(Published in MBA NewsLink, April 2020)
As a compliance officer, I have always recognized that change is constant, and I accept that fact sometimes grudgingly. While regulatory change generally has ample implementation or lead time, March 2020 has brought a different kind of change; one that is significant, sudden and jarring. These days you can’t just ask who moved your cheese—assuming you could find cheese in the grocery store, that is—you must quickly and effectively adapt to an entirely new normal.
With the COVID-19 pandemic and associated social distancing guidelines, many lenders began working remotely from home in March, and that adjustment has brought significant challenges. Despite an unexpected shortage of toilet paper and other products, the cat walking across the keyboard during video meetings, and family members causing distractions in the background, most of us have learned to navigate new ways of meeting and being mostly productive remotely, with the occasional virtual happy hour thrown in.
Now that we have tackled those new challenges and settled in for what could be an extended period of business as unusual, thanks to the COVID-19 pandemic, the next challenge may be keeping the concept of fair and responsible banking central throughout all aspects of the lending product lifecycle in the midst of what truly amounts to chaos for many.
Marketing and sales
An institution’s population of loan applicants is often a direct result of marketing and active sales efforts. As such, fairness in those efforts is critical. Given the anticipated economic impact of the pandemic—including is effect in creating increased demand for consumer loans and small business credit, and the desire on the part of lenders to help customers make their way through unprecedented challenges—fairness in the marketing and sales process may require additional attention from the Compliance Department.
Compliance should monitor closely for indications of steering potential applicants to certain products. While it is true that regulators are encouraging banks to work with their customers and have specifically encouraged small dollar lending, consider the potentially inadvertent risks that could result.1 While small dollar lending may be the best product for some borrowers, others may benefit from a different product such as the extension of a line of credit or a refinance. If certain demographics or geographies are targeted for products that could be deemed more expensive, or otherwise less favorable, that marketing could lead to a claim of predatory lending. Applicants should understand options for all products for which they may qualify.
Additionally, it is reasonable to expect that both existing and new customers are increasingly adopting online and mobile banking access for conducting routine banking transactions. The proliferation of digital marketing and application platforms in recent years stands to become even more prominent as consumers look for access to financial services from home. While digital marketing and application processes provide ease of access and expand market reach, they also carry unique risks.
Digital marketing, for example, generally allows an institution to target marketing content to recipients based on pre-determined criteria. This type of marketing can be quick and cost effective, but to maintain compliance, those pre-determined criteria must be fair and non-discriminatory. Specific attention should be paid to any exclusionary criteria used in the selection of recipients. Targeting criteria should not exclude potential applicants based on any prohibited basis or any factor that could be a proxy for a prohibited basis. This can particularly be a challenge when third parties are leveraged for marketing services. Be certain that the criteria used, whether generated internally or by a third-party vendor, are fully understood and vetted.
Digital application processes may be a particularly attractive option for customers at this time. While incredibly convenient, applicants using online or mobile application processes should receive the same treatment, disclosures, and information that an applicant would receive in person. Web and mobile applications may provide those disclosures and other important language in a format that differs from print, which could increase the risk for Unfair, Deceptive, or Abusive Acts and Practices (“UDAAP”). Part of a robust review mechanism should include a review of the application process and associated information and disclosures in the environment that mirrors that of the client. It also may be prudent to offer hard copy disclosures by mail for applicants upon request.
The bottom line is, now more than ever, institutions should ensure that marketing content is clear and fair; and that marketing materials are provided across all applicable market segments. Proper review mechanisms for all materials and processes should remain firmly in place, though that may be a challenge with the shift to a remote working environment.
Processing: Underwriting and pricing
Over time, many institutions have shifted to centralized loan processing, underwriting and pricing functions, and that shift has served to reduce the risk of fair lending issues that could be caused by employee discretion. With dispersed employees working remotely, combined with an increased demand for credit from customers impacted by the pandemic, institutions are likely to experience new challenges, or a resurgence of old challenges.
One overarching question to consider is this: Can your normal, operational processes be maintained in this remote, rapidly changing environment? If employees cannot easily access the intranet for current loan policy or underwriting guidelines, for example, there may be an increased risk of a remote employee utilizing an older version of a policy and/or diverging from current approved processes. It is critical that institutions make available, by any means necessary, the appropriate policies, procedures and other guidance needed for these teams to do their jobs in a fair and consistent manner. This may mean that institutions need to verify access to SharePoint sites, or other file sharing protocols, or provide information via secure emails. Quality control efforts may also need to be increased during this time to ensure that proper processes are being followed.
Normal workflow processes may be impacted, such as a second review of denials, before adverse action notices are sent to applicants. Be aware of regulatory timelines and make sure that you can maintain compliance with those timelines even in the current environment. Often times, processing and underwriting teams can be responsible for documenting exceptions as part of their daily workflow. These processes are crucial to maintaining fairness throughout the loan processing, underwriting and pricing process. Validate that underwriting and pricing exception approval and documentation requirements remain in place, and make sure that individuals with required approval authority are available.
Other operational challenges may begin to surface, as well. For example, can closings be scheduled in a reasonable timeframe? If an appraisal or another piece of the process is delayed due to a third-party provider, can an institution close before a rate lock ends? While rates are expected to remain low, it may be viewed as unfair to charge a client an increased rate or fees due to a situation beyond their control.
Remember that customers may also be facing unique challenges during this time. Many may not have the capability at home to scan and upload requested documentation to a lender. This means that some clients may not easily be able to upload income verification. Additionally, loan processing teams may struggle to obtain employment verification if there are third-party provider or employer limitations. Depending on the loan program, an institution may decide to waive certain requirements and it will be important to ensure that any waivers are being applied consistently and fairly.
Account servicing and customer service
While many customers are leveraging remote access technologies for everyday banking tasks, customer service interaction, such as call center volume, may also see an increase. Whether it is a question about online or mobile banking functionality, questions about branch access for services that may need to be completed in person, or other inquiries, there will be instances where customers need to speak directly to a customer service representative.
Compliance staff should be fully aware of any issues arising from and working with the business to monitor for potential access or level of service challenges. This is particularly crucial during the COVID-19 pandemic, as stay-at-home mandates require a higher degree of remote operation. Maintaining a full staffing schedule within your customer service operations will depend on employee availability, whether from an office location or remotely. If you maintain a process for Limited English Proficiency (“LEP”) customers, be mindful of continuity of process and whether third-party language services and multi-lingual staff will be available as needed.
In addition, a careful review of branch outages may need to be prioritized. If branch locations are closed or otherwise providing limited services, Compliance should validate that customers in neighborhoods from all income levels or minority concentrations have reasonable access to branch facilities and services as needed. It should not be more difficult for borrowers in low-income or high-minority neighborhoods to access branch services.
Fairness in the treatment of accounts should also be monitored. Availability of funds may be more crucial than ever for some borrowers. While institutions generally need to manage risk, the decisions about funds availability must be made consistently and fairly. Fee waivers should also be carefully monitored. It is understandable that institutions will possibly be more accommodating or lenient in this time as it relates to potential fees, such as overdraft fees. All applicable employees should have clear guidance on issuing fee waivers to facilitate application of temporary policies and processes in a consistent and non-discriminatory manner.
Social distancing guidelines and business closures have already led to record-breaking unemployment claims, and it is nearly impossible to judge the true impact currently. Given what many expect to be a lingering economic impact from the current pandemic, all institutions should expect an increase in loss mitigation activity.
Institutions are likely already receiving an increased number of requests for relief in the form of payment deferrals. Thorough analysis of those requests, and the actions taken in response to those requests should be a Compliance priority. Consistency, and fairness, again should be at the absolute heart of this process. This could be particularly challenging if staffing levels become inadequate. Bringing in new staff, whether external hires or transfers from other operational areas, could lead to additional risk if new employees are not fully familiar with the approved policies, processes and procedures. Increased quality control processes should be added to assist in mitigating that risk.
Legislative directives regarding forbearances and moratoriums on foreclosures and evictions have been published, and institutions need to be prepared to properly comply with any guidance issued by regulatory, federal, state, or other local government agencies.2 Compliance with any newly issued legislation can be challenging, and recent guidance may prove to be particularly difficult. Current published guidelines indicate that borrowers must be able to contact the institution with their request via text message, telephone, email or fax. Monitoring different methods of contact and complying with necessary timelines will require structured processes for each method of communication. Documentation may also present unique challenges, while calls may be recorded, emails saved, and faxed letters scanned, text message requests may be more difficult, particularly for smaller institutions.
The pace of guidance and legislation has been much more rapid than any previous guidance issued, and Compliance officers should be actively engaged in monitoring for changes and updates to ensure that those changes are communicated to all stakeholders for proper compliance in a timely manner.
The elephant in the room: Business continuity planning and disaster recovery
While each stage in the lending lifecycle has its own set of unique risks and considerations, institutions simply cannot ignore the elephant in the room – Business Continuity Planning (“BCP”) and Disaster Recovery. Institutions of all sizes and complexities are generally well versed in some manner of BCP or Disaster Recovery. Nothing, however, has prepared the nation, or it’s financial institutions for the situation we currently face.
Typical BCP and Disaster Recovery activities focus on events that are generally natural disasters which, while impactful, tend to have a somewhat known window of time and a limited geographic reach. The national and global reach of the pandemic, along with the unknown timeframe of impact, is unprecedented. As such, novel challenges can be expected.
The COVID-19 pandemic has created almost instantaneous change to the manner in which institutions operate. Any sudden change injects a tremendous amount of risk across the board. That risk needs to be considered in the context of potential impact to fairness in how the institution transacts with its customers. This change in operations is likely to, or already is, causing certain constraints.
Information Technology (“IT”) constraints may be the most widespread. IT will need to provide necessary equipment and support to many employees who will be working remotely for the first time, and likely for an extended period of time. In addition, IT will need to maintain systems and processes to facilitate the ability of lending staff to maintain operations. This may include critical security patches for remote user computers, as well as potential system updates issued by software providers. Failure in these processes could result in issues with privacy or could lead to an inability of employees to adequately and effectively comply with laws and regulations.
Staff outages could also be an increased area of risk. Given the nature of the pandemic, institutions should expect that employees may be impacted. Whether an employee falls ill or is otherwise unable to perform their job functions, perhaps due to caring for children or other family members, staffing levels may change. Compliance needs to fully understand the impact of any staffing changes on critical compliance processes. For example, how many employees have authority for exception approvals? How many employees perform a second review of denied applications? What about the level of quality control staff? If there is a single point of failure, such as a single employee responsible for a critical task, arrangements need to be made to ensure that additional employees understand approved processes and are able to step in if needed.
Throughout the lending life cycle, and this entire pandemic, remember that many people are vulnerable right now—whether they have traditionally been deemed a protected class or not. There are laws and regulations that we absolutely must follow, to be sure. As citizens of the world, however, life and circumstances are giving us the best possible motivation and incentive we could ever have to take care of our customers, and each other. I like to think that beyond regulation, we have a higher code to aspire to—fairness.