Search::

Practical Compliance Tips

Regardless of the size of the institution that you work for or the volume of residential real estate lending originated, your institution has probably established procedures and systems to assist in HMDA data collection and reporting. We recommend that your plan of action be based on the type of data collection system that your institution employs. Data collection systems fall into three categories:

Manual	Manual systems are most prevalent in small institutions and rely on bank employees to collect data and maintain a written LAR. Since the data are generally required to be submitted to the regulatory agencies in electronic, machine-readable format, the data are manually entered into a data collection application such as the FFIEC Data Entry Software.
Automated	Automated systems use one or more applications, developed in-house or by third-party vendors, for data collection and submission. In most cases, banks that are totally automated use fully integrated applications, that is, the applications work together to accomplish all of the tasks required to report HMDA data. This might include separate systems for the collection of applicant information, geocoding and compilation of data, as well as completing validity and quality checks against the data.
Combination	Combination systems involve both manual and automated characteristics and are generally the most complex and require the most oversight. Many times, banks will use different systems for the various business lines. In these organizations, compliance personnel combine the LARs from each business line for submission.

Senior management should consider the bank’s current data collection system in terms of these five aspects of compliance management:

Board Oversight/Management Involvement. What are the resource implications of the required changes?
Organizational Structure. Are changes in the organizational structure of the compliance management program warranted?
Procedures. What are the specific procedural changes and/or updates to automated systems that are required to incorporate the revisions to reporting HMDA data?
Internal Controls and Review Mechanisms. What enhancements to the established internal controls and review mechanisms are needed to ensure accurate data?
Training. Who needs the training? What will the training entail, and what level of knowledge is sufficient?

BOARD OVERSIGHT/MANAGEMENT INVOLVEMENT

Because the board of directors is ultimately responsible for compliance, the board should periodically review the effectiveness of the compliance management program.

What are the resource implications of the required changes?

One of the keys to successfully implementing changes to the bank’s data collection system will be board and senior management commitment. They will need to devote sufficient resources, including time and money, to ensure that the appropriate changes are made to the existing systems. While many of the third-party vendors will make enhancements to the applications without additional charge, future versions of the software may reflect higher costs. The primary cost for implementation of changes may be personnel costs for the additional time needed to plan and implement changes.

ORGANIZATIONAL STRUCTURE

Banks generally assign overall compliance responsibility to an individual or to a committee. The complexity of bank operations will determine the duties, responsibilities, authorities, and independence of compliance personnel. Within this structure, a reporting mechanism should be established to ensure the board is informed of compliance activities.

Are changes in the organizational structure of the compliance management program warranted?

Normally, regulatory changes do not warrant changes in the established compliance management structure because they are typically minor. For most institutions, no changes of responsibility will be necessary.

PROCEDURES AND DATA COLLECTION SYSTEMS

The most tangible aspects of a bank’s compliance management program are its procedures and established systems for compliance. They are the framework for staff members to follow in completing the daily operations of a bank. Procedures provide guidance, while automated systems facilitate activities such as documenting a new loan or opening a deposit account. The effectiveness of the bank’s procedures are most important, not the degree of formality. For HMDA reporting, small reporters may only need informal procedures and the FFIEC's HMDA Data Entry Software to collect, edit and report data. Conversely, larger data reporters will most likely need automated systems for data collection, editing and reporting. A large data reporter would find it impractical to geocode each LAR line individually. Consequently, most use some form of an automated batch geocoder or a more comprehensive system that has geocoding capabilities.

What specific procedural changes and/or updates to automated systems are required to incorporate the data reporting revisions?

The complexity of the bank’s system will be key in determining what changes are necessary. For manual systems, making the appropriate changes to data input sheets may be the only substantive change, assuming knowledgeable staff members compile and complete the LAR prior to submission. For automated systems, changes will involve consultation with third-party vendors or internal information technology staff. As with any change in business need, the programmers must be clear on the business rules that will apply to the changes. Expect that some training will be needed to ensure that programmers possess an adequate understanding of what is required.

Specifically, for automated systems, a determination will need to be made as to whether a rate spread calculator will be developed or the FFIEC's HMDA web site calculator will suffice for the rate spread calculation. If management has invested in an automated system for other aspects of data collection and reporting, such as geocoding, development of a rate spread calculator will be an attractive option.

Most banks should have established systems to monitor and capture loan information for high-cost mortgages covered under Section 32 of Regulation Z. However, many banks do not routinely originate loans that tirgger the Section 32 disclosure requirements. Therefore, they may have failed to identify the few covered loans they do originate. Determining HOEPA status may require the creation of additional systems, for automated systems. Larger reporters that use a combined system with multiple business lines face significant challenges in tracking these loans. In conclusion, all banks should consider how they track HOEPA loans to ensure that these loans and applications are appropriately captured on the HMDA LAR.

INTERNAL CONTROLS AND REVIEW MECHANISMS

Compliance audits and internal controls are mechanisms designed to help management ensure ongoing compliance and identify potential weaknesses or exposure. These compliance reviews may be conducted by internal staff, such as a compliance officer or internal auditor, or may be conducted by an external third party. Regardless of who conducts these reviews, the scope should reflect the overall complexity of operations and the risk inherent in these activities. Transaction testing is generally necessary, and sample sizes should be commensurate with the overall volume of LAR lines reported.

Internal controls should be an integral part of the daily operations of a bank and should involve all levels of management. Internal controls may take several forms. Segregation of duties, which serves as a system of checks and balances, is a common internal control. For HMDA reporting, an internal control for a manual system might involve two loan processors verifying the data collected before compiling the LAR. For an automated system, an example of an internal control is validity error screens of the data before exporting a submission file.

What enhancements to the established internal controls and review mechanisms are needed to ensure accurate data?

Internal Controls: Pricing information may reflect a need for additional internal controls. For loans with an application date before October 1, 2009, and the loan closed before January 1, 2010, banks are required to use the most recent release of the “Treasury Securities of Comparable Maturities under Regulation C” for rate spread calculations, and an independent verification may be necessary to ensure that the bank is using the most recent release. Similarly, for automated systems, it may be a good idea to program a safeguard into the application that would prohibit the calculation of the rate spread unless the most recent release has been imported. Under the final rule, effective October 1, 2009, use the new FFIEC Rate Spread Calculator if the loan application date is on or after October 1, 2009 or the loan closed on or after January 1, 2010.

Review Mechanisms: Management should consider the complexity of its data reporting systems in order to determine where transaction testing would prove most beneficial and have the greatest impact on reducing the risk of inaccurate data. For banks that have a combined system, data that are manually collected and compiled may pose the greatest risk.

TRAINING

Training is crucial to ensure that everyone who has compliance responsibility is prepared to comply. If significant changes are made to the bank's procedures for collection and reporting, everyone involved should be informed about what those changes will entail and how they will affect their daily activities. Even if the bank is fully automated with respect to HMDA data reporting, a number of staff members will need to be aware of the required enhancements to the bank's application to ensure that they are performing as anticipated.

Who should receive training?

Training should include everyone who has responsibility for HMDA data reporting. Starting with management may be appropriate, given that these changes will undoubtedly require management’s approval for additional resources, including time and money, to ensure preparedness. Next, the staff responsible for initiating the data collection, editing and compiling the LAR and preparing it for final submission should be trained. This may include loan officers, loan processors, data analysts and clerical staff who input information into automated systems. Finally, training should include compliance personnel and internal audit staff responsible for periodically reviewing the accuracy of the data.

What will the training entail and what level of knowledge is sufficient?

The role each person plays in the collection and reporting process is the determining factor for the extent of training needed to achieve a sufficient knowledge level to effectively perform his or her duties. For example, if the bank relies heavily on an automated system, loan officer training may be limited to discussing the requirement to ask for government monitoring information for telephone applications. Conversely, if the loan officers are responsible for completing an input sheet for each covered application, the training should be much more comprehensive.

Because of the responsibilities of compliance and audit staff to test procedures and systems for effectiveness, these staff members should undergo extensive training to ensure that each possesses a thorough understanding of the requirements.

Disclaimer | Privacy Policy