CREATORS OF THE COMPLIANCE TUNE-UP®

AARMR | ABA | ACAMS | ALTA | ARMCP | IAPP | IIA | MBA | MERS® | MISMO | NAMB

Showing posts with label Compliance Tune-up. Show all posts
Showing posts with label Compliance Tune-up. Show all posts

Monday, January 13, 2025

What to Expect from a Fannie MORA audit?

Request Article 

Request MORA Tune-up® Information 

QUESTION 

Last month, you answered a question about doing an internal audit in advance of Fannie’s MORA audit. We did not pay much attention to it because (A) we never had a MORA audit, and (B) we did not expect a MORA audit anytime soon. Then, all hell broke loose! 

Yesterday, we got a letter from Fannie Mae telling us that they will be scheduling a date for an on-site audit. They are requesting policies, procedures, and many other documents. There are due dates. This review makes a state banking exam look like child’s play. But I’m a QC manager, so I don’t have the whole picture of our risks. However, I do know one thing: we are not ready for this MORA audit. 

The CEO called a team meeting in the conference room. Our compliance manager is in charge, and everyone reports to her. I got your name at the meeting because she said we are going to use you to do a MORA Tune-up®. I just wish they would have done this sooner. 

What I need – and I think they need it too – is some idea of what we can expect from the MORA exam. I hope you don’t wait to reply. The compliance manager and others in management read your articles. They pass them around to us all the time. Please tell us what to expect about the MORA process. 

What is the audit process of a Fannie MORA audit? 

SOLUTION 

MORA Tune-up® 

RESPONSE 

If you want a copy of this article, please contact us here. 

We realize your question is urgent. Accordingly, we are prioritizing a response. You only have a few weeks to get ready for the MORA audit, the purpose of which is for Fannie Mae to evaluate your company’s compliance with Fannie guidelines as well as assess the operational risks. 

For those who don’t know, Mortgage Origination Risk Assessment (MORA) is a Fannie Mae review of a Fannie Seller/Servicer. It is intended to be a collaborative engagement led by the review team with the active participation of your organization.[i]

Getting our MORA Tune-up® engaged is one of several readiness activities you must undertake as soon as possible. Ours is the pioneer of the Compliance Tune-up, a unique review that provides a risk assessment and self-evaluation to satisfy the Second Line of Defense. I am grateful that your compliance manager chose Lenders Compliance Group. Nevertheless, to all our subscribers, please know that a few compliance and law firms offer to prepare you for the MORA review. Pick one you trust and get it done! 

There are seven phases in the MORA review process, and I will outline them for you. My outline will give you a high-level view. You should not delay! 

Here are the seven phases of a MORA review: 

Phase 1: Selecting the Organization 

Phase 2: Confirmation and Engagement 

Phase 3: Document Request and Receipt 

Phase 4: Process Evaluation 

Phase 5: Interviews 

Phase 6: Final Assessment 

Phase 7: Remediation 

I am going to provide a brief overview of each phase. However, numerous contingencies can affect the process and outcome. Take this review as a deep dive, one that will make your company stronger and its relationship with Fannie more durable. It is not too late to get started immediately. 

PHASE 1: SELECTING THE ORGANIZATION 

Fannie Mae selects organizations for a review using risk-based inclusion criteria and provides advance notice to the organization prior to scheduling the review. A member of the review team begins the process by compiling the organization’s pertinent contact information to start the review before moving to Phase 2. 

We are often asked if there is a way to predict whether and when the selection takes place. The short answer is No. The best answer is Soon. In other words, always be prepared.

PHASE 2: Confirmation and Engagement 

There are obviously two parts to this phase: the first part involves confirmation, and the second part involves scheduling. These two parts are interfaced. What happens is your point person – in your case, the compliance manager – will discuss Fannie’s BAMS team, that is, its Business Account Management Solutions team, to discuss some basics. The MORA team is independent of the BAMS team. This is a sort of Question and Answer format where the BAMS team gathers the following information:

Read more »
Labels: , , , , , , , , ,

Thursday, January 9, 2025

Policy & Procedures and Change Management

QUESTION 

We need an overhaul of our policies and procedures. Our company merged with another company, and our policies are different in many ways, from the text itself to the format. It is tough enough to have the merging of two cultures, we are now banging into one another over what policy applies and what procedures to follow. 

As the Compliance Officer and General Counsel, I am involved in harmonizing these documents, and the task is almost overwhelming. Every project impacts our policies. We have had to update our Change Management policy five times in the last six months just to adapt to the merging of documents. 

What I need is some kind of checklist that I can get stakeholders to agree to or at least accept by consensus. I consulted with experts in policy development, but it was frustrating. If they knew the regulatory requirements, they disagreed on the text, and if they knew the formatting requirements, they disagreed on the best format. They seem oblivious to the implications of Change Management. 

A member of our Board of Directors referred me to you. She believes you can help resolve these issues. So, I'm writing you for guidance. I also want to schedule a call with you to discuss your services. 

Can you help us understand how our policies and procedures are linked to our Change Management requirements? 

SOLUTIONS 

Customized Compliance Library

Policies Tune-up®

CMS Tune-up®

RESPONSE 

There are a few aspects to your circumstances. Not only do you mention the issue of merging policies and procedures resulting from a merger and the impact on projects, but you also note how many times you have had to update your Change Management requirements because of this debacle. We have handled and resolved matters such as yours many times. Your situation often happens. 

Many clients come to us for our customized compliance library. Since you are new to our services, it is worth knowing that we pioneered the effective drafting and implementation of a compliance library. So, you have come to the right place! I'm sure we can help! 

Let's start with Change Management. What is it? Essentially, it is the governing methodology that provides an infrastructure to support and sustain change throughout multiple phases in your financial institution while focusing on achieving a set of defined and desired business results. 

There is a good reason why you mention Change Management. That is because your policies and procedures are an intrinsic part of it. 

To clarify, a financial institution is under pressure from regulators, borrowers, shareholders, and investors to improve its business continuously. These pressures lead to companies initiating a wide range of company projects, including small, targeted updates, process enhancements, large, complex system implementations, and major business process re-engineering initiatives. Thus, an institution's ability to standardize its process and project management practices mitigates the risk of project failures and maximizes the value delivered to its organizational processes. 

Therefore, you have hit on the two primary purposes of Change Management: 

·       Process Management, and

·       Project Management. 

I am going to offer a way to think about Process Management and Project Management and how they link to Change Management. Merged policies and procedures will be given their due consideration. 

BUILDING A CHANGE MANAGEMENT FRAMEWORK 

Before understanding the operational framework of Change Management, its two primary purposes, and its derivative structures, such as policies and procedures, you must determine:

1. Define and describe what changes will be implemented.

2. How to coordinate the input from stakeholders.

3. What will constitute a formal change plan.

4. The resources and data that will be used and available.

5. The overall communication strategy at all operational levels.

6. A review of budget risks associated with change. 

CHANGE MANAGEMENT METHODOLOGY 

As the company's Compliance Officer, it would be your responsibility to establish controls to ensure a viable Change Management methodology is applied consistently between individuals and work groups. 

I recommend that your methodology contain the following guidelines. 

·     Determination of business ownership and governance responsibilities.

·     An impact analysis prior to the implementation of process changes.

·     Communication of new or revised processes to impacted business units or areas.

·     A process that ensures policies, procedures, and processes are updated to reflect remediated control deficiencies.

Read more »
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)