How community bankers conquered their compliance issues in 2017

The regulatory challenges of 2017 were many and varied. Here’s how community bankers addressed and conquered their compliance issues.

By Mary Thorson Wright

It’s no surprise that the Home Mortgage Disclosure Act (HMDA) tops a long list of 2017 compliance challenges, including a changing examination environment, risk-management improvement, enhanced due-diligence requirements and the fine-tuning of the TILA-RESPA Integrated Disclosure (TRID) Rule.

Dodd-Frank and subsequent changes ordered by the Consumer Financial Protection Bureau (CFPB) ensured that HMDA-reporting banks spent a good part of this year making functional changes to systems, procedures, data collection and reporting. These changes also required that community bank staff and management be trained for their roles in the HMDA process.

Community banks worked feverishly to address the 48 unique data fields for which they must collect and report data on residential mortgage loan applications beginning Jan. 1, 2018. Krystal Gaskill, CFO and compliance officer for the $160 million-asset North Valley Bank in Thornton, Colo., notes that although bank employees began working on HMDA changes early, they still spent considerable time on it during 2017.

Jim Bedsole, senior vice president and chief compliance and risk officer for the $520 million-asset BankSouth in Greensboro, Ga., set his sights on HMDA reporting early this year. “We continue to work through that process,” he says. “Absent any delay to the new rules going into effect on Jan. 1, we will implement the changes.” He notes, though, that by making incremental revisions to the rules, the CFPB presents a challenge to banks to meet the deadline.

Tim Grooms, chief risk officer for First State Bank, a $450 million-asset community bank in Winchester, Ohio, expected HMDA to be a priority in 2017, and his bank worked to implement the changes before year-end. “We will flow information from our LOS [loan origination system] into the core system,” Grooms says, “but we’ve been challenged by our vendor’s ability to build systems in the face of vaguely described requirements and the CFPB’s delay in acting on some aspects of data collection, recording and reporting.”

He cites the Freddie Mac and Fannie Mae draft loan application form as an example. The CFPB did not approve the use of the form until late September and prevented banks from collecting certain information before Jan. 1, 2018, or risk violations of Regulation B. Delays in regulatory approvals and absence of firm guidance have hindered the bank’s ability to move forward on policies, procedures and staff training.

In late 2016, Grooms projected enhanced due diligence under the Bank Secrecy Act (BSA) as an area of focus for 2017. The US Treasury Financial Crimes Enforcement Network’s (FinCEN) final beneficial ownership rules, effective in May 2018, are intended to further strengthen customer due-diligence requirements for financial institutions that are subject to the requirements of the Patriot Act.

First State Bank prepared to roll out the procedures and training in the fourth quarter of 2017 to allow retail staff time to respond to questions and issues that may arise prior to the mandatory implementation date. After researching whether the deposit account opening platform or another source would work best to capture the information, Grooms and his team decided to use the BSA monitoring system and then flow the data into the core system.

Compliance management
Compliance management requires ongoing attention to meet both the needs of the bank and the shifting array of requirements. Grooms rebuilt First State Bank’s compliance management process in 2017 and reassigned compliance responsibilities within his group. The community bank reallocated compliance work among its analysts so each now focuses on a narrower group of regulatory issues, allowing more specialization and deeper dives into compliance management.

“Our compliance committee used to meet quarterly or on an as-needed basis,” Gaskill says, “but we now meet monthly to stay abreast of and be involved in all of the regulatory changes, policy revisions, compliance monitoring and risk assessments. We’ve also added annual outside compliance reviews to enhance compliance oversight.”

Bedsole, too, has made compliance management changes at BankSouth. “We have added a senior compliance analyst in our mortgage banking subsidiary to help deal with the expansion of our third-party origination channel and other concerns,” he says. “We’ve also widened the use of a specialized software platform to gain efficiencies on managing compliance.”

In 2017, compliance examinations shifted from a primarily transaction-based methodology to one that is focused on risk management. The new, risk-based ratings system took effect on March 31, 2017, replacing a system that was established in 1980.

“We have added a senior compliance analyst in our mortgage banking subsidiary to help deal with the expansion of our third-party origination channel and other concerns.”
—Jim Bedsole, BankSouth

At the time of this writing, First State Bank was scheduled for an FDIC compliance examination. Grooms believes the FDIC did a good job of explaining the process and says his peers in the community bank’s monthly compliance group calls agree.

“The examiners used to touch every area of compliance but on a rotation over the years,” Grooms explains. This year, “they sent a robust, high-level request for information early on and used it to conduct their own risk assessment, then created a follow-up request for more information. According to the examiners, the new process allows them to more narrowly focus on the areas of risk they wish to review, and it allows them to greatly reduce the time they spend on-site in the bank.”

BankSouth was scheduled for an Office of the Comptroller of the Currency (OCC) compliance examination and a separate examination for TRID compliance in 2017. Employees were notified that the community bank would be scheduled for a Fair Lending Risk Assessment, because it exceeds $500 million in assets. According to the OCC, the assessment will be conducted in any year in which the bank does not undergo a full-scope fair-lending exam.

Despite this year’s mortgage compliance whirlwind, community bankers took a deep breath and faced the technical and managerial compliance challenges of 2017. It is a practice with which they have become well acquainted.

Mary Thorson Wright, a former Federal Reserve examiner, is a financial writer in Virginia.