Regulatory Compliance
The financial services industry continues to face mounting pressures to meet the highest standards of data reporting and accuracy. New regulations and mandates are introduced regularly, impacting the way companies do business. And a more credit-educated consumer base is seeking insights into their own credit data, providing a separate second of eyes that demand accuracy. Not only has the Fair Credit Reporting Act (FCRA) set requirements on dispute investigation and response, but the Consumer Financial Protection Bureau (CFPB) is also paying close attention. Recent announcements indicate the CFPB wants more information about the credit eco-system to gain more data about consumer disputes. According to the CFPB, it’s a joint problem – “the NCRAA’s, data furnishers, public record providers, and consumers all play roles which affect the accuracy of the information with credit reports.” And it’s not just the big banks that are being targeted with fines. The CFPB has made it clear it will also direct attention to certain nonbanks and financial products. In today’s data-driven environment, there are roughly 12,000-plus data furnishers, resulting in more than one billion pieces of information being updated on a monthly basis. Over 220 million consumers have some form of credit information attached to them, and transactional data is flowing all the time. Fail to update and a furnisher will quickly see flaws in their reporting. In fact, a recent study revealed an estimated 2.1% of contact info goes bad if unattended for more than one month. Clearly, achieving data quality is an ongoing investment for any organization, but companies often lack a clean plan. Some data furnishers fail to report, or elect to report to just one bureau, even though providing better data will result in a more complete and accurate credit profile. So how do you tackle the challenge of data quality? Organizations should consider implementing these six steps: Review data governance. Correct errors in data submissions. Complete an audit of data submissions. Evaluate disputes and resolutions. Compare data to peers and the industry. Review existing policies and processes. Follow these steps and your organization will earn a reputation among both regulators and consumers for clean, credible data. Plus, the investment in better data will reduce the need to resolve future disputes and fines. To learn more about meeting your FCRA responsibilities and best practices around data quality, check out our on-demand webinar or data integrity services site.
Understanding the Impact of New Marketplace Lending Regulations The online marketplace lending sector has enjoyed unprecedented growth these past few years. According to a recent Morgan Stanley research report, the volume of loans extended by online marketplace lenders in the United States has doubled every year since 2010, hitting $12 billion last year. Some analysts speculate this growth will continue at a compound annual rate of 47 percent through 2020. The market’s growth, coupled with new, disruptive lending models, is now prompting regulators in Washington to raise questions about the potential opportunities and challenges for consumers, small businesses, and the safety and soundness of our financial system. Last July, the Treasury Department issued a request for information to better understand the benefits and risks associated with new online lending platforms and other “fin-tech” startups. The Treasury’s RFI sought information about how these entities’ business models differ from traditional lenders, their impact on financially underserved consumers, and ultimately whether the regulatory framework should evolve to ensure the safe growth of this emerging marketplace. They were also interested in how online lenders were assessing credit risk of borrowers. Most comments the Treasury Department received from online lenders focused on the positive impact that innovation in financial services could have on consumers and small businesses. For example, in an open letter to the Treasury, Lending Club Founder and CEO Renaud Laplanche stated his company’s role in “bringing more transparency, removing friction, reducing systemic risk by requiring a match between assets and liabilities, and offering traditional banks … the opportunity to participate on our platform and benefit from the same cost reductions from which our other borrowers and investors benefit.” Laplanche emphasized the benefits to consumers by noting that “over 70 percent of borrowers on our platform report using their loan to pay off an existing loan or credit card balance and report that the interest rate on their Lending Club loan was an average of seven percentage points lower than they were paying on their outstanding debt or credit cards.” For small businesses, Laplanche explained how commercial loans less than $250,000 tend to be underserved by traditional lenders. “Bank loans from $100k to $250k have fallen 22 percent since 2007, during a period when bank loans of $1 million or greater increased by 56 percent,” he wrote. “Our platform’s automated processes allow us to provide smaller commercial loans that are less available more economically than traditional banks can.” Meanwhile, some commenters called for regulators to increase oversight of the marketplace to provide more certainty. In a joint comment letter, the American Bankers Association and Consumer Bankers Association argued that all lenders — regardless of medium by which they deliver loans — should operate under the same rules and standards. They highlighted the numerous consumer protections in place to protect borrowers — from transparency in pricing, to fair debt collection methods, and data protection — and advocate for these protections to apply in all bank-like activities involving lending or servicing. But what about the Consumer Financial Protection Bureau (CFPB)? The CFPB will take a leadership role to ensure marketplace lenders comply with the fair lending and consumer financial protection laws that the CFPB has authority to enforce. The CFPB has not made any direct notice to the online lending marketplace specifically, but it did issue a notice in October 2014 saying it had no intention of bringing enforcement actions against companies that offer innovative financial products — so long as they benefit consumers. Meanwhile, it is also likely the Federal Trade Commission and state attorneys general will increase their focus on the online lending segment, especially as it relates to how products and services are marketed. The FTC held a symposium on Oct. 30 to examine online lead generation and consumer protection in the lending and education industries. The FTC workshop raised questions about the potential consumer protection challenges of this advertising medium used heavily by online lenders. In particular, there were calls for greater transparency in the use of lead generation, including more information on the ways consumer data is collected through lead-gen websites and how it is used and shared. Online marketplace lenders should expect to stay under the regulatory spotlight – because that’s what success often brings. The sector can avoid undue burdens by ensuring compliance with existing laws and adopting and following industry best practices. For more information, visit www.experian.com/marketplacelending.
The Responsible Business Lending Coalition, a group of nonbank small-business lenders, recently announced a regulatory program designed to bring greater clarity to the industry’s pricing and consumer protections, including: The right to transparent pricing and terms The right to non-abusive products The right to responsible underwriting The right to fair treatment from brokers The right to inclusive credit access The right to fair collection practices Industry self-regulation is a good way for market leaders to demonstrate self-discipline and is preferable to legislative or regulatory changes because of its flexibility and ability to accommodate evolving market trends. >> Webinar: Online Marketplace Lending
Our clients are facing three primary issues when it comes to regulatory compliance: time resources knowledge Many are facing Matters Requiring Attention (MRA) and Matters Requiring Immediate Attention (MRIA) and don’t have the staff or the capacity to complete all of the work themselves within tight deadlines. They also want their limited resources to work on internal, proprietary initiatives to grow the business and maximize profit and return. These activities cannot be outsourced as easily as regulatory and compliance work, which is relatively easy to parse out and give to an external third party. Quite often, a level of independent oversight and effective challenge is also a requirement that can easily be solved through the use of an objective, external third party. A lot of the regulations are still relatively new, and there are still many issues and knowledge gaps our clients are facing. They have insight into their own organization only and quite often aren’t aware of or able to leverage industry best practice without the view of an external third party with broader industry knowledge and experience. In terms of best practice, it all really starts with the data, leading to the attributes used in models to create sound risk management strategies, manage capital adequacy, and ensure the safety and soundness of the overall U.S. and global financial system. The integrity of data reporting, dispute management and compliance with all applicable regulatory requirements need to be an enterprise-wide effort. In the area of attribute governance, there are three primary areas of focus: Attribution creation — definitions; logic, code and accuracy; and how to reduce implementation timelines. Monitoring and maintenance — looking for shifts in attributes and their potential impact and facilitating updates to attributes based upon changes in reporting and upgrades to newer versions of attributes as the credit environment changes, such as during the most recent mortgage crisis, where loan modification and associated attributes were created and took on increased importance. And last but definitely not least, documentation — We cannot say enough about the importance of documentation, especially to regulators. Documentation ensures accuracy and consistent application and must record all general conventions and limitations. For model risk management and governance, focus areas should follow the expanded Office of the Comptroller of the Currency (OCC) Guidance from Bulletin 2011-12. This guidance includes expanded requirements for model validations including not just standard back testing, but also benchmarking, effective challenge, sensitivity analysis and stress testing. It also expands the guidance beyond just validation to model development and usage, implementation, governance and controls. In response to these OCC expanded guidance requirements, one of our clients was seeking an industry expert to serve as an independent third party to 1) conduct industry best practice and benchmarking in areas of reject inference methodologies and 2) validate production models used for risk underwriting, line assignment, pricing and targeting. After a full review and assessment, we provided the client with a clear road map to improve the process to conduct reject inference through knowledge transfer and best practices. We established a best-in-class approach to annual model validations on a model inventory consisting of retail, small business and wealth segment portfolios. We also delivered expedited results that also identified alternative methods of validation that assess variability in point estimates, as well as comply with OCC requirements for precision, ranking and population measurement statistics. Through our work, the client was able to leverage Experian to establish a global approach to reject inference methodologies, to augment existing staffing and to offshore resources in a cost-effective manner. There are three primary areas of loss forecasting, stress testing and capital adequacy planning: International — Basel accord National — U.S. Dodd-Frank Act Stress Testing (DFAST), including Comprehensive Capital Analysis and Review (CCAR) supervisory review Internal — Allowance for Loan and Lease Losses requirements Although there are similarities, there are also important differences among each of these three requirements and practices. For these reasons, most financial institutions in the United States are still providing and managing them separately. This obviously creates a strain on internal staff and resources. One of our clients had an initial compliance strategy in place but did not have the sufficient in-house staff and resources required to create, document and review its modeling and stress testing to satisfy regulators and internal auditors. The organization needed a consultant that could work closely with its in-house team to support sophisticated models that were tailored to meet its specific compliance obligations. We worked closely with the client’s team to provide extensive consulting support for a complex set of loss-forecasting models and other tools, applying industry best practices to fully document the models. Throughout the process, our consulting team discovered and identified content gaps to help ensure that all documentation was complete. We also provided ad hoc analytics to support the client’s model development effort and strategic and tactical guidance on stress testing model development for compliance. This enabled the client to develop primary and challenge models for DFAST’s CCAR requirements, as well as internal stress scenarios. It also provided the client with the following tangible business benefits: balance compliance with maximum profitability and revenue; provided knowledge sharing and best practices to help empower client employees; helped refine models based on feedback from internal and external governance organizations; supported models with academic research to help align the correct model to the correct processes; and provided assistance with model implementation and application. Click here for a recent video I did on how capital-adequacy positions are becoming crucial in analyst recommendations.
The age of social media and data regulations Last week I presented at the 27th Annual Card Forum and Expo and the conference highlighted several issues of progress from new payment solutions. Lots of discussion was regarding Apple Pay and the merchant and consumer perspectives on adoption were widely reviewed. Of course, the implications are of the increasing variety of payment alternatives available to consumers that must be considered by merchants and lenders "The nature of the predictive data has changed – it used to be an institutions internal data and your CRA’s. Now – it is everywhere." The same technology, delivery platforms and the consumer adoption issues also speak to the increasing use of new sources of consumer behavior data available to businesses. One of the high profile consequences is the proliferation of new data sources available and the business user responsibility for effective and Regulatory compliant management of that data. My session explored the issues around data governance in the age of social media to understand the regulatory background, the trends of consumer usage and the possible insights able to be gleaned from these disparate data sources. With these opportunities comes the attention of regulatory bodies and the disciplined documentation, monitoring and use of these new data sources is necessary to derive the value from the data. All of these issues feed into the need to insure that businesses have established an effective Data Governance ecosystem serving many goals but delivering significant business value. Please view my presentation below and to receive help with data governance visit Experian’s global consulting practice site to help your business. Data Governance in the age of Social Media from Experian Decision Analytics
By: Linda Haran Complying with complex and evolving capital adequacy regulatory requirements is the new reality for financial service organizations, and it doesn’t seem to be getting any easier to comply in the years since CCAR was introduced under the Dodd Frank Act. Many banks that have submitted capital plans to the Fed have seen them approved in one year and then rejected in the following year’s review, making compliance with the regulation feel very much like a moving target. As a result, several banks have recently pulled together a think tank of sorts to collaborate on what the Fed is looking for in capital plan submissions. Complying with CCAR is a very complex, data intensive exercise which requires specialized staffing. An approach or methodology to preparing these annual submissions has not been formally outlined by the regulators and banks are on their own to interpret the complex requirements into a comprehensive plan that will ensure their capital plans are accepted by the Fed. As banks work to perfect the methodology used in this exercise, the Fed continues to fine tune the requirements by changing submission dates, Tier 1 capital definitions, etc. As the regulation continues to evolve, banks will need to keep pace with the changing nature of the requirements and continually evaluate current processes to assess where they can be enhanced. The capital planning exercise remains complex and employing various methodologies to produce the most complete view of loss projections prior to submitting a final plan to the Fed is a crucial component in having the plan approved. Banks should utilize all available resources and consider partnering with third party organizations who are experienced in both loss forecasting model development and regulatory consulting in order to stay ahead of the regulations and avoid a scenario where capital plan submissions may not be accepted. Learn how Experian can help you meet the latest regulatory requirements with our Loss Forecasting Model Services.
Deposit accounts for everyone Over the last several years, the Consumer Financial Protection Bureau (CFPB) has, not so quietly, been actively pushing for changes in how banks decision applicants for new checking accounts. Recent activity by the CFPB is accelerating the pace of this change for those managing deposits-gathering activities within regulated financial institutions. It is imperative banks begin adopting modern technology and product strategies that are designed for a digital age instead of an age before the internet even existed. In October 2014, the CFPB hosted the Forum On Access To Checking Accounts to push for more transparent account opening procedures, suggesting that bank’s use of “blacklists” that effectively “exclude” applicants from opening a transaction account are too opaque. Current regulatory trends are increasingly signaling the need for banks to bring checking account originations strategies into the 21st century as I indicated in Banking in the 21st Century. The operations and technology implications for banks must include modernizing the approach to account opening that goes beyond using different decision data to do “the same old thing” that only partially addresses broader concerns from consumers and regulators. Product features attached to check accounts, such as overdraft shadow limits, can be offered to consumers where this liquidity feature matches what the customer can afford. Banking innovation calls for deposit gatherers to find more ways to approve a basic transaction account, such as a checking account, that considers the consumer’s ability to repay and limit approving overdraft features for some checking accounts even if the consumer opts in. This doesn’t mean banks cannot use risk management principles in assessing which customers get that added liquidity management functionality attached to a checking account. It just means that overdraft should be one part of the total customer level exposure the bank considers in the risk assessment process. The looming regulatory impacts to overdraft fees, seemingly predictable, will further reduce bank revenue in an industry that has been hit hard over the last decade. Prudent financial institutions should begin managing the impact of additional lost fee revenue now and do it in a way that customers and regulators will appreciate. The CFPB has been signaling other looming changes for check account regulations, likely to accelerate throughout 2015, and portend further large impacts to bank overdraft revenue. Foreshadowing this change are the 2013 overdraft study by the CFPB and the proposed rules for prepaid cards published for commentary in December 2014 where prepaid account overdraft is “subject to rules governing credit cards under TILA, EFTA, and their implementing regulations”. That’s right, the CFPB has concluded overdraft for prepaid cards are the same as a loan falling under Reg Z. If the interpretation is applied to checking account debit card overdraft rules, it would effectively turn overdraft fees into finance charges and eliminate a huge portion of remaining profitability for banks from those fees. The good news for banks is that the solution for the new deposits paradigm is accomplished by bringing retail banking platforms into the 21st century that leverage the ability to set exposure for customers at the client level and apportioned to products or features such as overdraft. Proactively managing regulatory change, that is predictable and sure to come, includes banks considering the affordability of consumers and offering products that match the consumer’s needs and ability to repay. The risk decision is not different for unsecured lending in credit cards or for overdraft limits attached to a checking account. Banks becoming more innovative by offering checking accounts enabling consumers more flexible and transparent liquidity management functionality at a reasonable price will differentiate themselves in the market place and with regulatory bodies such as the CFPB. Conducting a capabilities assessment, or business review, to assess product innovation options like combining digital lines of credit with check accounts, will inform your business what you should do to maintain customer profitability. I recommend three steps to begin the change process and proactively manage through the deposit industry regulatory changes that lay ahead: First, assess the impacts of potential lost fees if current overdraft fees are further limited or eliminated and quantify what that means to your product profitability. Second, begin designing alternative pricing strategies, product offerings and underwriting strategies that allow you to set total exposure at a client level and apportion this exposure across lending products that includes overdraft lines and is done in a way that it is transparent to your customers and aligns to what they can afford. Third, but can be done in parallel with steps one and two, begin capability assessments of your financial institution’s core bank decision platform that is used to open and manage customer accounts to ensure your technology is prepared to handle future mandatory regulatory requirements without driving all your customers to your competitors. It is a given that change is inevitable. Deposit organizations are well served to manage this current shift in regulatory policy related to checking account acquisitions in a way consistent with guaranteeing your bank’s competitive advantage. Banks can stay out front of competitors by offering transparent and relevant financial products consumers will be drawn to buy and can’t afford to live without! Thank you for following my blog and insights in DDA best practices. Please accept my invitation to participate in a short market study. Click here to participate. Participants in this 5 minute survey will receive a copy of the results as a token of appreciation.
This is the third post in a three-part series. Experian® is not a doctor. We don’t even play one on TV. However, because of our unique business model and experience with a large number of data providers, we do know data governance. It is a part of our corporate DNA. Our experiences across our many client relationships give us unique insight into client needs and appropriate best practices. Note the qualifier — appropriate. Just as every patient is different in his or her genetic predispositions and lifestyle influences, every institution is somewhat unique and does not have a similar business model or history. Nor does every institution have the same issues with data governance. Some institutions have stabile growth in a defined footprint and a history of conservative audit procedures. Others have grown quickly through aggressive acquisition marketing plans and unique channels and via institution acquisition/merger, leading to multiple receivable systems and data acquisition and retention platforms. Experian has provided valuable services to both environments many times throughout the years. As the regulatory landscape has evolved, lenders/service providers demand a higher level of hands-on experience and regulatory-facing credibility. Most recently, lenders have required assistance on the issues driven by mandates coming from the Comprehensive Capital Analysis and Review (CCAR), Office of the Comptroller of the Currency (OCC) and the Consumer Financial Protection Bureau (CFPB) bulletins and guidelines. Lenders are best served to begin their internal review of their data governance controls with a detailed individual attribute audit and documentation of findings. We have seen these reviews covering fewer than 200 attributes to as many as more than 1,000 attributes. Again, the lender/provider size, analytic sophistication and legacy growth and IT issues will influence this scope. The source and definition of the attribute and any calculation routines should be fully documented. The life cycle stage of attribute acquisition and usage also is identified, and the fair lending implication regarding the use of the attribute across the life cycle needs to be considered and documented. As part of this comprehensive documentation, variances in intended definition and subsequent design and deployment are to be identified and corrective action guidance must be considered and documented for follow-up. Simultaneously, an assessment of the current risk governance policies, processes and documentation typically is undertaken. A third party frequently is leveraged in this review to ensure an objective perspective is maintained. This initiative usually is a series of exploratory reviews and a process and procedures assessment with the appropriate management team, risk teams, attribute design and development personnel, and finally business and end-user teams, as necessary. From these interviews and the review of available attribute-level documentation, documents depicting findings and best practices gap analysis are produced to clarify the findings and provide a hierarchy of need to guide the organization’s next steps: A more recent evolution in this data integrity ecosystem is the implication of leveraging a third party to house and manipulate data within client specifications. When data is collected or processed in “the cloud,” consistent data definitions are needed to maintain data integrity and to limit operational costs related to data cleansing and cloud resource consumption. Maintaining the quality of customer personal data is a critical compliance and privacy principle. Another challenge is that of maintaining cloud-stored data in synchronization with on-premises copies of the same data. Delegation to a third party does not discharge the organization from managing risk and compliance or from having to prove compliance to the appropriate authorities. In summary, a lender/service provider must ensure it has developed a rigorous data governance ecosystem for all internal and external processes supporting data acquisition, retention, manipulation and utilization: A secure infrastructure includes both physical and system-level access and control. Systemic audit and reporting are a must for basic compliance standards. If data becomes corrupted, alternative storage, backup or other mechanisms should be available to protect the information. Comprehensive documentation must be developed to reveal the event, the causes and the corrective actions. Data persistence may have multiple meanings. It is imperative that the institution documents the data definition. Changes to the data must be documented and frequently will lead to the creation of a new data attribute meeting the newer definition to ensure that usage in models and analytics is communicated clearly. Issues of data persistence also include making backups and maintaining multiple archive copies. Periodic audits must validate that data and usage conform to relevant laws, regulations, standards and industry best practices. Full audit details, files used and reports generated must be maintained for inspection. Periodic reporting of audit results up to the board level is recommended. Documentation of action plans and follow-up results is necessary to disclose implementation of adequate controls. In the event of lost or stolen data, appropriate response plans and escalation paths should be in place for critical incidents. Throughout this blog series, we have discussed the issues of risk and benefits from an institution’s data governance ecosystem. The external demands show no sign of abating. The regulators are not looking for areas to reduce their oversight. The institutional benefits of an effective data governance program are significant. Discover how a proven partner with rich experience in data governance, such as Experian, can provide the support your company needs to ensure a rigorous data governance ecosystem. Do more than comply. Succeed with an effective data governance program.
There are two sides to every coin and in banking the question is often to you want to chase the depositor of that coin, or lend it out? Well the Federal Reserve’s decision to hold interest rates at record lows since the economic downturn gave the banks’ in the United States loan portfolios a nice boost from 2010-2011, but the subsequent actions and banking environment resulted in deposit growth outpacing loans – leading to a marked reduction in loan-to-deposit ratios across banks since 2011. In fact currently there is almost $1.30 in deposits for every loan out there today. This, in turn, has manifested itself as a reduction in net interest margins for all U.S. banks over the last three years – a situation unlikely to improve until the Fed hikes interest rates. Additionally, the banks’ have found that while they are now holding on to more of these deposits that additional regulations in the form of the CFPB looking to evaluate account origination processes, Basel III Liquidity concerns, CCAR and CIP & KYP have all made the burden of holding these deposits more costly. In fact the CFPB suggests four items they believe will improve financial institution’s checking account screening policies and practices: Increase the accuracy of data used from CRA’s Identify how institutions can incorporate risk screening tools while not excluding potential accountholders unnecessarily Ensure consumers are aware and notified of information used to decision the account opening process Ensure consumers are informed of what account options exist and how they access products that align with their individual needs Lastly, to add to this already challenging environment, technology has switched the channel of choice to your smartphone and has introduced a barrage of risks associated with identity authentication – as well as operational opportunities. As leaders in retail banking and in addressing the needs of your customers, I would like to extend an invitation on behalf of Experian for you to participate in our latest survey on the changing landscape of DDA opportunities. How are regulations changing your product set, what role does mobile play now and in the future, and what are your top priorities for 2015 and beyond? These are just a few of the insights we would like to gain from experts such as you. To access our survey, please click here. Our brief survey should take no more than seven minutes to complete and your insights will be highly valued as we look to better support you and your organization’s demand product needs. Our survey period will close in three weeks, so please respond now. As a sign of our appreciation for your insights, we will send all participants an anonymous aggregation of the responses so that you can see how others view the retail banking marketplace. So take advantage of this chance to learn from your peers and participate in this industry study and don’t leave your strategy to a flip of a coin.
This is the second post in a three-part series. Imagine the circumstances of a traveler coming to a never before visited culture. The opportunity is the new sights, cuisine and cultural experiences. Among the risks is the not before experienced pathogens and the strength of the overall health services infrastructure. In a similar vein, all too frequently we see the following conflict within our client institutions. The internal demands of an ever-increasing competitive landscape drive businesses to seek more data; improved ease of accessibility and manipulation of data; and acceleration in creating new attributes supporting more complex analytic solutions. At the same time, requirements for good governance and heightened regulatory oversight are driving for improved documentation and controlled access, all with improved monitoring and documented and tested controls. As always, the traveler/businessman must respond to the environment, and the best medicine is to be well-informed of both the perils and the opportunities. The good news is that we have seen many institutions invest significantly in their audit and compliance functions over the past several years. This has provided the lender with both better insights into its current risk ecosystem and the improved skill set to continue to refine those insights. The opportunity is for the lender to leverage this new strength. For many lenders, this investment largely has been in response to broadening regulatory oversight to ensure there are proper protocols in place to confirm adherence to relevant rules and regulations and to identify issues of disparate impact. A list of the more high-profile regulations would include: Equal Credit Opportunity Act (ECOA) — to facilitate enforcement of fair lending laws and enable communities, governmental entities and creditors to identify business and community development needs and opportunities of women-owned, minority-owned and small businesses. Home Mortgage Disclosure Act (HMDA) — to require mortgage lenders to collect and report additional data fields. Truth in Lending Act (TLA) — to prohibit abusive or unfair lending practices that promote disparities among consumers of equal creditworthiness but of different race, ethnicity, gender or age. Consumer Financial Protection Bureau (CFPB) — evolving rules and regulations with a focus on perceptions of fairness and value through transparency and consumer education. Gramm-Leach-Bliley Act (GLBA) — requires companies to give consumers privacy notices that explain the institutions’ information-sharing practices. In turn, consumers have the right to limit some, but not all, sharing of their information. Fair Debt Collections Practices Act (FDCPA) — provides guidelines for collection agencies that are seeking to collect legitimate debts while providing protections and remedies for debtors. Recently, most lenders have focused their audit/compliance activities on the analytics, models and policies used to treat consumer/client accounts/relationships. This focus is understandable since it is these analytics and models that are central to the portfolio performance forecasts and Comprehensive Capital Analysis and Review (CCAR)–mandated stress-test exercises that have been of greater emphasis in responding to recent regulatory demands. Thus far at many lenders, this same rigor has not yet been applied to the data itself, which is the core component of these policies and frequently complex analytics. The strength of both the individual consumer–level treatments and the portfolio-level forecasts is negatively impacted if the data underlying these treatments is compromised. This data/attribute usage ecosystem demands clarity and consistency in attribute definition; extraction; and new attribute design, implementation to models and treatments, validation and audit. When a lender determines there is a need to enhance its data governance infrastructure, Experian® is a resource to be considered. Experian has this data governance discipline within our corporate DNA — and for good reason. Experian receives large and small files on a daily basis from tens of thousands of data providers. In order to be sure the data is of high quality so as not to contaminate the legacy data, rigorous audits of each file received are conducted and detailed reports are generated on issues of quality and exceptions. This information is shared with the data provider for a cycle of continuous improvement. To further enhance the predictive insights of the data, Experian then develops new attributes and complex analytics leveraging the base and developed attributes for analytic tools. This data and the analytic tools then are utilized by thousands of authorized users/lenders, who manage broad-ranging relationships with millions of individuals and small businesses. These individuals and businesses then have rights to reproach Experian for error(s) both perceived and actual. This demanding cycle underscores the value of the data and the value of our rigorous data governance infrastructure. This very same process occurs at many lenders sites. Certainly, a similar level of data integrity born from a comprehensive data governance process also is warranted. In the next and final blog in this series, we will explore how a disciplined business review of an institution’s data governance process is conducted. Discover how a proven partner with rich experience in data governance, such as Experian, can provide the support your company needs to ensure a rigorous data governance ecosystem. Do more than comply. Succeed with an effective data governance program.
Opening a new consumer checking account in the 21st century should be simple and easy to understand as a customer right? Unfortunately, not all banks have 21st century systems or processes reflecting the fact that negotiable order of withdrawal (NOW) accounts, or checking accounts, were introduced decades ago within financial institutions and often required the consumer to be in person to open the account. A lot has changed and consumers demand simpler and transparent account opening processes with product choices that match their needs at a price that they’re willing to pay. Financial institutions that leverage modernized technology capabilities and relevant decision information have the best chance to deliver consumer friendly experiences that meet consumer expectations. It is obvious to consumers when we in the financial services industry get it right and when we don’t. The process to open a checking account should be easily understood by consumers and provide them with appropriate product choices that aren’t “one size fits all”. Banks with more advanced core-banking systems incorporating relevant and compliant decision data and transparent consumer friendly approval processes have a huge opportunity to differentiate themselves positively from competitors. The reality is that banking deposit management organizations throughout the United States continue to evolve check screening strategies, technology and processes. This is done in an effort to keep up with evolving regulatory expectations from the consumer advocacy regulatory bodies such as the Consumer Financial Protection Bureau (CFPB) and designed to improve transparency of checking account screening for new accounts for an increased number of consumers. The CFPB advocates that financial institutions adopt new checking account decision processes and procedures that maintain sound management practices related to mitigating fraud and risk expense while improving consumer transparency and increasing access to basic consumer financial instruments. Bank shareholders demand that these accounts be extended to consumers profitably. The CFPB recognizes that checking accounts are a basic financial product used by almost all consumers, but has expressed concerns that the checking account screening processes may prevent access to some consumers and may be too opaque with respect to the reasons why the consumer may be denied an account. The gap between the expectations of the CFPB, shareholders and bank deposit management organization’s current products and procedures are not as wide as they may seem. The solution to closing the gap includes deploying a more holistic approach to checking account screening processes utilizing 21st century technology and decision capabilities. Core banking technology and checking products developed decades ago leave banks struggling to enact much needed improvements for consumers. The CFPB recognizes that many financial institutions rely on reports used for checking account screening that are provided by specialty consumer reporting agencies (CRAs) to decision approval for new customers. CRAs specialize in checking account screening and provide financial institutions with consumer information that is helpful in determining if a consumer should be approved or not. Information such as the consumer’s check writing and account history such as closed accounts or bounced checks are important factors in determining eligibility for the new account. Financial institutions are also allowed to screen consumers to assess if they may be a credit risk when deciding whether to open a consumer checking account because many consumers opt-in for overdraft functionality attached to the checking account. Richard Cordray, the CFPB Director, clarified the regulatory agency’s position as to how consumers are treated in checking account screening processes within his prepared remarks at a forum on this topic in October 2014. “The Consumer Bureau has three areas of concern. First, we are concerned about the information accuracy of these reports. Second, we are concerned about people’s ability to access these reports and dispute any incorrect information they may find. Third, we are concerned about the ways in which these reports are being used.” The CFPB suggests four items they believe will improve financial institution’s checking account screening policies and practices: Increase the accuracy of data used from CRA’s Identify how institutions can incorporate risk screening tools while not excluding potential accountholders unnecessarily Ensure consumers are aware and notified of information used to decision the account opening process Ensure consumers are informed of what account options exist and how they access products that align with their individual needs Implementing these steps shouldn’t be too difficult to accomplish for deposit management organizations as long as they are fully leveraging software such as Experian’s PowerCurve customized for deposit account origination, relevant decision information such as Experian’s Precise ID Platform and Vantage Score 3.0 combined with consumer product offerings developed within the bank and offered in an environment that is real-time where possible and considers the consumer’s needs. Enhancing checking account screening procedures by taking into account consumer’s life-stage, affordability considerations, unique risk profile and financial needs will satisfy expectations of the consumers, regulators and the financial institution shareholders. Financial institutions that use technology and data wisely can reduce expenses for their organizations by efficiently managing fraud, risk and operating costs within the checking account screening process while also delighting consumers. Regulatory agencies are often delighted when consumers are happy. Shareholders are delighted when regulators and consumers are happy. Reengineering checking account opening processes for the modern age results in a win-win-win for consumers, regulators and financial institutions. Discover how an Experian Global Consultant can help you with your banking deposit management needs.
Not long ago, I spoke at the eSign Records conference in NYC. During Q&A, someone asked a question that comes up often: What is the future of knowledge-based authentication (KBA)? It is no secret that there are people in the industry who believe the usefulness of KBA has run its course; however, I have to respectfully disagree. Industry guidance such as the FFIEC Guidance of Authentication in an Internet Banking Environment is a solid foundational direction that calls out the need for institutions to move beyond simple device to more complex device intelligence and more complex out-of-wallet identity verification procedures. Institutions across all markets, both private and public sectors, should be exploring all available services and technologies in an effort to reduce reliance on one or only a few methods of authentication and identity management. Particularly, again, assuming that the one method an institution may rely on could be greatly weakened or without value if subject to mass compromise. KBA continues to be a valuable component in a layered authentication strategy as it effectively reduces both false positives and false negatives in the fast majority of authentication processes, leaving improved customer experience and better use of limited resources to treat true fraud risk. Experian has been hosting the Future of Fraud and Identity events discussing current fraud and authentication trends aimed at helping the industry. Make sure to download our fraud prevention protect whitepaper to gain more insight on regulations affecting financial institutions and how you can prepare your business.
This is the first post in a three-part series. You’ve probably heard the adage “There is a little poison in every medication,” which typically is attributed to Paracelsus (1493–1541), the father of toxicology. The trick, of course, is to prescribe the correct balance of agents to improve the patient while doing the least harm. One might think of data governance in a similar manner. A well-disciplined and well-executed data governance regimen provides significant improvements to the organization. So too, an overly restrictive or poorly designed and/or ineffectively monitored data governance ecosystem can result in significant harm; less than optimal models/scorecards, inaccurate reporting, imprecise portfolio outcome forecasts and poor regulatory reports, subsequently resulting in significant investment and loss of reputation. In this blog series, we will address the issues and best practices associated with the broad mandate of data governance. In its simplest definition, data governance is the management of the availability, usability, integrity and security of the data employed in an enterprise. A sound data governance program includes a governing body or council, a defined set of procedures and a plan to execute those procedures. Well, upon quick reflection, effective data governance is not simple at all. After all, data is ubiquitous, is becoming more available, encompasses aspects of our digital lives not envisioned as little as 15 years ago and is constantly changing as people’s behavior changes. To add another level of complexity, regulatory oversight is becoming more pervasive as regulations passed since the Great Recession have become more intrusive, granular and demanding. When addressing issues of data governance lenders, service providers and insurers find themselves trying to incorporate a wide range of issues. Some of these are time-tested best practices, while others previously were never considered. Here is a reasonable checklist of data governance concerns to consider: Who owns the data governance responsibility within the organization? Is the data governance group seen as an impediment to change or is it a ready part of the change management culture? Is the backup and retrieval discipline — redundancy and recovery — well-planned and periodically tested? How agile/flexible is the governance structure to new data sources? How does the governance structure document and reconcile similar data across multiple providers? Are there appropriate and documented approvals and consents from the data provider(s) for all disclosures? Are systemic access and modification controls and reporting fully deployed and monitored for periodic refinement? Does the monitoring of data integrity, persistence and entitled access enable a quick fix culture where issues are identified and resolved at the source of the problem and not settled by downstream processes? Are all data sources, including those that are proprietary, fully documented and subject to systemic accuracy/integrity reporting? Once obtained, how is the data stored and protected in both definition and accessibility? How do we alter data and leverage the modified outcome? Are there reasonable audits and tracking of downstream reporting? In the event of a data breach, does the organization have well-documented protocols and notification thresholds in place? How recently and to what extent have all data retrieval, manipulation, usage and protection policies and processes been audited? Are there scheduled and periodic reports made to the institution board on issues of data governance? Certainly, many institutions have most of these aspects covered. However, “most” is imprecise medicine, and ill effects are certain to follow. As Paracelsus stated, “The doctor can have a stronger impact on the patient than any drug.” As in medical services, for data governance initiatives those impacts can be beneficial or harmful. In our next blog, we’ll discuss observations of client data governance gaps and lessons learned in evaluating the existing data governance ecosystem. Make sure to read Compliance as a Differentiator perspective paper for deeper insight on regulations affecting financial institutions and how you can prepare your business. Discover how a proven partner with rich experience in data governance, such as Experian, can provide the support your company needs to ensure a rigorous data governance ecosystem. Do more than comply. Succeed with an effective data governance program.
By: Mike Horrocks I am at the Risk Management Association’s annual conference in DC and I feel like I am back to where my banking career began. One of the key topics here is how important the Risk Rating Grade is and what impact that right or wrong Risk Rating Grade can have on the bank. It is amazing to me how a risk rating is often a shot in the dark at some institutions or can even vary on the training of one risk manager to another. For example, you could have a commercial credit with fantastic debt service coverage and have it tied to a terrible piece of collateral and that risk rating grade will range anywhere from prime type credit (cash flow is king and the loan will never default – so why concern ourselves with collateral) to low, subprime (do we really want that kind of collateral dragging us down or in our OREO portfolio?), to anywhere in between. Banks need to define the attributes of a risk rating grade and consistently apply that grade. The failure of doing that will lead to having that poor risk rating grade impact ALLL calculations (with either an over allocation or not enough) and then that will roll into the loan pricing (making you more costly or not enough to match for the risk). The other thing I hear consistently is that we don’t have the right solutions or resources to complete a project like this. Fortunately there is help. A bank should never feel like they should try to do this alone. I recall how it was an all hands on deck when I first started out to make sure we were getting the right loan grading and loan pricing in place at the first super-regional bank I worked at – and that was without all the compliance pressure of today. So take a pause and look at your loan grading approach – is it passing or failing your needs? If it is not passing, take some time to read up on the topic, perhaps find a tutor (or business partner you can trust) and form a study group of your best bankers. This is one grade that needs to be at the top of the class. Looking forward to more from RMA 2014!
By: Joel Pruis I have just completed the first of two presentations on Model Risk Governance at the RMA Annual Conference. The focus of the presentation was the compliance with the Model Risk Governance guidance at the smaller asset sized financial institutions. The big theme across all of the attendees at the first session was the need for resources to execute on the Model Risk Governance. Such resources are scarce at the smaller asset sized institutions forcing the need and use for external vendors to assist in the development and ongoing validation of any models in use. With that said, the one area that cannot be outsourced is the model risk governance responsibility of the financial institution. While resources are few, we have to look for existing roles within the organization to support the model risk governance such as: - Internal Audit - reviewing process, inputs, consistency - Loan Review - accuracy, consistency, thresholds, etc. - Compliance - Data usage, pricing consistency, etc. Start gathering your governance team at your organization and begin the effort around model risk governance! Discover how an Experian business consultant can help with your Model Risk Governance strategies and processes. Also, if you are interested in gaining deeper insight on regulations affecting financial institutions and how to prepare your business, download Experian’s Compliance as a Differentiator perspective paper.
Learn More Image
