Residential Magazine

Risks Come Into Focus for the Mortgage Industry

These challenges will keep compliance personnel up at night

By Carl McCauley

For a mortgage company’s chief risk officer, understanding and responding to regulatory change will be one of the most critical challenges this year. There’s a shift at the federal level from a Republican era of deregulation to Democratic control with an expected uptick in regulatory requirements. Compliance-department personnel should pay close attention to the Biden administration’s initiatives and prominent regulatory changes, as well as leadership changes at the key regulatory agencies.

This year is shaping up to be a historic moment for loan risk for other reasons as well. There’s a high degree of uncertainty about potential defaults tied to existing mortgages due to the economic environment created by the COVID-19 pandemic. 

Moreover, similar to the 2008 crash, the pandemic-induced economy caused many lenders to become lax in their regulatory compliance testing and ability to meet regulatory requirements. This was especially true as regulators afforded extra runway for transitioning processes and policies to remote-work models. 

How will this affect upcoming regulatory examinations, and what can regulators expect from these lenders and originators? Chief risk officers should prepare for a reckoning in 2021 as examiners play compliance catch-up. Think of this as a wake-up call and opportunity to map out how your organization can move from reactive to proactive transformation of its risk management programs.

Credit risk also continues to be a priority as the economy slowly recovers while being hamstrung by the pandemic. Smart lenders will set specific measures to watch in regard to both performance and risk to detect problematic trends. Doing so will help decision-makers quickly get a handle on how to optimize business operations and profitability

Originators will want to understand the critical factors under consideration this year for the compliance side of the business. They also will want to know about the tools being used to keep mortgage companies financially safe. These include new cloud-based regulatory technology platforms, often called regtech, which can help manage regulatory changes quickly and efficiently to bring compliance up to date. And artificial intelligence technology can help to automate the process of assessing what needs to occur when regulations change.

Monitoring and testing for compliance purposes, which have historically been done manually by on-site teams, are likely to be conducted remotely this year. This can present operational challenges.

Fast-changing environment

Consider the items that cross the desks of chief risk officers and other compliance staff on a given day. They need to understand which regulations have changed; identify which department’s products and personnel are affected; and then find all of the impacted policies, procedures and documents. 

Determining who is responsible for managing the impacted documents is difficult enough. Even after appropriately updating all impacted policy and procedure documents for a particular regulatory change, significant risks often still exist for employees downloading and sharing obsolete documents on remote computers that are outside the corporate firewall. Communicating these sea changes across the company without an enterprise document management system (which is designed for managing policies and procedures) presents significant challenges and risks from a regulatory standpoint.

Regulatory changes can sometimes introduce new risks or even eliminate a previous risk that needed to be managed. Potential defaults around extensions, forfeitures and other things come to mind. Moreover, historically low interest rates present a vexing risk for lenders dealing with fewer profits but just as many loans to process.

Chief risk officers will look to see if lax or reduced compliance efforts in 2020 increased hidden risks for the organization that normally would have had deeper oversight.

When the risks are associated with a particular portfolio change, the controls that were made to manage these risks need to be updated accordingly. Brokerages and banks where processes were dependent on management oversight in an office environment may now require individual confirmation that processes are being followed, or they may need automated controls in place to verify these activities. 

Given how quickly changes in the regulatory and economic environment are occurring, chief risk officers would be wise to consider increasing the frequency of compliance testing, which may have been done annually but should now be done at least quarterly — or maybe even monthly or on demand if the process is automated. Compliance departments will be asking this question: Are the company’s processes and schedules for compliance testing and monitoring appropriate given the changes in today’s pandemic-driven economy, remote-working operations, and the political and regulatory environment? 

Real-time safeguards

Industry- or community-built standard checklists are a great way to ensure that companies are meeting regulatory requirements. Once the updates have been made to all checklists, cloud-based software systems can track and ensure all users have access to the correct checklists. 

Organizations should review their compliance checklists, questionnaires and testing worksheets to ensure they are current with the latest regulatory requirements. It’s just as important to ensure that their employees are using the most recent and correct versions of these documents.

Monitoring and testing for compliance purposes, which have historically been done manually by on-site teams, are likely to be conducted remotely this year. This can present operational challenges. The thoroughness and visibility of testing and monitoring activities; access to testing data; and the status of exceptions and findings that need to be resolved can present logistical challenges if not properly addressed upfront. This can lead to delays in meeting regulatory compliance requirements, which also may increase risk during regulatory examinations.

Lenders must adopt real-time audit schedules or risk looking at the wrong areas and/or factors. Consider how the decline in interest rates led to higher shares of refinancing, the impact that repayment extensions may have on liquidity and capital ratios, or whether the new regulations around extensions are being followed. Risk-management personnel should ask whether the financial institution’s audit schedule has been adjusted to focus on the new risks introduced by the pandemic and current economy, and whether they are being evaluated and adjusted each quarter.

Training to ensure that employees are properly certified for their roles may require a major process change for lenders not set up for remote workers. Internal training courses may need to be migrated to an online learning management system.

In addition, new employees who may never visit the office may require new training processes, while veteran employees may need to be retrained on revised policies and procedures caused by remote-working conditions or regulatory changes. The process of training and verifying the qualifications and certifications of employees on a 100% remote basis may be a daunting prospect, especially for organizations that are used to performing some level of on-site, in-person training.

● ● ●

Even in normal times, regulatory changes can be significant enough to cause strategic and operational shifts for a business. In the historically high-risk climate of 2021, chief risk officers and other risk-management personnel must be prepared to quickly adapt and react to minimize risk due to noncompliance with regulatory obligations. 

All mortgage company employees, including originators, should understand the pressures (and the opportunities) being faced by their colleagues. By taking a proactive approach to manage regulatory changes quickly and efficiently, risk can be turned into a competitive advantage that ultimately drives profitability. ●


  • Carl McCauley

    Carl McCauley is the CEO of 360factors, a leader in integrated risk and compliance software solutions to mid-market banks and financial-services institutions. McCauley has more than 25 years of experience in various sales, marketing and software development roles. Previously, McCauley held senior leadership positions at Zycus, an industry leader in procurement source-to-pay solutions, and MetricStream, an integrated risk-management solution provider that serves multiple industries. He holds a bachelor’s degree in electrical engineering from the Georgia Institute of Technology. 

You might also like...