In the mortgage industry, the potential for an audit by the Consumer Financial Protection Bureau is often associated with either fear or uncertainty. Following the mortgage meltdown of the early 2000s, increased levels of government oversight became a new reality, with watchdogs like the CFPB ensuring mortgage companies are complying with the federal guidelines designed to protect consumers from unfair lending practices.
Central to ensuring adherence is a robust policy and procedure management framework that is designed to allow organizations to determine if their internal structure supports the requirements they are expected to uphold. Adhering to established policy management practices is also vital for being prepared for an unexpected visit from the CFPB.
Audits are announced with only a few weeks’ notice – if your house isn’t in order by the time the audit is scheduled, it’s likely too late to establish a track record of building internal policies that show evidence of protecting consumers and training employees to act in accordance with CFPB best practices. Building a framework now to prepare for an audit is easier said than done, but below are some basic steps to take that will help make the process less daunting.
1. Begin preparing before the audit even develops:
This is a critical first step in avoiding a mad scramble, stressful meetings, poor deliverables, angry management, bad findings, etc. The CFPB offers limited notice as to its intent to audit a firm, which means there’s no such thing as being over prepared. Ensure your executive team is bought into the investment and understands the value of preventive and not reactive compliance.
2. Start with a policy management program that includes comprehensive consumer coverage:
Policies and other documents are typically requested before the CFPB audit team comes on-site. Having these materials organized, consistent and with documented review dates, changes, approvals, certifications and training is essential to getting started on the right foot.
3. Make sure your procedures and department level activity is aligned with your policies:
Polices that don’t have supporting procedures that can be explained by the front lines (the business departments) are just shelfware risks waiting to be exploited. Know that you can answer the question of “how are you enforcing and executing this policy?” Being able to provide proof of both quickly can demonstrate you’re on top of the issues.
4. Consumer data and flow of information is critical:
Expect that an audit could “follow the data” from your organization out to any of the third party services that are involved in mortgage transactions (escrow agents, title insurers, brokers, closing agents, etc.), or within other vendors like customer service centers. Your third party monitoring is critical in the eyes of the CFPB to protect the consumer – which is why this should be a top-priority program to have running on all cylinders.
5. Be effective at coordination, information gathering and explanation:
Have a structured process for what to do when an audit happens, who will be the lead, how document requests to various groups will be handled and which reporting format will be used to present and detail the information. Having everyone know that “all hands on deck” are required and how to respond to inquiries is essential in showing the company’s internal strength in terms of execution, consumer protection and transparency within processes.
Establishing a framework in the weeks leading up to an audit will inevitably cause panic, and delaying an audit can raise eyebrows. There is an inherent value in adopting a “strength through policy” attitude to ensure that a lender isn’t just surviving an audit, but also benefitting from having a reputation as a consumer-minded organization.
When the auditor comes knocking
While an audit can become a significant time burden and quite invasive, it’s important to remember the following: unlike the IRS, the CFPB isn’t there to analyze your bottom line. It is acting on behalf of the consumer. This is why the CFPB’s Supervision and Examination Manual places an emphasis on inspecting a firm’s practices to determine if any violations exist that can potentially violate the law or cause consumer harm. Above all else, the CFPB wants to enforce uniformity among lenders – that is, to make sure every firm abides by the same Federal requirements to adhere to fair lending practices and protect the borrower.
This commitment to protecting the consumer must be evident within third-party vendor relationships in addition to your own organization. By constructing a defensible policy framework and working with partners that support your internal procedures, it becomes possible to not only survive a CFPB audit but to effectively work collectively with auditors to demonstrate the impact your organization has on protecting the consumer interest when applying for a loan throughout the chain of parties involved in fulfilling it.
With the constantly changing regulatory landscape and the sheer number of relationships with partners, vendors and customers, corporate policies have never been so important. Today, policies not only guide how firms should operate, but have also become the primary means to evaluating an organization’s reputation.
Strength through organization
For years, even decades, enterprises have managed policy workflows, versions, certifications, changes and exceptions/incidents with manual tools and, more recently, passive document libraries.
But as the body of regulations grows, changes become more urgent, and the number of interested stakeholders expands - which means static repositories are no longer minor annoyances, but a major cause for disruption.
Today, new technology solutions exist that replace spreadsheets, network drives and intranets with a simple, standard process for administering policy lifecycles, certifying communications, assessing performance, and managing exceptions and issues. Cloud-based platforms can provide direct and immediate access to the policies and procedures your employees and vendors need to fulfill their obligations in accordance with your standards.
In a world where governance is stringent and policies can change in the blink of an eye, mortgage firms deserve every advantage they can find – and automating key compliance tasks to ease due-diligence response efforts gives lenders a major leg up.