Compliance Best Practices: Using Third-Party Providers Can be an Example
It is not a secret that banks and non-banks establish business relationships with service providers to help carry out different tasks associated with maintaining a loan. Furthermore, service providers may also contract specialty firms for services that they cannot support or that they do not have the expertise to conduct autonomously. These specialty firms, or third-party providers, now face increased scrutiny from servicers as a result of the current government regulations and initiatives by agencies, such as the Consumer Financial Protection Bureau (CFPB). Now, banks are required to effectively vet these third-party providers or be held financially responsible for any resulting mistakes.
Using third-party providers creates reputational, operational and compliance risk for servicers, and failure to maintain an adequate compliance program by the provider may jeopardize current and potential business relationships. Therefore, it is critical that third-party providers implement action plans to overcome the aforementioned risks and strategize the compliance structure of their shops.
Servicers’ initial thoughts may be that it costs too much, we do not have the staff, we do not have in-house expertise, a compliance officer is too costly, or our company is not that big. Regardless, the regulations do not consider these scenarios but compliance is worth the investment.
In order to address these issues, a company should go back to the basics. Experience with domestic and international financial institutions as well as different types of services and products can shed some light on the basic elements of a successful compliance program. These elements include:
1) Establishing standards and procedures;
2) Compliance oversight;
3) Communication and training;
4) Monitoring and reporting; and
5) Independent review
These elements may vary from company to company but in general they are the most commonly important. The level of sophistication of a program will depend on the number of clients, size of the company, internal resources and the exposure the company has to local, national and/or international regulations.
Compliance best practices
There are numerous requirements associated with serving legal documents and these vary from state to state and even county to county. A good licensed investigator should be bilingual and be able to conduct searches in all 50 states and for a variety of areas–banking, legal (foreclosures and collections) and loan servicing. Advanced data tracking and reporting technology can also offer clients superior search and reporting capabilities.
So many companies provide specialty services for a variety of the banking and legal industries, which opens these companies to scrutiny by clients and multiple government agencies. Therefore, it is crucial to maintain a corporate compliance program that allows the company to satisfy industry requirements while cultivating an organizational compliance culture through accountability of business leaders and staff, continuing education and robust reporting processes. The program should manage risk every day. A company’s corporate compliance program should conform to the general principles previously mentioned and recommendations established in the financial industry. The firm should also adhere to other compliance best practices recognized by government agencies and private industry.
A company’s corporate compliance program should be built on three pillars–prevention, detection and response–that address compliance risks. The role of the any compliance department should be to assess the regulatory and other industry requirements, detect opportunities for improvement and respond to events that are contrary to the intent of the law and internal policies and procedures. Each of the elements of the company’s corporate compliance program should be embedded in these three pillars and assists the compliance department to achieve its mission of ensuring the company is compliant.
How to start
Here are a few steps to take in developing a successful corporate compliance program:
1) Take a hard look at your business, products and services.
2) Become familiar with current practices.
3) Study recent audits, investigations or other independent reviews conducted on your company and see if opportunities for improvement have been identified.
4) Schedule meetings company owner(s), board of directors/managers or senior management to discuss their “compliance appetite;” are they conservative, neutral or aggressive about compliance? This will help you recognize the level of compliance oversight that needs to be proposed for the business.
5) Document the results or discussions and research and start drafting a compliance plan or program that includes the basic elements mentioned previously.
6) Be sure to review current policies and procedures that cover business practices, and if the company does not have one, create an action plan to develop these documents.
7) Determine who will be in charge of overseeing the compliance and risk efforts and monitoring the processes for the company.
It would be prudent to leverage the existing resources, such as information technology personnel, managers, human resources, etc. and determine if any elements of the program can be performed collaboratively with these areas.
Your company may need to invest in software to monitor business activities. It will depend on the number of clients the company maintains and volume of transactions managed. The most important aspect of a successful compliance program is to maintain effective tools (manual or automated) that assist in tracking, monitoring and reporting business activities. Proper documentation and retention of reviews is imperative, therefore; be cognizant of state and federal laws governing the documents and establish a proper methodology to maintain these records according to the legal retention requirements.
To completely embrace a compliance culture within your business, ensure that the staff receives proper training and guidelines on compliance. This leads to acceptable behavior, consistency and understanding of compliance expectations. Ensure that processes are reviewed independently by third-party auditors, consultants or by your internal audit team. Finally, formalize the compliance program in a document, discuss it with management and make it available to team members, or to clients if requested.
Success is possible
Every company has its own culture. Those accountable for compliance oversight are responsible for discovering the company’s culture and adapting it to industry regulations. Like any internal conflict, changes in the regulatory environment may lead to distress for the organization and its team members. This is when it is important to have flexible communicators who can find opportunities for agreements between servicers and the third-party provider, and align these agreements with their operations to successfully implementing changes.
The success of a compliance program relies on these relationships. Understanding your business and your clients is a priority, but most importantly the program hinges on the commitment to fulfill industry expectations by accommodating business practices to meet your clients’ requirements, the regulators and the law. The relationship between your team members and your clients must be transparent in order for your corporate compliance mission to remain robust.
Kathalin Carvalho is vice president of compliance for Tampa, Fla.-based ProVest, a nationwide legal services firm specializing in managing the delivery of legal documents and related foreclosure services. Carvalho ensures that employees and agents adopt appropriate standards, practices and internal controls. She can be reached by e-mail at email@example.com.
FMJ Job Listings
- Mortgage Loan Consultant - Nuvision Credit Union - Mission Hills, CA
- Mortgage Loan Consultant - Nuvision Credit Union - Lakewood, CA
- Consumer Loan Underwriter - Credit Union of Colorado - Denver, CO
- Homeownership Program Manager - GO Northwest Housing Resource Center - Baltimore, MD
- Network Administrator - Randstad Technologies - Santa Ana, CA
- Training Delivery Specialist - 225 - Randstad Technologies - Raleigh, NC