationship.<span style="color: #4444ba; mso-text-raise: 3.5pt; position: relative; top: -3.5pt;"> </span>The “life cycle” should set forth an outline for managing a contingency plan in the event the financial institution terminates the relationship, a contract expires,<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_edn12" name="_ednref12" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xii]</span><!--[endif]--></span></a> the service provider cannot perform as expected, or the provider changes its business strategy. <o:p></o:p></span></div>
<div class="MsoBodyText">
<br /></div>
<div align="center" class="MsoBodyText" style="text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Financial Technology<o:p></o:p></span></span></div>
<div class="MsoBodyText">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">As I close, I want to emphasize that financial institutions these days are directly impacted by financial technology, so called “Fintech.” Entities providing Fintech leverage emerging technologies to provide delivery channels and accessibility to financial products and services. Fintech continues to grow significantly in importance as it relates to effectuating the risk involving new activities.<o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Any financial institution that uses Fintech should only do so through the prudent risk management of such relationships. Often, the management of Fintech is left to the “Techies” on staff, which is understandable, but not acceptable as a way to meet Risk Management Principles. <o:p></o:p></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If the institution decides to offer Fintech solutions for the purpose of offering new activities, it is incumbent on the Board of Directors and management to understand the technologies that these companies offer, the risk and controls associated with those technologies, and the effect that a new delivery channel will have on existing operational controls. </span><br />
<div>
<!--[if !supportEndnotes]--><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br clear="all" />
</span><hr align="left" size="1" width="33%" />
<!--[endif]-->
<div id="edn1">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref1" name="_edn1" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[i]</span><!--[endif]--></span></a> See, for instance, Foxx, Jonathan, <i>Creating a Culture of Compliance</i>, National Mortgage Professional Magazine, February 2014<o:p></o:p></span></div>
</div>
<div id="edn2">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref2" name="_edn2" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ii]</span><!--[endif]--></span></a> OCC Bulletin 2017-43, <i>New, Modified, or Expanded Bank Products and Services, Risk Management Principles</i>, October 20, 2017<o:p></o:p></span></div>
</div>
<div id="edn3">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref3" name="_edn3" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iii]</span><!--[endif]--></span></a> Bulletin 2017-43 rescinds and replaces OCC Bulletin 2004-20, <i>Risk Management of New, Expanded, or Modified Bank Products and Services: Risk Management Process</i>, issued on May 10, 2004, and Office of Thrift Supervision Examination Handbook section 760, <i>New Activities and Services</i>.<o:p></o:p></span></div>
</div>
<div id="edn4">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref4" name="_edn4" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[iv]</span><!--[endif]--></span></a> See, Foxx, Jonathan, Controlling Credit Risk, National Mortgage Professional Magazine, January 2012<o:p></o:p></span></div>
</div>
<div id="edn5">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref5" name="_edn5" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[v]</span><!--[endif]--></span></a> See, Foxx, Jonathan, The Rules of Operational Risk, National Mortgage Professional Magazine, July 2012<o:p></o:p></span></div>
</div>
<div id="edn6">
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref6" name="_edn6" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[vi]</span><!--[endif]--></span></a> There are a number of policy directives set forth by the OCC over the years. The most recent include OCC - Bulletin 2013-29 - Third-Party Relationships. I have provided a Synopsis of the Supplement to that bulletin (the OCC’s Synopsis was in OCC Bulletin 2017-21, “Third-Party Relationships: Frequently Asked Questions to Supplement OCC Bulletin 2013-29”), available at our website for <span style="color: blue;"><a href="http://www.vendorscompliancegroup.com/"><span style="color: blue;">www.VendorsComplianceGroup.com</span></a></span>. I would recommend also the booklet “Corporate and Risk Governance” of the <i>Comptroller’s Handbook </i>and <i>The Director’s Book: Role of Directors for National Banks and Federal Savings Associations </i>provide guidance on strategic planning and risk management for new activities. <o:p></o:p></span></div>
</div>
<div id="edn7">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref7" name="_edn7" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[vii]</span><!--[endif]--></span></a> For instance, see Foxx, Jonathan, <i>Policy, Procedures, and Examinations - Part II: Mortgage Bankers</i>, National Mortgage Professional Magazine, July 2013; and <i>Policy, Procedures, and Examinations - Part I: Mortgage Brokers</i>, National Mortgage Professional Magazine, March 2013<o:p></o:p></span></div>
</div>
<div id="edn8">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref8" name="_edn8" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[viii]</span><!--[endif]--></span></a> As detailed in OCC Bulletin 2013-29, third-party relationships include activities that involve outsourced products and services, use of independent consultants, networking arrangements, merchant payment processing services, services provided by affiliates and subsidiaries, joint ventures, and other business arrangements when a financial institution has an ongoing relationship or may have responsibility for the associated records. Also refer to OCC Bulletin 2017-21.<o:p></o:p></span></div>
</div>
<div id="edn9">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref9" name="_edn9" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[ix]</span><!--[endif]--></span></a> See <span style="color: blue;"><a href="http://www.vendorscompliancegroup.com/"><span style="color: blue;">www.VendorsComplianceGroup.com</span></a></span><o:p></o:p></span></div>
</div>
<div id="edn10">
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref10" name="_edn10" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[x]</span><!--[endif]--></span></a> See OCC Bulletin 2013-29 for more information on critical activities.<o:p></o:p></span></div>
</div>
<div id="edn11">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref11" name="_edn11" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xi]</span><!--[endif]--></span></a> See OCC Bulletin 2013-29 for a full list of due diligence responsibilities.<o:p></o:p></span></div>
</div>
<div id="edn12">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Risk%20Management%20Principles%20-%20White%20Paper%20(12.14.17)/Risk%20Management%20Principles-White%20Paper-Foxx.LCG%20(12.14.17).doc#_ednref12" name="_edn12" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference">[xii]</span><!--[endif]--></span></a> All third-party relationships should be governed by written contracts, and management should not overly rely on a service provider’s assertions.</span><o:p></o:p></div>
</div>
</div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-54492715851678772302017-10-06T09:39:00.001-04:002017-10-06T09:39:39.562-04:00Construction to Permanent Disclosures<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Managing Director</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Recently, we have seen an uptick in inquiries from some of our clients, colleagues, and requests from media, regarding disclosures for construction to permanent loans. In the inquiries, the specific facts dictated our responses. However, we can point out that Regulation Z permits a creditor to disclose the construction phase and permanent phase of a residential construction loan either as one transaction or as separate transactions. This aspect of the disclosure process seems to cause some confusion, so I would like to dispel with some of the more salient concerns expressed by lenders involved in originating these loan products.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">What is the basic structure of construction to permanent mortgage loan transactions? <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">For the most part, they have two distinct phases that make them similar to two separate transactions. First, the construction period usually involves several disbursements of funds, at times and in amounts often unknown at the beginning of the period. The consumer generally pays only accrued interest until construction is completed. Second, unless the obligation is paid at the time the construction is completed, the loan converts to permanent financing in which the loan amount is amortized just as in a standard mortgage transaction.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">So far, so good! <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">But on July 7, 2017, the CFPB amended Regulation Z to clarify that, for construction-permanent financing transactions, the creditor is required to disclose a Loan Estimate only for the transaction for which it received an application. So, for instance, if the creditor receives an <u>application for construction financing only</u>, the creditor is only required to provide a Loan Estimate for the construction transaction. If the creditor receives <u>applications for separate construction and permanent financing transactions at the same time</u>, then the creditor must provide the Loan Estimate disclosures as either a combined disclosure or separately for each phase of the transaction.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Therefore, the special disclosure rule permits the creditor to give either (A) one combined disclosure for both the construction financing and the permanent financing or (B) a separate set of disclosures for the two phases. The rule is applicable whether the consumer was initially obligated to accept construction only or for both construction and permanent financing. But, if the consumer is obligated on both phases and the creditor chooses to give two sets of disclosures, both sets must be given to the consumer initially, because both transactions would be consummated at that time.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Another issue that seems to perplex construction-permanent loan originators is the allocation of fees.</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The following outline may help to clarify the fee allocation structure involved in this loan product. When using this special disclosure rule to disclose as multiple transactions, must allocate fees and charges between the construction and permanent phases of the transaction.</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Here is a set of basic fee allocation structures:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If a creditor discloses a construction-permanent loan as multiple transactions, the creditor must allocate to the construction transaction finance charges and points and fees that would not be imposed but for the construction financing. An example would be where a creditor must include inspection and handling fees for the staged disbursement of construction loan proceeds in the disclosures for the construction phase (viz., not in the disclosures for the permanent phase).</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If a creditor charges separate amounts for finance charges and points and fees for the construction phase and the permanent phase, the creditor must allocate the amounts to the phase for which they are charged.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">If a creditor charges an origination fee for construction financing only but charges a higher origination fee for construction-permanent financing, the creditor must allocate the difference between the two to the permanent phase.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The creditor must allocate to the permanent financing all other finance charges and points and fees.</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">The creditor may allocate in any manner it chooses any fees and charges not used to compute the finance charge or points and fees. Thus, a creditor may allocate in any manner it chooses a reasonable appraisal fee paid to an independent, third-party appraiser. </span></li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">There is also this important nuance: if the construction phase consists of a series of advances under an agreement to extend credit up to a certain amount, Regulation Z provides some disclosure flexibility. In this particular case, the creditor may disclose the construction phase as one or more than one transaction – so, it may disclose each advance as a separate transaction or all of the advances as one transaction – and also disclose the permanent financing as a separate transaction.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: large;">Preparing these disclosures is a complicated task, suitable only for compliance professionals. If you need assistance regarding construction to permanent finance transactions, with respect to reviewing your policies, procedures, disclosures, and loan flow process, please <a href="http://lenderscompliancegroup.com/12.html">contact</a> or <a href="mailto:compliance@lenderscompliancegroup.com">email </a>us. There is no initial consultation fee. We're glad to help!</span><o:p></o:p></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-30939334406329643222017-08-16T12:06:00.000-04:002017-08-16T12:08:32.711-04:00Mortgage Regulators Conference – A Synopsis<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><a href="http://lenderscompliancegroup.com/2.html">Alan Cicchetti</a></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Director/Agency Relations</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Lenders Compliance Group</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Recently, I attended the annual meeting of the American Association of Mortgage Regulators Association (AARMR), held in San Antonio, Texas, on August 1, 2017. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The meeting is an important event in the calendar of state and federal banking regulators, as it is largely devoted to regulatory compliance involving banks and nonbanks. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">As the former Deputy Commissioner of the Connecticut Banking Department, I have attended these conferences for many years. Of course, as our Director of Agency Relations, I take a particular interest in this event because it enhances my understanding of key issues that may be facing the mortgage banking community in general and our clients in particular.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">I would like to share some of the “take-aways” that I have surmised from this valuable AARMR regulatory conference. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span> <span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">To be sure, I think that it will be helpful to understand the mission statement of AARMR, which is:<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0.0001pt 0.5in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">“To promote the exchange of information and education of licensing, supervision and regulation of the residential mortgage industry, ensure the ability to provide effective supervision for a safe and sound industry meeting the needs of the local financial markets and protect the rights of consumers.” <o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">This conference provides an opportunity for regulators and industry to discuss current issues and to come away with a better understanding of regulatory concerns as well as those of the industry. It is worth noting that the meeting attendees include not only regulators from most of the states but also legal and regulatory compliance folks as well as a variety of mortgage lenders and mortgage brokers of all sizes. <o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">One of the most compelling and interesting presentations had to do with the industry’s need for clarity and consistency in mortgage supervision and enforcement. <o:p></o:p></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span> <span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">I am offering the following synopsis with the hope that you may obtain a better understanding of some of these mortgage industry concerns, as presented by certain panel discussions relating to challenges in the areas of licensing, advertising, reporting, disclosures, “desk drawer” policies, and the need for collaboration in producing a standard cybersecurity policy.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Please let us know your thoughts, questions or concerns. </span></div>
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">We welcome your feedback!</span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://lenderscompliancegroup.com/12.html"><img alt=" Contact Us" border="0" data-original-height="46" data-original-width="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjctMKFNw3hDfAo2CE6GGq0HxbLzCEWdL9oxP8jup0M0q9TA7I3Zh-Pidu0Pmf8G7S_6b5JhY2nwVNSfz2UFokJLnUjRKav8mmF4XusRb66qoBVk-PBL5ls7H8lWTpvvBHfCWX3saSnG50/s1600/Contact+Us-Bar+%2528158%2529.jpg" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://lenderscompliancegroup.com/12.html">Contact Us</a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="mailto:compliance@lenderscompliancegroup.com"><img alt=" Email Us" border="0" data-original-height="62" data-original-width="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL_rl19uGmn6HWOKnUhFc1kKnvYuw1wKMMFDPRxK2NQn5Wv7tjs-NGdXpu69-D3S9hR2PWYyQVPyzzdbE3Wu1_wtqp8_FzPhyphenhyphen4PDnyoMILrUR5Jgk4snYC-fEVrSEe9FKj5pveQHun9BU/s1600/Email+Us+2+%2528158%2529.gif" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="mailto:compliance@lenderscompliancegroup.com">Email Us</a></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Some of the challenges and opportunities presented by the industry are summarized below.</span><br />
<a name='more'></a></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">·<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]--><b>LICENSING <o:p></o:p></b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span>There is a need to streamline the licensing process so as to put mortgage loan originators to work in the shortest period of time. Transitional licensing was one area that was discussed. The <u>SAFE Transitional Licensing Act of 2015</u> would allow bank registered mortgage loan originators who move to another state or switch from a depository institution to a nonbank lender to work without having to wait for a new license. Under the proposal, transitioning MLO’s are given 120 days during which time they can work for a new nonbank lender while they complete the more rigorous requirements of pre-education and testing.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">o The definition of “Control Persons” needs to be standardized among states as there are conflicting positions as to “who it is.”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="text-align: justify;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span>It is sometimes difficult to figure out who needs to be licensed as third-party processors.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">·<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]--><b>ADVERTISING<o:p></o:p></b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span>There are more states taking action regarding RESPA Section 8 violations. One such violation was by an MLO who sponsored a “training room” in the realtor’s office. The MLO allowed for different levels of sponsorship such as $1000, $750 or $500 per month. Bottom line here is that <u>Marketing Services Agreements</u> need clarity, consistency, and careful regard for all aspects of regulatory compliance.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span><u>Social Media</u> presents challenges to larger lenders in that “they do not know what they do not know.” Lenders are looking for states to inform them about what they do not know in this area. Examples include some states that deem each MLO’s Social Media as a separate website and limit the option to the websites of the first ten MLOs. Social Media is today’s telephone and, as such, rational rules are required.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="text-transform: uppercase;">·<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><b><span style="text-transform: uppercase;">Reporting and Disclosures<o:p></o:p></span></b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="text-transform: uppercase;">o<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span>The primary take-away here is that there needs to be some coordination between the requirements to file <u>Mortgage Call Reports</u> (MCRs)and some state-specific requirements to file quarterly and annual reports. <b><span style="text-transform: uppercase;"><o:p></o:p></span></b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="text-transform: uppercase;">o </span>Secondly, larger lenders have difficulty with state-specific disclosure requirements as part of the MCR. The Mortgage Call Report should be the only report required by all states without the additional state mandates for traditional annual or quarterly reports or the collection of additional state-specific, regulatory mandates relating to the MCR. <b><span style="text-transform: uppercase;"><o:p></o:p></span></b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><span style="text-transform: uppercase;">·<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><b><span style="text-transform: uppercase;">“Desk Drawer” Policies <o:p></o:p></span></b></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<b><span style="text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"> <o:p></o:p></span></span></b></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span>When there are no written or formal rules, it would be helpful if the regulators’ <u>Opinion Letters</u> could be published. Some states refuse to share Opinion Letters and the mortgage community believes that more transparency would be extremely helpful. The point here is that the rules need to be known in advance and not kept in a desk drawer.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 1in; text-align: justify;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 58.5pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">o<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span>Panelists maintained that the CFPB will not provide specific guidance on issues, as a result of the large volume of regulatory issues. The CFPB recommends that the mortgage community review published enforcement actions as an alternative.<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">·<span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]--><b>CYBERSECURITY<o:p></o:p></b></span></div>
<div class="MsoListParagraphCxSpLast" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Another critical topic was the need for State, Federal and industry participants to collaborate in <u>Cybersecurity</u>. <o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">One model put forward to illustrate the success of collaboration was the NMLS initiative that resulted in a licensing system for all consumer license types to be managed on a universal system. Other models include the SAFE Act and Multi-State Mortgage Examinations.<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Cybersecurity standards today include states banking department requirements, such as the New York State new rules (23 NYCRR 500) and the Massachusetts existing data security regulations (201 CMR 17.00.) There are 47 breach notification laws across the United States and additional laws in US territories and other industry-specific regulations. Federal laws include GLBA, the FCRA, and the Proposed Joint Rules (OCC, Federal Reserve, FDIC) in Enhanced Cyber Risk Management Standards. Additionally, there is the guidance provided by the National Institute of Standards and Technology (NIST).<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">As Judith H. Germano, Senior Fellow at the New York University Center for Cybersecurity and an Adjunct Professor at NYU School of Law, has stated:<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.75in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">“Cybersecurity is a top threat, to America and worldwide. We have made progress in developing practical standards, best practices, and systems for information sharing and coordinating threat response. There also is a panoply of technological solutions available to detect, prevent and respond to cyber threats. Yet it is still not enough. More needs to be done. <i>The approach must be practical, flexible and resilient. Otherwise, we threaten to undermine our security posture by distracting organizations with uncoordinated, ineffective “check the box” security protocols that</i> <i>divert resources from more potent security operations and emphasize compliance over security. We, as a nation, cannot take that risk.”</i> <o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">[Panel Discussion, my emphasis.]<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">Consequently, the financial services industry is proposing a <u>Model-Uniform Cybersecurity Rules Taskforce</u>. </span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">The task force would include representatives from a variety of lending institutions. It would also include representatives from State and Federal Government.<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">To quote Judith H. Germano again: <o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.75in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">“Work needs to be done, not on a state-by-state and industry-by-industry basis, but through a cohesive, national cybersecurity dialogue and plan. We collectively must strike the right balance between mandating reasonable and flexible policies and programs, and allowing entities and industries to develop an individualized and effective risk-based approach to preventing, detecting and responding to cyber threats.” [Panel Discussion]<o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in;">
<br /></div>
<div class="MsoNormal" style="background: white; line-height: normal; margin: 0in 0in 0.0001pt 0.25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;">We suggest that you contact us for support in risk assessment reviews for cybersecurity compliance. Our Director of IT, IS, and Cybersecurity, Kevin Origoni, conducts a deep review to determine that a financial institution is implementing the appropriate cybersecurity plans.<o:p></o:p></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://lenderscompliancegroup.com/12.html"><img alt=" Contact Us" border="0" data-original-height="46" data-original-width="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAjnRQJFU8KOwjFIq_yTHeP6XTHtsDAoLmElBHnmsP5Zb1zOxRGxJ-2OHEKfE0voozZ_ONulU8kIYasz_nXxdOAh2yzqdq3KC6ME3gIL6Hg1MmbsULwQZE__bXY-NWBxzKnESb5wAtV20/s1600/Contact+Us-Bar+%2528158%2529.jpg" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://lenderscompliancegroup.com/12.html">Contact Us</a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="mailto:compliance@lenderscompliancegroup.com"><img alt=" Email Us" border="0" data-original-height="62" data-original-width="158" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL_rl19uGmn6HWOKnUhFc1kKnvYuw1wKMMFDPRxK2NQn5Wv7tjs-NGdXpu69-D3S9hR2PWYyQVPyzzdbE3Wu1_wtqp8_FzPhyphenhyphen4PDnyoMILrUR5Jgk4snYC-fEVrSEe9FKj5pveQHun9BU/s1600/Email+Us+2+%2528158%2529.gif" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="mailto:compliance@lenderscompliancegroup.com">Email Us</a></div>
</div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-69337043677382311902017-06-26T15:12:00.001-04:002017-06-26T15:12:24.922-04:00Third-Party Relationships: Compliance Risk<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Managing Director</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Lenders Compliance Group</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">I am often asked if there are significant
compliance risks involving third parties in mortgage banking. The answer is:
without a doubt! In providing some insight, I will just mention three of the
many types of third parties that pose such risks: mortgage brokers, mortgage
lenders, and mortgage servicers.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Let’s be clear at the outset: managing
third-party risk is critical for providers of consumer financial products and
services. This is because financial institutions (“FI”) can be and often are themselves
held liable for the practices of third parties acting on their behalf. Where
there is contact with the public by third parties, directly or indirectly, on
behalf of the FI the risk is substantively greater. From the point of view of
technological factors, service providers may be integrated into an FI’s
business operations. As such, this can lead to enforcement actions in which
certain violations of consumer protection laws are alleged against the service
provider and the FI itself!<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">It is the case that regulators have affirmed
their intention to hold companies strictly liable for conduct of their agents.
The legal principal invoked is usually the theory of “vicarious liability.”
Just a few years ago, in October 2015, the Department of Housing and Urban Development
(“HUD”) proposed rules to formally codify third-party liability standards under
the Fair Housing Act, including strict <i>vicarious
liability</i> for acts of an institution’s<span style="letter-spacing: -1.05pt;">
</span>agents, as well as direct liability for negligently failing to correct
and end discriminatory practices by those agents.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn1" name="_ednref1" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[i]</span></span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Consider the risk posed by mortgage brokers.
For many years, an area that has seen a lot of fair lending enforcement and
class action litigation has been the wholesale mortgage lending industry. Since
mortgage lenders close loans originated by independent mortgage brokers, regulators
and private litigants have brought enforcement actions and lawsuits alleging
that lenders have failed to monitor and control discretionary mortgage broker
pricing and product selection practices. In these cases, it has been alleged,
under the disparate impact theory, that the mortgage lenders have violated the
Equal Credit Opportunity Act (ECOA) due to pricing disparities disfavoring
racial and ethnic minorities.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In fact, since 2010 there have been several Department
of Justice (DOJ) and Consumer Financial Protection Bureau (CFPB) enforcement
actions, as well as lawsuits filed by cities, against wholesale mortgage
lenders under this theory.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn2" name="_ednref2" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[ii]</span></span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Most of the mortgage pricing fair lending
enforcement actions to date have focused on conduct that predates April 2011,
when regulations by the Federal Reserve on loan originator compensation first
took effect. I have written extensively on the features of the loan originator
compensation requirements that went into effect on April 6, 2011, if you are
interested in reading more about these rules.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn3" name="_ednref3" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[iii]</span></span><!--[endif]--></span></a>
The loan originator compensation regulations prohibit compensation to mortgage
loan originators based on, among other things, discretionary loan pricing or
product steering by a broker based on a financial incentive to a product not in
the consumer’s interest.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn4" name="_ednref4" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[iv]</span></span><!--[endif]--></span></a> <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Although these changes in the law have reduced
pricing’s influence on fair lending risk, they have certainly not eliminated
the risk entirely. For instance, in December 2015, the DOJ brought an
enforcement action against Sage Bank in Massachusetts relating to disparities
in revenue earned on retail mortgage loans to minority borrowers compared to
that on mortgage loans to non-minority borrowers. What is notable about this
action is that it was the first pricing discrimination enforcement action that focused
on loans made after the loan originator compensation rules took effect in 2011.
Obviously, it demonstrated that regulators are continuing to focus on mortgage
pricing discrimination issues.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">But fair lending is not the only compliance
risk associated with wholesale lending. Other risks include Unfair, Deceptive,
or Abusive Acts or Practices (referred to collectively, “UDAAP”) and related
areas. In fact, the CFPB issued guidance on UDAAP in its <i>Supervision and Examination Manual</i> of October 2012.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn5" name="_ednref5" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[v]</span></span><!--[endif]--></span></a> With
the benefit of time, litigation, guidance, and examinations, among other
things, we can say that these risks arise because mortgage brokers play a key
role in marketing, discussing product benefits and terms with applicants and
guiding their product choices, providing disclosures, completing applications,
and gathering documentation in support of the loan applications. It stands to
prudent reasoning that, in addition to fair lending, oversight of an FI’s
mortgage broker network is critical for mitigating UDAAP risk and managing
other compliance requirements.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">When we move from a consideration of risks
associated with mortgage brokers to those posed by mortgage lenders the risk
profile is neither better nor worse, but, as the saying goes, it is <i>different</i>. Much risk tends to congregate
around fair lending in secondary market transactions. For instance, in the case
<i>Adkins v. Morgan Stanley</i>, plaintiffs
alleged that the policies and procedures of Morgan Stanley, which had purchased
loans from subprime loan originator New Century Mortgage Company, had created a
disparate impact on African-American borrowers. If as alleged, this would be a
violation of the Fair Housing Act (FHA), ECOA, and state law.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn6" name="_ednref6" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[vi]</span></span><!--[endif]--></span></a> Although
the court dismissed the ECOA claims as time-barred, it allowed the FHA claims
to proceed, holding that plaintiffs’ allegations were sufficient to state a
claim of disparate impact discrimination. In the ruling, the court stated that
the FHA expressly applies to secondary market purchasing of mortgage loans. It
further emphasized allegations relating to Morgan Stanley’s warehouse lending
commitments, on-site due diligence of New Century loans, demand for loans with
alleged “high-risk” features, and instructions to originate no-documentation
loans when it appeared that the applicant could not afford the loan. In its
conclusion, the court noted that the evidence was sufficient to support claims
that Morgan Stanley’s policies “set the terms and conditions on which it would
purchase loans from New Century” and that these terms and conditions had
resulted in a disparate impact when they caused New Century to issue toxic
loans to the plaintiffs.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In the case <i>In re Johnson</i>, a Chapter 13 debtor alleged that a loan originator
had targeted minority borrowers for predatory loans, and that the purchasers
and assignees “were involved in this enterprise of selling toxic loans and
targeting vulnerable minorities” because the loans were originated with
securitization as the ultimate goal.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn7" name="_ednref7" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[vii]</span></span><!--[endif]--></span></a>
Although the court dismissed the complaints on the ground that the plaintiff
had not alleged sufficient facts to support the claims, it did not summarily reject
the proposition that a secondary market purchaser could be held liable under
ECOA or the FHA.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn8" name="_ednref8" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[viii]</span></span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">My point is that fair lending scrutiny of not
only mortgage lenders, but also their investors, will likely increase in the
coming years as new Home Mortgage Disclosure Act (HMDA) reporting requirements,
finalized in October 2015, will provide greater insight into the role of
investors in the loan origination process.</span><br />
<a name='more'></a><span style="font-family: "arial" , "helvetica" , sans-serif;"> <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A very brief tour of the data collection being
required in Regulation C, HMDA’s implementing regulation, will suffice to prove
my prediction. When the new HMDA rule becomes effective in 2018, loan originators
will be required to report Universal Loan Identifiers that will help regulators
track the life cycle of a loan among HMDA-reporting institutions (including
investors that report HMDA data). In addition, originators will be required to
identify the Automated Underwriting System (“AUS”) and results thereof when the
originator uses an AUS developed by securitizers, federal government insurer,
or federal government guarantor in the origination of the loan.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn9" name="_ednref9" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[ix]</span></span><!--[endif]--></span></a> <a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn10" name="_ednref10" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[x]</span></span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">But fair lending is but one of several salient
risks associated with loan originations. Go back to November 2015 and you will
find guidance to supervised institutions that was issued by the Federal Deposit
Insurance Corporation (FDIC). The guidance involved safety-and-soundness requirements
and consumer compliance risks associated with purchased loans and loan
participations.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn11" name="_ednref11" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xi]</span></span><!--[endif]--></span></a>
In this guidance, the FDIC cautioned that “over-reliance on lead institutions”
has, in some instances, caused significant credit losses and contributed to
bank failures, and that “it is evident that financial institutions have not
thoroughly analyzed the potential risks arising from third-party arrangements.”
Consequently, the FDIC advised institutions to underwrite and administer loan
purchases “in the same diligent manner as if they were being directly originated
by the purchasing institution.” It asserted that a supervised FI should perform
due diligence prior to entering into and during the course of TPO
relationships, such review to include an evaluation of the TPO’s compliance
with consumer protection laws.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The third TPO category to be considered is the
mortgage servicer – and I will include the subject of Real Estate Owned (“REO”)
concerns thereunder. Permit me to take you back to the 2008 financial crisis
for some historical perspective. In the wake of this financial crisis, regulators
increased their scrutiny of mortgage servicers and the way they manage third
parties that handle loan modifications and foreclosures. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Of importance, note the enforcement actions
that were taken in April 2011 against 14 bank mortgage servicers for allegedly
deficient practices. These actions were brought by the Office of the
Comptroller of the Currency (OCC), the FDIC, Office of Thrift Supervision (OTS),
and the Federal Reserve System (Federal Reserve), which took enforcement
actions against 14 bank mortgage servicers for allegedly deficient practices.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn12" name="_ednref12" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xii]</span></span><!--[endif]--></span></a> Then
in February 2012, federal agencies and the attorneys general of 49 states
entered into what is known as the <i>National
Mortgage Settlement</i> with the five largest mortgage servicers.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn13" name="_ednref13" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xiii]</span></span><!--[endif]--></span></a>
This was the largest consumer financial protection settlement ever! It required
more than $25 billion in financial relief to borrowers. Following this
settlement, on December 19, 2013, the CFPB and state attorneys general entered
into a similar agreement with Ocwen, a large non-bank mortgage servicer.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn14" name="_ednref14" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xiv]</span></span><!--[endif]--></span></a>
This action resulted in Ocwen agreeing to fund $2 billion in principal reduction
to eligible borrowers and refund $125 million to certain borrowers whose homes
were foreclosed.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">What do these enforcement actions have in
common? Surely one commonality was that the regulators alleged deficiencies in
the management of vendors and other third parties, such as attorneys, that were
involved in the foreclosure process. Regulators alleged that servicers
“generally did not properly structure, carefully conduct, or prudently manage
their third-party vendor relationships with outside law firms and other
third-party foreclosure services providers,” resulting in “increased
reputational, legal, and financial risks to the servicers.”<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn15" name="_ednref15" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xv]</span></span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Remember the “robo-signing” of affidavits and
other documents? Those “robo-signing” procedures – if you want to call them
‘procedures’ - were the kind of allegations swirling around mortgage servicers
and their service providers at the time. These ‘procedures’ were really just a
robotic process of the mass production of false and forged execution of
mortgage assignments, satisfactions, affidavits, and other legal documents
related to mortgage foreclosures and legal matters being created by persons
without knowledge of the facts being attested to, including accusations of
notary fraud wherein the notaries pre- and/or post-notarized the affidavits and
signatures of so-called robo-signers. “Robo-signing” amounted to no more than submitting
affidavits and other documents in foreclosure proceedings without verifying the
information contained in these forms.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn16" name="_ednref16" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xvi]</span></span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">There has been no abating in the CFPB’s
continued interest in regulating mortgage servicing. It has issued rules that
took effect in 2014 to implement broad mortgage servicing reforms pursuant to
provisions in the Dodd-Frank Act, covering topics such as enhanced periodic
disclosures, lender-placed insurance, payment posting, and loss mitigation.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn17" name="_ednref17" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xvii]</span></span><!--[endif]--></span></a><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">With respect to REOs, the conduct of service
providers has also triggered numerous complaints regarding marketing of
residential properties acquired by a mortgage lender or mortgage servicer after
foreclosure. One organization, the National Fair Housing Alliance (“NFHA”) has
filed complaints with HUD against eight banks or property maintenance vendors,
alleging that REO properties in non-minority areas were marketed and maintained
materially better than REO properties in predominantly minority areas. One of
these cases resulted in a public Conciliation Agreement.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn18" name="_ednref18" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xviii]</span></span><!--[endif]--></span></a>
Mortgage servicers often hire vendors to perform the maintenance and marketing
of the properties, so the complaints have focused directly on vendor oversight
and the alleged failure to ensure that vendors provide consistent services
regardless of the racial or ethnic composition of the neighborhood.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">What can be done to reduce the compliance risk
posed by third parties?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">I suggest the following 8-part strategy for
evaluating third party risk. It is the kind of approach that my firm takes all
the time in its audit and review processes with clients, whether our guidance
is project-based or in the context of an on-going monthly relationship.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .5in; mso-list: l2 level1 lfo1; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">1)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Due
Diligence<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .5in; mso-list: l2 level1 lfo1; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">2)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Contract
Review<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .5in; mso-list: l2 level1 lfo1; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">3)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Policies
and Procedures<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .5in; mso-list: l2 level1 lfo1; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">4)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Compensation<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .5in; mso-list: l2 level1 lfo1; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">5)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Risk
Assessments<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .5in; mso-list: l2 level1 lfo1; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">6)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Monitoring<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .5in; mso-list: l2 level1 lfo1; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">7)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Training<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .5in; mso-list: l2 level1 lfo1; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">8)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Remediation<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l1 level1 lfo2; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">1.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Due
Diligence<o:p></o:p></span></span></div>
<div class="MsoNormal" style="margin-left: .25in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The
vetting process should include searching public information and conducting
background checks on the third party and/or its principals, and inquiring about
prior litigation and regulatory proceedings against the third party. In
addition to the initial vetting, financial institutions could conduct periodic
reviews or re-certification of the third party. Our affiliate, <u>Vendors
Compliance Group</u>,<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn19" name="_ednref19" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xix]</span></span><!--[endif]--></span></a>
conducts just such a review, not a mere compilation, but actual due diligence.<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l1 level1 lfo2; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">2.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Contracts<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Written agreements should specify compliance expectations and set
in place mechanisms to monitor and enforce those expectations. Contracts should
have strong provisions, especially those related to allowing for auditing and
inspection of the service provider. Furthermore, contracts should also specify
how the service provider will handle, respond to, and report consumer
complaints.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l1 level1 lfo2; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">3.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Policies
and Procedures<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The policies and procedures, and even service level agreements (if
needed), should comply with the standards and expectations of the applicable
supervising agencies.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l1 level1 lfo2; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">4.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Compensation<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">UDAAP and fair lending risk are directly and indirectly related to
third-party compensation policies, as compensation tied to discretionary
decision-making can present elevated fair lending risk. With respect to
mortgage brokers, mortgage lenders, and mortgage servicers, these institutions
should review third-party compensation policies to ensure compliance with the
CFPB’s loan originator compensation rules, as well as compliance with the RESPA
Section 8 prohibition on kickbacks and unearned fees. Be mindful of any
relevant metrics associated with quality control and compliance-based assessments,
where such are used as a component of compensation, such as in sales.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l1 level1 lfo2; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">5.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Risk
Assessments<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Our firm often conducts risk assessments for departments and
functions, but we also recommend conducting risk assessments of third-parties –
most especially those third-parties that interact directly with consumers. The
FI’s ability to control those consumer communications is critical to mitigating
the potential for consumer harm based on conduct by a third party.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l1 level1 lfo2; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">6.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Monitoring<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Monitoring for fair lending should be an internal mandate for FIs,
irrespective of a supervising agencies rules. Institutions should consider
regular monitoring and oversight of vendors, including fair lending monitoring
where appropriate. Wholesale mortgage lenders should also consider monitoring their
mortgage broker for potential disparities on a prohibited basis. In addition to
statistical monitoring, audits, mystery shopping, customer surveys, and other
evaluations may also help FI’s assess the performance of service providers.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l1 level1 lfo2; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">7.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Training<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">Financial institutions must provide to, or validate compliance
training for, third parties, especially those entities that interact directly
with the public, in general, and consumers, in particular. Given the
extraordinary risk associated with fair lending, third parties should be given,
or obtain training, on fair lending laws and UDAAP compliance. If third parties
are involved in managing and marketing REOs, training on fair housing should be
considered.</span><span style="font-size: 11pt;"><o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l1 level1 lfo2; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">8.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Remediation<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Fair lending
remediation programs must include counseling or training, enhanced scrutiny of
contracts, careful review of loan originations, and termination where
unexplained disparities are noted.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: 0in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">My list is really a sort of
extrapolation of what Federal banking regulators such as the OCC and Federal
Reserve have promulgated for many years. The agencies have issued extensive
guidance on third-party oversight and closely supervised such relationships. For
instance, on October 30, 2013, the OCC substantially reworked its guidance for
overseeing third-party relationships.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn20" name="_ednref20" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xx]</span></span><!--[endif]--></span></a> This guidance from the
OCC is one of the most comprehensive, bank regulatory guidances available on
third-party risk management.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn21" name="_ednref21" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xxi]</span></span><!--[endif]--></span></a><o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: 0in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: 0in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">In the foregoing issuance, the
OCC’s expectations were expressed in the following requirements:<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: 0in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l0 level1 lfo3; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">1.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Planning<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Develop a
plan to manage the third-party relationship before consummating the
relationship.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l0 level1 lfo3; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">2.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Due diligence and Third-party Selection<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Include
strategies and goals, legal and regulatory compliance, financial condition, and
business experience and reputation, derived internally or from a risk
management firm, such as Vendors Compliance Group.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_edn22" name="_ednref22" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xxii]</span></span><!--[endif]--></span></a><o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l0 level1 lfo3; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">3.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Contract Negotiations<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Cover nature
and scope, but also define performance metrics and benchmarks, the right to
audit and require remediation, responsibilities for compliance with applicable
laws and regulations, cost and compensation, indemnification, insurance,
default and termination, and customer complaints.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l0 level1 lfo3; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">4.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Ongoing Monitoring<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Determine
quality and sustainability of the third-party’s controls and compliance with
legal and regulatory requirements. Pay attention to volume, nature, and trends
of consumer complaints and the third-party’s ability to appropriately remediate
customer complaints.”<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="text-align: justify;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l0 level1 lfo3; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">5.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Termination<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Termination
should be efficient and not disruptive to safety and soundness. Consider a
contingency plan to transition the subject services to another service
provider, or bring the activity in-house, or discontinue the activity
altogether.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="text-align: justify;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l0 level1 lfo3; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">6.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Oversight and Accountability<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Chain of
command access to information involving third-party relationships, where the
decision tree contains feedback from, and accountability to, the Board of
Directors, Senior Management, and other employees.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="text-align: justify;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l0 level1 lfo3; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">7.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Documentation and Reporting<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Periodic
reporting on new information or risks associated with third-party
relationships, such reporting to be derived internally or from a risk
management firm.<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="text-align: justify;">
<br /></div>
<div class="MsoListParagraph" style="margin-left: .25in; mso-list: l0 level1 lfo3; text-align: justify;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 11pt;">8.<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 11pt;">Independent Reviews<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<span style="font-size: 11pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Regularly scheduled,
independent reviews of the third-party risk management processes to determine
if those processes align with a financial institution’s strategy and risk
profile, derived internally or from a risk management firm<o:p></o:p></span></span></div>
<div class="MsoListParagraph" style="margin-left: .25in; text-align: justify; text-indent: 0in;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Third-parties have considerable impact on a financial institution’s
safety and soundness. Critical activities, such as functions like payments,
clearing, settlements, custody, and certain services, such as information
technology, and many other activities, may cause significant risk or consumer
impact. While wanting to offer the consumer the best quality service, financial
institutions must realize that third-parties also pose one of the most
significant areas of exposure to compliance risk. <o:p></o:p></span></div>
<br />
<div>
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<!--[if !supportEndnotes]--><br />
<hr size="1" style="text-align: left;" width="33%" />
<!--[endif]-->
<br />
<div id="edn1">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref1" name="_edn1" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[i]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> 80 Fed. Reg.
63,720 (Oct. 21, 2015)<o:p></o:p></span></span></div>
</div>
<div id="edn2">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref2" name="_edn2" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[ii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> Here are just a few. <i>Joint Motion for Entry of Consent Order, United States & Consumer
Financial Protection Bureau v. Provident Funding Assocs., L.P.</i>, No.
3:15-cv-02373 (N.D. Cal. May 28, 2015); <i>Consumer
Financial Protection Bureau & United States v. National City Bank</i>, No.
2:13-cv-01817 (W.D. Pa. Dec. 23, 2013); <i>United
States v. Wells Fargo Bank, NA</i>, No. 1:12-cv-01150 (D.D.C. July 12, 2012); <i>Consent Order, United States v. Countrywide
Financial Corp.</i>, No. 2:11-cv-10540-PSG-AJW (C.D. Cal. Dec. 28, 2011); <i>Consent Order, United States v. AIG Federal
Savings Bank</i>, No. 1:10-cv-00178-JJF (D. Del. Mar. 19, 2010); <i>City of Miami v. Bank of Am. Corp.</i>, No.
1:13-cv-24506-WPD, 2014 WL 3362348 (S.D. Fla. July 9, 2014), affirmed in part,
revised in part, 800 F.3d 1262 (11th Cir. 2015).<o:p></o:p></span></span></div>
</div>
<div id="edn3">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref3" name="_edn3" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[iii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> To read some of the articles, visit the Articles
section at </span><a href="http://www.lenderscompliancegroup.com/"><span style="color: blue; font-size: 9.5pt;">www.LendersComplianceGroup.com</span></a><span style="font-size: 9.5pt;"> <o:p></o:p></span></span></div>
</div>
<div id="edn4">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref4" name="_edn4" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[iv]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> 12 C.F.R. § 1026.36(d), (e) (Regulation Z, the
implementing regulation of the Truth in Lending Act, rules regarding loan
originator compensation and steering incentives); 15 U.S.C. § 1639b(c)
(Dodd-Frank Act mortgage anti-steering provisions)<o:p></o:p></span></span></div>
</div>
<div id="edn5">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref5" name="_edn5" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[v]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> </span><i><span style="font-size: 9.5pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Unfair,
Deceptive, or Abusive Acts or Practices</span></i><span style="font-size: 9.5pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">, in Version 2,
Consumer Financial Protection Bureau, in CFPB Supervision and Examination
Manual, October 2012</span><span style="font-size: 9.5pt;"><o:p></o:p></span></span></div>
</div>
<div id="edn6">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref6" name="_edn6" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[vi]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> No. 12-cv-7667 (HB), 2013 WL 3835198, S.D.N.Y. July
25, 2013<o:p></o:p></span></span></div>
</div>
<div id="edn7">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref7" name="_edn7" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[vii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> No. 09-49420, 2014 WL 4197001 Bankruptcy E.D.N.Y. Aug.
22, 2014<o:p></o:p></span></span></div>
</div>
<div id="edn8">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref8" name="_edn8" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[viii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> See <i>Johnson v.
Wells Fargo Bank, N.A.</i>, No. 14-MC-1100 (RRM), 2015 U.S. Dist., LEXIS 28046,
E.D.N.Y. Mar. 6, 2015<o:p></o:p></span></span></div>
</div>
<div id="edn9">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref9" name="_edn9" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[ix]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> Home Mortgage Disclosure Act (Regulation C), 80 Fed.
Reg. 66,128-01, 66,174, October 28, 2015<o:p></o:p></span></span></div>
</div>
<div id="edn10">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref10" name="_edn10" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[x]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> Idem at 66,337<o:p></o:p></span></span></div>
</div>
<div id="edn11">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref11" name="_edn11" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xi]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> FIL-49-2015, <i>Advisory
on Effective Risk Management Practices for Purchased Loans and Purchased Loan
Participations</i>, FDIC, November 6, 2015<o:p></o:p></span></span></div>
</div>
<div id="edn12">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref12" name="_edn12" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> See <i>Interagency
Review of Foreclosure Policies and Practices</i> (2011), Federal Reserve
System, OCC and OTS. The Office of Thrift Supervision merged with the Office of
the Comptroller of the Currency on July 21, 2011.<o:p></o:p></span></span></div>
</div>
<div id="edn13">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref13" name="_edn13" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xiii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> <i>DOJ, Federal
Government and State Attorneys General Reach $25 Billion Agreement with Five
Largest Mortgage Servicers to Address Mortgage Loan Servicing and Foreclosure
Abuses, </i>Press Release, February 9, 2012<o:p></o:p></span></span></div>
</div>
<div id="edn14">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref14" name="_edn14" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xiv]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> <i>Consent
Judgment, Consumer Financial Protection Bureau v. Ocwen Financial Corp.</i>,
No. 1:13-cv-02025-RMC, D.D.C. Feb. 26, 2014<o:p></o:p></span></span></div>
</div>
<div id="edn15">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref15" name="_edn15" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xv]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> <i>Interagency
Review</i>, <i>supra</i> 12, at 9<o:p></o:p></span></span></div>
</div>
<div id="edn16">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref16" name="_edn16" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xvi]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> See <i>Robo-signing
Controversy</i>, in 2010 United States Foreclosure Crisis, Wikipedia<o:p></o:p></span></span></div>
</div>
<div id="edn17">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref17" name="_edn17" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xvii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> <i>Mortgage
Servicing Rules under the Real Estate Settlement Procedures Act (Regulation X)</i>,
12 C.F.R. Part 1024, 78 FR 10,696, February 14, 2013<o:p></o:p></span></span></div>
</div>
<div id="edn18">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref18" name="_edn18" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xviii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> <i>National Fair
Housing Alliance and Wells Fargo Announce Collaboration to Rebuild
Homeownership Opportunities in 19 Cities</i>, Press Release, NFHA, June 6,
2013; see also <i>U.S. Department of Housing
and Urban Development and Urban Development Conciliation Agreement</i>, No.
09-12-0708-8, National Fair Housing Alliance & Wells Fargo Bank, N.A., 2013<o:p></o:p></span></span></div>
</div>
<div id="edn19">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref19" name="_edn19" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xix]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> For more information, visit </span><a href="http://www.vendorscompliancegroup.com/"><span style="color: blue; font-size: 9.5pt;">www.VendorsComplianceGroup.com</span></a><span style="font-size: 9.5pt;"> <o:p></o:p></span></span></div>
</div>
<div id="edn20">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref20" name="_edn20" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xx]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> <i>Bulletin No.
2013-29, Third-Party Relationships</i>, OCC, 2013. This and other such
issuances can be found at the Presentations page of </span><a href="http://www.vendorscompliancegroup.com/"><span style="color: blue; font-size: 9.5pt;">www.VendorsComplianceGroup.com</span></a><span style="color: blue; font-size: 9.5pt;">.</span><span style="font-size: 9.5pt;"><o:p></o:p></span></span></div>
</div>
<div id="edn21">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref21" name="_edn21" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xxi]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> The Federal Reserve issued updated third-party
oversight guidance addressing similar topics for supervised institutions in
December 2013. See <i>Guidance on Managing
Outsourcing Risk</i>, 2013, SR 13-19/CA 13-21. Also see the Presentations page
at </span><a href="http://www.vendorscompliancegroup.com/"><span style="color: blue; font-size: 9.5pt;">www.VendorsComplianceGroup.com</span></a><span style="font-size: 9.5pt;">, where also is available <i>CFPB - Bulletin 2012-03 - Service Providers</i>, CFPB; <i>Compliance Bulletin and Policy Guidance -
2016-02 - Services Providers;</i> <i>Compliance
Bulletin and Policy Guidance 2016-02 - Service Providers - Questions and
Answers</i>, Vendors Compliance Group; <i>Synopsis
of Supplement to OCC Bulletin 2013-29</i>; <i>Frequently
Asked Questions - "Third Party Relationships: Risk Management
Guidance,"</i> Vendors Compliance Group<o:p></o:p></span></span></div>
</div>
<div id="edn22">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Third-Party%20Relationships-Compliance%20Risk-Foxx.LCG%20(6.26.17).docx#_ednref22" name="_edn22" title=""><span class="MsoEndnoteReference"><span style="font-size: 9.5pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9.5pt; line-height: 107%;">[xxii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9.5pt;"> Op. cit., 19</span></span><o:p></o:p></div>
</div>
</div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-50158296257951267922017-06-15T11:19:00.000-04:002017-06-15T11:19:53.275-04:00Third Party Relationships: Risk Management Guidance - Frequently Asked Questions<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Managing Director</span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Lenders Compliance Group of Companies</span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">On June 7, 2017, the Office of the Comptroller of the Currency (OCC) published a Frequently Asked Questions (“FAQ”), meant to supplement its Bulletin 201329 (“ThirdParty Relationships: Risk Management Guidance,” October 30, 2013). <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The FAQ, OCC Bulletin 2017-21, is entitled “Frequently Asked Questions to Supplement OCC Bulletin 201329” (“Supplement”).<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">This issuance is to be reviewed by Chief Executive Officers and Chief Risk Officers of All National Banks and Federal Savings Associations, Technology Service Providers, Department and Division Heads, all Examining Personnel, and other interested parties. Community Banks should note that the Supplement addresses questions from national banks and federal savings associations (collectively, “banks”) regarding guidance in OCC Bulletin 201329. The Supplement and OCC Bulletin 201329 are applicable to all banks.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_edn1" name="_ednref1" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 12pt;">[i]</span></span><!--[endif]--></span></a> <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The Supplement provides the following information:</span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">defines third party relationships and provides guidance on conducting due diligence and ongoing monitoring of service providers;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">provides insight on how to adjust risk management practices specific to each relationship;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">discusses ways to structure third party risk management processes;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">discusses advantages and disadvantages to collaboration between multiple banks when managing third party<span style="font-family: "arial" , "helvetica" , sans-serif;"> relationships;</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">outlines bank-specific requirements when using collaborative arrangements;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">provides information-sharing forums that offer resources to help banks monitor cyber threats;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">discusses how to determine whether a fintech<span style="font-family: "arial" , "helvetica" , sans-serif;"> relationships is a “critical activity” and covers risks associated with engaging a start-up </span>fintech<span style="font-family: "arial" , "helvetica" , sans-serif;"> company;</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">addresses ways in which banks and fintech<span style="font-family: "arial" , "helvetica" , sans-serif;"> companies can partner together to serve underbanked populations;</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">covers criteria to consider when entering into a marketplace lending arrangement with a nonbank entity;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">clarifies whether OCC Bulletin 2013-29 applies when a bank engages a third party to provide mobile payments options to consumers<span style="font-family: "arial" , "helvetica" , sans-serif;">;</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">outlines the OCC’s compliance management requirements;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">discusses banks’ rights to access interagency technology service provider reports; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">answers whether a bank can rely on the accuracy of a third party’s risk management report.</span></li>
</ul>
<br />
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt;">It is my considered view that nonbanks should carefully review the Supplement and, where poss</span><span style="font-size: 12pt;">ible, adopt its guidance, in addition to any other guidance provided by the Consumer Financial Protection Bureau (CFPB) or state banking departments.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_edn2" name="_ednref2" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 12pt;">[ii]</span></span><!--[endif]--></span></a><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">We have placed this Synopsis along with the Supplement on the <span style="color: blue;"><a href="http://vendorscompliancegroup.com/"><span style="color: blue;">Vendors Compliance Group</span></a></span> website.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_edn3" name="_ednref3" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 12pt;">[iii]</span></span><!--[endif]--></span></a> <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">This review of the Supplement will set forth the questions asked and summarize the answers provided. A detailed reading of the Supplement is suggested. This Synopsis is meant to provide an overview of the Supplement; however, I highly advise a thorough reading of the actual Supplement. For further guidance, I recommend that you contact a compliance professional who is familiar with the processes involved in review of service provider and third party vendor due diligence. <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt;">If you have questions, please contact us at:</span></span></div>
<div class="MsoBodyText" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: blue; font-size: 12pt;"><a href="mailto:Compliance@LendersComplianceGroup.com"><span style="color: blue;">Compliance@LendersComplianceGroup.com</span></a></span><span style="font-size: 12pt;">.</span></span></div>
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 16pt; line-height: 107%;"><br clear="all" style="page-break-before: always;" />
</span> </span></div>
<div class="MsoTocHeading" style="text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">______________________________________________________</span></div>
<br />
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.blogger.com/null" name="_Toc485281916"></a><!--[if !supportLists]--><span style="font-size: 12pt;">1)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt;"><span style="color: blue;">What is a third party relationship?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">OCC Bulletin 201329 defines a third party relationship as any <span style="letter-spacing: -.15pt;">business </span>arrangement between the bank and another entity, by <span style="letter-spacing: -.15pt;">contract </span>or otherwise.</span></span><br />
<a name='more'></a><span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;"> <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt;">Third party relationships include activities that involve:</span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">outsourced <span style="line-height: 150%; text-indent: -0.25in;">products and <span style="letter-spacing: -.2pt;">services</span></span></span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">use <span style="line-height: 150%; text-indent: -0.25in;">of outside consultants, networking arrangements, merchant payment <span style="letter-spacing: -.2pt;">processing services, and</span> <span style="letter-spacing: -.2pt;">services </span><span style="letter-spacing: -.15pt;">provided by</span> affiliates and <span style="letter-spacing: -.15pt;">subsidiaries; </span></span></span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">joint ventures<span style="letter-spacing: -0.15pt; text-indent: -0.25in;">; </span><span style="text-indent: -0.25in;">and</span></span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">other <span style="letter-spacing: -0.15pt; text-indent: -0.25in;">business </span><span style="text-indent: -0.25in;">arrangements in </span><span style="letter-spacing: -0.15pt; text-indent: -0.25in;">which </span><span style="text-indent: -0.25in;">a bank has an ongoing thirdparty relationship or may </span><span style="letter-spacing: -0.15pt; text-indent: -0.25in;">have </span><span style="text-indent: -0.25in;">responsibility for the </span><span style="letter-spacing: -0.15pt; text-indent: -0.25in;">associated </span><span style="letter-spacing: -0.2pt; text-indent: -0.25in;">records.</span> </span></li>
</ul>
<br />
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; letter-spacing: -0.2pt;">Of interest to the OCC is the relationship that a bank has with</span><span style="font-size: 12pt;"> financial technology (Fintech) companies. These companies perform certain <span style="letter-spacing: -.2pt;">services </span>or deliver products <span style="letter-spacing: .05pt;">to </span>a <span style="letter-spacing: -.15pt;">bank’s </span>customer <span style="letter-spacing: -.15pt;">base.</span></span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; letter-spacing: -0.15pt;"> </span></div>
<blockquote class="tr_bq" style="margin-left: .75in; mso-list: l6 level1 lfo9; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; letter-spacing: -0.266667px;">=> </span><span style="font-size: 12pt; letter-spacing: 0.05pt;">If </span><span style="font-size: 12pt;">a Fintech company performs <span style="letter-spacing: -.2pt;">services </span>or delivers products on behalf of a bank or <span style="letter-spacing: -.2pt;">banks, </span>the relationship meets the definition of a thirdparty relationship and the OCC <span style="letter-spacing: -.2pt;">expects </span>bank management <span style="letter-spacing: .05pt;">to </span>include the Fintech company in the <span style="letter-spacing: -.15pt;">bank’s </span>third party <span style="letter-spacing: -.15pt;">risk </span>management <span style="letter-spacing: -.2pt;">process.</span></span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; letter-spacing: -0.2pt;"> </span></blockquote>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; letter-spacing: -0.2pt;">One observation made by the OCC in the Supplement is</span><span style="font-size: 12pt;"> that, although banks may want in-depth information, <i>they may not receive all the information they seek on each critical thirdparty service provider</i>, particularly from new companies. At Vendors Compliance Group, we come across this challenge all the time! <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The fact is, when a bank does not receive all the information it seeks about third party service providers that support the bank’s critical activities, the OCC expects the bank’s board of directors and management to:</span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">develop appropriate alternative ways to analyze these critical thirdparty service providers;</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">establish risk mitigating controls; be prepared to address interruptions in delivery (for example, use multiple payment systems, generators for power, and multiple telecommunications lines in and out of critical sites);</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">make risk-based decisions that these critical third party service providers are the best service providers available to the bank despite the fact that the bank cannot acquire all the information it wants;</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">retain appropriate documentation of all their efforts to obtain information and related decisions; and</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">ensure that contracts meet the bank’s needs.</span></li>
</ul>
<div class="MsoBodyText" style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 12.0pt; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.blogger.com/null" name="_Toc485281917"></a><!--[if !supportLists]--><span style="font-size: 12pt;">2)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 12pt;"><span style="color: blue;">OCC Bulletin 201329 defines thirdparty relationships very broadly and reads like <span style="letter-spacing: .05pt;">it </span>can apply to lower risk relationships. How can a bank reduce its oversight costs for lower risk relationships?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; letter-spacing: -0.1pt;">Not </span><span style="font-size: 12pt;">all thirdparty relationships <span style="letter-spacing: -.15pt;">present </span>the same level of <span style="letter-spacing: -.2pt;">risk. </span>The same relationship may <span style="letter-spacing: -.15pt;">present varying </span>levels of <span style="letter-spacing: -.15pt;">risk </span><span style="letter-spacing: -.2pt;">across banks. </span>Bank management should determine the <span style="letter-spacing: -.2pt;">risks </span><span style="letter-spacing: -.15pt;">associated </span>with <span style="letter-spacing: -.15pt;">each </span>thirdparty relationship and then determine how <span style="letter-spacing: .05pt;">to </span>adjust <span style="letter-spacing: -.15pt;">risk </span>management practices for <span style="letter-spacing: -.15pt;">each </span>relationship.</span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></div>
<blockquote class="tr_bq" style="margin-left: .75in; mso-list: l6 level1 lfo9; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt;">=> Goal: B<span style="letter-spacing: -.15pt;">ank’s risk </span>management practices for <span style="letter-spacing: -.15pt;">each </span>relationship should<span style="letter-spacing: .05pt;"> </span>be commensurate with the level of <span style="letter-spacing: -.15pt;">risk </span>and complexity of the third party relationship. This <span style="letter-spacing: -.15pt;">risk </span><span style="letter-spacing: -.2pt;">assessment </span>should be <u>periodically updated</u> throughout the relationship. <span style="letter-spacing: .05pt;">It </span>should not be a onetime <span style="letter-spacing: -.2pt;">assessment </span><span style="letter-spacing: -.15pt;">conducted </span>at the beginning of the relationship.</span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></blockquote>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">This view is why Vendors Compliance Group conducts not only transactional, but also periodic reviews of certain service providers. Since we review service providers on behalf of banks (and nonbanks), we endeavor to meet the OCC’s expectations to perform due diligence and ongoing monitoring for all thirdparty relationships. We do not perform merely a compilation of documents. What distinguishes Vendors Compliance Group from nearly every other compliance review firm is <u>we actually conduct due diligence</u>. This cannot be overemphasized, as the OCC fully expects due diligence to be implemented. <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The level of due diligence and ongoing monitoring, <span style="letter-spacing: -.25pt;">however, </span>may differ <span style="letter-spacing: -.15pt;">for, a</span>nd should be specific to, <span style="letter-spacing: -.15pt;">each </span>third party relationship. The level of due diligence and ongoing monitoring should be <span style="letter-spacing: -.15pt;">consistent </span>with the level of <span style="letter-spacing: -.15pt;">risk </span>and complexity <span style="letter-spacing: -.15pt;">posed </span>by <span style="letter-spacing: -.15pt;">each </span>thirdparty relationship. For critical activities, the OCC <span style="letter-spacing: -.15pt;">expects </span>that due diligence and ongoing monitoring will be robust, <span style="letter-spacing: -.15pt;">comprehensive, </span>and appropriately documented. Additionally, for activities that bank management determines <span style="letter-spacing: .05pt;">to </span>be low <span style="letter-spacing: -.2pt;">risk, </span>management should follow the <span style="letter-spacing: -.15pt;">bank’s </span>board established policies and <span style="letter-spacing: -.15pt;">procedures </span>for due diligence and ongoing monitoring.<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.blogger.com/null" name="_Toc485281918"></a><!--[if !supportLists]--><span style="font-size: 12pt;">3)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt;"><span style="color: blue;">How should banks structure their third party risk management process?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">There is no one way for banks to structure their third party risk management process!<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">OCC Bulletin 2013 29 noted that the OCC expects banks to adopt an effective thirdparty risk management process commensurate with the level of risk and complexity of their thirdparty relationships. <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Some banks have dispersed accountability for their thirdparty risk management process among their business lines. <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Other banks have centralized the management of the process under their compliance, information security, procurement, or risk management functions. No matter where accountability resides, each applicable business line can provide valuable input into the thirdparty risk management process, for example, by completing risk assessments, reviewing due diligence questionnaires and documents, and evaluating the controls over the thirdparty relationship. Personnel in control functions such as audit, risk management, and compliance programs should be involved in the management of thirdparty relationships.</span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></div>
<blockquote class="tr_bq" style="margin-left: .75in; mso-list: l6 level1 lfo9; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt;">=> Whatever way a bank goes about structuring its third party risk management process, the board is responsible for overseeing the development of an effective thirdparty risk management process commensurate with the level of risk and complexity of the thirdparty relationships. Periodic board reporting is essential to ensure that board responsibilities are fulfilled.</span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></blockquote>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><!--[if !supportLists]--><span style="font-size: 12pt;">4)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 12pt;"><span style="color: blue;">When multiple banks use the same third party service providers, can they collaborate to meet expectations for managing third party relationships specified in OCC Bulletin 201329?</span></span><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_edn4" name="_ednref4" title=""><span class="MsoEndnoteReference"><span style="font-size: 12pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 12pt;">[iv]</span></span><!--[endif]--></span></span></a><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">If they are using the same service providers to secure or obtain like products or services, banks may collaborate to meet certain expectations, such as performing the due diligence, contract negotiation, and ongoing monitoring responsibilities described in OCC Bulletin 201329.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_edn5" name="_ednref5" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 12pt;">[v]</span></span><!--[endif]--></span></a> <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Like products and services may, however, present a different level of risk to each bank that uses those products or services, making collaboration a useful tool but insufficient to fully meet the bank’s responsibilities under OCC Bulletin 201329. Collaboration can leverage resources by distributing costs across multiple banks. </span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Many banks that use like (i.e., similar) products and services from technology or other service providers may become members of user groups. Frequently, these user groups create the opportunity for banks, particularly community banks, to collaborate with their peers on innovative product ideas, enhancements to existing products or services, and customer service and relationship management issues with the service providers.</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Banks that use a customized product or service may not, however, be able to use collaboration to fully meet their due diligence, contract negotiation, or ongoing responsibilities.</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Banks may take advantage of various tools designed to help them evaluate the controls of third party service providers. In general, these types of tools offer:</span></li>
</ul>
<br />
<blockquote class="tr_bq" style="line-height: 150%; margin-left: 1.0in; mso-list: l8 level2 lfo8; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; line-height: 150%;">=> standardized approaches to perform due diligence and ongoing monitoring of third party service providers by having the participating third parties complete common security, privacy, and business resiliency control assessment questionnaires; and,</span></span></blockquote>
<blockquote class="tr_bq" style="line-height: 150%; margin-left: 1.0in; mso-list: l8 level2 lfo8; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; line-height: 150%;">=> after third parties complete the questionnaires, the results can be shared with numerous banks and other clients.</span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></blockquote>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.blogger.com/null" name="_Toc485281920"></a><!--[if !supportLists]--><span style="font-size: 12pt;">5)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 12pt;"><span style="color: blue;">When collaborating to <span style="letter-spacing: -.15pt;">meet </span>responsibilities for managing a relationship with a common third party service provider, what are some of the responsibilities that each bank still needs to undertake <span style="letter-spacing: .05pt;">individually </span>to <span style="letter-spacing: -.15pt;">meet </span>the expectations <span style="letter-spacing: .05pt;">in </span>OCC Bulletin 201329?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Responsibilities include defining the requirements for planning and termination (i.e., plans <span style="letter-spacing: .05pt;">to </span>manage the thirdparty <span style="letter-spacing: -.2pt;">service </span><span style="letter-spacing: -.15pt;">provider </span>relationship and development of contingency plans in <span style="letter-spacing: -.2pt;">response </span><span style="letter-spacing: .05pt;">to </span>termination of <span style="letter-spacing: -.2pt;">service), </span>as well<span style="letter-spacing: .25pt;"> </span>as:<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;"><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;"><span style="font-size: 12pt; line-height: 150%;">integrating</span></u><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; line-height: 150%; text-indent: -0.25in;"> the use of product and delivery channels into the bank’s strategic planning process and ensuring consistency with the bank’s internal controls, corporate governance, business plan, and risk appetite</span></li>
<li style="text-align: justify;"><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;"><span style="font-size: 12pt; line-height: 150%;">assessing </span></u><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; line-height: 150%; text-indent: -0.25in;">the quantity of risk posed to the bank through the third party service provider and the ability of the bank to monitor and control the risk</span></li>
<li style="text-align: justify;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;"><span style="font-size: 12pt; line-height: 150%;">implementing</span></u><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; line-height: 150%; text-indent: -0.25in;"> information technology controls at the bank</span></li>
<li style="text-align: justify;"><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;"><span style="font-size: 12pt; line-height: 150%;">ongoing benchmarking</span></u><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; line-height: 150%; text-indent: -0.25in;"> of service provider performance against the contract or service level agreement</span></li>
<li style="text-align: justify;"><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;"><span style="font-size: 12pt; line-height: 150%;">evaluating</span></u><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; line-height: 150%; text-indent: -0.25in;"> the third party’s fee structure to determine if it creates incentives that encourage inappropriate risk taking</span></li>
<li style="text-align: justify;"><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;"><span style="font-size: 12pt; line-height: 150%;">monitoring the third party’s actions</span></u><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; line-height: 150%; text-indent: -0.25in;"> on behalf of the bank for compliance with applicable laws and regulations</span></li>
<li style="text-align: justify;"><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;"><span style="font-size: 12pt; line-height: 150%;">monitoring the third party’s disaster recovery and business continuity</span></u><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; line-height: 150%; text-indent: -0.25in;"> time frames for resuming activities and recovering data for consistency with the bank’s disaster recovery and business continuity plans.</span></li>
</ul>
<br />
<div class="MsoBodyText" style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 12.0pt; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><!--[if !supportLists]--><span style="font-size: 12pt;">6)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 12pt;"><span style="color: blue;">What collaboration opportunities exist to address cyber threats to banks as well as to their thirdparty<span style="letter-spacing: 2.1pt;"> </span>relationships?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Banks may use the Financial Services Information Sharing and Analysis Center (FSISAC), the U.S. Computer Emergency Readiness Team (USCERT), InfraGard, and other information sharing organizations to monitor cyber threats and vulnerabilities and to enhance their risk management and internal controls. Banks also may use the FSISAC to share information with other banks.<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><!--[if !supportLists]--><span style="font-size: 12pt;">7)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 12pt; letter-spacing: 0.05pt;"><span style="color: blue;">Is </span></span><span style="font-size: 12pt;"><span style="color: blue;">a fintech company arrangement considered a critical activity?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">A <span style="letter-spacing: -.15pt;">bank’s </span>relationship with a fintech company may or may not <span style="letter-spacing: -.15pt;">involve </span>critical bank activities, depending on a number of factors. OCC Bulletin 201329 <span style="letter-spacing: -.15pt;">provides </span>criteria that a <span style="letter-spacing: -.15pt;">bank’s </span>board and management may <span style="letter-spacing: -.15pt;">use </span><span style="letter-spacing: .05pt;">to </span>determine what critical activities are. <span style="letter-spacing: .05pt;">It </span>is up <span style="letter-spacing: .05pt;">to </span><span style="letter-spacing: -.15pt;">each bank’s </span>board and management <span style="letter-spacing: .05pt;">to </span>identify the critical activities of the bank and the thirdparty relationships related <span style="letter-spacing: .05pt;">to </span>these critical activities. The board (<span style="letter-spacing: -.1pt;">or </span>committees thereof) should <span style="letter-spacing: -.15pt;">approve </span>the policies and <span style="letter-spacing: -.15pt;">procedures </span>that <span style="letter-spacing: -.15pt;">address </span>how critical activities <span style="letter-spacing: -.1pt;">are </span>identified. <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Under OCC Bulletin 201329, critical activities <span style="letter-spacing: -.15pt;">can </span>include significant bank functions (i.e., payments, clearing, settlements, and <span style="letter-spacing: -.15pt;">custody), significant</span> <span style="letter-spacing: -.15pt;">shared </span><span style="letter-spacing: -.2pt;">services </span>(i.e., information technology), or other activities<span style="letter-spacing: 1.25pt;"> </span>that<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">could cause the bank to face significant risk if a third party fails to meet expectations. could have significant bank customer impact;</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">require significant investment in resources to implement third party relationships and manage risks;</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">could have major<span style="font-size: 12pt; text-indent: -0.25in;"> impact on bank operations if the bank has to find an alternative third party or if the outsourced activities have to be brought inhouse.</span></span> </li>
</ul>
<br />
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.blogger.com/null" name="_Toc485281923"><!--[if !supportLists]--><span style="font-size: 12pt;">8)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 12pt; letter-spacing: -0.1pt;"><span style="color: blue;">Can </span></span></a><span style="font-size: 12pt;"><span style="color: blue;">a bank engage with a startup fintech company with limited financial information?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">OCC Bulletin 201329 states that banks should consider the financial condition of their third parties during the due diligence stage of the life cycle <i>before</i> the banks have selected or entered into contracts or relationships with third parties. In assessing the financial condition of a startup or less established fintech company, the bank may consider a company’s access to funds, its funding sources, earnings, net cash flow, expected growth, projected borrowing capacity, and other factors that may affect the third party’s overall financial stability.</span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></div>
<blockquote class="tr_bq" style="margin-left: .75in; mso-list: l6 level1 lfo9; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt;">=> Assessing changes to the financial condition of third parties is an expectation of the ongoing monitoring stage of the life cycle. Because it may be receiving limited financial information, the bank should have appropriate contingency plans in case the startup fintech company experiences a business interruption, fails, or declares bankruptcy and is unable to perform the agreed-upon activities or services.</span></span></blockquote>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><!--[if !supportLists]--><span style="font-size: 12pt;">9)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 12pt;"><span style="color: blue;">How can a bank offer products or services to underbanked or underserved segments of the population<span style="letter-spacing: 1.05pt;"> </span>through<span style="letter-spacing: 1.05pt;"> </span>a<span style="letter-spacing: .75pt;"> </span>third party<span style="letter-spacing: .75pt;"> </span>relationship<span style="letter-spacing: 1.05pt;"> </span>with<span style="letter-spacing: 1.05pt;"> </span>a<span style="letter-spacing: .75pt;"> </span>fintech<span style="letter-spacing: 1.05pt;"> </span>company?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Banks may partner with fintech companies <span style="letter-spacing: .05pt;">to </span>offer <span style="letter-spacing: -.2pt;">savings, </span>credit, financial planning, or payments, in an effort <span style="letter-spacing: .05pt;">to </span><span style="letter-spacing: -.15pt;">increase consumer </span><span style="letter-spacing: -.25pt;">access. </span>In such instances, the fintech company is considered to have a third party relationship with the bank that falls under the scope of OCC Bulletin 201329.<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.blogger.com/null" name="_Toc485281925"><!--[if !supportLists]--><span style="font-size: 12pt;">10)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt;">What should a bank consider when entering a marketplace lending arrangement with nonbank<span style="letter-spacing: 1.5pt;"> </span>entities?</span></a><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">When engaging in marketplace lending activities, a <span style="letter-spacing: -.15pt;">bank’s </span>board and management should: <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">understand the relationships among the <span style="font-size: 12pt; letter-spacing: -0.15pt; text-indent: -0.25in;">bank, </span><span style="font-size: 12pt; text-indent: -0.25in;">the marketplace </span><span style="font-size: 12pt; letter-spacing: -0.2pt; text-indent: -0.25in;">lender, </span><span style="font-size: 12pt; text-indent: -0.25in;">and the </span><span style="font-size: 12pt; letter-spacing: -0.2pt; text-indent: -0.25in;">borrowers; </span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">fully understand the legal, strategic, reputation, operational, and other <span style="font-size: 12pt; letter-spacing: -0.2pt; text-indent: -0.25in;">risks </span><span style="font-size: 12pt; text-indent: -0.25in;">that these arrangements </span><span style="font-size: 12pt; letter-spacing: -0.15pt; text-indent: -0.25in;">pose; </span><span style="font-size: 12pt; text-indent: -0.25in;">and</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">evaluate the marketplace lender’s practices for compliance with applicable laws and regulations.</span> </li>
</ul>
<br />
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; letter-spacing: 0.05pt;">As </span><span style="font-size: 12pt;">with any third party relationship, management at <span style="letter-spacing: -.15pt;">banks involved </span>with marketplace lenders should <span style="letter-spacing: -.15pt;">ensure </span>the <span style="letter-spacing: -.15pt;">risk </span><span style="letter-spacing: -.2pt;">exposure </span>is <span style="letter-spacing: -.15pt;">consistent with</span> their <span style="letter-spacing: -.15pt;">boards’ </span>strategic <span style="letter-spacing: -.1pt;">goals, </span><span style="letter-spacing: -.15pt;">risk </span>appetite, and safety and <span style="letter-spacing: -.15pt;">soundness </span>objectives. <span style="letter-spacing: .05pt;">In </span>addition, boards should adopt appropriate policies, <span style="letter-spacing: -.15pt;">inclusive </span>of concentration limitations, before beginning <span style="letter-spacing: -.15pt;">business </span>relationships with marketplace <span style="letter-spacing: .6pt;">lenders</span><span style="letter-spacing: -.15pt;">.<o:p></o:p></span></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Banks should <span style="letter-spacing: -.15pt;">have </span>the appropriate <span style="letter-spacing: -.15pt;">personnel, </span><span style="letter-spacing: -.2pt;">processes, </span>and systems <span style="letter-spacing: -.2pt;">so </span>that they <span style="letter-spacing: -.15pt;">can </span>effectively monitor and control the <span style="letter-spacing: -.2pt;">risks </span>inherent within the marketplace lending relationship.</span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></div>
<blockquote class="tr_bq" style="margin-left: .75in; mso-list: l6 level1 lfo9; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;">-</span><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span><!--[endif]--><span style="font-size: 12pt; letter-spacing: -0.2pt;">Risks </span><span style="font-size: 12pt;">include:</span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></blockquote>
<div class="MsoBodyText" style="line-height: 150%; margin-left: 1.0in; mso-list: l9 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; line-height: 150%;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt; line-height: 150%;">reputation, <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 150%; margin-left: 1.0in; mso-list: l9 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; line-height: 150%;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt; line-height: 150%;">credit, <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 150%; margin-left: 1.0in; mso-list: l9 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; line-height: 150%;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt; line-height: 150%;">concentrations, <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 150%; margin-left: 1.0in; mso-list: l9 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; line-height: 150%;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt; line-height: 150%;">compliance, <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 150%; margin-left: 1.0in; mso-list: l9 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; line-height: 150%;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt; line-height: 150%;">market, <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 150%; margin-left: 1.0in; mso-list: l9 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; line-height: 150%;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt; line-height: 150%;">liquidity, and <o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 150%; margin-left: 1.0in; mso-list: l9 level1 lfo7; text-align: justify; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; letter-spacing: -0.15pt; line-height: 150%;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt; line-height: 150%;">operational <span style="letter-spacing: -.2pt;">risks. </span><span style="letter-spacing: -.15pt;"><o:p></o:p></span></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; letter-spacing: -0.5pt;">To </span><span style="font-size: 12pt; letter-spacing: -0.15pt;">address </span><span style="font-size: 12pt;">these <span style="letter-spacing: -.2pt;">risks, banks’ </span>due diligence of marketplace lenders should include consulting with the <span style="letter-spacing: -.2pt;">banks’ </span>appropriate <span style="letter-spacing: -.15pt;">business </span>units, <span style="letter-spacing: -.2pt;">such </span>as credit, compliance, finance, audit, operations, accounting, legal, and information <span style="letter-spacing: -.2pt;">technology. </span>Contracts or other <span style="letter-spacing: -.15pt;">governing </span>documents should lay out the terms of <span style="letter-spacing: -.2pt;">service level </span>agreements and contractual obligations. Subsequent significant contractual <span style="letter-spacing: -.15pt;">changes </span>should prompt reevaluation of bank policies, <span style="letter-spacing: -.2pt;">processes, </span>and <span style="letter-spacing: -.15pt;">risk </span>management <span style="letter-spacing: -.15pt;">practices.<o:p></o:p></span></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><!--[if !supportLists]--><span style="font-size: 12pt;">11)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt;"><span style="color: blue;">Does OCC Bulletin 201329 apply when a bank engages a third party to provide bank customers the ability to <span style="letter-spacing: -.15pt;">make </span>mobile payments using their bank accounts, including debit and credit<span style="letter-spacing: .75pt;"> </span>cards?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Yes. When using third party <span style="letter-spacing: -.2pt;">service </span><span style="letter-spacing: -.15pt;">providers </span>in mobile payment environments, <span style="letter-spacing: -.15pt;">banks </span><span style="letter-spacing: -.1pt;">are </span><span style="letter-spacing: -.15pt;">expected </span><span style="letter-spacing: .05pt;">to </span><span style="letter-spacing: -.15pt;">act </span>in a manner <span style="letter-spacing: -.15pt;">consistent </span>with OCC Bulletin 201329. Banks often enter into <span style="letter-spacing: -.15pt;">business </span>arrangements with third party <span style="letter-spacing: -.2pt;">service </span><span style="letter-spacing: -.15pt;">providers </span><span style="letter-spacing: .05pt;">to </span><span style="letter-spacing: -.15pt;">provide </span>software and <span style="letter-spacing: -.15pt;">licenses </span>in mobile payment environments. These third party <span style="letter-spacing: -.2pt;">service </span><span style="letter-spacing: -.15pt;">providers </span>also <span style="letter-spacing: -.15pt;">provide assistance </span><span style="letter-spacing: .05pt;">to </span>the <span style="letter-spacing: -.15pt;">banks </span>and the <span style="letter-spacing: -.2pt;">banks’ </span>customers.<span style="letter-spacing: -.15pt;"><o:p></o:p></span></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Many bank customers expect to use transaction accounts and credit, debit, or prepaid cards issued by their banks in mobile payment environments. Because almost all banks issue debit cards and offer transaction accounts, banks frequently participate in mobile payment environments even if they do not issue credit cards. Banks should work with mobile payment providers to establish processes for authenticating enrollment of customers’ account information that the customers provide to the mobile payment providers.<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="https://www.blogger.com/null" name="_Toc485281927"><!--[if !supportLists]--><span style="font-size: 12pt; letter-spacing: -0.15pt;">12)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 12pt;">May a community bank outsource the development, maintenance, monitoring, and compliance<span style="letter-spacing: 1.0pt;"> </span>responsibilities<span style="letter-spacing: 1.0pt;"> </span>of<span style="letter-spacing: .9pt;"> </span>its<span style="letter-spacing: 1.0pt;"> </span>compliance<span style="letter-spacing: 1.0pt;"> </span>management<span style="letter-spacing: .9pt;"> </span><span style="letter-spacing: -.15pt;">system?</span></span></a><span style="font-size: 12pt; letter-spacing: -0.15pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Banks may <span style="letter-spacing: -.15pt;">outsource </span>some or all <span style="letter-spacing: -.15pt;">aspects </span>of their compliance management systems <span style="letter-spacing: .05pt;">to </span>third parties, <span style="letter-spacing: -.2pt;">so </span>long as <span style="letter-spacing: -.15pt;">banks </span>monitor and <span style="letter-spacing: -.15pt;">ensure </span>that third parties comply with <span style="letter-spacing: -.15pt;">current </span>and <span style="letter-spacing: -.15pt;">subsequent changes </span><span style="letter-spacing: .05pt;">to </span><span style="letter-spacing: -.15pt;">consumer </span>laws and regulations. Some <span style="letter-spacing: -.15pt;">banks outsource </span>maintenance or monitoring or <span style="letter-spacing: -.15pt;">use </span>third parties <span style="letter-spacing: .05pt;">to </span>automate data collection and management <span style="letter-spacing: -.2pt;">processes </span>(for example, <span style="letter-spacing: .05pt;">to </span>file compliance reports under the Bank <span style="letter-spacing: -.15pt;">Secrecy </span>Act or for mortgage loan application <span style="letter-spacing: -.2pt;">processing </span>or <span style="letter-spacing: -.2pt;">disclosures). </span></span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt; letter-spacing: -0.2pt;"> </span></div>
<blockquote class="tr_bq" style="margin-left: .75in; mso-list: l6 level1 lfo9; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt;">=> The OCC <span style="letter-spacing: -.15pt;">expects </span>all <span style="letter-spacing: -.15pt;">banks </span><span style="letter-spacing: .05pt;">to </span>develop and maintain an effective compliance management <span style="letter-spacing: -.15pt;">system </span>and <span style="letter-spacing: -.15pt;">provide </span>fair <span style="letter-spacing: -.25pt;">access </span><span style="letter-spacing: .05pt;">to </span>financial <span style="letter-spacing: -.2pt;">services, </span><span style="letter-spacing: -.15pt;">ensure </span>fair treatment of <span style="letter-spacing: -.15pt;">customers, </span>and comply with <span style="letter-spacing: -.15pt;">consumer </span>protection laws and regulations. Strong compliance management systems include appropriate policies, <span style="letter-spacing: -.2pt;">procedures, </span><span style="letter-spacing: -.15pt;">practices, </span>training, internal controls, and audit systems <span style="letter-spacing: .05pt;">to </span>manage and monitor compliance <span style="letter-spacing: -.2pt;">processes </span>as well as a commitment of appropriate compliance <span style="letter-spacing: -.2pt;">resources.</span></span></span><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 12pt;"> </span></blockquote>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><!--[if !supportLists]--><span style="font-size: 12pt;">13)</span><span style="font-size: xx-small;"> </span><span style="font-size: 12pt; letter-spacing: -0.1pt;"><span style="color: blue;">Can </span></span><span style="font-size: 12pt;"><span style="color: blue;">banks obtain access to interagency technology service providers’ (“TSP”) reports of examination</span>?</span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">TSP reports of examination<span style="color: #4444ba; position: relative; top: -4.0pt;"> </span>are available only to banks that have contractual relationships with the TSPs at the time of the examination.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_edn6" name="_ednref6" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="color: black; font-size: 12pt;">[vi]</span></span><!--[endif]--></span></a> Although a bank may not share a TSP report of examination or the contents therein with other banks, a bank that has not contracted with a particular TSP may seek information from other banks with information or experience with a particular TSP as well as information from the TSP to meet the bank’s due diligence responsibilities.<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-left: .5in; mso-list: l1 level1 lfo1; mso-outline-level: 1; text-align: justify; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><!--[if !supportLists]--><span style="font-size: 12pt;">14)<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="color: blue;"><span style="font-size: 12pt; letter-spacing: -0.1pt;">Can </span><span style="font-size: 12pt;">a bank rely on a third party’s Service Organization Control (SOC) report, prepared <span style="letter-spacing: 0.05pt;">in </span>accordance with the American Institute of Certified <span style="letter-spacing: 0.05pt;">Public </span>Accountants Statement on Standards for Attestation Engagements No. 18 (SSAE<span style="letter-spacing: 0.85pt;"> </span>18)?</span></span><span style="font-size: 12pt;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 12pt; letter-spacing: 0.05pt;">In </span><span style="font-size: 12pt;">meeting its due diligence and ongoing monitoring responsibilities, a bank may <span style="letter-spacing: -.15pt;">review </span>a third party’s SOC <span style="letter-spacing: -.15pt;">report prepared </span>in <span style="letter-spacing: -.2pt;">accordance </span>with <span style="letter-spacing: .1pt;">SSAE </span>18 <span style="letter-spacing: .05pt;">to </span>evaluate the effectiveness of the third party’s <span style="letter-spacing: -.15pt;">risk </span>management program, including policies, <span style="letter-spacing: -.2pt;">processes, </span>and internal controls.<a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_edn7" name="_ednref7" title=""><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 12pt;">[vii]</span></span><!--[endif]--></span></a><span style="color: #4444ba; position: relative; top: -4.0pt;"> </span><span style="letter-spacing: 0.05pt;">If </span>a third party <span style="letter-spacing: -.15pt;">uses subcontractors (also </span>referred <span style="letter-spacing: .05pt;">to </span>as “fourth parties”), a bank may find the third party’s <span style="letter-spacing: .1pt;">SSAE </span>18 <span style="letter-spacing: -.15pt;">report </span>particularly useful, as <span style="letter-spacing: .1pt;">SSAE </span>18 requires the auditor <span style="letter-spacing: .05pt;">to </span>determine and <span style="letter-spacing: -.15pt;">report </span>on the effectiveness of controls the third party has implemented <span style="letter-spacing: .05pt;">to </span>monitor the controls of the <span style="letter-spacing: -.15pt;">subcontractor. </span><span style="letter-spacing: .05pt;">In </span>other <span style="letter-spacing: -.2pt;">words, </span>the <span style="letter-spacing: .1pt;">SSAE </span>18 <span style="letter-spacing: -.15pt;">report </span>will <span style="letter-spacing: -.15pt;">address </span>the question as <span style="letter-spacing: .05pt;">to </span>whether the third party has effective <span style="letter-spacing: -.15pt;">oversight </span>of its <span style="letter-spacing: -.15pt;">subcontractors. <o:p></o:p></span></span></span></div>
<div class="MsoBodyText" style="text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="text-align: justify;">
<span style="font-size: 12pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">A bank should <span style="letter-spacing: -.15pt;">consider </span>whether an <span style="letter-spacing: .1pt;">SSAE </span>18 <span style="letter-spacing: -.15pt;">report </span>contains sufficient information and is sufficient in <span style="letter-spacing: -.2pt;">scope </span><span style="letter-spacing: .05pt;">to </span><span style="letter-spacing: -.25pt;">assess </span>the third party’s <span style="letter-spacing: -.15pt;">risk </span>environment or whether additional audit or <span style="letter-spacing: -.15pt;">review </span>is required for the bank <span style="letter-spacing: .05pt;">to </span>properly <span style="letter-spacing: -.25pt;">assess </span>the third party’s control environment.<o:p></o:p></span></span></div>
<br />
<div>
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<!--[if !supportEndnotes]--><br />
<hr size="1" style="text-align: left;" width="33%" />
<!--[endif]-->
<br />
<div id="edn1">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_ednref1" name="_edn1" title=""><span class="MsoEndnoteReference"><span style="font-size: 9pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9pt;">[i]</span></span><!--[endif]--></span></span></a><span style="font-size: 9pt;"> Copy of OCC Bulletin 2013-29 is available in the Presentations section of <span style="color: blue;"><a href="http://www.vendorscompliancegroup.com/"><span style="color: blue;">www.vendorscompliancegroup.com</span></a></span> <o:p></o:p></span></span></div>
</div>
<div id="edn2">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_ednref2" name="_edn2" title=""><span class="MsoEndnoteReference"><span style="font-size: 9pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9pt;">[ii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9pt;"> Copies of CFPB – “Bulletin 2012-03 - Service Providers”, April 13, 2012, and CFPB – “Compliance Bulletin and Policy Guidance - 2016-02 - Services Providers,” October 26, 2016 (Federal Register), and NCUA – Supervisory Letter # 07-01, "Evaluating Third Party Relationships," October 2007, are available in the Presentations section of <span style="color: blue;"><a href="http://www.vendorscompliancegroup.com/"><span style="color: blue;">www.vendorscompliancegroup.com</span></a></span><o:p></o:p></span></span></div>
</div>
<div id="edn3">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_ednref3" name="_edn3" title=""><span class="MsoEndnoteReference"><span style="font-size: 9pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9pt;">[iii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9pt;"> “Compliance Bulletin and Policy Guidance 2016-02 - Service Providers: Questions and Answers - Vendors Compliance Group,” White Paper, is available in the Presentations section of <span style="color: blue;"><a href="http://www.vendorscompliancegroup.com/"><span style="color: blue;">www.vendorscompliancegroup.com</span></a></span><o:p></o:p></span></span></div>
</div>
<div id="edn4">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_ednref4" name="_edn4" title=""><span class="MsoEndnoteReference"><span style="font-size: 9pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9pt;">[iv]</span></span><!--[endif]--></span></span></a><span style="font-size: 9pt;"> Refer to OCC News Release 20151, “Collaboration Can Facilitate Community Banks Competitiveness, OCC Says,” January 13, 2015.<o:p></o:p></span></span></div>
</div>
<div id="edn5">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_ednref5" name="_edn5" title=""><span class="MsoEndnoteReference"><span style="font-size: 9pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9pt;">[v]</span></span><!--[endif]--></span></span></a><span style="font-size: 9pt;"> Any collaborative activities among banks must comply with antitrust laws. Refer to the Federal Trade Commission and U.S. Department of Justice’s “Antitrust Guidelines for Collaborations Among Competitors.”<o:p></o:p></span></span></div>
</div>
<div id="edn6">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_ednref6" name="_edn6" title=""><span class="MsoEndnoteReference"><span style="font-size: 9pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9pt;">[vi]</span></span><!--[endif]--></span></span></a><span style="font-size: 9pt;"> The OCC conducts examinations of services provided by significant TSPs based on authorities granted by the Bank Service Company Act, 12 USC 1867. These examinations typically are conducted in coordination with the Board of Governors of the Federal Reserve Board, Federal Deposit Insurance Corporation, and other banking agencies with similar authorities. The scope of examinations focus on the services provided and key technology and operational controls communicated in the FFIEC Information Technology Examination Handbook and other regulatory guidance.<o:p></o:p></span></span></div>
</div>
<div id="edn7">
<div class="MsoEndnoteText" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="file:///C:/Users/Jonathan%20Foxx/Desktop/Synopsis%20of%20Supplement%20to%20OCC%20Bulletin%202013-29%20(FAQ-6.7.17-Third%20Party%20Relationships).doc#_ednref7" name="_edn7" title=""><span class="MsoEndnoteReference"><span style="font-size: 9pt;"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 9pt;">[vii]</span></span><!--[endif]--></span></span></a><span style="font-size: 9pt;"> As of May 2017, SSAE 18 replaced SSAE 16 for SOC 1 engagements.</span></span><o:p></o:p></div>
</div>
</div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-69980069902509240872017-04-12T18:03:00.001-04:002017-04-12T18:03:49.870-04:00Legal Entity Identifiers and HMDA 2018: Questions and Answers<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="background-color: white; text-align: justify;"><a href="http://lenderscompliancegroup.com/2.html" style="color: #3811ff; text-decoration-line: none;">Jonathan Foxx</a></span><br style="background-color: white; text-align: justify;" /><span style="background-color: white; text-align: justify;">Managing Director</span></span><br />
<div>
<span style="background-color: white; text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></div>
<div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<span style="line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;">The
Legal Entity Identifier (“LEI”) is a unique 20-character code that identifies
distinct legal entities which engage in financial transactions. The LEI is a
global standard, designed to be non-proprietary data that is freely accessible
to all. Many financial institutions have not obtained a Legal Entity Identifier
(LEI).<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A financial institution must provide with the
following information in its HMDA submission on or after January 1, 2018:<o:p></o:p></span></div>
<div class="MsoBodyText" style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="margin: 0in 27.35pt 0.0001pt 41.05pt; text-align: left; text-indent: -41.05pt;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span>i. Its name;</span></div>
<div class="MsoBodyText" style="margin: 0in 27.35pt 0.0001pt 41.05pt; text-align: left; text-indent: -41.05pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">ii. The calendar year the data submission covers pursuant to paragraph
(a)(1)(i) of this section or calendar quarter and year the data submission
covers pursuant to paragraph (a)(1)(ii) of this section;</span></div>
<div class="MsoBodyText" style="margin: 0in 27.35pt 0.0001pt 41.05pt; text-align: left; text-indent: -41.05pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">iii. The name and contact information of a person who may be contacted
with questions about the institution's submission;</span></div>
<div class="MsoBodyText" style="margin: 0in 27.35pt 0.0001pt 41.05pt; text-align: left; text-indent: -41.05pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">iv. </span><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">Its appropriate Federal agency;</span></div>
<div class="MsoBodyText" style="margin: 0in 27.35pt 0.0001pt 41.05pt; text-align: left; text-indent: -41.05pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">v. </span><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">The total number of entries contained in the submission;</span></div>
<div class="MsoBodyText" style="margin: 0in 27.35pt 0.0001pt 41.05pt; text-align: left; text-indent: -41.05pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">vi. </span><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">Its Federal Taxpayer Identification number; and</span></div>
<div class="MsoBodyText" style="margin: 0in 27.35pt 0.0001pt 41.05pt; text-align: left; text-indent: -41.05pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -41.05pt;">vii.<span style="font-stretch: normal; font-variant-numeric: normal; font-weight: normal; line-height: normal;"> </span></span><b style="font-family: Arial, Helvetica, sans-serif; text-indent: -41.05pt;">Its Legal Entity
Identifier (LEI) as described in § 1003.4(a)(1)(i)(A)</b></div>
<div class="MsoBodyText" style="margin-right: 27.35pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoBodyText" style="margin-right: 27.35pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">[Emphasis added. See 5(a)(3)(vii)—Legal Entity
Identifier (LEI)]</span></div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<span style="line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;">For
purposes of the submission requirement, “appropriate Federal agency” means the
appropriate agency for the financial institution as determined pursuant to §
304(h)(2) of the Home Mortgage Disclosure Act [12 U.S.C. 2803(h)(2)] or a
financial institution subject to the Consumer Financial Protection Bureau's (“Bureau”)
supervisory authority under § 1025(a) of the Consumer Financial Protection Act
of 2010 [12 U.S.C. 5515(a)].<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="line-height: 107%;">If
your financial institution needs an LEI, the </span><a href="https://www.gmeiutility.org/"><span style="color: blue; line-height: 107%;">GMEI Utility</span></a><span style="line-height: 107%;"> is endorsed by the Global LEI Foundation and also has a </span><a href="https://www.gmeiutility.org/search.jsp"><span style="color: blue; line-height: 107%;">search function</span><span style="color: blue; line-height: 107%;">.</span></a><span style="line-height: 107%;"> There are some </span><a href="https://www.gmeiutility.org/frequentlyAskedQuestions.jsp"><span style="color: blue; line-height: 107%;">frequently asked questions</span></a><span style="line-height: 107%;"> on their website and we
provide below a few highlights derived from that resource.</span><span style="line-height: 107%;"><o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 41.35pt; margin-right: 5.7pt; margin-top: 7.9pt; mso-line-break-override: restrictions; mso-list: l0 level1 lfo1; punctuation-wrap: simple; text-align: justify; text-indent: -.25in;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="line-height: 107%;"><span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;">- </span></span><span style="line-height: 107%;">Who
can register the financial institution? You must currently be an employee of
the financial institution you are registering and also authorized by the
financial institution to register for an LEI. Alternatively, financial
institutions may use a third party through an assisted registration process.
The person registering the financial institution will need a user account,
which may be created </span><a href="https://www.gmeiutility.org/actions/CreateNewAccount/begin/"><span style="color: blue; line-height: 107%;">here</span></a><span style="line-height: 107%;">.<o:p></o:p></span></span></div>
</div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 41.35pt; margin-right: 27.4pt; margin-top: 7.9pt; mso-line-break-override: restrictions; mso-list: l0 level1 lfo1; punctuation-wrap: simple; text-align: justify; text-indent: -.25in;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="line-height: 107%;"><span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;">- </span></span><span style="line-height: 107%;">What
information is needed to register? The basic information listed in the <u><span style="color: blue;">ISO 17422</span></u>,<span style="color: blue;"> </span>such as the financial institution’s legal name, registered
address, headquarters address, legal form, and so forth.<o:p></o:p></span></span></div>
</div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 41.35pt; margin-right: 5.7pt; margin-top: 7.9pt; mso-line-break-override: restrictions; mso-list: l0 level1 lfo1; punctuation-wrap: simple; text-align: justify; text-indent: -.25in;">
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="line-height: 107%;"><span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;">- </span></span><span style="line-height: 107%;">What
is the cost? The GMEI Utility charges $200 for each registration request plus a
$19 surcharge. To maintain and keep the LEI registration active, the fee for
each registration is $100 plus a $19 surcharge. For more information, visit the
</span><a href="https://www.gmeiutility.org/frequentlyAskedQuestions.jsp#plus6_7"><span style="color: blue; line-height: 107%;">FAQs specific to payment</span><span style="color: black; line-height: 107%;">.</span></a><span style="line-height: 107%;"><o:p></o:p></span></span></div>
</div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 5.7pt; margin-top: 7.9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<span style="line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Once
payment is processed, the GMEI will validate the financial institution using
public sources. Once this process is complete, it takes about three business
days for an LEI to be issued in the GMEI database. Overall, the GMEI Utility’s
FAQs state that most requests are “cleared” within three to five business days.<o:p></o:p></span></span></div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<br /></div>
<div class="MsoBodyText" style="line-height: 107%; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.35pt; margin-right: 27.4pt; margin-top: .9pt; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="line-height: 107%;">It is advisable to review the </span><a href="https://www.consumerfinance.gov/policy-compliance/guidance/implementation-guidance/hmda-implementation/"><span style="color: blue; line-height: 107%;">CFPB’s HMDA implementation webpage</span></a><span style="line-height: 107%;"> for more information.</span><span style="line-height: 107%;"><o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<b><u><span style="text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Frequently Asked Questions<o:p></o:p></span></span></u></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> Why do we need an LEI?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> The Bureau has taken the position
that an LEI could improve the ability to identify a financial institution
reporting data and correlate it to its corporate configuration. In addition,
the Bureau has stated that “facilitating identification of a financial
institution's corporate family could help data users identify possible
discriminatory lending patterns and assist in identifying market activity and
risks by related companies.” By facilitating identification, this requirement
apparently is also meant to help data users identify whether financial
institutions are serving the housing needs of their communities. [§
1003.5(a)(3)]<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> Should we be getting our LEI as
soon as possible? Can we get an LEI before we have to start using it, or do we
have to use it as soon as we obtain it?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> We recommend that you obtain your
LEI by the first or second quarter of 2017. There is no reason to delay. We
don’t anticipate the price to change. However, <u>you must have an LEI for all
loans submitted for HMDA on or after January 1, 2018</u>.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> Do you anticipate the Uniform Loan
Identifier ("ULI") to be calculated by Loan Origination Systems?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> We do anticipate that many LOSs
will offer to provide this number. However, it is very possible that they may
leave this to the vendor collecting your HMDA data. Some concern has been
raised about commercial or consumer systems needing such a programming
solution. It is our understanding that the Bureau is evaluating this
requirement with respect to a compliance effective date for calculating and
verifying the ULI and ensuring it has not been previously used.</span><br />
<span style="font-family: arial, helvetica, sans-serif;"><br /></span><span style="font-family: "arial" , "helvetica" , sans-serif;"></span>
<a name='more'></a></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<b style="font-family: arial, helvetica, sans-serif;">Q:</b><span style="font-family: arial, helvetica, sans-serif;"> Where would we find the LEI and ULI
numbers you spoke of? Do we get it from the Nationwide Mortgage Licensing
System & Registry or some other website?</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> As indicated above, the LEI is
available at <a href="https://www.gmeiutility.org/"><span style="color: blue;">https://www.gmeiutility.org/</span></a> and the ULI may
be determined by you, possibly in conjunction with your loan origination
system. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The Bureau considered the Nationwide
Mortgage Licensing System & Registry identifier to be an appropriate
alternative to the LEI. In the proposal stage of the rule, there were some
concerns voiced about the cost to obtain an LEI, mostly citing the cost
associated with obtaining an LEI and the availability of alternative
identifiers. But, because the LEI system is predicated on a “cost recovery
model,” it was believed that the cost associated with obtaining an LEI could
decrease as the LEI identifier is used more widely. So, despite the cost, the
Bureau concluded that the benefit of all HMDA reporters using an LEI would
justify the associated cost.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> What about assigning an LEI to
commercial reportable loans that are not processed through our LOS?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> Some commercial or consumer loan
origination products may add this functionality. However, for financial
institutions that may on-board certain loans with document programs and Excel
spreadsheets, some HMDA collection services seem to be considering whether they
can add this ability. The Bureau has indicated it will be offering an
integration tool. This is not needed until January 1, 2018, so it appears to
not yet be a high priority for the Bureau.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> If we purchase loans, which entity
reports the ULI, the new entity or the one for the company we purchased the
loans from?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> The institution that is selling the
loan to you has the responsibility to provide the ULI for all loans sold or purchased
on or after January 1, 2018. However, that company may not have originated the
loan. There may be situations in the early part of this process where your
institution may have to assign a ULI to a loan funded prior to January 1, 2018.
However, for loans originally funded on or after January 1, 2018 you should
insist on a valid ULI from the entity selling the loan.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> We report HMDA quarterly. When we
purchase loans from other financial institutions, do we have to put in their ULI
number when doing our quarterly HMDA filing?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> You must use the ULI assigned to
the loan that the other financial institution originated. The ULI will contain
the other company’s LEI. In some cases, you may be buying loans from entities
that did not originate the loans (i.e., you may buy a loan from an entity who
bought the loan from another entity who originated it). Some loans may end up
with Action Code 6 (viz., loan purchased by the institution) multiple times
during the life cycle of a particular loan. Others may only be sold once. Portfolio
loans may not be sold at all.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> We have separate business lines
that use very different underwriting guidelines. Can a financial institution
register for an LEI for each business unit and submit a Loan Application
Register (“LAR”) for each? <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> For each LAR, you will need an LEI.
The LEI is issued to a financial institution and that financial institution
should use its LEI for the LAR submission. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> Will we need to obtain an LEI for
each of our DBAs or will it be the parent company's LEI that all DBAs under us
will use?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> You will need to provide one LEI
for each legal entity involved in the origination of loans or that is subject
to HMDA reporting (i.e., a “financial institution” as defined in the new rule).
However, your question refers to “DBAs” on the one hand and then “Parent
Company” on the other. Are the DBAs part of a single company? Are there other
subsidiaries that already have different Respondent IDs? The answers to these
questions matter. We suggest you start your analysis with any company that
today has an NMLSR ID. Then you might expand to any company that purchases
loans. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">That said, the Bureau has determined
that requiring the parent company of a financial institution to obtain an LEI
would not be appropriate. Requiring the parent company to obtain an LEI
specifically for HMDA purposes, except if the parent company is also a HMDA
reporter, and requiring the financial institution to submit its parent
company's LEI with its HMDA data submission, would be an unnecessary additional
burden because once the LEI is fully implemented, information regarding the parent
company is expected to become available. Thus, the Bureau’s position seems to
be that the benefit of requiring parent information does not justify the burden,
since information about the parent company most likely will be available
through an alternative source. Accordingly, the Bureau does not require a
financial institution to identify its parent company.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> What is the Reporter’s
Identification Number?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b> Regulation C currently requires
financial institutions to provide a Reporter's Identification Number (“HMDA RID”)
in their transmittal sheet and LAR. The HMDA RID consists of an entity
identifier specified by the financial institution's appropriate Federal agency
combined with a code that designates the agency. Each Federal agency chooses
the entity identifier that its supervised financial institutions would use in
reporting their HMDA data. Currently, the Research Statistics Supervision and
Discount (RSSD) number is used by institutions supervised by the Federal
Reserve Board (FRB) and depository institutions supervised by the Bureau; the
Federal Tax Identification number is used by non-depository institutions
supervised by agencies other than the FRB; the charter number is used by
depository institutions supervised by the National Credit Union Administration
(NCUA) and the Office of the Comptroller of the Currency (OCC); and, the
certificate number is used by depository institutions supervised by the FDIC.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><b>Q:</b> Where can I find more information
about LEI and HMDA?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><b>A:</b>
The Bureau moved HMDA filing instructions to 5(a)(2) in proposed Appendix A and
incorporated it into § 1003.5(a)(3) because of the removal of Appendix A from
the Final Rule. Pursuant to its authority under section HMDA 305(a), the Bureau
also added certain information related to the data submission that is currently
provided on an institution's transmittal sheet, as illustrated in Appendix A of
§ 1003.5(a)(3). There may be other relevant requirements set forth in certain
Federal Register issuances from time to time.</span></span></div>
</div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-90981059355021468882017-01-30T09:41:00.002-05:002017-01-30T10:03:35.224-05:00Production Incentives: Protecting the Consumer, plus Compliance Checklist for Production Incentives<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">Managing Director</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Production incentives have been around since the
dawn of modern capitalism. They are not going anywhere. Incentives have been
called sales incentives, sales bonuses, compensation bonuses, and take into
account any additional remuneration that tends to be transactionally based. All
such incentives can be grouped into business objectives where a transaction may
be tied to certain benchmarks, met by employees or service providers, the
achievement of which leads to an increase in wage or reward for the party
achieving the stated goal. For the sake of discussion, let’s call forms of such
economic inducement, collectively, as “incentives.”<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Typical incentives include cross-selling, where
sales or referrals of new products or services are pitched to existing
consumers; sales of products or services to new customers; sales at higher
prices where pricing discretion exists; quotas for customer calls completed;
and collections benchmarks.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Some of these incentives are very complex in the
way they are achieved and applied, whether optionally or required. The
incentive challenge is one of the usual conundrums arising when money and
capital formation meet: the opportunity for harm to the consumer. Obviously,
incentives offer a way to further enhance revenue for the seller of services
and products. Indeed, in our market economy, an incentive can reveal the
economic interest of market participants in a particular service or product,
which is extrapolated from consumers’ responses to the offerings. Like so much
in finance, incentives are not inherently good or bad, but how they are applied
makes them so!<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The Consumer Financial Protection Bureau (“Bureau”)
has decided to weigh in with guidance on production incentives. I am going to
provide my reading of the Bureau’s most recent bulletin on this topic, entitled
“Detecting and Preventing Consumer Harm from Production Incentives” (Bulletin
2016-03, November 28, 2016, hereinafter “Bulletin”). It is an interesting read,
because it endeavors not only to compile guidance that the Bureau had provided
in other contexts but also draws on the Bureau’s supervisory and enforcement
experience in which incentives contributed to substantial consumer harm.
Importantly, the Bulletin offers some actions that supervised entities should
take to mitigate risks posed by incentives.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">This White Paper article is an adjunct to an <a href="https://mortgagecomplianceforum.blogspot.com/2016/12/production-incentives-protecting.html">earlier published web article</a> (December 2016), with further elaboration herein, plus now including a "Compliance Checklist for Production Incentives," which provides some helpful guidelines to creating production incentive plans. The full <a href="http://lenderscompliancegroup.com/20.html">White Paper, Article, and Compliance Checklist</a> may be downloaded from our firm's website at <a href="http://www.lenderscompliancegroup.com/">LendersComplianceGroup.com</a>. </span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">RISKS<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The most obvious risk of incentives to the consumer
is a sales program that includes an enhanced economic motivation for employees
or service providers to pursue overly aggressive marketing, sales, servicing,
or collections tactics. These kinds of incentives are and always have been
features of sales tactics that do not meet regulatory scrutiny. Consequently,
it is the case that the Bureau has taken enforcement action against financial
institutions that have expected or required employees to open accounts or
enroll consumers in services without consent or where employees or service
providers have misled consumers into purchasing products the consumers did not
want, were unaware would harm them financially, or came with an unexpected
ongoing periodic fee.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">One or more regulatory violations may be triggered
as a result of such incentives. To name but a few of the more salient
regulatory frameworks that can be violated, impermissible incentives can cause
violations of unfair, deceptive, and/or abusive acts or practices (UDAAP)
(Dodd-Frank Act, §§ 1031 & 1036(a), codified at 12 USC §§ 5531 &
5536(a), the Electronic Fund Transfer Act (EFTA), as implemented by Regulation
E (15 USC § 1693 et seq.; 12 CFR Part 1005); the Fair Credit Reporting Act, as
implemented by Regulation V (15 USC § 1681-1681x; 12 CFR Part 1022); the Truth
in Lending Act (TILA), as implemented by Regulation Z (15 USC § 1601 et seq.;
12 CFR Part 1026); and the Fair Debt Collection Practices Act (15 USC §
1692-1692p). And to this the Bureau itself notes that violations can stir up
public enforcement, supervisory actions, private litigation, reputational harm,
and potential alienation of existing and future customers.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Although not meant to be comprehensive, here are
some impermissible incentives that surely trigger regulatory violations:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: justify;">
</div>
<ul>
<li><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">Opening Accounts</u><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">: sales goals that
encourage employees, either directly or indirectly, to open accounts or enroll
consumers in services without their knowledge or consent, which may result in
improperly incurred fees, improper collections activities, and/or negative
effects on consumer credit scores;</span></li>
<li><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">Benchmarks</u><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">: sales benchmarks that
encourage employees or service providers to market a product deceptively to
consumers who may not benefit from or even qualify for it;</span></li>
<li><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">Terms or Conditions</u><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">: paying compensation
based on the terms or conditions of transactions (such as interest rate) that
encourages employees or service providers to overcharge consumers, to place
them in less favorable products than they qualify for, or to sell them more
credit or services than they had requested or needed;</span></li>
<li><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">Tiered Compensation</u><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">: paying more
compensation for some types of transactions than for others that were or could
have been offered to meet consumer needs, which could lead employees or service
providers to steer consumers to transactions not in their interests; and </span></li>
<li><u style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">Quotas</u><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">: unrealistic quotas to sign
consumers up for financial services may incentivize employees to achieve this
result without actual consent or by means of deception.<a name='more'></a></span></li>
</ul>
<br />
<div class="MsoNormal" style="text-align: justify;">
<b><span style="font-family: "arial" , "helvetica" , sans-serif;">ACTION PLAN<o:p></o:p></span></b></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">As I have often said, the
evaluation of risk is just the first step to mitigating it. Sometimes, it is
the easiest step! When dealing with incentives, the risk to the consumer – and<i> mutatis mutandis</i> to the financial
institution – is mitigated through effective controls. Some people seem to balk
at internal controls, as if their implementation is reflective of a personal
bias. It is not. It is just the way to establish a means by which to regulate
behavior that is lawful and acceptably fair to all market participants. Too
many regulations can stifle financial opportunities; but too few regulations
can cause the market to explode. <o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">From what we have been able to
determine, both from its supervisory issuances and its enforcement actions, the
Bureau certainly wants to provide a means whereby a financial institution can
gauge its compliance with consumer financial protection laws as it relates to
incentives. This is why it has often stated - such as in issuing its
“Supervision and Examination Manual: Compliance Management Review” - the
importance of implementing a <u>Compliance Management System</u>, otherwise
known by its acronym, “CMS.”<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Indeed, because my firm believes
so strongly in ensuring that our monthly clients are fully prepared with their
CMS, we developed our annual <u>CMS Tune-up!™</u>, which is an evaluation of a
financial institution’s compliance management system. We provide an executive
report and a risk rating to these clients at no additional charge. It is a
critical responsibility of management to set up and implement a CMS, the review
of which will certainly be undertaken by both federal and state regulators.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">If our CMS Tune-up!™ shows the
presence of production incentives, we are going to rate the risk based on where
those incentives concern products or services less likely to benefit consumers,
or have a higher potential to lead to consumer harm, or reward outcomes that do
not necessarily align with consumer interests, or implicate a significant
proportion of employee compensation.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Thus, instituting a compliance
management system, a CMS, is at the core of effective compliance with the
Bureau’s expectations in its supervision and enforcement of permissible
incentives. Essentially, there are four components to the Bureau’s conception
of a viable CMS: these are (1) the oversight by the Board of Directors or management;
(2) a ratified and comprehensive compliance program, consisting of policies and
procedures, training, monitoring, and corrective action; (3) a consumer
complaint management program; and (4) an independent compliance audit.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Let’s apply the CMS framework to
a few ways and means for limiting violations arising from incentives that may
trigger violations of law.<o:p></o:p></span></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Board of directors and management oversight.<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Foster a culture of strong
customer service related to incentives. In product sales, for instance, ensure
that consumers are only offered products likely to benefit their interests.<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><o:p></o:p></span></u></span></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Policies and procedures<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Ensure that the policies and
procedures for incentives contain:</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Employee sales/collections quotas that, if a
part of an entity’s incentive program, are transparent to employees and
reasonably attainable;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Clear controls for managing the risk inherent in
each stage of the product life cycle (as applicable): marketing, sales
(including account opening), servicing, and collections;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Mechanisms to identify potential conflicts of
interest posed for supervisory personnel who are covered by incentives but also
are responsible for monitoring the quality of customer treatment and customer
satisfaction; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Fair and independent processes for investigating
reported issues of suspected improper behavior.</span></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Training<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Implement comprehensive training
that addresses:</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Expectations for incentives, including standards
of ethical behavior;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Common risky behaviors for employees and service
providers to foster greater awareness of primary risk areas;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Terms and conditions of the institution’s
products and services so that they can be effectively described to consumers;
and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Regulatory and business requirements for
obtaining and maintaining evidence of consumer consent.</span></li>
</ul>
<br />
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Monitoring<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Design overall compliance
monitoring programs that track key metrics that may indicate incentives are
leading to improper behavior by employees or service providers. Examples of
possible monitoring metri</span><span style="font-family: "arial" , "helvetica" , sans-serif;">cs include, but are not limited to:</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Overall product penetration rates by consumer
and household;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Specific penetration rates for products and
services (such as overdraft, add-on products, and online banking), as well as
penetration rates by consumer segment;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Employee turnover and employee satisfaction or
complaint rates;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Spikes and trends in sales (both completed and
failed sales) by specific individuals and by units;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Financial incentive payouts; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Account opening/product enrollment and account
closure/product cancellation statistics, including by specific individuals and
by units, taking into account the terms of the incentive programs (i.e.,
requirements that accounts be open for a period of time or funded in order for
employees to obtain credit under the program).</span></li>
</ul>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Corrective Action<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Promptly implement corrective
actions to address any incentive issues identified by monitoring reviews as
areas of weakness:</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Corrective actions should include the
termination of employees, service providers, and managers, as necessary, and
these termination statistics should be analyzed for trends and root cause(s);</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Corrective actions should include changes to the
structure of incentives, training on these programs, and return of funds to all
affected consumers as appropriate in light of failed sales or heightened levels
of customer dissatisfaction;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">All corrective actions should ensure that the
root causes of deficiencies are identified and resolved; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Findings should be escalated to management and
the board, particularly where they appear to pose significant risks to consumers.</span></li>
</ul>
<br />
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Consumer Complaint Management Program<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Collect and analyze consumer
complaints for indications that incentives are leading to violations of law or
harm to consumers in order to identify and resolve the root causes of any such
issues.</span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<u><span style="font-variant-caps: small-caps; font-variant-numeric: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Independent Compliance Audit<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Schedule audits to address
incentives and consumer outcomes across all products or services to which they
apply, ensuring audits are conducted independently of both the compliance
program and the business functions, and ensuring that all necessary corrective
actions are promptly implemented.</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Whether a financial institution
uses our CMS Tune-up!™ or has the resources to objectively evaluate the
foregoing elements of a compliance management system on its own, the CMS
approach to internal control is a necessity. There must be a careful, ongoing,
systemic, procedural, testable, traceable, and eva</span><span style="font-family: "arial" , "helvetica" , sans-serif;">luative means by which to
ensure that incentives are rigorously supervised throughout the service and
product delivery process.</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<u><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Compliance Checklist for Production Incentives<o:p></o:p></span></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody>
<tr style="height: 13.45pt; mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td style="background: #F2F2F2; border: solid windowtext 1.0pt; height: 13.45pt; mso-background-themecolor: background1; mso-background-themeshade: 242; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: red; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">CATEGORY<o:p></o:p></span></span></div>
</td>
<td style="background: #F2F2F2; border-left: none; border: solid windowtext 1.0pt; height: 13.45pt; mso-background-themecolor: background1; mso-background-themeshade: 242; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: red; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">ACTION ITEMS<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 205.6pt; mso-yfti-irow: 1;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 205.6pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">SYSTEMS<o:p></o:p></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 205.6pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">System solution is<span style="letter-spacing: -.2pt;"> </span>capable<span style="letter-spacing: -.2pt;">
</span>of<span style="letter-spacing: -.15pt;"> </span>collecting<span style="letter-spacing: -.15pt;"> </span>the<span style="letter-spacing: -.15pt;">
</span>right<span style="letter-spacing: -.2pt;"> </span>kind<span style="letter-spacing: -.2pt;"> </span>of<span style="letter-spacing: -.15pt;"> </span>information<span style="letter-spacing: -.2pt;"> </span>to<span style="letter-spacing: -.2pt;"> </span>allow<span style="letter-spacing: -.3pt;"> proper risk management</span><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Audit procedures are established to
review effectiveness and appropriateness of system solution<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">System solution allows identification
of the following (where relevant)<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">The types of products and services<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Individual<span style="letter-spacing: -.25pt;"> </span>high<span style="letter-spacing: -.3pt;"> </span>risk<span style="letter-spacing: -.1pt;"> </span>staff<span style="letter-spacing: -.3pt;">
</span>members<span style="letter-spacing: -.35pt;"> </span>(i.e.,<span style="letter-spacing: -.3pt;"> </span>sales<span style="letter-spacing: -.1pt;">
</span>pattern,<span style="letter-spacing: -.3pt;"> </span>fear<span style="letter-spacing: -.25pt;"> </span>of<span style="letter-spacing: -.2pt;"> </span>disciplinary<span style="letter-spacing: -.35pt;"> </span>action)<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Sales<span style="letter-spacing: -.2pt;"> </span>staff<span style="letter-spacing: -.15pt;"> </span>who<span style="letter-spacing: -.15pt;"> </span>are<span style="letter-spacing: -.25pt;">
</span>achieving<span style="letter-spacing: -.25pt;"> </span>high<span style="letter-spacing: -.15pt;"> </span>sales<span style="letter-spacing: -.05pt;">
</span>volumes<span style="letter-spacing: -.2pt;"> </span>and<span style="letter-spacing: -.15pt;"> </span>the<span style="letter-spacing: -.25pt;">
</span>products<span style="letter-spacing: -.2pt;"> </span>they<span style="letter-spacing: -.3pt;"> </span>are<span style="letter-spacing: -.25pt;"> </span>selling<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Patterns<span style="letter-spacing: -.2pt;"> </span>in<span style="letter-spacing: -.15pt;"> </span>individual<span style="letter-spacing: -.2pt;"> </span>sales<span style="letter-spacing: -.2pt;">
</span>activity<span style="letter-spacing: -.4pt;"> (i.e.,</span><span style="letter-spacing: -.25pt;"> </span>spikes<span style="letter-spacing: -.2pt;">
</span>before<span style="letter-spacing: -.15pt;"> </span>any<span style="letter-spacing: -.4pt;"> </span>target<span style="letter-spacing: -.25pt;">
</span>cut-off<span style="letter-spacing: -.15pt;"> </span>dates)<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Effects of product promotions and
sales<span style="letter-spacing: -1.45pt;"> </span>campaign<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Claim repudiation of rates and/or
cancellation<span style="letter-spacing: -1.45pt;"> </span>rates<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l2 level2 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">If claw-backs are permitted by law,
the levels of claw backs for individual sales<span style="letter-spacing: .55pt;"> </span>staff<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 233.5pt; mso-yfti-irow: 2;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 233.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;">monitoring</span><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; text-transform: uppercase;"><o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 233.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l6 level1 lfo3; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">In addition to routine monitoring
and checking that sales are carried out according to the firm's sales
guidelines, risk-based monitoring processes are also in place:<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l12 level1 lfo2; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Where there is an indication of
impermissible selling or higher risk of impermissible selling, additional
monitoring is put in place<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l12 level1 lfo2; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Additional scrutiny of
high-performing sales staff<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l6 level1 lfo3; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Monitoring is consistent with sales
and bonus strategy (i.e., loan products with highest sales and loan products
which attract large commissions as opposed to monitoring riskier products
only)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l6 level1 lfo3; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">During the monitoring process, more
weight is given to mistakes in the sales process than to administrative
errors<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l8 level1 lfo4; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Root causes of issues are analyzed
(i.e., cancellations)<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Where relevant, monitoring also
includes areas such as complaints handling, claims processing, mortgage
arrears and customer retention (viz., risks to consumers from incentive
schemes may also arise in these areas)<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 143.5pt; mso-yfti-irow: 3;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 143.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">conflicts of interest<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 143.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Clear strategy to manage and
mitigate conflicts risks if firm answers Yes to any of the following
questions:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l8 level1 lfo4; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Does the supervisor of sales staff
also receive incentive payments based on the volume of sales made by those
staff?<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.0in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l8 level2 lfo4; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">If so, does the supervisor of sales
staff also carry out business quality monitoring of his/her own sales staff?<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.0in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l8 level2 lfo4; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Any other conflicts risks?<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l11 level1 lfo6; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Independent quality checking of
supervision assessments<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 214.6pt; mso-yfti-irow: 4;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 214.6pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">inappropriate behavior<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 214.6pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Institution has considered the types
of inappropriate behaviors that might occur as a result of the firm's
incentive plans, taking into account the types of loan products being sold
and the methods of distribution<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Suitable training is in place, among
other things, to ensure that staff, supervisors and management understanding
the meaning and practice of "impermissible sales” and "failure to
deliver fair outcomes for consumers"
<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Organization actively assesses what
is being said to customers, for example, by using the following controls:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l11 level1 lfo6; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Mystery shopping<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l11 level1 lfo6; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Contact sample consumers after sales
(testing outcomes (i.e., correct information was given) and not simply
customer satisfaction)<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l11 level1 lfo6; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Record telephone calls<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l11 level1 lfo6; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Monitor telephone calls<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l11 level1 lfo6; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Record face-to-face sales
conversation for later review<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l19 level1 lfo7; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"> <span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Past business sampling to identify
if any systemically impermissible sales have occurred because of higher risk
features in incentive schemes<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l19 level1 lfo7; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Output of controls:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l14 level1 lfo8; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Management reviews output of
controls<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l14 level1 lfo8; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Results are placed into individual
training and competency monitoring<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l14 level1 lfo8; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Indications of non-compliance are
escalated and acted upon on a timely basis<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l0 level1 lfo9; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Emphasis on poor quality performance:
action is taken<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l7 level1 lfo10; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Staff is aware of and reminded of
consequences of compliance failures<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l7 level1 lfo10; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Individual performance assessments
based on both quantitative (financial) and qualitative (non-financial)
factors (i.e., qualitative factors include compliance with regulation,
internal procedures, market conduct standards, business retention rates, and number
of complaints upheld)<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l7 level1 lfo10; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Qualitative factors affect
remuneration of sales manager and advisers<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.0in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l7 level2 lfo10; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">staff removed from bonus scheme or
bonus significantly reduced if quality standards are not met<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.0in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l7 level2 lfo10; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Incentive payments already received
are clawed-back or off-set against future incentives (i.e., for poor outcomes
or if consumers cancel)<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l7 level1 lfo10; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Disciplinary measures<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l7 level1 lfo10; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Additional training given to staff
with persistent compliance failures<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
</td>
</tr>
<tr style="height: 103.0pt; mso-yfti-irow: 5;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 103.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">culture of compliance *<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;">* </span><span style="color: #0e0e29; font-size: 8.0pt;">Terminology developed by Jonathan Foxx, Managing Director, Lenders
Compliance Group. See article entitled “Creating a Culture of Compliance”
(National Mortgage Professional Magazine, February 2014)</span><span style="color: #0e0e29; font-size: 10.0pt;"><o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 103.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"> Management
has clear answers to the following:<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l18 level1 lfo11; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">In what way does the institution
have a culture of putting customers first?<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l18 level1 lfo11; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Are incentive plans aligned to the
goals of the organization?<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 44.5pt; mso-yfti-irow: 6;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 44.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">risk calibration<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 44.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Institution identifies, assesses,
and documents specific features of its incentive plans that might increase
the risk of impermissible selling (see below,<span style="color: red;"> RISK
ACCELERATORS</span>)<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 143.5pt; mso-yfti-irow: 7;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 143.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">incentive policy & implementation<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 143.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Management has clear understanding
of how incentive plans operate and how they meet regulatory requirements,
with outline of same approved and in a written outline<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Criteria used by institution to
assess performance of relevant staff are accessible, understandable, and in
writing<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l17 level1 lfo5; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Relevant staff are clearly informed
at the outset of:<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l1 level1 lfo12; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">the criteria used to determine their
remuneration<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l1 level1 lfo12; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> ·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">steps and timing of their
performance reviews<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 44.5pt; mso-yfti-irow: 8;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 44.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">incentive plan outlines<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 44.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l10 level1 lfo13; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Plans are not overly complex<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l10 level1 lfo13; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Institution considers all relevant
factors when designing am incentive plan:<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l16 level1 lfo14; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Role performed by relevant person<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l16 level1 lfo14; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Type of loan products offered<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l16 level1 lfo14; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Methods of distribution<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l9 level1 lfo15; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Institution uses features in its
incentives plans that reduce the risk of impermissible selling, for instance:<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l15 level1 lfo16; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Emphasis on sales quality:
qualitative criteria included in calculation of remuneration<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l15 level1 lfo16; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Claw backs<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .75in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l15 level1 lfo16; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">·<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Variable remuneration:<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l15 level2 lfo16; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">References used in calculation of
variable remuneration of staff are common across loan products sold<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l15 level2 lfo16; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Ratio between variable and fixed
income reflects desired conduct of employees to act in the best interests of
clients (i.e., bonus is limited to a lower proportion of basic salary)<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l15 level2 lfo16; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Variable remuneration is paid out in
several payments over a period, in order to take into account long-term
results<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l15 level2 lfo16; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Capped or decreasing incentives
(i.e., bonuses are capped or reduced when sales volume approaches a certain
level or bonus is limited to a lower proportion of basic salary)<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l15 level2 lfo16; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Policy on payment is flexible and,
where appropriate, includes possibility of not paying any variable
remuneration<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 130.0pt; mso-yfti-irow: 9;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 130.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Approvals<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 130.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l9 level1 lfo15; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Management approves incentive plans
with input from risk management and compliance functions<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 1.0in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l9 level2 lfo15; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;">o<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Drafts such approvals guidelines
into the plan design and incentive policies reviews<o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l9 level1 lfo15; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Compliance function verifies that
institution’s remuneration practices comply with federal and/or state
regulatory guidelines, including applicable employment law</span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l9 level1 lfo15; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Compliance personnel have access to
all relevant documentation</span></span></div>
</td>
</tr>
<tr style="height: 80.5pt; mso-yfti-irow: 10;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 80.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Reviews<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 80.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l4 level1 lfo17; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Frequent and effective department
and function reviews of written remuneration policies and incentive plans and
related controls</span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l4 level1 lfo17; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Internal and/or external testing and
audit to determine compliance with policies and procedures, with results of
same given to management</span></span></div>
</td>
</tr>
<tr style="height: 35.5pt; mso-yfti-irow: 11;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 35.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Reporting Lines<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 35.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo18; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Appropriate and transparent
reporting and chain of command lines to assist in timely escalation of
problems</span></span></div>
</td>
</tr>
<tr style="height: 22.0pt; mso-yfti-irow: 12;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 22.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Controls<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 22.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo18; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Controls are established to identify
and mitigate increased risks</span></span></div>
</td>
</tr>
<tr style="height: 44.5pt; mso-yfti-irow: 13;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 44.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Outsourced Entities<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 44.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo18; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Ensure that outsourced entities
apply controls and arrangements to mitigate risks that, at minimum, are at
the same level as the institution’s own risk tolerance</span></span></div>
</td>
</tr>
<tr style="height: 44.5pt; mso-yfti-irow: 14;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 44.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Governance Group<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 44.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Where appropriate, institution has a formal
governance group (reporting to the remuneration committee or senior
management) that ensures incentive plans are consistent with the firm's
remuneration policies<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 85.0pt; mso-yfti-irow: 15;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 85.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-latin; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Groups<span style="color: red;"><o:p></o:p></span></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 85.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo18; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Appropriate remuneration policies
are not circumvented at individual or group-wide level (i.e., use of
off-shore or outsourced entities)</span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto; mso-list: l5 level1 lfo18; text-indent: -.25in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"> </span><span style="font-size: 10pt; text-indent: -0.25in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 10pt; text-indent: -0.25in;">Affiliates to have the group
remuneration policy applied and the requirement of subsidiaries to take into
account local responsibilities (viz., based on risk profile and regulatory
environment)</span></span></div>
<div class="MsoListParagraphCxSpLast" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-add-space: auto;">
<br /></div>
</td>
</tr>
<tr style="height: 15.25pt; mso-yfti-irow: 16;">
<td style="background: #F2F2F2; border-top: none; border: solid windowtext 1.0pt; height: 15.25pt; mso-background-themecolor: background1; mso-background-themeshade: 242; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: red; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">risk accelerators<o:p></o:p></span></span></div>
</td>
<td style="background: #F2F2F2; border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 15.25pt; mso-background-themecolor: background1; mso-background-themeshade: 242; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: red; font-size: 10.0pt;"><span style="font-family: "arial" , "helvetica" , sans-serif;">EXAMPLES
OF SIGNIFICANT INCREASE OF IMPERMISSIABLE RISK<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 121.0pt; mso-yfti-irow: 17;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 121.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-latin; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Disproportionate rewards for <o:p></o:p></span></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-latin; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">marginal sales<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">(Target/goal
triggers an increase in earnings which is much higher than the normal rate at
which incentives accrue.)<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 121.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l3 level1 lfo19; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Retrospective accelerator: level of
incentives earned for all sales in a period, rather than just the sales above
target, increases once a target is reached<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l3 level1 lfo19; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">"First past the post"
competition bonus (i.e., first 25 sales people to reach the target earn a
"super bonus")<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l3 level1 lfo19; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Locked-in enhanced commission: once
a target is met, sales people are locked in to an enhanced commission for the
next year<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 22.0pt; mso-yfti-irow: 18;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 22.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;">Stepped payments</span><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-font-weight: bold; mso-bidi-theme-font: minor-latin; text-transform: uppercase;"><o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 22.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l13 level1 lfo20; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Higher rate of incentive applies to
sales over a target<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 76.0pt; mso-yfti-irow: 19;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 76.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;">Inappropriate incentive
bias between products</span><b><span style="color: #0e0e29; font-size: 10.0pt;"> <o:p></o:p></span></b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #0e0e29; font-size: 10.0pt;">(Even
higher risk where incentives are different for substitutable products)</span><span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 76.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l13 level1 lfo20; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Sales people are biased towards loan
products with higher commissions attached<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 40.0pt; mso-yfti-irow: 20;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 40.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="color: #0e0e29; font-size: 10.0pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Variable salaries<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 40.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l13 level1 lfo20; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Staff moves between salary bands or
tiers depending on their performance against sales targets<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 67.0pt; mso-yfti-irow: 21;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 67.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="TableParagraph" style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.15pt; margin-right: 12.0pt; margin-top: 0in; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: center; text-indent: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="color: #0e0e29; font-size: 10pt; text-transform: uppercase;">Inappropriate
requirements for determining staff eligibility for incentives</span><span style="text-transform: uppercase;"><o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 67.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l13 level1 lfo20; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Incentive payments are accrued but
not paid unless a minimum target is met for each of several types of loan
products (i.e., bonus paid only if a percentage of the sales person's clients
have purchased certain services or products, such as an insurance product)<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 31.0pt; mso-yfti-irow: 22;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 31.0pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="TableParagraph" style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.15pt; margin-right: 12.0pt; margin-top: 0in; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: center; text-indent: 0in;">
<span style="color: #0e0e29; font-size: 10pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Bonus above
thresholds<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 31.0pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l13 level1 lfo20; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Once a target is met, staff receive
bonuses on each sale above the target<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 35.5pt; mso-yfti-irow: 23;">
<td style="border-top: none; border: solid windowtext 1.0pt; height: 35.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 130.25pt;" valign="top" width="174"><div align="center" class="TableParagraph" style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 5.15pt; margin-right: 12.0pt; margin-top: 0in; mso-line-break-override: restrictions; punctuation-wrap: simple; text-align: center; text-indent: 0in;">
<span style="color: #0e0e29; font-size: 10pt; text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Campaigns
or competitions<o:p></o:p></span></span></div>
</td>
<td style="border-bottom: solid windowtext 1.0pt; border-left: none; border-right: solid windowtext 1.0pt; border-top: none; height: 35.5pt; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 337.25pt;" valign="top" width="450"><div class="MsoListParagraph" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .25in; margin-right: 0in; margin-top: 0in; mso-add-space: auto; mso-list: l13 level1 lfo20; text-indent: -.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-size: 10pt;"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><!--[endif]--><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Product-specific or volume-based
competitions designed to increase sales<o:p></o:p></span></span></div>
</td>
</tr>
<tr style="height: 35.5pt; mso-yfti-irow: 24; mso-yfti-lastrow: yes;">
<td colspan="2" style="border-top: none; border: solid windowtext 1.0pt; height: 35.5pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 467.5pt;" valign="top" width="623"><div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><u><span style="font-size: 8.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;">Compliance Checklist for Production
Incentives</span></u><span style="font-size: 8.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"> is meant to be suggestive, rather than comprehensive.
Each financial institution should evaluate its incentive plans in accordance
with federal and state guidelines, and applicable employment law, as well as ensure
these are reflective of its size, complexity, and risk profile. Information contained
herein is not intended to be and is not a source of legal advice.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-size: 8.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="font-family: "arial" , "helvetica" , sans-serif;">© 2017 Lenders Compliance Group, Inc. All Rights Reserved.</span></span><span style="font-size: 10.0pt; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><o:p></o:p></span></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-31103694824782462142017-01-12T15:11:00.000-05:002017-01-12T16:37:19.248-05:00Cybersecurity Guidelines – “First-in-the-Nation” Regulation<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">President & Managing Director</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">WHITE PAPER</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">On December 28, 2016, the New York Department of Financial Services
(DFS) announced that it had revised its proposed cybersecurity regulations in
response to public comments that they would be too burdensome, particularly on
smaller institutions. The proposed rules, which were initially announced on
September 13, 2016, and set to take effect on January 1, 2017, were billed as a
“first-in-the-nation regulation” to protect New York residents from
cyberattacks. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The “Cybersecurity Requirements for Financial Services Companies (“Regulation”)
is promulgated through Part 500 of Title 23 of the Official Compilation of
Codes, Rules and Regulations of the State of New York, and takes effect upon
publication in the State Register.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[i]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">These guidelines would require banks, insurers and other financial
services companies regulated by the DFS to set up a cybersecurity program aimed
at protecting consumer information from cyberattacks. The revised regulation
eases certain reporting and encryption requirements, and exempts small
institutions from complying with certain sections of the rule. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The Regulation, as revised, is set to take effect on March 1, 2017. There
is a transitional period, which is 180 days from the effective date of March 1<sup>st</sup>,
with implementation timeframes layered in as exceptions granted for certain
requirements, from 12 months to 18 months to 24 months. Covered entities will
be required to annually prepare and submit to the DFS a Certification of
Compliance<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[ii]</span></span><!--[endif]--></span>
with the New York State Department of Financial Services Cybersecurity
Regulations, commencing February 15, 2018. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In this article, I will provide a high-level overview of these
guidelines. This outline is not meant to be comprehensive. However, I will hit
on several salient areas of interest. Expect these requirements to become a
model for examination and enforcement in most other states. Lenders Compliance
Group has provided risk assessments for cybersecurity, information security,
and information technology based on the Federal Financial Institutions
Examination Council's (FFIEC) procedures. So, my firm has experience in
cybersecurity risk assessments. Given that familiarity, we now are providing an
overlay for the DFS cybersecurity requirements that are promulgated in the
Regulation.</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Cybersecurity Program<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Each covered entity – that is, any person operating under or required
to operate under a license, registration, charter, certificate, permit,
accreditation or similar authorization under the New York State Banking Law,
the Insurance Law or the Financial Services<span style="letter-spacing: -.45pt;">
</span>Law – must maintain a cybersecurity program designed to protect the
confidentiality, integrity and availability of the covered entity’s Information
Systems.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The Regulation defines a “cybersecurity event” as any act or attempt,
successful or unsuccessful, to gain unauthorized access to, disrupt or misuse
an information system or information stored on such information system. For
purposes of this regulation, an information system is a “discrete set of
electronic information resources organized for the collection, processing,
maintenance, use, sharing, dissemination or disposition of electronic information,”
as well as any specialized system such as industrial and process controls
systems, telephone switching and private branch exchange systems, and
environmental control systems.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A risk assessment must be conducted by the covered entity and the
cybersecurity program must be based on that risk assessment and also be designed
to perform the following core cybersecurity functions:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">identify and assess internal and external
cybersecurity risks that may threaten the security or integrity of all electronic
information that is not publicly available information, known as Nonpublic
Information (“NPI”), stored on the covered entity’s information systems;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">use defensive infrastructure and the
implementation of policies and procedures to protect the covered entity’s information
systems, and the NPI stored on those information systems, from unauthorized
access, use or other malicious acts;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">detect cybersecurity events;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">respond to identified or detected cybersecurity
events to mitigate any negative effects;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">recover from cybersecurity events and restore
normal operations and services; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">fulfill applicable regulatory reporting
obligations. </span></li>
</ol>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">With respect to covered entities that have affiliates, the requirements
of the Regulation permit adoption of a cybersecurity program maintained by an affiliate,
provided that the affiliate’s cybersecurity program covers the covered entity’s
information systems and NPI and meets the requirements of the Regulation. An
affiliate is any Person that controls, is controlled by or is under common
control with another Person. For purposes of the Regulation, control means the
possession, direct or indirect, of the power to direct or cause the direction
of the management and policies of a Person, whether through the ownership of
stock of such Person or otherwise.</span><br />
<a name='more'></a><span style="font-family: "arial" , "helvetica" , sans-serif;"><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Cybersecurity Policy<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Bear in mind that all documentation and information relevant to the
covered entity’s cybersecurity program must be made available to the DFS upon
request. Preparation for the DFS’s examination is necessary to meet these
extensive guidelines.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Each covered entity must implement and maintain a written policy or
policies, approved by a senior officer<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[iii]</span></span><!--[endif]--></span>
or the covered entity’s board of directors (or an appropriate committee
thereof) or equivalent governing body, setting forth the covered entity’s
policies and procedures for the protection of its information systems and NPI
stored on those information systems. Just as in the case of the cybersecurity
program itself, the cybersecurity policy must be based on the covered entity’s
risk assessment and it should address the following areas to the extent
applicable to the covered entity’s operations:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">information security;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">data governance and classification;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">asset inventory and device management;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">access controls and identity management;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">business continuity and disaster recovery
planning and resources;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">systems operations and availability concerns;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">systems and network security;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">systems and network monitoring;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">systems and application development and quality assurance;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">physical security and environmental controls;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">customer data privacy;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">vendor and third party service provider
management;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">risk assessment; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">incident response. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Chief Information Security Officer<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">An important component of the Regulation is the requirement to
designate a qualified individual who will be responsible for overseeing and
implementing the covered entity’s cybersecurity program and enforcing its
cybersecurity policy. This designation is given the appellation “Chief
Information Security Officer” or “CISO”. The CISO may be employed by the
covered entity, one of its affiliates or a third party service provider. Essentially,
third party service providers (i) are not an affiliate of the covered entity,
(ii) provide services to the covered entity, and (iii) maintain, process or
otherwise are permitted access to NPI through the provision of services to the
covered entity.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">To the extent this requirement is met using a third party service
provider or an affiliate, the covered entity must:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">retain responsibility for compliance with the
Regulation;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">designate a senior member of the covered entity’s
personnel responsible for direction and oversight of the third party service provider;
and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">require the third party service provider to
maintain a cybersecurity program that protects the covered entity in accordance
with the requirements of the Regulation. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The reporting requirement in the Regulation is somewhat extensive. The
CISO of each covered entity must report in writing at least annually to the covered
entity’s board of directors or equivalent governing body. If no such board of
directors or equivalent governing body exists, such report must be timely
presented to a senior officer of the covered entity responsible for its
cybersecurity program. The CISO is required to report on the covered entity’s
cybersecurity program and material cybersecurity risks. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The report by the CISO should consider to the extent applicable:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the confidentiality of NPI and the integrity and
security of the covered entity’s information systems;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the covered entity’s cybersecurity policies and
procedures;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">material cyber risks to the covered entity;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">overall effectiveness of the covered entity’s
cybersecurity program; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">material cybersecurity events involving the
covered entity during the time period addressed by the report. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Penetration Testing and Vulnerability Assessments<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">There is a penetration testing requirement. For those who do not know
what penetration testing is, in brief, it is a test methodology in which
assessors attempt to circumvent or defeat the security features of an
information system by attempting unauthorized penetration of databases or controls
from outside or inside the covered entity’s information systems.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The cybersecurity program must include monitoring and testing,
developed in accordance with the risk assessment, designed to assess the
effectiveness of the covered entity’s cybersecurity program. The monitoring and
testing must include continuous monitoring or periodic penetration testing and
vulnerability assessments, and must be done periodically. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The Regulation specifically notes that “absent effective continuous monitoring,
or other systems to detect, on an ongoing basis, changes in information systems
that may create or indicate vulnerabilities,” covered entities must conduct:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">annual penetration testing of information systems
determined each given year based on relevant identified risks in accordance
with the risk assessment; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">bi-annual vulnerability assessments, including
any systematic scans or reviews of information systems reasonably designed to
identify publicly known cybersecurity vulnerabilities in the information systems
based on the risk assessment. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Risk Assessment<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Lenders Compliance Group is often asked what constitutes a risk
assessment for the purposes of cybersecurity. The Regulation provides clear
guidance in this regards. Each covered entity is required to conduct a periodic
risk assessment of its information systems “sufficient to inform the design of
the cybersecurity program.” The risk assessment is expected to be updated as
reasonably necessary to address changes to the covered entity’s information
systems, NPI or business operations. Furthermore, the risk assessment must
allow for “revision of controls to respond to technological developments and
evolving threats” and must consider the particular risks of the covered entity’s
business operations related to cybersecurity, NPI collected or stored,
information systems utilized and the availability and effectiveness of controls
to protect NPI and information systems.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The components of the risk assessment are based on the written policies
and procedures. Such policies and procedures must include:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">criteria for the evaluation and categorization
of identified cybersecurity risks or threats facing the covered entity;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">criteria for the assessment of the
confidentiality, integrity, security and availability of the information systems
and NPI, including the adequacy of existing controls in the context of
identified risks; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">requirements describing how identified risks
will be mitigated or accepted based on the risk assessment and how the cybersecurity
program will address those risks. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">To the extent a covered entity has identified areas, systems or
processes that require material improvement, updating or redesign, it must document
the identification and the remedial efforts planned and underway to address
such areas, systems or processes. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Third Party Service Provider Policy<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">I noted above that a third party service provider may be used to
implement the Regulation. To expand on the requirements regarding these
entities, the Regulation sets forth certain guidelines relating to them. Each
covered entity must implement written policies and procedures designed to
ensure the security of information systems and NPI that are accessible to, or
held by, a third party service provider. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Such policies and procedures must be based on the risk assessment and
should address to the extent applicable:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the identification and risk assessment of third
party service provider(s);</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">minimum cybersecurity practices required to be
met by such third party service providers in order for them to do business with
the covered entity;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">due diligence processes used to evaluate the
adequacy of cybersecurity practices of such third party service providers; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">periodic assessment of such third party service
providers based on the risk they present and the continued adequacy of their
cybersecurity practices. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Moreover, such policies and procedures must include relevant guidelines
for due diligence and/or contractual protections relating to third party
service providers, including, to the extent applicable, guidelines addressing:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the third party service provider’s policies and
procedures for access controls including its use of multi-factor authentication<span class="MsoEndnoteReference" style="text-indent: -0.25in;"><span class="MsoEndnoteReference"><span style="line-height: 107%;">[iv]</span></span></span><span style="text-indent: -0.25in;">
to limit access to sensitive systems and NPI;</span></span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the third party service provider’s policies and
procedures for use of encryption to protect NPI in transit and at rest;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">notice to be provided to the covered entity in
the event of a cybersecurity event directly impacting the covered entity’s information
systems or NPI being held by the third party service provider; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">representations and warranties addressing the third
party service provider’s cybersecurity policies and procedures that relate to
the security of the information systems or NPI. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Cybersecurity Event<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Each covered entity must notify the DFS as promptly as possible but in
no event later than 72 hours from a determination that a cybersecurity event as
follows has occurred:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Cybersecurity events of which notice is required
to be provided to any government body, self- regulatory agency or any other
supervisory body; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Cybersecurity events that have a reasonable
likelihood of materially harming any material part of the normal operation(s)
of the covered entity. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Exemptions<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">There are a few limited exemptions from certain parts of the
Regulation, where a covered entity has:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">fewer than 10 employees including any
independent contractors, or</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">less than $5,000,000 in gross annual revenue in
each of the last three fiscal years, or</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">less than $10,000,000 in year-end total assets,
calculated in accordance with generally accepted accounting principles,
including assets of all affiliates. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Obviously, in evaluating the exemption requirements, each covered
entity should carefully review the Regulation to determine its applicability.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Another exemption is for an employee, agent, representative or designee
of a covered entity, who is itself a covered entity. This individual does not
need to develop its own cybersecurity program to the extent that the employee,
agent, representative or designee is covered by the cybersecurity program of
the covered entity.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">There is an exemption from many parts of the Regulation for a covered
entity that does not directly or indirectly operate, maintain, utilize or
control any information systems, and that does not, and is not required to,
directly or indirectly control, own, access, generate, receive or possess NPI.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">If a covered entity does qualify for an exemption, it must file a
Notice of Exemption with the DFS.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[v]</span></span><!--[endif]--></span>
<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In the event that a covered entity, as of its most recent fiscal year
end, ceases to qualify for an exemption, it has 180 days from such fiscal year
end to comply with all applicable requirements.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<u><span style="font-family: "arial" , "helvetica" , sans-serif;">Incident Response<o:p></o:p></span></u></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Finally, a word about incident response. As part of its cybersecurity
program, each covered entity must establish a written incident response plan
designed to promptly respond to, and recover from, any cybersecurity event
materially affecting the confidentiality, integrity or availability of the
covered entity’s information systems or the continuing functionality of any
aspect of its business or operations.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Such incident response plan should address the following areas:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
</div>
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the internal processes for responding to a
cybersecurity event;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the goals of the incident response plan;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the definition of clear roles, responsibilities
and levels of decision-making authority;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">external and internal communications and
information sharing;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">identification of requirements for the
remediation of any identified weaknesses in information systems and associated
controls;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">documentation and reporting regarding cybersecurity
events and related incident response activities; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">the evaluation and revision as necessary of the
incident response plan following a cybersecurity event. </span></li>
</ol>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><u>Conclusion </u></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In this article I have only grazed the surface of the cybersecurity requirements set forth in the Regulations. Areas additionally to be considered in structuring a comprehensive implementation would include, among other things, training and monitoring, encryption of NPI, limitations on data retention, cybersecurity personnel and intelligence, application security, and adequately maintaining an audit trail. Given the complexity of cybersecurity implementation, in building out the processes, procedures, policies, forms, and technology of cybersecurity in general, and the Regulation in particular, it is highly advisable to retain a competent compliance professional who knows the full range of applicable legal and regulatory compliance requirements as well as interfacing that individual with a fully credentialed expert in IT, information security and cybersecurity.</span><span style="font-family: "arial" , "helvetica" , sans-serif;"> </span></div>
<div>
<!--[if !supportEndnotes]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><br clear="all" />
</span><br />
<hr align="left" size="1" width="33%" />
<!--[endif]-->
<br />
<div id="edn1">
<div class="MsoEndnoteText" style="text-align: left;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[i]</span></span><!--[endif]--></span>
Cybersecurity Requirements for Financial Services Companies, New York State
Department of Financial Services, Proposed 23, NYCRR 500, pursuant to the
authority granted by sections 102, 201, 202, 301, 302 and 408 of the Financial
Services Law, promulgates Part 500 of Title 23 of the Official Compilation of
Codes, Rules and Regulations of the State of New York, to take effect upon
publication in the State Register.<o:p></o:p></span></div>
</div>
<div id="edn2">
<div class="MsoEndnoteText" style="text-align: left;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[ii]</span></span><!--[endif]--></span>
A model of the Certificate of Compliance is given in Appendix A of the
Regulation.<o:p></o:p></span></div>
</div>
<div id="edn3">
<div class="MsoEndnoteText" style="text-align: left;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[iii]</span></span><!--[endif]--></span>
A senior officer(s) is the senior individual or individuals (acting
collectively or as a committee) responsible for the management, operations,
security, information systems, compliance and/or risk of a covered entity,
including a branch or agency of a foreign banking organization subject to the
Regulation.<o:p></o:p></span></div>
</div>
<div id="edn4">
<div class="MsoEndnoteText" style="text-align: left;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[iv]</span></span><!--[endif]--></span>
Multi-factor authentication means authentication through verification of at
least two of the following types of authentication factors: (1) knowledge factors, such as a
password; or (2) possession factors, such as a token or text message on a
mobile phone; or (3) inherence
factors, such as a biometric characteristic.<o:p></o:p></span></div>
</div>
<div id="edn5">
<div class="MsoEndnoteText" style="text-align: left;">
<span style="font-family: "arial" , "helvetica" , sans-serif; font-size: xx-small;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[v]</span></span><!--[endif]--></span>
A model of the Notice of Exemption is given in Appendix B of the Regulation.</span><o:p></o:p></div>
</div>
</div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-22529367609939744192016-10-28T09:27:00.000-04:002016-10-28T10:20:06.410-04:00CFPB's Compliance Bulletin and Policy Guidance 2016-02 - Service Providers: Questions and Answers<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Managing Director</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Lenders Compliance Group</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">On Wednesday, October 26, 2016, the CFPB issued updated guidance on service providers, based on its previous issuance of April 13, 2012, titled <u>CFPB Bulletin 2012-03, Subject: Service Providers</u> (“Bulletin”), that had been published in the Federal Register. The Bulletin is a statement of policy that articulates considerations relevant to the Bureau’s exercise of its supervisory and enforcement authority. This new issuance is published in the Federal Register and is titled <u>Compliance Bulletin and Policy Guidance 2016-02, Service Providers</u> (“Guidance”).</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Click <a href="http://vendorscompliancegroup.com/9.html"><span style="color: blue; mso-ascii-font-family: Calibri; mso-hansi-font-family: Calibri;">HERE</span></a> for a copy of the Guidance and the Bulletin.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Essentially, this updated guidance provides additional clarifications regarding how supervised entities are to manage their risk management program for service providers. It is meant to clarify that “the depth and formality of the risk management program for service providers” may vary depending upon the service being performed (i.e., the service provider’s size, scope, complexity, importance and potential for consumer harm) and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Much of the guidance is a reiteration of the Bulletin, with a reminder that “while due diligence does not provide a shield against liability for actions by the service provider, it could help reduce the risk that the service provider will commit violations for which the supervised bank or nonbank may be liable.” This reiterating of the Bulletin seems to have been made necessary because, although other CFPB Bulletins were published in the Federal Register, it appears that the Bureau did not previously publish Bulletin 2012-03 when it was issued.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">I have said all along how important it is to work with an outsource due diligence company, if a financial institution is not going to adequately equip and staff an in-house evaluation function, which means ensuring the presence of competent risk management professionals and the required research tools. This is why we established <a href="http://vendorscompliancegroup.com/"><span style="color: blue; mso-ascii-font-family: Calibri; mso-hansi-font-family: Calibri;">VendorsCompliance Group</span></a> as the an outsource evaluator that would be far more than a compilation service. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "arial" , "helvetica" , sans-serif;">These compilation services that hold themselves out as evaluators for vendor management purposes are just putting together and providing a compilation rating. That is simply insufficient, viewed from the standpoint of effective due diligence. <a href="http://vendorscompliancegroup.com/"><span style="color: blue; mso-ascii-font-family: Calibri; mso-hansi-font-family: Calibri;">Vendors Compliance Group</span></a> does not merely compile information and documentation, which is only a first step, but also it actually evaluates and risk rates service providers by means of hands-on reviews conducted by risk management professionals using state of the art research methodologies. The evaluator actually is often personally in contact with the bank or nonbank to ensure that there is a strong and steady flow of transaction information. </span></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "arial" , "helvetica" , sans-serif;">When <a href="http://vendorscompliancegroup.com/"><span style="color: blue; mso-ascii-font-family: Calibri; mso-hansi-font-family: Calibri;">Vendors Compliance Group</span></a> risk rates a service provider, the supervised bank or nonbank can be sure that it is a rigorously derived, vendor compliance risk rating, provided by a due diligence methodology which stands up to regulatory scrutiny.<o:p></o:p></span></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Let’s review some basics, as set forth in the Guidance. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">I am going to frame this outline in the form of Questions and Answers for the sake of ensuring a broad understanding of the Bureau’s expectations with respect to service provider evaluations. I will use the Guidance as the source document.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: Why is a service provider evaluation necessary?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: The Bureau expects supervised banks and nonbanks to oversee their business relationships with service providers in a manner that ensures compliance with Federal consumer financial law, which is designed to protect the interests of consumers and avoid consumer harm. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: What is the governing statute for the definition of a Federal consumer financial law?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: Section 1002(14) of the Dodd- Frank Act (12 U.S.C. 5481(14)).<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: What institutions are expected to evaluate their service providers?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: Supervised banks and nonbanks, as follows:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Large insured depository institutions, large insured credit unions, and their affiliates (12 U.S.C. 5515); and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Certain non-depository consumer financial services companies (12 U.S.C. 5514). </span></li>
</ul>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: What service providers are expected to be evaluated?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: The following supervised entities are to be evaluated:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
</div>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Service providers to supervised banks and nonbanks (12 U.S.C. 5515, 5514); and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Service providers to a substantial number of small insured depository institutions or small insured credit unions (12 U.S.C. 5516).</span></li>
</ul>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: Specifically, how is the term “service provider” defined by the Bureau?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: “Service provider” is generally defined in Section 1002(26) of the Dodd-Frank Act as ‘‘any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service.’’ (12 U.S.C. 5481(26)) A service provider may or may not be affiliated with the person to which it provides services.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<br />
<a name='more'></a><span style="font-family: "arial" , "helvetica" , sans-serif;"><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify;">Q: Can supervised banks or nonbanks be absolved of responsibility for complying with Federal consumer law to avoid consumer harm by entering into a business relationship with a service provider? </span><br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: The mere fact that a supervised bank or nonbank enters into a business relationship with a service provider in order to comply with Federal consumer financial law does not absolve the supervised bank or nonbank of responsibility for complying with Federal consumer financial law. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: What types of concerns should be considered in evaluating service providers?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: A service provider may be unfamiliar with the legal requirements applicable to the products or services being offered, or it may not make efforts to implement those requirements carefully and effectively, or it may exhibit weak internal controls.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: How can a service provider cause harm to a consumer or a supervised institution?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: It can harm consumers and create potential liabilities for both the service provider and the entity with which it has a business relationship. Indeed, depending on the circumstances, legal responsibility may lie with the supervised bank or nonbank as well as with the supervised service provider. The Bureau has stated: “while due diligence does not provide a shield against liability for actions by the service provider, it could help reduce the risk that the service provider will commit violations for which the supervised bank or nonbank may be liable.”<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: To what extent is vendor compliance and service provider vetting relevant to examinations?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: Firstly, Title X authorizes the Bureau to examine and obtain reports from supervised banks and nonbanks for compliance with Federal consumer financial law and for other related purposes and also to exercise its enforcement authority when violations of the law are identified. Secondly, Title X also grants the CFPB supervisory and enforcement authority over supervised service providers, which includes the authority to examine the operations of service providers on site. So, the Bureau will exercise the full extent of its supervision authority over supervised service providers, including its authority to examine for compliance with Title X’s prohibition on unfair, deceptive, or abusive acts or practices. Certainly, the Bureau should be expected to exercise its enforcement authority against supervised service providers as appropriate.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: What must supervised banks and nonbanks do to ensure compliance with the Guidance?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: The Bureau expects supervised banks and nonbanks to have an effective process for managing the risks of service provider relationships. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: Are there criteria to be considered when establishing a vendor compliance or service provider evaluation method?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: The depth and formality of the entity’s risk management program for service providers may vary depending upon the service being performed – the service provider’s size, scope, complexity, importance and potential for consumer harm – and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Q: What steps can be taken by supervised banks and nonbanks to ensure that their business arrangements with service providers do not present unwarranted risks to consumers?<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A: Although not meant to be comprehensive, the following five steps should be taken in business arrangements with service providers in order to avoid unwarranted risks to consumers:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0in;">
</div>
<ol>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Conducting thorough due diligence to verify that the service provider understands and is capable of complying with Federal consumer financial law;</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Requesting and reviewing the service provider’s policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities;</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Including in the contract with the service provider clear expectations about compliance, as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices;</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Establishing internal controls and on-going monitoring to determine whether the service provider is complying with Federal consumer financial law; and</span></li>
<li style="text-align: justify;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Taking prompt action to address fully any problems identified through the monitoring process, including terminating the relationship where appropriate.</span></li>
</ol>
<div style="text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="line-height: 17.12px;">For more information pertaining to the responsibilities of supervised banks or nonbanks having business arrangements with service providers, please review the Bureau’s </span><span style="line-height: 17.12px;"><a href="http://files.consumerfinance.gov/f/201210_cfpb_supervision-and-examination-manual-v2.pdf"><span style="color: blue; mso-ascii-font-family: Calibri; mso-hansi-font-family: Calibri;">Supervision and Examination Manual</span></a></span><span style="line-height: 17.12px;">, at page 34, “Compliance Management Review,” and at page 174, “Unfair, Deceptive, and Abusive Acts or Practices.”</span></span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-23686423370856719342016-10-11T12:14:00.001-04:002016-10-11T12:14:48.056-04:00Cybersecurity - A Model Approach<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a><o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Managing Director</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Lenders Compliance Group</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">As some of you know, Lenders
Compliance Group is the first risk management firm in the country to provide
both a risk assessment <u>and</u> a disaster recovery plan for banks and
nonbanks. The goal is to make the due diligence approach both affordable and consequential.
Importantly, the resulting findings must meet regulatory scrutiny, since
liability remains with the financial institution with respect to implementing
Internet Technology, Information Security, and Cybersecurity requirements. The
review process is conducted by Kevin Origoni, our Director/IT-IS-Cybersecurity,
who is a Six Sigma awardee for his knowledge and experience. Our interest in
this area has only grown more attentive as federal and state regulators have
become very active in implementing disaster recovery and cybersecurity
guidelines.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Our attentiveness has been borne out
by the recently proposed regulation involving cybersecurity issued by the New
York State Department of Financial Services (DFS). The regulation would impose
significant cybersecurity standards on entities it supervises. The proposal is
subject to a 45-day public comment period, which will end on November 14, 2016.
Importantly, some of these standards exceed current state and federal
requirements. It is valuable, therefore, to take a brief look at these prospective
standards.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">INSTITUTIONS<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">The proposed regulation would apply to
entities operating or required to operate under a license, registration or
other authorization under the New York Banking Law, Insurance Law or Financial
Services Law. These covered entities include:<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">New York state
chartered banks,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">New York licensed
branches and agencies of foreign banks,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">insurance
companies,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">money
transmitters,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">licensed lenders,</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">mortgage brokers,
and</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">mortgage bankers,
lenders and servicers.</span></li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Certain small entities would be exempt
from some, but not all, of the requirements of the proposed regulation.</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">If adopted, the proposed regulation
would require covered entities to adopt a written cybersecurity program and
implement various safeguards to protect nonpublic information, as broadly
defined in the proposal. Covered entities would have to annually certify to the
DFS their compliance with the proposed regulation.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">NATIONAL
STANDARDS<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">We believe that the DFS proposal will
set a nationwide standard for cybersecurity and should be carefully considered
as a model for disaster recovery, IT, IS, and cybersecurity requirements.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">As it is currently drafted, the
proposed regulation is prescriptive, inasmuch as it goes beyond the
requirements imposed by the federal banking regulators on the depository
institutions they supervise. For instance, guidance provided by the Federal
Financial Institutions Examination Council (FFIEC) in its September 2016
Examination Handbook suggests that financial institutions should implement the
type and level of encryption that is commensurate with the sensitivity of
information being protected. However, FFIEC does not mandate that all nonpublic
information be encrypted while in transit and at rest, or resident, as the DFS
has proposed. But the DFS proposal also appears to require multi-factor
authentication in a much broader range of circumstances than the guidance
provided by federal regulators to depository institutions, which is mostly focused
on online banking. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Similarly, the federal banking
regulators require financial institutions to provide notice of information
security breaches involving unauthorized access to or use of sensitive customer
information; however, the DFS would mandate such notification within 72 hours
of any cybersecurity event, a timeframe which the federal banking regulators do
not require.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">SPECIFIC
STANDARDS<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">The DFS sets forth standards for
policies and procedures. Each covered entity’s cybersecurity program would need
to be designed to ensure the confidentiality, integrity and availability of the
covered entity’s information systems and to perform the following functions:</span></div>
<a name='more'></a><br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Identify internal
and external threats;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Employ defensive
infrastructure and implementation of policies and procedures to protect the
covered entity’s information systems and its confidential information from
unauthorized access, use or other malicious acts;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Detect
cybersecurity events, which the proposal defines as any act or attempt (whether
or not successful) to gain unauthorized access to, disrupt or misuse an
information system or any information stored on such a system;</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Mitigate negative
effects of cybersecurity events, recover from such events and restore normal
operations; and</span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Fulfill any
regulatory reporting requirements.</span> </li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">POLICIES
AND PROCEDURES<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Covered entities would also need to
implement and maintain a detailed, specific, written cybersecurity policy that
sets forth procedures to protect information systems and nonpublic information.
The policy would need to address certain minimum requirements described in the
proposed regulation and would need to be approved by a senior officer and
reviewed by the entity’s board of directors at least annually.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">CHIEF
INFORMATION SECURITY OFFICER (CISO)<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">One of the essential features of the
cybersecurity standards is the requirement that each covered entity must
designate a qualified individual as the covered entity’s Chief Information
Security Officer (CISO). This terminology has been around for a while, but is
now being directly addressed in regulatory standards. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">The CISO would be responsible for
implementing the cybersecurity program and ensuring compliance. A third-party
service provider may be retained to fulfill the CISO’s responsibilities, but
the covered entity would ultimately remain responsible for compliance with the
regulation and would need to designate a senior officer as being responsible
for overseeing the third party. In other words, a financial institution cannot
outsource the ultimate responsibility for seeing that the standards are
implemented. In any event, the covered entity would need to require the third
party to maintain its own cybersecurity program that meets the requirements of
the proposed regulation. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">At least twice a year, the CISO would
need to report to the board of directors on the covered entity’s cybersecurity
program. Among other matters, the report would need to (1) address the
confidentiality, integrity and availability of the covered entity’s information
systems, (2) identify exceptions to cybersecurity policies and procedures, (3) identify
cyber-risks, (4) assess the effectiveness of the cybersecurity program, (5) propose
any necessary remedial measures, and (6) summarize any cybersecurity events
during the period covered by the report.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">OVERALL
STANDARDS<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">In addition to the foregoing attribute
of a plan, personnel, and cybersecurity standards, the proposed regulation
would also require the implementation of certain additional measures,
including:</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
</div>
<ul>
<li><span style="font-family: Arial, Helvetica, sans-serif;"><u style="text-indent: -0.25in;">Limiting access
privileges</u><span style="text-indent: -0.25in;"> to information
systems that provide access to nonpublic information solely to those
individuals who require such access to perform their responsibilities;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Creating and
implementing an <u style="text-indent: -0.25in;">audit trail system</u><span style="text-indent: -0.25in;"> to track and log all privileged
authorized user access to critical systems;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Performing <u style="text-indent: -0.25in;">penetration
testing</u><span style="text-indent: -0.25in;"> at least annually and vulnerability assessments at least quarterly;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Implementing <u style="text-indent: -0.25in;">written
procedures</u><span style="text-indent: -0.25in;">, guidelines and standards designed to ensure secure development
practices for in-house developed applications as well as assessing and testing
externally developed applications;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Conducting a <u style="text-indent: -0.25in;">cybersecurity
risk assessment</u><span style="text-indent: -0.25in;"> at least annually;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;"><u style="text-indent: -0.25in;">Employing personnel</u><span style="text-indent: -0.25in;"> to manage the covered entity’s cybersecurity
risks and perform the functions required by the proposed regulation, and
providing regular </span><u style="text-indent: -0.25in;">training</u><span style="text-indent: -0.25in;"> sessions for such personnel;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Requiring <u style="text-indent: -0.25in;">multi-factor
authentication</u><span style="text-indent: -0.25in;"> for any individual accessing the covered entity’s internal
systems or data from an external network or for any privileged access to
database servers that allow access to nonpublic information;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Requiring <u style="text-indent: -0.25in;">risk-based
authentication</u><span style="text-indent: -0.25in;"> to access web applications that capture, display or
interface with nonpublic information;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;"><u style="text-indent: -0.25in;">Destroying
nonpublic information</u><span style="text-indent: -0.25in;"> that is no
longer necessary for the provision of the products or services for which such
information was provided (except where such information is required to be
retained by law or regulation);</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Requiring all
personnel to attend regular<u style="text-indent: -0.25in;"> cybersecurity awareness training</u><span style="text-indent: -0.25in;">;</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;">Establishing a <u style="text-indent: -0.25in;">cybersecurity
incident response plan</u><span style="text-indent: -0.25in;"> that meets certain minimum requirements; and,</span></span></li>
<li><span style="font-family: Arial, Helvetica, sans-serif;"><u style="text-indent: -0.25in;">Notifying the DFS
of any cybersecurity event</u><span style="text-indent: -0.25in;"> that may affect
the normal operation of the covered entity or that affects nonpublic
inform</span></span><span style="font-family: Arial, Helvetica, sans-serif; text-indent: -0.25in;">ation as promptly as possible but in no event later than 72 hours
following the event.</span> </li>
</ul>
<br />
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">ENCRYPTION<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">The proposed regulation would also
require covered entities to encrypt all nonpublic information held or
transmitted by the covered entity, both in transit and resident. However, if
such encryption is not currently feasible, the proposal would allow covered
entities up to one year to comply with the encryption requirement so long as
they implement compensating controls in the meantime.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">INFORMATION
SECURITY<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">Covered entities would also be
required to implement policies and procedures designed to ensure the security
of information systems and nonpublic information accessible to or held by third
parties doing business with the covered entity. By extension, this means that
certain requirements of the proposed rule would apply to service providers to
New York banks and other covered entities. <o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">In particular, a covered entity’s
third-party information security policy would need to address, to the extent
applicable, the use of multi-factor authentication to limit access to sensitive
systems and nonpublic information, the use of encryption to protect nonpublic
information in transit and resident, prompt notice of cybersecurity events
affecting the service provider, the ability of the covered entity to conduct
cybersecurity audits and other matters.<o:p></o:p></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<b><span style="font-family: Arial, Helvetica, sans-serif;">ACTION
PLAN<o:p></o:p></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">The proposed regulation will impact bank
and nonbank IT, IS, and cybersecurity standards quite significantly. Many
federal regulators already are moving their standards in the direction that the
DFS has promulgated. In using the DFS guidelines as a model, it is important
now to undertake a due diligence review of current implementation guidelines. </span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: Arial, Helvetica, sans-serif;">If you want assistance in this regards, <a href="http://lenderscompliancegroup.com/12.html">please contact us</a>.</span></div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.comtag:blogger.com,1999:blog-9171653185859233636.post-35282363831472398742016-06-15T13:02:00.001-04:002016-06-15T13:03:33.765-04:00Advertising Compliance: Getting Ready for the Banking Examination - Part Two - Risk Assessments<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><a href="http://lenderscompliancegroup.com/2.html">Jonathan Foxx</a></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">President & Managing Director</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"></span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;">Lenders Compliance Group</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">In Part One of this two-part series, I noted that “the
regulator will determine whether advertisements and promotional materials
provide timely, clear, and understandable information about the existence of
costs, payment terms, penalties, or other terms and charges, the reasons for
their imposition, and the salesperson’s compensation from cross-sales.”<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[i]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Just as an examiner will review the advertising
materials using various metrics and means, so also should the mortgage loan
originator use three tools to ensure compliance with advertising rules. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The tools are:</span><br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Advertising Manual, with a host of supporting
forms;</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Record Retention, containing all advertisements
and reviews thereof; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Forms and Checklists, constituting all loan
products and origination methods.</span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In this article, we are going to explore these
three tools. While the considerations do not encompass all the requirements and
conditions relating to each tool, I hope to provide a general understanding of
how these should be designed and, most importantly, how they must be interfaced
with one another.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Advertising
Manual<o:p></o:p></span></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">At the outset, let me clarify the importance of
distinguishing advertising policy and procedure from an advertising manual.
While the former often does not contain the latter, the latter most certainly
contains the former. That is to say, a policy and procedure may or may not be
actively given to employees; however, a manual is always given to them. The
advertising policy may set forth rules and philosophy, but the manual is the
actual implementation guidelines that an employee consults to find decisive
standards.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Many companies have an advertising policy and
procedure document, sometimes relying on it to serve the purpose of an
advertising manual. However, employees – such as loan officers – need to know
not only policies and procedures but also the whole gamut of potential
conditions that affect their advertising campaigns. Only an advertising manual
satisfies this overall need.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Every employee that receives the advertising manual
must sign an attestation of receipt. This document has several purposes. It
confirms that the employee has been put on notice about the company’s
advertising rules and guidelines; it may be used as proof that the document is
expected to be complied with or, if not, the employee will be disciplined; it
demonstrates to an examiner that the company proactively provides such
guidance; and, finally, it affirms the company’s commitment to on-going
monitoring of advertising compliance. A signed attestation should be a
requirement of employment.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">There are three fundamental purposes of the
advertising manual:</span><br />
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">The
employee must sign for receiving it. The reason for such receipt is to ensure
that the employee has proven receipt and will be held responsible for meeting
the requirements therein.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">The
company must set forth its advertising standards. This means not just training
on the manual or learning the company’s advertising rules. It means also empowering
the employee to seek immediate guidance at all times, irrespective of
availability to compliance personnel.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Interaction
between employees and compliance department. As part of the process toward
approval by the compliance department, the manual provides forms that serve as
a firm record of advertising that is duly and properly authorized by the
company.</span></li>
</ol>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">At a minimum, the advertising manual should provide
rules and guidance in regulatory risks and advertising restrictions. However, a
comprehensive document contains far more than statements of policy. It begins
with concise definitions of advertisements and promotional materials.
Furthermore, the manual should set forth the applicable regulations that frame
advertising compliance. Most importantly, there must be a written set of
approval procedures, which contain corresponding forms and checklists. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Certain sections must be included, such as the
following:</span><br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Electronic Media</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Telemarketing</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Do Not Call</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Do Not Fax</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Do Not Email</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Prescreening</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Firm Offers of Credit</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Published Rates</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Rate Sheets</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Third Party Advertisements</span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">If the company offers special programs, such as
loan products designed for senior citizens, these must be outlined and given
some depth as to the target audience and restrictions.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">An important inclusion in the advertising manual is
a set of reference terms, which ought to be in a separate section of its own. Examples
should be given for “triggering terms,” the advertised words or phrases that
“trigger” the need for additional disclosures.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Record
Retention<o:p></o:p></span></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Whereas the subject of record retention often comes
last in an outline of regulatory compliance policies, it actually holds second
place with respect to advertising compliance, after the advertising manual and
before the forms and checklists. This priority is due to the critical need to
retain all advertisements. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A company must keep copies of printed
advertisements, as well as the text of advertisements that are conveyed by
electronic or broadcast media, for a two (2) year period from the date issued
by the advertiser. Let me be as clear as possible here: retain copies of printed
advertisements (including transcripts of non-print media) and marketing
materials used, including all materially different advertising, marketing and
promotional media regarding any mortgage credit product.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">As a policy position, the company should impose a
uniform two (2) year record retention rule to be enforced through the latter of
the two year retention period or through at least one regulatory examination. As
a practical matter, retain advertisements in perpetuity, if possible. Furthermore,
I suggest the company maintain any advertisements that apply to evidence of
required actions.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Checklists
and forms<o:p></o:p></span></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">There are many checklist categories that are used
in advertising compliance. I am going to provide a brief outline of three of
them for you. These are the General, FHA, and Online checklists. I have outlined
below a checklist for each category, with an expanded checklist for online,
given that online is a large source of marketing and loan origination
activities. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The list is deliberately brief and by no means
comprehensive, so view them with the proviso that you must develop a checklist
that is specific to your company’s loan products and risk profile. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">You may not know the implications of some of these
checklist items; however, please assume that the very fact that these items are
on the lists indicates they impute important inferences associated with
advertising compliance.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">GENERAL CHECKLIST – ADVERTISING COMPLIANCE (Partial Sample)</span><br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Does the advertising include the HUD logo or
legend?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Does the advertising include the Fair Housing
logotype?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Does the advertising have any tendency or
capacity to deceive?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Is the advertising accurate?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">If the advertising describes a benefit, does it
also describe any conditions that must be satisfied to obtain the benefit?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Does the advertising include any
Truth-in-Lending Act triggering terms? (Note: if you do not have a list of
these trigger terms, please consult a compliance professional. The list is
extensive, long, and requires careful review.)</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Does the “®” or “SM” symbol appear with any
service mark?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">If a service mark appears, does the following
language appear: “[Mark] is a service mark of [name of owner of the mark]?”</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">If the advertisement is for a home equity credit
line, does it comply with the Truth-in-Lending Act’s special home equity credit
line requirements?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Does the advertising include any references to
tax deductibility?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Does the advertising make any “guarantees?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Are any applicable state-specific rules
satisfied?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">Have all statements of fact been substantiated?</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-align: justify; text-indent: -0.25in;">For telemarketing activities, have the
telemarketing requirements been satisfied?</span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">FHA CHECKLIST – ADVERTISING COMPLIANCE (Partial
Sample)</span><br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Advertising patterns or practices that a
reasonable person would believe indicate prohibited-basis customers are less
desirable.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Advertising only in media serving non-minority
areas of the market.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Marketing through brokers or other agents that
the lender knows (or has reason to know) would serve only one racial or ethnic
group in the market (unless part of an effort to attract minorities not
otherwise being reached).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Use of marketing programs or procedures for
residential loan products that exclude one or more regions or geographies
within the lender’s assessment or marketing area that have significantly higher
percentages of minority group residents than does the remainder of the
assessment or marketing area.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Using mailing or other distribution lists or
other marketing techniques for pre-screened or other offerings of residential
loan products that:</span></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Explicitly exclude groups of prospective
borrowers on a prohibited basis.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Exclude geographies (i.e., census tracts and zip
codes) within the institution’s marketing area that have significantly higher
percentages of minority group residents than the remainder of the marketing
area.</span></li>
</ul>
</blockquote>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Proportion of monitored prohibited-basis
applicants is significantly lower than that group’s representation in the total
population of the market area.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Consumer complaints alleging discrimination in
advertising or marketing loans. </span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">ONLINE CHECKLIST – ADVERTISING COMPLIANCE (Partial
Sample)</span><br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">A lender that advertises online credit products
subject to the Fair Housing Act must display the equal housing lender logotype
and legend or other permissible disclosure of its nondiscrimination policy if
required by the rules of its regulator.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">In some cases, regulations contain special rules
for multiple-page advertisements. For online advertisements that may be deemed
to contain more than a single page; thus, lenders should comply with the
applicable sections of Regulation Z,</span><span class="MsoEndnoteReference" style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;"><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[ii]</span></span></span><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">
which describe the requirements for multiple-page advertisements). (Note: It is
not yet clear what would constitute a single “page” in the context of the
Internet or online text.)</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Internet or other systems in which a credit
application can be made online may be considered “places of business” under
HUD’s rules prescribing lobby notices.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Ensure that online products are offered and
evaluated on a non-discriminatory basis and that no illegal discouragement
exists.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Place any required disclosure as close as
possible to the advertising claim.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">View disclosures on the same platform as the
advertisement and be sure to include any disclosures necessary to prevent the
advertisement from being misleading.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Incorporate disclosures into advertisements
whenever possible. If including sufficient disclosure is not possible because
of space constraints, consider putting he disclosures clearly and conspicuously
on a page to which the advertisement links (if allowed by applicable law).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: 7pt; font-stretch: normal; text-indent: -0.25in;"> </span><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">When using hyperlinks:</span></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Make the link obvious.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Appropriately label the link to convey its
importance, nature and relevance.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Use hyperlinks consistently, so customers know
when they are available.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Place the link as close as possible to the
relevant information.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Take customers directly to the disclosure on the
click-through page.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Assess the effectiveness of the link by
monitoring click-through rates and other information about customer use; make
changes as appropriate.</span></li>
</ul>
</blockquote>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Use the “reasonable person rule” and assume that
each page of the website is not going to be read by the viewer nor every word -
nor visit every web page.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Design advertisements so scrolling is not
necessary to find a disclosure. When scrolling is necessary, use text or visual
cues to encourage scrolling.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Research about where consumers may look on the
screen for information.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Recognize and respond to technical limitations
or unique characteristics of a communication method when making disclosures.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Display disclosures before customers make a
decision to buy.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Repeat disclosures as needed on lengthy websites
and for repeated advertising claims.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Be on the lookout for multiple routes through the
website and be sure disclosures are repeated as necessary.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Prominently display disclosures; be aware of
color, size and graphics.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Review the entire advertisement (as a whole) to
address the effectiveness of disclosures in light of other elements (viz., text,
graphics, hyperlinks, and sound).</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">If using audio disclosures with audio claims,
present them in a volume and cadence consumers can hear and understand.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Use plain language and syntax.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">If a disclosure cannot be made clearly and
conspicuously so as to prevent an advertisement from being deceptive, do not
use the advertisement.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">To determine whether a particular disclosure is
clear and conspicuous, consider:</span></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Its placement in the ad and its proximity to the
claim it qualifies.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Its prominence.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Whether seeing the disclosure is unavoidable.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Whether other items in the advertisement might
distract attention from the disclosure.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Whether the disclosure should be repeated
several times to be effectively communicated, or because consumers may enter
the site at different locations or travel on paths that might cause them to
miss it.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Whether audio messages have adequate volume and
cadence.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Whether the language of the disclosure is
understandable to the intended audience.</span> </li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Monitor and ana</span><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">lyze data for indications that
disclosures were or were not comprehended, and make necessary adjustments.</span><span style="font-family: "arial" , "helvetica" , sans-serif;"> </span></li>
</ul>
</blockquote>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Pay close attention to technological limitations. (For example, a disclosure that requires Adobe Flash Player will not be displayed on certain mobile devices.)</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Deactivate pop-up disclosures that can be
blocked. Using ‘unblockable’ pop-ups may be problematic.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">For audio claims, use audio disclosures. For
written claims, use written disclosures.</span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Other advertising checklists that should be
included are, as applicable:</span><br />
<br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Closed End Credit</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Open End Credit</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Reverse Mortgages</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Home Equity Lines of Credit</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Fair Lending</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">UDAAP</span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In addition, consider providing a set of Reference
Guide or Quick Reference Guide with the following sections:<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="margin-bottom: 0.0001pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">·<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->Close End Credit – Triggering Terms<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->General Phrases: Do Not Trigger Full Disclosure<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: 0.0001pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">·<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->Closed End Credit Triggering Terms<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->General Phrases: Do Trigger Full Disclosure<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin-bottom: 0.0001pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">·<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->HELOC – Triggering Terms<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 1in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->General Phrases That DO Trigger Full Disclosure<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpLast" style="margin-bottom: 0.0001pt; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">·<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->Advertising Descriptions and Phrases (i.e., Terms
of Offer)<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A form should be provided in the advertising manual
in order to ensure that a request has been made to the compliance department
for approval of the advertisement. Such a form may be called “Advertising
Request Approval Form,” or some other title, but the purpose of the form is to
provide the following information and documentation:</span><br />
<br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Name of requester and date of request</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Summary of the advertisement</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Media</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Date(s) of publication</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Specimen of advertisement</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Audience</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Approval or Denial (viz., with management
signature and date)</span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The form and all revisions to the advertisement
prior to and at publication are kept together for future use as well as to
maintain supporting proof of the review process.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Triggering
Terms<o:p></o:p></span></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Certain advertising terms, known as “triggering terms,”
cause the need for additional disclosure. The presence of these terms in an
advertisement can lead to TILA violations, among other things. There are
triggering terms associated with different loan products, such as home equity
credit lines, closed end credit, HELOCs, and many other loan products.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">For instance, a few terms for closed end credit that
trigger the need for additional disclosure are: <o:p></o:p></span></div>
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“Up to 48 months to pay”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“90% financing”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“As low as $50 a month”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“36 equal payments”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]--> $500
total cost of credit”<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Of course, there are triggering terms that do not
trigger additional disclosure.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Some examples of terms for closed end credit that
do not trigger the need for additional disclosure are:<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpFirst" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“Defer your first monthly installment until
July”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“Pay monthly”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“Regular monthly payments”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“5% Annual Percentage Rate Loans”<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpLast" style="margin: 0in 0in 0.0001pt 0.75in; text-align: justify; text-indent: -0.25in;">
<!--[if !supportLists]--><span style="font-family: "arial" , "helvetica" , sans-serif;">o<span style="font-size: 7pt; font-stretch: normal;">
</span><!--[endif]-->“Qualify at 1.00% below prime.”<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Virtually all aspects of advertising must be
evaluated in an advertisement. Depending on the advertisement or campaign’s
loan product, advertising compliance should consider such categories as the
term of the offer or promotion, the limitations on use or scope of the offer,
general limitations and restrictions on the offer, limitations on geographical
scope, limitations as to choice of loan products or availability, limitations
of liability, qualifications or prerequisites to availability, and many more
factors.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="text-transform: uppercase;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Fair
Lending<o:p></o:p></span></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Advertisements are a minefield of potential fair
lending violations. There are some rudimentary indicators of potential
Disparate Treatment in marketing of residential loan products. Disparate
treatment occurs when a company treats a credit applicant differently based on
one of several prohibited bases, such as race or color, national origin,
religion, and several other bases. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Importantly, an allegation of a fair lending
violation does not require any showing that the treatment was motivated by
prejudice or a conscious intention to discriminate against a person beyond the
difference in treatment itself.<span class="MsoEndnoteReference"> <!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[iii]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">When a company applies a racially or otherwise
neutral policy or practice equally to all credit applicants, but the policy or
practice disproportionately excludes or burdens certain persons on a prohibited
basis, the policy or practice is described as having a Disparate Impact. The fact
that a policy or practice creates a disparity on a prohibited basis is not
alone proof of a violation. According to the interagency examination procedures
set forth by Federal Financial Institutions Examination Council (FFIEC), “when
an examiner finds that a lender’s policy or practice has a disparate impact,
the next step is to seek to determine whether the policy or practice is
justified by ‘business necessity.’ The justification must be manifest and may
not be hypothetical or speculative.”<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[iv]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Factors that may be relevant to the justification
could include cost and profitability. Even if a policy or practice that has a
disparate impact on a prohibited basis can be justified by business necessity,
it still may be found to be in violation if an alternative policy or practice
could serve the same purpose with less discriminatory effect. But, as stated
above in the case of disparate treatment, so also evidence of discriminatory
intent is not necessary to establish that a lender's adoption or implementation
of a policy or practice that has a disparate impact is in violation of the Fair
Housing Act or Equal Credit Opportunity Act.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In evaluating whether there is a potential for a
fair lending violation in an advertisement, FFIEC has also offered several
factors to consider, amongst which are:<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[v]</span></span></span></span><br />
<br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Advertising patterns or practices that a
reasonable person would believe indicate prohibited basis customers are less
desirable.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Advertising only in media serving non-minority
areas of the market.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Marketing through brokers or other agents that
the institution knows (or has reason to know) would serve only one racial or
ethnic group in the market.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Use of marketing programs or procedures for
residential loan products that exclude one or more regions or geographies within
the institutions assessment or marketing area that have significantly higher
percentages of minority group residents than does the remainder of the
assessment or marketing area.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Using mailing or other distribution lists or
other marketing techniques for pre-screened or other offerings of residential
loan products that:</span></li>
</ul>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Explicitly exclude groups of prospective
borrowers on a prohibited basis; or</span></li>
</ul>
</blockquote>
<blockquote class="tr_bq">
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Exclude geographies (i.e., census tracts, ZIP
codes, etc.) within the institution's marketing area that have significantly
higher percentages of minority group residents than does the remainder of the
marketing area.</span></li>
</ul>
</blockquote>
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Proportion of prohibited basis applicants is
significantly lower than that group's representation in the total population of
the market area.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Consumer complaints alleging discrimination in
advertising or marketing loans.</span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">With respect to media usage, the follow steps
should be undertaken:<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[vi]</span></span></span></span><br />
<br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Determine in which newspapers and broadcast
media the institution advertises.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Identify any racial or national origin identity
associated with those media.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Determine whether those media focus on
geographical communities of a particular racial or national origin character.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Learn the institution's strategies for
geographic and demographic distribution of advertisements.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Obtain and review copies of the institution's
printed advertising and promotional materials.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Determine what criteria the institution
communicates to media about what is an attractive customer or an attractive
area to cultivate business.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">Determine whether advertising and marketing are
the same to racial and national origin minority areas as compared to
non-minority areas.</span></li>
</ul>
</div>
<div align="center" class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">UDAAP<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">A marketing campaign, whether consisting of one or
numerous advertisements and promotional opportunities, must be scrutinized for potential
UDAAP (Unfair, Deceptive, or Abusive Acts or Practices) and fair lending
violations. Nearly any kind of “puffery” can cause a UDAAP violation, the
classic example being over-promising and under-delivering! Another classic is
up-selling or down-selling to less attractive products or products unsuitable
for the audience of prospective applicants. <o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">An act or practice is deceptive if there is a
representation, omission of information, or practice that is likely to mislead
consumers who are acting reasonably under the circumstances, and the
representation, omission, or practice is one that is material, for instance,
likely to affect consumers’ decisions to purchase or use the product or service
at issue.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[vii]</span></span><!--[endif]--></span><o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">There is a two-prong rule for determining if an act
or practice is deceptive.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[viii]</span></span></span></span><br />
<br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">There is a representation, omission of
information, or practice that is likely to mislead consumers acting reasonably
under the circumstances; and</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">That representation, omission, or practice is
material to consumers.</span></li>
</ul>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Violations of UDAAP easily abound if applicable
disclosures are not clear and unambiguous, such as where material information
is omitted from the marketing campaign, information is contradicted by laws or
regulations, all fees are not disclosed or their timing not given, use of the
word “Free” is misleading, fake images and testimonials are used, so-called
“guarantees” are misleading, and, in general, insufficient information causes a
consumer to not reasonably understand the terms of the campaign.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Here is a three-part test recommended by the FTC<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[ix]</span></span><!--[endif]--></span>
as a tool to avoid UDAAP violations in advertising:</span><br />
<br />
<ol>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">The
practice must be one that causes or is likely to cause substantial injury to
consumers.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">The
injury must not be outweighed by countervailing benefits to consumers or to
competition.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif; text-indent: -0.25in;">The
injury must be one that consumers could not reasonably have avoided.</span></li>
</ol>
</div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">This three-part formula may be taken as a
rule-of-thumb method toward screening advertisements for potential UDAAP
violations. The fact is that there is a distinct prohibition or restriction on
unfair or deceptive advertising and all due efforts must be undertaken toward
the goal of preventing unfair or deceptive practices.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Keep in mind that a representation may be express
or implied. An “express claim” directly represents the fact at issue, while an
“implied claim” does so in an oblique or indirect way.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[x]</span></span><!--[endif]--></span>
Whether an implied claim is made depends on the overall net impression that
consumers take away from an advertisement, based on all of its elements (language,
pictures, graphics, and so forth).<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 11pt; line-height: 107%;">[xi]</span></span><!--[endif]--></span>
Therefore, the examiner is going to evaluate whether consumers’ impressions or
interpretations of a representation or omission are reasonable.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">In Part One of this two-part series, I mentioned
the “reasonable person” rule. I stated that one of my colleagues often refers
to the “reasonable person rule” as the “village idiot rule;” that is, if the
village idiot can be expected to understand the message, the “reasonable person
rule” test may be passed. Be forewarned, if there is a claim, challenge or
examination finding to whether a consumer is in any way misled or may be misled
by an advertisement, the onus will be on the company to prove otherwise!<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt; text-align: justify;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="line-height: 107%;"><span style="font-family: "arial" , "helvetica" , sans-serif;">Indeed, reasonableness is evaluated based on the
sophistication and understanding of consumers in the group to which the
representation is targeted, which may be a general audience or a specific group,
such as senior citizens.<span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="line-height: 107%;">[xii]</span></span><!--[endif]--></span>
But a claim may be susceptible to more than one reasonable interpretation, and
if one such interpretation is misleading, then the advertisement is deceptive,
even if other, non-deceptive interpretations are possible.</span><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-family: "arial" , "helvetica" , sans-serif; line-height: 107%;">[xiii]</span></span><!--[endif]--></span></span>
</span><br />
<div>
<!--[if !supportEndnotes]--><span style="font-family: "arial" , "helvetica" , sans-serif;"><br clear="all" />
</span><br />
<hr align="left" size="1" width="33%" />
<!--[endif]-->
<br />
<div id="edn1">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[i]</span></span><!--[endif]--></span> “Advertising
Compliance: Getting Ready for the Banking Examination,” by Jonathan Foxx,
National Mortgage Professional Magazine, May 2016, Volume 8, Issue 5, p 94<o:p></o:p></span></div>
</div>
<div id="edn2">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[ii]</span></span><!--[endif]--></span> For
instance, § 1026.16(c), § 1026.24(d)<o:p></o:p></span></div>
</div>
<div id="edn3">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[iii]</span></span><!--[endif]--></span> <i>Interagency Fair Lending Examination
Procedures</i>, August 2009, p iii, Office of the Comptroller of the Currency
Federal Deposit Insurance Corporation, Federal Reserve Board Office of Thrift
Supervision, National Credit Union Administration<o:p></o:p></span></div>
</div>
<div id="edn4">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[iv]</span></span><!--[endif]--></span> Idem.
p iv<o:p></o:p></span></div>
</div>
<div id="edn5">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[v]</span></span><!--[endif]--></span>
Idem. p 11<o:p></o:p></span></div>
</div>
<div id="edn6">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[vi]</span></span><!--[endif]--></span>
Idem. P 39<o:p></o:p></span></div>
</div>
<div id="edn7">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[vii]</span></span><!--[endif]--></span> Section
5 of the FTC Act broadly proscribes unfair or deceptive acts or practices in or
affecting commerce.<o:p></o:p></span></div>
</div>
<div id="edn8">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[viii]</span></span><!--[endif]--></span>
<i>Deception Policy Statement</i>, at
176–77, Federal Trade Commission Policy Statement on Deception, appended to In
re Cliffdale Assocs., Inc., 103 F.T.C. 110, 174–84 (1984) (Deception Policy
Statement). See also FTC v. Tashman, 318 F.3d 1273, 1277 (11th Cir. 2003); FTC
v. Gill, 265 F.3d 944, 950 (9th Cir. 2001); FTC v. QT, Inc., 448 F. Supp. 2d
908, 957 (N.D. Ill. 2006), aff’d, 512 F.3d 858 (7th Cir. 2008); FTC v. Think
Achievement Corp., 144 F. Supp. 2d 993, 1009 (N.D. Ind. 2000); FTC v. Minuteman
Press, 53 F. Supp. 2d 248, 258 (E.D.N.Y. 1998)<o:p></o:p></span></div>
</div>
<div id="edn9">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[ix]</span></span><!--[endif]--></span> Section
5(n) of the FTC Act sets forth a three-part test to determine whether an act or
practice is unfair.<o:p></o:p></span></div>
</div>
<div id="edn10">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[x]</span></span><!--[endif]--></span> FTC
v. QT, Inc., 448 F. Supp. 2d at 957<o:p></o:p></span></div>
</div>
<div id="edn11">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[xi]</span></span><!--[endif]--></span>
See FTC v. Cyberspace.com, LLC, 453 F.3d 1196, 1200 (9th Cir. 2006) (‘‘A
solicitation may be likely to mislead by virtue of the net impression it
creates even though the solicitation also contains truthful disclosures.’’);
FTC v. Gill, 265 F.3d at 956 (affirming deception finding based on ‘‘overall
‘net impression’’’ of statements); Removatron Int’l Corp. v. FTC, 884 F.2d
1489, 1497 (1st Cir. 1989)<o:p></o:p></span></div>
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;">(advertisement was deceptive despite written
qualification); Thompson Med. Co. v. FTC, 791 F.2d 189, 197 (DC Cir. 1986)
(literally true statements may nonetheless be deceptive); FTC v. QT, Inc., 448
F. Supp. 2d at 958.<o:p></o:p></span></div>
</div>
<div id="edn12">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[xii]</span></span><!--[endif]--></span>
Op. cit. 4, pp 177-179<o:p></o:p></span></div>
</div>
<div id="edn13">
<div class="MsoEndnoteText">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span class="MsoEndnoteReference"><!--[if !supportFootnotes]--><span class="MsoEndnoteReference"><span style="font-size: 10pt; line-height: 107%;">[xiii]</span></span><!--[endif]--></span>
Idem p 178</span><o:p></o:p></div>
</div>
</div>
Jonathan Foxxhttp://www.blogger.com/profile/11176318536334393246noreply@blogger.com