 Practical
Compliance Tips
Now that you are familiar with the revisions
to the regulation, how do you implement these changes
to ensure that accurate data is collected and reported
for 2004? Regardless of the size of the institution
that you work for or the volume of residential real
estate lending originated, your institution has probably
established procedures and systems to assist in HMDA
data collection and reporting. We recommend that your
plan of action be based on the type of data collection
system that your institution employs. Data collection
systems fall into three categories:
|
Manual |
Manual systems
are most prevalent in small institutions
and rely on bank employees to collect
data and maintain a written LAR.
Since
the data are generally required to
be submitted to the regulatory agencies
in electronic,
machine-readable format, the data
is manually entered into a data
collection
application such as the FFIEC Data
Entry Software. |
|
Automated |
Automated systems
use one or more applications, developed
in-house or by third-party vendors,
for data collection and submission.
In most cases, banks that are totally
automated use fully integrated applications,
that is, the applications work together
to accomplish all of the tasks required
to report HMDA data. This might include
separate systems for the collection
of applicant information, geocoding
and compilation of data as well as
completing validity and quality checks
against the data. |
|
Combination |
Combination systems
involve both manual and automated
characteristics and are generally
the most complex and require the most
oversight. Many times, banks will
use different systems for the various
business lines. In these organizations,
compliance personnel combine the LARs
from each business line for submission.
|
|
|
Senior management should consider the bank’s
current data collection system in terms of these five
aspects of compliance management:
- Board Oversight/Management Involvement.
What are the resource implications of the required
changes?
- Organizational Structure. Are changes
in the organizational structure of the compliance
management program warranted?
- Procedures. What are the specific
procedural changes and/or updates to automated systems
that are required to incorporate the revisions to
data reporting ?
- Internal Controls and Review Mechanisms.
What enhancements to the established internal controls
and review mechanisms are needed to ensure accurate
data?
- Training. Who needs the training?
What will the training entail, and what level of knowledge
is sufficient?
BOARD OVERSIGHT/MANAGEMENT INVOLVEMENT
Because the board of directors is ultimately responsible
for compliance, the board should periodically review
the effectiveness of the compliance management program.
What are the resource implications of the required
changes?
One of the keys to successfully implementing changes
to the bank’s data collection system will be board
and senior management commitment. They will need to
devote sufficient resources, including time and money,
to ensure that the appropriate changes are made to the
existing systems. While many of the third-party vendors
will make enhancements to the applications without additional
charge, future versions of the software may reflect
higher cost. The primary cost for implementation of
changes may be personnel costs for the additional time
needed to plan and implement changes.
ORGANIZATIONAL STRUCTURE
Banks generally assign overall compliance responsibility
to an individual or to a committee. The complexity of
bank operations will determine the duties, responsibilities,
authorities and independence of compliance personnel.
Within this structure, a reporting mechanism should
be established to ensure the board is informed of compliance
activities.
Are changes in the organizational structure of
the compliance management program warranted?
Normally, regulatory changes do not warrant changes
in the established compliance management structure because
they are typically minor. For most institutions, no
changes of responsibility will be necessary. Nevertheless,
with the new reporting requirements for rate spread
and HOEPA status, it may make sense to involve management
of business lines that routinely originate high-cost
mortgages.
PROCEDURES AND DATA COLLECTION SYSTEMS
The most tangible aspects of a bank’s compliance
management program are its procedures and established
systems for compliance. They are the framework for staff
members to follow in completing the daily operations
of a bank. Procedures provide guidance, while automated
systems facilitate activities such as documenting a
new loan or opening a deposit account. The effectiveness
of the bank’s procedures are most important, not
the degree of formality. For HMDA reporting, small reporters
may only need informal procedures and the FFIEC's HMDA
Data Entry Software to collect, edit and report data.
Conversely, larger data reporters will most likely need
automated systems for data collection, editing and reporting.
A large data reporter would find it impractical to geocode
each LAR line individually. Consequently, most use some
form of an automated batch geocoder or a more comprehensive
system that has geocoding capabilities.
What specific procedural changes and/or updates
to automated systems are required to incorporate the
data reporting revisions?
The complexity of the bank’s system will be key
in determining what changes are necessary. For manual
systems, making the appropriate changes to data input
sheets may be the only substantive change, assuming
knowledgeable staff members compile and complete the
LAR prior to submission. For automated systems, changes
will involve consultation with third-party vendors or
internal information technology staff. As with any change
in business need, the programmers must be clear on the
business rules that will apply to the changes. Expect
that some training will be needed to ensure that programmers
possess an adequate understanding of what is required.
Specifically, for automated systems, a determination
will need to be made as to whether a rate spread calculator
will be developed or the FFIEC's HMDA web site calculator
will suffice for the rate spread calculation. If management
has invested in an automated system for other aspects
of data collection and reporting, such as geocoding,
development of a rate spread calculator will be an attractive
option.
Determining HOEPA status poses a significant need for
enhancements to current systems and may require the
creation of additional systems. Most banks should have
established systems to monitor and capture loan information
for high-cost mortgages covered under Section 32 of
Regulation Z. However, many banks do not routinely originate
loans that trigger the Section 32 disclosure requirements.
Therefore, they may have failed to identify the few
covered loans they do originate. Larger reporters that
use a combined system with multiple business lines face
significant challenges in tracking these loans. In conclusion,
all banks should consider how they track HOEPA loans
to ensure that these loans and applications are appropriately
captured on the HMDA/LAR.
INTERNAL CONTROLS AND REVIEW MECHANISMS
Compliance audits and internal controls are mechanisms
designed to help management ensure ongoing compliance
and identify potential weaknesses or exposure. These
compliance reviews may be conducted by internal staff,
such as a compliance officer or internal auditor, or
may be conducted by an external third party. Regardless
of who conducts these reviews, the scope should reflect
the overall complexity of operations and the risk inherent
in these activities. Transaction testing is generally
necessary, and sample sizes should be commensurate with
the overall volume of LAR lines reported.
Internal controls should be an integral part of the
daily operations of a bank and should involve all levels
of management. Internal controls may take several forms.
Segregation of duties, which serves as a system of checks
and balances, is a common internal control. For HMDA
reporting, an internal control for a manual system might
involve two loan processors verifying the data collected
before compiling the LAR. For an automated system, an
example of an internal control is validity error screens
of the data before exporting a submission file.
What enhancements to the established internal controls
and review mechanisms are needed to ensure accurate
data?
Internal Controls: The addition of the pricing
information may reflect a need for additional internal
controls. For example, since banks will be required
to use the most recent release of the “Treasury
Securities of Comparable Maturities under Regulation
C” for rate spread calculations, an independent
verification may be necessary to ensure that the bank
is using the most recent release. Similarly, for automated
systems, it may be a good idea to program a safeguard
into the application that would prohibit the calculation
of the rate spread unless the most recent release had
been imported.
Review Mechanisms: The extensive nature of
the HMDA revisions may pose the need for increased transaction
testing for a period of time to ensure that the bank’s
changes have been effective. For banks that have performed
only limited transaction testing in the past because
of the low volume of LAR lines reported, increased transaction
testing may also be necessary.
Management should consider the complexity of its data
reporting systems in order to determine where transaction
testing would prove most beneficial and have the greatest
impact on reducing the risk of inaccurate data. For
banks that have a combined system, data that are manually
collected and compiled may pose the greatest risk.
TRAINING
As with any major regulatory revision, training is
crucial to ensure that everyone who has compliance responsibility
is prepared to comply. If significant changes are made
to the bank’s procedures for collection and reporting,
everyone involved should be informed about what those
changes will entail and how they will affect their daily
activities. Even if the bank is fully automated with
respect to HMDA data reporting, a number of staff members
will need to be aware of the required enhancements to
the bank’s applications to ensure that they are
performing as anticipated.
Who should receive training?
Training should include everyone who has responsibility
for HMDA data reporting. Starting with management may
be appropriate, given that these changes will undoubtedly
require management’s approval for additional resources,
including time and money, to ensure preparedness. Next,
the staff responsible for initiating the data collection,
editing and compiling the LAR and preparing it for final
submission should be trained. This may include loan
officers, loan processors, data analysts and clerical
staff who input information into automated systems.
Finally, training should include compliance personnel
and internal audit staff responsible for periodically
reviewing the accuracy of the data.
What will the training entail and what level of
knowledge is sufficient?
The role each person plays in the collection and reporting
process is the determining factor for the extent of
training needed to achieve a sufficient knowledge level
to effectively perform his or her duties. For example,
if the bank relies heavily on an automated system, loan
officer training may be limited to discussing the addition
of the ethnicity field, changes to the race field and
the requirement to ask for government monitoring information
for telephone applications. Conversely, if the loan
officers are responsible for completing an input sheet
for each covered application, the training should be
much more comprehensive.
Because of the responsibilities of compliance and audit
staff to test procedures and systems for effectiveness,
these staff members should undergo extensive training
to ensure that each possesses a thorough understanding
of the requirements
back to top
Disclaimer
| Privacy Policy |
