As chief compliance officer, Jeffrey McFadden has never been one to take chances. But with up to 50,000 loan contracts streaming through his Irvine, CA-based New Century Financial Corp. every month, he found himself relying on a mostly reactive system geared to catch compliance mistakes after the fact. And that was a big problem. "You don't want to discover you have those issues for the first time when someone from the Department of Justice comes knocking at your door," he says.
So McFadden called up the gurus at Boston-based PCi Corp. to collaborate on designing a proactive compliance system that could monitor thousands of loans automatically in real-time. The idea was to flag transactions that might fall out of compliance with any one of the local, state and federal lending rules-and then fix them before the loan closed. McFadden, who has been beta testing the system for a few months, says it has made a world of difference. "Now we can compare each loan as it passes through our system," he says. "You can correct the problem before it becomes a statistic."
That's more important than ever these days. Under recent rules related to the Home Mortgage Disclosure Act, lenders must now collect and make public data about a loan applicant's race, sex and income, as well as details about how the lender determines rate spreads for different applicants. Because the data is public information, it can create significant legal risks for institutions. Mistakes, policy conflicts or innocent omissions-when viewed in the context of how loans are priced for different groups of customers-can create lending patterns that appear discriminatory. "It can be incendiary if put in the wrong context," says Steve Ornstein, a partner at Washington, D.C.-based law firm Thacher Proffitt & Wood. Todd Cooper, PCi's chief product manager, notes that "a class-action lawyer could look at the data and conclude that you're pricing for black applicants differently than for white applicants. That can cause a problem. No institution is saying, 'I want to discriminate.' The question is what kind of controls are in place. With real-time monitoring, it's no longer after the fact. Now it's preventable."
Of course, that doesn't make real-time compliance automation a panacea. In fact, McFadden is still beta testing his system because he has yet to determine how to set triggers that would kick out certain transactions for review. Set the threshold too low, and the institution increases the risk that a faulty loan will slip through. But set the threshold too high, and the number of loans tagged for review could clog up the workflow. "You'd have to have a battalion of people sitting there looking at files," he says. "From a compliance standpoint, that's great. But from a production standpoint, that's kind of scary."
Striking that balance has become a key goal for banks and nonbank lenders as they struggle to keep up with all the rules and regulations surrounding the lending business. HMDA rules are only a small piece of the overall puzzle. Financial institutions also must cope with anti-predatory lending rules and a patchwork of state and local lending disclosure regulations that could vary branch to branch. "What makes it really complicated are all of these new state laws," explains Ornstein. "There has just been a parade of them."
For national banks and lenders with business spread out across the U.S., such complexity can be daunting. "With all of the regulatory requirements increasing, it's just forcing companies to reevaluate compliance," says Steve Schlarman, chief security strategist at McLean, VA-based Brabeion Software. "Now they're taking their policy and turning it into something much more interactive and flexible."
At the same time, lenders are finding that such systems can improve workflows by only triggering intervention when necessary, letting the sales cycle flow unhindered. "It certainly can help things move more efficiently," says Bruce Roland, a principal at PricewaterhouseCoopers. "We've come to expect quick decisions." Indeed, while compliance is usually seen as a cost center, "at the same time, you're driving elements of business performance," says Chris Preston, vp of product marketing at Costa Mesa, CA-based FileNet. "It allows you to streamline and automate the business processes. This way, compliance is part of the process. It's baked in. You're not treating compliance as an extraneous activity." For example, a loan applicant might want to switch from a 30-year fixed to a variable-rate adjustable loan in the middle of the process, which could trigger new fair-lending disclosure requirements. "For that state, what rules apply?" he says. "[Loan officers] are under enormous pressure. They'll deal with the information at their fingertips. And that's where you can get into an issue."
Not only does such integration help loan officers stay abreast of compliance duties, but it can squeeze latency out of the system so that bottlenecks don't occur and loans close faster. FileNet claims that one anonymous client used business-process automation to reduce loan underwriting from seven days to under eight hours despite a 470-percent increase in loan volume during the refinance boom, cutting the cost of loan transactions from $250 to $60 per transaction. According to Preston, such results require more than compliance-centric automation. "It's not just presenting pretty dashboards," he says. "It's about doing much more than that in real time."
But as the rules get more complicated, so does the software and compliance-detection algorithms. "The individual transaction by itself may not be suspicious," says Ido Ophir, vp of product management for New York City-based vendor Actimize. "But when you put the transaction in context with other transactions, a pattern will emerge. That's where the challenge lies." Another challenge stems from disparate legacy systems, an artifact of the banking industry's historical tendency to silo IT processes, as well as the mergers and acquisitions of recent years.
Ophir says disparate systems have prompted some banks to view lending rule compliance as separate from its other compliance duties-such as those under the Patriot Act, Sarbanes-Oxley and various other laws. "The banking industry is addressing this with a siloed approach," he says. "The siloed approach is just a stop gap. They need a more comprehensive approach. The more advanced banks are looking at this as an enterprise solution."
That can mean merging the real-time automation of lending compliance rules with other compliance areas, such as fraud and anti-money laundering. "It's the ability to grab all of these channel source points and mitigate the risk," says Michael Weathers, vp of governance and risk at Jacksonville, FL-based Fidelity National Information Services. In the lending context, Weathers says someone who qualifies for $50,000 loan could simultaneously apply at several different banks. Without real-time automation, the individual could potentially walk away with several loans before the banks realized what was happening. "I might receive up to half a million if I go to the different banks, and they approve it that week," he says, suggesting that banks deploy an "integrated business model" that incorporates all aspects of compliance into one system.
With identity thieves looking to take out loans and lines of credit in other people's names, detecting fraud or criminality during the loan process has become more important than ever. "Is this person on the lists of terrorists we need to keep track of?" says Elliot Zember, vp of industry solutions at Palo Alto, CA-based FoxT, which focuses on Sarbanes-Oxley compliance. "Is this someone who has been involved in criminal activities?" Zember says larger banks often take a more siloed view than small- and mid-sized banks, which "are buying suite products. They're more into cross-silo monitoring." One advantage to that approach is the ability to ensure that multiple departments don't duplicate tasks or step on each other's toes. "It's not just rules," says Zember. "It's roles."
Of course, lenders big and small are all approaching real-time compliance automation in different ways. Brenda Stoker, avp at Canandaigua National Bank, uses lending software firm IA Systems' StreamLend to automate several aspects of the loan underwriting process, including compliance with rules on loan-denial notifications. "From a compliance standpoint, we don't have boxes of adverse-action letters anymore," she says. "We literally used to have boxes of copies of those letters that were sent, and you had to go back and find them."
Now Stoker can access such records-as well as track loans and access audit trails-electronically and in real-time. That goes for preliminary approvals as well, especially when vying to win financing deals for car loans. Dealers often ping several banks during the sales process. And because they want to close the deal as quickly as possible, the lenders that return results first are more likely to get the business.
As consumers increase their use of the Internet and other comparison-shopping tools, compliance automation can help the bottom line. National City Mortgage Co. uses an automated compliance system from Irvine, CA-based Mavent, bringing its preliminary approval process from 40 seconds to about 10 seconds. Once the loan is in motion, National City can detect any compliance problems, avoiding delays that could frustrate the customer.
"You're able to get it corrected before the loan closes," says Kerry Corthell, National City's vp of regulatory compliance. "To me as a compliance officer, that's the most important thing. There's nothing worse than being at a closing table and finding out there's a problem. In the old days, you wouldn't know there was an issue until the secondary market rejected it."
Mavent constantly reviews shifting compliance rules, calling upon the expertise of 12 in-house attorneys with various jurisdictional specialties, says Ken James, Mavent's vp of sales. The system than updates its compliance data every two weeks. "It's a complicated process," James says. Loan officers are restricted by parameters in the system-making it nearly impossible for them to violate certain rules and increasing the likelihood that customers are all treated fairly. Such automation can help lenders avoid mistakes before they happen. "To me, that takes out any question of predatory lending," says Canandaigua National Bank¹s Stoker. "It's taking any discrimination factor out." And while "you're always going to have loans that fall in the gray area," she says that the real-time automation greatly reduces the chance that mistakes or biases by loan officers could put a lender at risk.
Nonetheless, gray areas are more common than some bankers may realize, considering the hodgepodge of conflicting local, state and federal lending rules and ambiguities within individual regulations. "All of those are opportunities for mistakes to be made or for two people to get different treatment even though they're the same," says David Strauss, svp of worldwide marketing and business development for San Mateo, CA-based Corticon. "If you say yes to one and no to another, you've got a litigatory risk. Any time there's a missing rule, the person has to make a judgment call." But Strauss says lenders should strive to plan for as many contingencies as possible to take human judgment out of the process. "When you can bring it into automation and not have to train people, you reduce operational risk," he says.
That flexibility, along with workflow enhancement and other productivity improvements, are tempting benefits to real-time compliance automation. But institutions might be wise to remember one key fact: Any compliance system is only as good as the rules and vendor upon which it relies.
"There's obviously some diligence involved in buying the right package and integrating it correctly," says Matthew Sullivan, practice leader of the risk management and regulatory compliance practice at Kanbay International. Says Grace Currid, CCO and svp at Opteum Financial Services: "The mortgage business has become extremely complicated with regard to compliance, fair lending and predatory lending. A lack of knowledge by the software development firm will inevitably cause serious issues."
