In yesterday’s post, I went over the impact state and federal regulations are having on credit union operations and how to identify potential violations. As promised at the conclusion of the post, today we’ll discuss how you can ensure your credit union meets the necessary compliance requirements by getting back to the basic skills you learned in kindergarten.When it comes to compliance exams, regulators want to see that:
You have adequate staff in place who understand the rules
You have made a good effort to follow the rules and do the right thing
You have put the systems in place, like FinTech, to track compliance and policies so issues are mitigated before they become problems
In many cases, we see smaller lenders outsourcing the higher risk areas surrounding collections, skip tracing, and repossession management to large vendors who can leverage economies of scale to meet the stringent compliance requirements that are challenging for smaller institutions.
Some lenders, including the largest SubPrime auto lender Santander, have embraced regulatory scrutiny as a competitive advantage, as stated in a recent article by their CEO Jason Kulas, who sees the strict requirements as a sort of “buffer” to keeping startup subprime shops out of the industry.
Other lenders have been hesitant to embrace the needed technology required to keep up with the regulators. On June 22, 2016, CFPB Director, Richard Cordray, addressed technology deficiencies within the mortgage industry:
“Mortgage servicers cannot hide behind their bad computer systems or outdated technology. There are no excuses for not following federal rules,” said Cordray. “Mortgage servicers and their service providers must step up and make the investments necessary to do their jobs properly and legally.”
This means, credit unions need to seek out Financial Services Technology (FinTech) platforms that probably exceed the technology they’re currently using. The best part about embracing FinTech is you’ll more than likely see an ROI on the cost of upgrading to new technology by reducing full-time employees (FTE). In addition, you’ll become much more efficient in how you perform basic collection-related functions—reducing delinquency and full balance skip charge-offs. Plus, you’ll be compliant in the eyes of the regulators. Here’s a relevant article not only explaining FinTech, but also describing why it’s relevant.
Okay, now that we’ve set the stage, let’s go back to Kindergarten for a minute, when life was simple and the rules were based on common sense. What happens when we take those rules, and we apply them to our current compliance challenges? Well, it breaks down to six basic principles:
1. Share EVERYTHING
Some data shouldn't or can’t be shared (Social Security numbers and other PII) with certain vendors, so start with identifying exactly where your customers’ data resides and how well you are protecting their identity.
Some data needs to be shared in a transparent manner between lender and outside vendors such as loan servicers, collection agencies, and skip and repo companies. This is where technology comes into play. For example, how many FDCPA rules are you tracking in your collection software, and how do you track the activity of your vendors? This is where FinTech, like SWBC's AutoPilot loan portfolio management software, shared between lenders and vendors can come in and provide you a system to track and prevent rule violations from happening.
“Gather, Organize and Track” should become your marching orders when using outsource vendors. Vendors are now clearly considered your employees by the regulators, so you need to know who they are and what they’re doing. Are they trained and background checked? You need to know this possibly in more detail than you know about your own employees. At least you get to hire and supervise your employees every day. How many vendor employees do you know?
Transparency through tracking in cutting edge #FinTech software is now a must-have for gathering, sharing, and tracking all data that relates to your customer and what happens on their account in collections—be it internally or externally within your vendor network.
2. Play FAIR
Identify and eliminate “bad actors.” You’re not playing fair if you’re employing or hiring people who do not treat your customers with the respect they deserve.
Are you verifying 10-year prior address histories with detailed criminal background checks in a verifiable system on all internal and external humans who touch your customer or their data?
Are you following all compliance and security regulatory rules in a system that tracks everything to alert you when you have an issue, ideally prior to having a problem?
I recently wrote about a repossession gone bad where the customer was killed. This should cause you to stand up and take note of the need to review your current vendor relationships for all outsourced repossession work. You need to know that you are relying on experienced, trained, and vetted professionals that you trust.
3. Clean up your own mess
Identify issues inside your organization or within your vendor network BEFORE they become problems. Create solutions that address issues and problems that arise, so you don’t keep dealing with the same mess over and over again.
4. Don’t take things that aren't yours
Wrongful repossessions should be avoided at all costs, and by using repossession assignment software that ties you and the repossession vendor at the hip, wrongful repossessions will not occur.
For example, are you using repossession assignment distribution software that tracks the account status, bankruptcies, and military status in real-time so if the account needs to be closed, it’s closed in real-time, 24/7/365?
5. Say you’re SORRY when you HURT somebody
See “Clean up your own mess.” Always remember the line made famous during the Watergate investigation: “The cover up is worse than the crime.” The CFPB sees (and rewards you) when you catch and resolve issues internally without a regulator having to tell you what to do.
6. Wash your hands before you eat
This may be the most relevant of all, and it should be the largest concern of every small- to mid-sized lender who does not have the resources to have a fully staffed compliance and security department. As Karen Townsend, SWBC Asset Recovery Program Manager, explained in a recent blog post, “an internal lack of expertise can truly impact your bottom line.” This is great advice as there are some great outsource partners and vendors who can help you identify, mitigate, and greatly reduce your compliance and security risk, especially in the vendor space.
So now that we know the risks and issues, and we’ve seen the credit union industry being impacted greatly already, how can we work together to help you get through this beyond some of the suggestions we’ve made above?
We’re publishing a series of monthly blogs that will specifically address a variety of hot-button compliance issues—from Servicemembers Civil Relief Act (SCRA) and Telephone Consumer Protection Act (TCPA) compliance monitoring, to collection, skip tracing, and repossession compliance.
Watch this space over the next few months and hopefully we can share some ideas that you might find helpful as you navigate the compliance challenges facing your institution.