Tag: regulatory compliance
As more financial institutions express interest and leverage alternative credit data sources to decision and assess consumers, lenders want to be assured of how they can best utilize this data source and maintain compliance. Experian recently interviewed Philip Bohi, Vice President for Compliance Education for the American Financial Services Association (AFSA), to learn more about his perspective on this topic, as well as to gain insights on what lenders should consider as they dive into the world of alternative credit data. Alternative data continues to be a hot topic in the financial services space. How have you seen it evolve over the past few years? It’s hard to pinpoint where it began, but it has been interesting to observe how technology firms and people have changed our perceptions of the value and use of data in recent years. Earlier, a company’s data was just the information needed to conduct business. It seems like people are waking up to the realization that their business data can be useful internally, as well as to others. And we have come to understand how previously disregarded data can be profoundly valuable. These insights provide a lot of new opportunities, but also new questions. I would also say that the scope of alternative credit data use has changed. A few years ago, alternative credit data was a tool to largely address the thin- and no-file consumer. More recently, we’ve seen it can provide a lift across the credit spectrum. We recently conducted a survey with lenders and 23% of respondents cited “complying with laws and regulations” as the top barrier to utilizing alternative data. Why do you think this is the case? What are the top concerns you hear from lenders as it relates to compliance on this topic? The consumer finance industry is very focused on compliance, because failure to maintain compliance can kill a business, either directly through fines and expenses, or through reputation damage. Concerns about alternative data come from a lack of familiarity. There is uncertainty about acquiring the data, using the data, safeguarding the data, selling the data, etc. Companies want to feel confident that they know where the limits are in creating, acquiring, using, storing and selling data. Alternative data is a broad term. When it comes to utilizing it for making a credit decision, what types of alternative data can actually be used? Currently the scope is somewhat limited. I would describe the alternative data elements as being analogous to traditional credit data. Alternative data includes rent payments, utility payments, cell phone payments, bank deposits, and similar records. These provide important insights into whether a given consumer is keeping up with financial obligations. And most importantly, we are seeing that the particular types of obligations reflected in alternative data reflect the spending habits of people whose traditional credit files are thin or non-existent. This is a good thing, as alternative data captures consumers who are paying their bills consistently earlier than traditional data does. Serving those customers is a great opportunity. If a lender wants to begin utilizing alternative credit data, what must they know from a compliance standpoint? I would begin with considering what the lender’s goal is and letting that guide how it will explore using alternative data. For some companies, accessing credit scores that include some degree of alternative data along with traditional data elements is enough. Just doing that provides a good business benefit without introducing a lot of additional risk as compared to using traditional credit score information. If the company wants to start leveraging its own customer data for its own purposes, or making it available to third parties, that becomes complex very quickly. A company can find itself subject to all the regulatory burdens of a credit-reporting agency very quickly. In any case, the entire lifecycle of the data has to be considered, along with how the data will be protected when the data is “at rest,” “in use,” or “in transit.” Alternative data used for credit assessment should additionally be FCRA-compliant. How do you see alternative credit data evolving in the future? I cannot predict where it will go, but the unfettered potential is dizzying. Think about how DNA-based genealogy has taken off, telling folks they have family members they did not know and providing information to solve old crimes. I think we need to carefully balance personal privacy and prudent uses of customer data. There is also another issue with wide-ranging uses of new data. I contend it takes time to discern whether an element of data is accurately predictive. Consider for a moment a person’s utility bills. If electricity usage in a household goes down when the bills in the neighborhood are going up, what does that tell us? Does it mean the family is under some financial strain and using the air conditioning less? Or does it tell us they had solar panels installed? Or they’ve been on vacation? Figuring out what a particular piece of data means about someone’s circumstances can be difficult. About Philip Bohi Philip joined AFSA in 2017 as Vice President, Compliance Education. He is responsible for providing strategic direction and leadership for the Association’s compliance activities, including AFSA University, and is the staff liaison to the Operations and Regulatory Compliance Committee and Technology Task Forces. He brings significant consumer finance legal and compliance experience to AFSA, having served as in-house counsel at Toyota Motor Credit Corporation and Fannie Mae. At those companies, Philip worked closely with compliance staff supporting technology projects, legislative tracking, and vendor management. His private practice included work on manufactured housing, residential mortgage compliance, and consumer finance matters at McGlinchey Stafford, PLLC and Lotstein Buckman, LLP. He is a member of the Virginia State Bar and the District of Columbia Bar. Learn more about the array of alternative credit data sources available to financial institutions.
There’s no question today’s consumers have high expectations. As financial services companies wrestle with the laws and consumer demands, here are a few points to consider: While digital delivery channels may be new, the underlying credit product remains the same. With digital delivery, adhere to credit regulations, but build in enhanced policies and technological protocols. Consult your legal, risk and compliance teams regularly. Embrace the multitude of delivery methods, including email, text, digital display and beyond. When using the latest technology, you need to work with the right partners. They can help you respect the data and consumer privacy laws, which is the foundation on which strategies should be built. Learn more
Consumers and businesses alike have been hyper-focused on all things data over the past several months. From the headlines surrounding social media privacy, to the flurry of spring emails we’ve all received from numerous brands due to the recent General Data Protection Regulation (GDPR) going into effect in Europe, many are trying to assess the data “sweet spot.” In the financial services space, lenders and businesses are increasingly seeking to leverage enhanced digital marketing channels and methods to deliver offers and invitations to apply. But again, many want to know, what are the data rules and how can they ensure they are playing it safe in such a highly regulated environment. In an Experian-hosted webinar, Credit Marketing in the Digital Age, the company recently featured a team of attorneys from Venable LLP’s award-winning privacy and advertising practice. There’s no question today’s consumers expect hyper-targeted messages and user experiences, but with the number of data breaches on the rise, there is also the concern around data access. Who has my data? Is it safe? Are companies using it in the appropriate way? As financial services companies wrestle with the laws and consumer expectations, the Venable legal team provided a few insights to consider. While the digital delivery channels may be new, the underlying credit product remains the same. A prescreened offer is a prescreened offer, and an application for credit is still an application for credit. The marketing of these and other credit products is governed by an array of pre-existing laws, regulations, and self-regulatory principles that combine to form a unique compliance framework for each of the marketing channels. Adhere to credit regulations, but build in enhanced policies and technological protocols with digital delivery. With digital delivery of the offer, lenders should be thinking about the additional compliance aspects attached to those varying formats. For example, in the case of digital display advertising, you should pay close attention to ensuring delivery of the ad to the correct consumer, with suitable protections in place for sharing data with vendors. Lenders and service providers also should think about using authentication measures to match the correct consumer with a landing page containing the firm offer along with the appropriate disclosures and opt-outs. Strong compliance policies are important for all participants in this process. Working with a trusted vendor that has a commitment to data security, compliance by design, and one that maintains an integrated system of decisioning and delivery, with the ability to scrub for FCRA opt-outs, is essential. Consult your legal, risk and compliance teams. The digital channels raise questions that can and must be addressed by these expert audiences. It is so important to partner with service providers that have thought this through and can demonstrate a compliance framework. Embrace the multitude of delivery methods. Yes, there are additional considerations to think about to ensure compliance, but businesses should seek opportunities to reach their consumers via email, text, digital display and beyond. Also, digital credit offers need not replace mail and phone and traditional channels. Rather, emerging digital channels can supplement a campaign to drive the response rates higher. In Mary Meeker’s annual tech industry report, she touched on a phenomenon called the “privacy paradox” in which companies must balance the need to personalize their products and services, but at the same time remain in good favor with consumers, watchdog groups and regulators. So, while financial services players have much to consider in the regulatory space, the expectation is they embrace the latest technology advancements to interact with their consumers. It can be done and the delivery methods exist today. Just ensure you are working with the right partners to respect the data and consumer privacy laws.
On May 11, 2018, financial institutions will be required to perform Customer Due Diligence routines for their legal entity customers, such as a corporation or limited liability company. Here are 3 facts that you should know about this upcoming rule: When validating ownership, financial institutions can accept what customers have provided unless they have a reason to believe otherwise. Some possible trigger events requiring review of beneficial ownership information for existing accounts include: change in ownership and law enforcement warrants or subpoenas. When collecting and updating beneficial ownership information, the financial institution must retain the original and updated information. While financial institutions are required to collect the same basic customer identification program information from business owners that is required from consumer customers, your current policies may not satisfy this new rule. Learn more
June 2018 will mark the one-year anniversary of the National Institute of Standards and Technology (NIST) release of Special Publication 800-63-3, Digital Identity Guidelines. While federal agencies are the most directly impacted, this guidance signals a seismic shift in identity proofing across the entire ecosystem of consumers, private sector businesses and public sector agencies. It’s the clearest claim I’ve seen to date that traditional, and rather basic, personally identifiable information (PII) verification should no longer be trusted for remote user interaction. For those of us in the fraud and identity space, this isn’t a new revelation, but one we as an industry have been dealing with for years. As the data breach floodgates continue to be pushed further open, PII is a commodity for the fraudsters, evident in PII prices on the dark web, which are often lower than your favorite latte. Identity-related schemes have increased due to fraud attacks shifting away from card compromise (due to the U.S. rollout of chip-and-signature cards), double-digit growth in online and mobile consumer channels, and high-profile fraud events within both the public and private sector. It’s no shock that NIST has taken a sledgehammer to previous guidance around identity proofing and replaced it with an aggressive and rather challenging set of requirements seemingly founded in the assumption that all PII (names, addresses, dates of birth, Social Security numbers, etc.) is either compromised or easily can be compromised in the future. So where does this leave us? I applaud the pragmatic approach to the new NIST standards and consider it a signal to all of us in the identity marketplace. It’s aggressive and aspirational in raising the bar in identity proofing and management. I welcome the challenge in serving our public sector clients, as we have done for nearly a decade. Our innovative approach to layered levels of identity verification, validation, risk assessment and monitoring adhere to the recommendations of the new NIST standards. I do, however, recommend that any institution applying these standards to their own processes and applications ensure they place equal focus on comparable alternatives for those addressable populations and users who are likely to either opt out of, or fail, initial verification steps stringently aligned with the new requirements. While too early to accurately forecast, it’s relatively safe to assume that the percentage of the population “falling out of the process” may easily be counted in the double digits. It’s only through advanced analytics and technology reliant on a significant breadth and depth of identity data and observations that we can provide trust and confidence across such a diverse population in age, demographics, expectations and access.
Regardless of personal political affiliation or opinion, the presidential election is over, and the focus has shifted from debate to the impact the new administration will have on the regulatory landscape for banks. While many questions remain regarding the policy direction of a Trump administration, one thing is near certain: change is on the horizon. While on the campaign trail, Trump took aim at banking regulation: “Dodd-Frank has made it impossible for bankers to function. It makes it very hard for bankers to loan money…for people with businesses to create jobs. And that has to stop.” And in his first post-election interview, Trump outlined named financial industry deregulation to allow “banks to lend again” as a priority. Before Election Day, Experian surveyed members of the financial community about their thoughts on regulatory affairs. An overwhelming majority—85 percent—believed the election outcome would impact the current environment. Most surveyed are also feeling the weight of financial regulations established by the Obama administration in the wake of the severe financial crisis of 2008. Five out of six respondents feel current regulations have placed an undue burden on financial institutions. Three-quarters believe the regulations reduce the availability of credit. And less than half believe the regulations are positive for consumers. According to our survey, complying with Dodd-Frank and other regulations has a financial impact for most, with 76 percent realizing a significant increase in spend since 2008. Personnel and technology spend top the list, with an increase of 78 percent and 76 percent, respectively. Top regulations that require the most resources to ensure compliance: the Dodd-Frank Act (70 percent), Fair Lending Act (55), Bank Secrecy Act/Anti-Money Laundering (47) and Fair Credit Reporting Act (42). Specifically, the Dodd Frank and TILA-RESPA Integrated Disclosure were the two most frequently mentioned regulations requiring additional investment, followed by the Military Lending Act and Bank Secrecy Act/Anti-Money Laundering. What lies ahead? It’s difficult to determine how the Trump administration will tackle banking regulations and policy, but change is in the air.
How will the FinCEN revisions impact your business? (Part 2) I recently discussed the new FinCEN requirements to Customer Due Diligence. This time, I’d like to focus on the recent FinCEN advisory regarding “email-compromise fraud.” This new advisory sheds additional light on the dual threats of both Email Account Compromise impacting the general public and Business Email Compromise that targets businesses. FinCEN has rightly identified and communicated several high-risk conditions common to the perpetration of scams such as varied languages, slight alterations in email addresses, out-of-norm account and transaction information, and social engineering in the form of follow-up requests for additional transfers. In addition to introducing operational standards to detect such conditions, institutions also would benefit from these other tactics and focal points as they respond to email requests for financial transfers: Email validation and verification — use of third-party vendor services that can deliver a measurable level of confidence in the association of an email address to an actual, true identity. Multifactor authentication — use of dual-step or out-of-band verification of the requested transaction using alternate channels such as phone. Robust KYC/CIP at application and account opening to ensure that name, address, date of birth and Social Security number are verified and positively and consistently linked to a single identity, as well as augmented with phone and email verification and association for use in customer communications and multifactor authentications. Customer transactional monitoring in the form of establishing typical or normal transfer activity and thresholds for outlying variations of concern. Known and suspected fraud databases updated in real time or near real time for establishing blacklist emails to be segmented as high risk or declines upon receipt. Identity application and transactional link analysis to monitor for and detect the use of shared and manipulated email addresses across multiple transaction requests for disparate identities. Access to device intelligence and risk assessment to ensure consistent association of a true customer with one or more trusted devices and to detect variance in those trusted associations. Which of these 7 tactics are you using to stop email-compromise fraud?
How will the FinCEN revisions impact your business? (Part 1) Some recently published FinCEN revisions and advisories are causing a stir. First, let’s look at revisions to Customer Due Diligence that require compliance by May 2018. Under the updated requirements for Customer Due Diligence, covered financial institutions must expand programs, including Customer Identification Programs (CIP), to include Beneficial Owners of Legal Entity customers. Under the new rule, financial institutions must collect and verify identity information (name, address, date of birth, Social Security number or passport number for foreign individuals): For each Natural Person with at least 25% ownership in the Legal entity and For an individual with significant responsibility for managing or controlling the business — for example, a chief executive officer, a chief financial officer, a chief operating officer, a managing member, a general partner, a president, a vice president or a treasurer The U.S. Treasury estimates that illicit proceeds generated in the United States alone total $400 billion annually. These requirements are intended to prevent anonymous access to financial systems through shielded or minority ownership. While the effort to stem the tide of illicit proceeds is laudable, the impact to business may be significant. Most organizations will need to audit their data collection practices, and many will need to make changes to either data collection or workflow processes to ensure compliance. While quite simple and straightforward on paper, the standardization of additional CIP policies and procedures tend to create substantive impact to the customer experience as well as operational resource allocations and utilization. Covered financial institutions should already be discussing with their current or prospective fraud risk and identity management vendors to ensure that: There is a clear path to altering both data collection and verification of these additional identity elements. Clear and accurate benchmarking around expected verification rates is available ahead of the compliance date to allow for operational workflow design to accommodate both ‘verifications’ and ‘referrals stemming from lack of full verification.’ Service providers are granting access to best-in-class data assets and search & match logic related to identity element verification and risk assessment, along with multi-layered options to reconcile those initial verification ‘fails.’ Full business reviews and strategy design sessions are underway or being scheduled to align and document overall objectives of the program, benchmarking of leading industry practices, current and future state gaps, near- and long-term initiatives and a prioritized roadmap, a viable business case toward additional investment in services and resources, and a plan of execution. Will this impact your business? Will you need to make any changes? Click here to read part two - FinCEN and email-compromise fraud.
In this new Telephone Consumer Protection Act (TCPA) era, calling your customers isn’t a thing of the past. It’s still okay to reach out to your clients by phone, whether to offer a new product or collect on an overdue bill. But strict compliance with TCPA rules is critical for any business that contacts customers by phone. Some of the very best ways you can protect yourself from TCPA exposure is to follow four steps when creating your dialing strategy: Customer consent: It’s important to maintain and update your customers’ contact preferences and consent to call them. Simply having a phone number on an application isn’t sufficient. Companies are required to have written permission, such as “I consent to calling my cell phone when there’s a problem …” Remember, permission may only be granted by the party who subscribes to the cellular service or who regularly uses that cell phone number. Landline or wireless?: Your database should also include the phone type for the telephone numbers you have for your customers. The dialing rules differ depending on the phone type, so it’s critical to know the type of phone you are calling or texting. Verify ownership: Ownership of cell phones should especially be validated to ensure the number hasn’t been reassigned and that the person who gave consent still owns the phone. One call can be made to a reassigned number with no liability, assuming you have no knowledge the number has changed. Repeating the action could lead to fines from $500 to $1,500 per infraction. Scrub Your Database: Have practices in place to remove any confirmed reassigned phone numbers from your database. This will help to improve your right-party contact rate and save you from potential TCPA headaches. No one disagrees that calling cell numbers is a risky business, but it can be done if you set the proper workflow in motion. Click here to learn more about Experian solutions that will help to reduce your TCPA compliance risk.
On June 2, the Consumer Financial Protection Bureau (CFPB) proposed a rule aimed at “payday lending” that will apply to virtually all lenders, with request for comments by Sept. 14. Here is a summary of the basic provisions of the proposed rule. However, with comments, the proposal is more than 1,300 pages in length, and the proposed rule and examples are more than 200 pages long. It is necessary to review the details of the proposed rule to understand its potential impact on your products and processes fully. You may wish to review your current and future offerings with your institution’s counsel and compliance officer to determine the potential impact if major provisions of this proposed rule are finalized by the CFPB. Coverage The proposal generally would cover two categories of loans. First, the proposal generally would cover loans with a term of 45 days or less. Second, the proposal generally would cover loans with a term greater than 45 days, provided that they have an all-in annual percentage rate greater than 36 percent and either are repaid directly from the consumer’s account or income or are secured by the consumer’s vehicle. Ability to repay For both categories of covered loans, the proposal would identify it as an abusive and unfair practice for a lender to make a covered loan without reasonably determining that the consumer has the ability to repay the loan. Or if the lender does not determine if the consumer can make payments due, as well as meet major financial obligations and basic living expenses during and for 30 days after repayment. Lenders would be required to verify the amount of income that a consumer receives, after taxes, from employment, government benefits or other sources. In addition, lenders would be required to check a consumer’s credit report to verify the amount of outstanding loans and required payments. “Safe Harbor” The proposed rule would provide lenders with options to make covered loans without satisfying the ability-to-repay and payment notice requirements, if those loans meet certain conditions. The first option would be offering loans that generally meet the parameters of the National Credit Union Administration “payday alternative loans” program, where interest rates are capped at 28 percent and the application fee is no more than $20. The other option would be offering loans that are payable in roughly equal payments with terms not to exceed two years and with an all-in cost of 36 percent or less, not including a reasonable origination fee, so long as the lender’s projected default rate on these loans is 5 percent or less. The lender would have to refund the origination fees any year that the default rate exceeds 5 percent. Lenders would be limited as to how many of either type of loan they could make per consumer per year. Outstanding loans The proposal also would impose certain restrictions on making covered loans when a consumer has — or recently had — certain outstanding loans. These provisions are extensive and differ between short- and long-term loans. For example: Payday and single-payment auto title: If a borrower seeks to roll over a loan or returns within 30 days after paying off a previous short-term debt, the lender would be restricted from offering a similar loan. Lenders could only offer a similar short-term loan if a borrower demonstrated that their financial situation during the term of the new loan would be materially improved relative to what it was since the prior loan was made. The same test would apply if the consumer sought a third loan. Even if a borrower’s finances improved enough for a lender to justify making a second and third loan, loans would be capped at three in succession followed by a mandatory 30-day cooling-off period. High-cost installment loans: For consumers struggling to make payments under either a payday installment or auto title installment loan, lenders could not refinance the loan into a loan with similar payments. This is unless a borrower demonstrated that their financial situation during the term of the new loan would be materially improved relative to what it was during the prior 30 days. The lender could offer to refinance if that would result in substantially smaller payments or would substantially lower the total cost of the consumer’s credit. Payments Furthermore, it would be defined as an unfair and abusive practice to attempt to withdraw payment from a consumer’s account for a covered loan after two consecutive payment attempts have failed, unless the lender obtains the consumer’s new and specific authorization to make further withdrawals from the account. The proposal would require lenders to provide certain notices to the consumer before attempting to withdraw payment for a covered loan from the consumer’s account unless exempt under one of the “safe harbor” options. Registered information systems Finally, the proposed rule would require lenders to use credit reporting systems to report and obtain information about loans made under the full-payment test or the principal payoff option. These systems would be considered consumer reporting companies, subject to applicable federal laws and registered with the CFPB. Lenders would be required to report basic loan information and updates to that information. The proposed regulation may be found here.
Compliance definitions LOA, CIP, FACTA, KYC — These acronyms seem endless, and navigating compliance can be both confusing and a painful drain on resources. How do you know the best approach for your institution? Should you look at regulations for Know Your Customer (KYC) or the Customer Identification Program (CIP)? What about the levels of assurance (LOAs) or the Fair and Accurate Credit Transactions Act (FACTA) Red Flags Rule? Does the USA PATRIOT Act affect your industry? The myriad guidelines, rules and mandates surrounding fraud compliance are changing the way organizations do business. Let’s start with some brief definitions. CIP/KYC The Customer Identification Program requires banks to form a reasonable belief that they know the true identity of each customer. The CIP must include procedures that specify the identifying information that will be obtained from each customer, along with reasonable and practical risk-based procedures for verifying each customer’s identity. The Know Your Customer provision is a financial regulatory rule mandated by the Bank Secrecy Act and the USA PATRIOT Act. These guidelines focus on prevention of money laundering and the use of financial institutions to finance terrorist activities. This process has three stages: the CIP, customer due diligence (CDD) and enhanced due diligence (EDD). The last two stages address customer risk from an anti–money laundering perspective. LOA/FACTA (Red Flags Rule) Levels of assurance regarding identity focus on the extent to which electronic authentication may be used to verify that the individual identified in the input data truly is the same person engaging in the electronic transaction. This can be a daunting task — even the National Institute of Standards and Technology acknowledges that electronic authentication of individual people is a technical challenge when performed remotely over an open network. To choose the level of assurance that works within your company structure, you must determine what is needed to maintain the internal compliance and risk thresholds for each business requirement. LOAs are based on two categories: trustworthiness of the identity-proofing process and trustworthiness of the credential-management function (which includes technology and implementation/management). There are four LOA levels: Minimal Assurance Moderate Assurance Substantial Assurance High Assurance The FACTA Red Flags Rule requires institutions to establish a program that identifies ecommerce “red flags.” This program should consist of a pattern, practice or specific activity that indicates the possible existence of identity theft applicable to account-opening activities, existing account maintenance and new activity on accounts that have been inactive for two years or more. Don’t be discouraged In this world of compliance regulations that read like alphabet soup, we understand the challenges of meeting regulations while providing a frictionless customer experience. When an organization strikes the perfect balance between compliance and customer service, it has a competitive advantage that can lead to additional revenue opportunities (e.g., profitably acquiring new customers, detecting fraud and reducing charge-offs, minimizing operational costs, and improving operational efficiencies). To achieve this, businesses need cost-effective, flexible tools that allow them to meet current and future guidelines, manage risk and ultimately authenticate as many true customers as possible — all while segmenting out only the real fraudsters and noncompliant identities. You can be assured that new regulations will come, existing regulations will be redefined and communications on how to comply will be difficult to interpret. To find out more about compliance, click here.
Accuracy matters. It matters in dart throwing, math calculations, and now more than ever, in data reporting. The Consumer Financial Protection Bureau (CFPB) issued a bulletin on Feb. 3 warning banks and credit unions that if they fail to meet accuracy obligations when reporting negative account histories to credit reporting companies, the result could be bureau action. As noted in the Fair Credit Reporting Act (FCRA) section 623, data furnishers have an obligation to ensure the accuracy of the information furnished to a Credit Reporting Agency (CRA). Violation of these rules presents a variety of risks, and the regulatory agencies have enforced harsh consequences. Avoiding penalties is certainly a strong incentive for data furnishers to implement a formal compliance management system and data quality program. But there are additional benefits to ensuring accuracy – most notably keeping customers happy and loyal, and maintaining a reputable brand in the marketplace. Today’s consumers increasingly understand the impact of credit scoring and data reporting, and recognize a poor credit score can impact their lives in major ways. Credit is tied to so many milestone financial moments. Securing mortgage loans, auto loans, obtaining low-interest rate interest credit cards and securing private student loans can all be derailed with an unfavorable and inaccurate credit report. Not to mention credit reports can influence one’s eligibility for rental housing, setting premiums for auto and homeowners insurance in some states, or determining whether to hire an applicant for a job. To properly serve customers who simply expect a fair and accurate representation of their financial history, data furnishers must be able to guarantee the credibility of their reported data. Those organizations that cannot ensure accuracy put their reputation at risk and may lose a customer’s trust and business. “Consumers should not be sidelined out of the basic banking services they need because of the flaws and limitations in a murky system,” Cordray said in the bulletin. “People deserve to have more options for access to lower-risk deposit accounts that can better fit their needs.” The CFPB has handled more than 105,000 credit-reporting complaints in its short history, making credit reporting the third most-complained-about consumer issue. By far the most common types of credit-reporting issues identified by consumers is incorrect information on credit report (77 percent).* Certainly these mistakes are not made intentionally. But speak to a consumer battling an inaccuracy, especially someone in the midst of applying for credit for a specific need, and frustrations can soar quickly. All lenders are advised to maintain a full 360-degree view of data reporting, from raw data submissions to the consumer credit profile. Better data input equals fewer inaccuracies. Additionally, there are comprehensive reporting solutions available to assess the accuracy of consumer credit data. The regulatory environment will without a doubt continue to be a hot topic in the media, fueled by announcements such as these by the CFPB, so lenders should take note and identify processes to ensure complete and utter accuracy. It matters in so many ways, so it’s best to make data reporting a priority now, if it’s not already. Source: CFPB August 2015 Monthly Complaint Report
By:Wendy Greenawalt In my last few blogs, I have discussed how optimizing decisions can be leveraged across an organization while considering the impact those decisions have to organizational profits, costs or other business metrics. In this entry, I would like to discuss how this strategy can be used in optimizing decisions at the point of acquisition, while minimizing costs. Determining the right account terms at inception is increasingly important due to recent regulatory legislation such as the Credit Card Act. These regulations have established guidelines specific to consumer age, verification of income, teaser rates and interest rate increases. Complying with these regulations will require changes to existing processes and creation of new toolsets to ensure organizations adhere to the guidelines. These new regulations will not only increase the costs associated with obtaining new customers, but also the long term revenue and value as changes in account terms will have to be carefully considered. The cost of on-boarding and servicing individual accounts continues to escalate, and internal resources remain flat. Due to this, organizations of all sizes are looking for ways to improve efficiency and decisions while minimizing costs. Optimization is an ideal solution to this problem. Optimized strategy trees can be easily implemented into current processes and ensure lending decisions adhere to organizational revenue, growth or cost objectives as well as regulatory requirements. Optimized strategy trees enable organizations to create executable strategies that provide on-going decisions based upon optimization conducted at a consumer level. Optimized strategy trees outperform manually created trees as they are created utilizing sophisticated mathematical analysis and ensure organizational objectives are adhered to. In addition, an organization can quantify the expected ROI of a given strategy and provide validation in strategies – before implementation. This type of data is not available without the use of a sophisticated optimization software application. By implementing optimized strategy trees, organizations can minimize the volume of accounts that must be manually reviewed, which results in lower resource costs. In addition, account terms are determined based on organizational priorities leading to increased revenue, retention and profitability.
Many compliance regulations such the Red Flags Rule, USA Patriot Act, and ESIGN require specific identity elements to be verified and specific high risk conditions to be detected. However, there is still much variance in how individual institutions reconcile referrals generated from the detection of high risk conditions and/or the absence of identity element verification. With this in mind, risk-based authentication, (defined in this context as the “holistic assessment of a consumer and transaction with the end goal of applying the right authentication and decisioning treatment at the right time\") offers institutions a viable strategy for balancing the following competing forces and pressures: • Compliance – the need to ensure each transaction is approved only when compliance requirements are met; • Approval rates – the need to meet business goals in the booking of new accounts and the facilitation of existing account transactions; • Risk mitigation – the need to minimize fraud exposure at the account and transaction level. A flexibly-designed risk-based authentication strategy incorporates a robust breadth of data assets, detailed results, granular information, targeted analytics and automated decisioning. This allows an institution to strike a harmonious balance (or at least something close to that) between the needs to remain compliant, while approving the vast majority of applications or customer transactions and, oh yeah, minimizing fraud and credit risk exposure and credit risk modeling. Sole reliance on binary assessment of the presence or absence of high risk conditions and identity element verifications will, more often than not, create an operational process that is overburdened by manual referral queues. There is also an unnecessary proportion of viable consumers unable to be serviced by your business. Use of analytically sound risk assessments and objective and consistent decisioning strategies will provide opportunities to calibrate your process to meet today’s pressures and adjust to tomorrow’s as well.
In my last entry, I talked about the challenges clients face in trying to meet multiple and complex regulatory requirements, such as FACT Act’s Red Flags Rule and the USA Patriot Act. While these regulations serve both different and shared purposes, there are some common threads between the two: 1. You must consider the type of accounts and methods of account opening: The type of account offered - credit or deposit, consumer or business – as well as the method of opening – phone, online, or face-to-face – has a bearing on the steps you need to take and the process that will be established. 2. Use of consumer name, address, and identification number:The USA Patriot Act requires each of these – plus date of birth – to open a new account. Red Flags stops short of “requiring” these for new account openings, but it consistently illustrates the use of these Personally Identifiable Information (PII) elements as examples of reasonable procedures to detect red flags. 3. Establishing identity through non-documentary verification:Third party information providers, such as a credit reporting agency or data broker, can be used to confirm identity, particularly in the case where the verification is not done in person. Knowing what’s in common means you can take a look at where to leverage processes or tools to gain operational and cost efficiencies and reduce negative impact on the customer experience. For example, if you’re using any authentication products today to comply with the USA Patriot Act and/or minimize fraud losses, the information you collect from consumers and authentication steps you are already taking now may suffice for a large portion of your Red Flags Identity Theft Prevention Program. And if you’re considering fraud and compliance products for account opening or account management – it’s clear that you’ll want something flexible that, not only provides identity verification, but scales to the compliance programs you put in place, and those that may be on the horizon.
Learn More Image
