2016 In Review


Complications from mortgage lending compliance burdens continue

By Mary Thorson Wright

For 2016, community bank compliance has been a tale of two dynamics. The first dynamic is one characterized by technical and exacting rules. The second is driven by risk management objectives and complicated by increased regulatory requirements, limited resources, and continual organizational growth and change.

That compliance issues complicated the lives of community bankers during the past 12 to 18 months is not surprising. First on everyone’s list has been the implementation of new disclosures under the Truth in Lending Act-Real Estate Settlement Procedures Act Integrated Disclosure Rule, which is infused with technical and procedural changes and stuttering effective dates. Many community banks are still fine-tuning their so-called TRID processes since the new mortgage disclosure rules formally took effect last October.

Meanwhile, many community banks began preparing to start expanded reporting under the new Home Mortgage Disclosure Act requirements. Although not under the gun for compliance until late 2017 or 2018, community banks have employed long hours digesting new guidance. The Consumer Financial Protection Bureau’s final rule will require financial institutions to report 48 unique data fields for each borrower—greatly exceeding the statutory requirements laid out by Congress.

A variety of new additional data points will be required after Jan. 1, 2018, such as borrower age, credit score, property value, loan term, interest rate, and points and fees, among others.

The CFPB also expanded HMDA reporting for the types of reportable loans, including all loans or lines of credit secured by a dwelling that are for personal, family or household purposes. Thus, most closed-end mortgage loans, home-equity lines of credit and reverse mortgages will be subject to the reporting requirements starting in 2018.

North Valley Bank, a $150 million-asset community bank in Thornton, Colo., has developed robust practices to manage its HMDA data reporting. “We’ve found in recent years that HMDA has been a driver in our compliance examinations to a great extent,” says Krystal Gaskill, the bank’s chief financial officer and compliance officer.

“Our [loan application register] is one of the first things examiners look at, and it has been critical to laying the foundation for good HMDA exams,” Gaskill explains. “We’ve now effected three different layers of reviews of the [loan application register] entries to mitigate errors and omissions.”

Addressing other issues
Beyond TRID disclosures and HMDA reporting, community banks face the same long list of other compliance challenges that larger, more resource-rich financial institutions face. Those include new rules and examination standards for vendor management; cybersecurity; the Unfair, Deceptive, or Abusive Acts or Practices standards; military servicemember lending; and mortgage loan originator compensation rules.

Depending on what part of the country the bank calls home, the Bank Secrecy Act and anti-money laundering compliance challenge may now include dealing with legalized marijuana businesses. Several states have legalized marijuana sales for medical purposes or for recreational use; however, the plant is still considered a narcotic under a federal law that prohibits federally insured banks from processing money from marijuana sales.

The Financial Crimes Enforcement Network and the U.S. Department of Justice have issued BSA guidelines for how financial institutions can work with businesses that sell marijuana in states such as Colorado where it’s legal. In the field, the feedback banks receive from state and federal examiners and from consultants on BSA compliance and account management for marijuana businesses has been inconsistent, at best.

Carl Binder, vice president–compliance officer and BSA officer for Park State Bank & Trust, a $94 million-asset community bank in Woodland Park, Colo., says the contradictions of federal rules and guidance in this area are an ongoing challenge. He adds, “Although the regulators have indicated that it is OK to have the accounts, there is no definitive direction on how to do it in an acceptable manner.”

This past year community banks were driven to review their risk assessment processes and vet account applications with an enhanced due diligence approach to determine next steps in the current environment.

Risk assessments
Many community banks took an introspective look at their compliance management systems.

Tim Grooms, chief risk officer for First State Bank, a $390 million-asset community bank in Winchester, Ohio, is developing a quality-control program for compliance. “Our internal auditor does good quarterly reviews, and we want to redefine some of the roles in our compliance group to support [quality control] for the business in between the quarterly audits,” Grooms says.

“We have the support of our board, and we’re stepping up our entire compliance program to get ahead of the power curve to meet the things coming down the pike.”

Hilda Hunter, an internal auditor who performs compliance audits at San Luis Valley Federal Bank, a $264 million-asset federal savings bank in Alamosa, Colo., also has been dedicated to analyzing the compliance management system, identifying missing or insufficient components and making the system comprehensive.


“It has been my goal and the bank’s goal for this year,” Hunter explains. “We’ve always had a compliance system, but the program needed revisions.” However, in January the bank’s compliance officer left the bank, and compliance responsibilities were parsed to department heads.

That’s when Hunter became the internal auditor. “Our program needed to take those changes into account, as well as other changes,” she says.

A 2016 goal for Melody Andrus, a Bank Secrecy Act and compliance officer at Pioneer Bank,

a $757 million-asset community bank in Roswell, N.M., was to reevaluate the bank’s BSA reporting program to ensure efficiency and to create or enhance comprehensive written procedures.

Community banks often continued to use outsourcing to third parties to inject expertise or independence that was not available or achievable in-house. When North Valley Bank scheduled a third-party compliance review this year after a nearly 15-year hiatus, it was an eye-opening experience, Gaskill says. As a result, she urges community banks that are not taking advantage of external expertise to do it at least once to experience a “fresh look” at compliance.

Emphasizing education
For better or worse, more training for staff, management and the board of directors is unanimously deemed vital—by community bankers and regulators alike. Community banks are maximizing training resources to fit educational needs and afford flexibility. Commercially produced, online training programs—such as those offered through ICBA’s educational program Community Banker University®—are routinely used to get broad coverage of the regulatory mechanics.

Many community banks use programs into which proprietary policies and procedures can be uploaded into the training modules as PowerPoint slides, and others present the bank-specific information in conjunction with the modules.

This past year the industry also tackled sweeping mortgage servicing rule changes brought to bear by the Dodd-Frank Act and the expanded reporting requirements brought by the CFPB. Despite the demands, community bankers have kept their eyes on the ball while continuing to check the progress of the game.

Mary Thorson Wright, a former Federal Reserve manager, is a financial writer in Virginia.