Loan servicing compliance deserves a significant investment
The following is a guest post by Shaun W. O’Neill, President and Chief Revenue Officer of Concord Servicing, LLC.
Fintechs committed to compliance in all its forms – regulation, customer communications, data security and disaster recovery – will be well positioned for positive future growth and reputation management.
A critical, but sometimes overlooked, part of the overall picture is loan servicing compliance.
One area of concern, financial crime risk detection, is the subject of a recent LendIt and ComplyAdvantage report titled “Outsized Role of Compliance in Fintech Hypergrowth.”
While the focus was on compliance to identify and thwart financial crime across the lending spectrum, everything related to compliance issues is addressed by the following quote: “Ominously, compliance investments in particular delay sexier investments in a platform or end-user experience. But underinvesting in compliance and risk has devastating effects… According to Compliance Week, in 2020 regulators imposed $2.2 billion in AML fines, compared to $444 million in 2019. The first six months of 2021 reflected a similar trend, with $994 million in fines assessed across 17 actions… While agility and technology help deliver products with less overhead, these features can hamper operations. For example, digital banks “must show compliance with all relevant regulations – even though they often operate with much smaller compliance teams.”
Underinvest at your own risk
As the report shows, underinvesting in fintech compliance is a perilous path.
Given all that loan servicers can be responsible for, including regulatory compliance, communications and customer protection related to collections, and security (backup and data backup), getting it right is essential. in this domain.
While loan originators and capital providers may have initial contact or involvement with customers, loan servicers often develop the lion’s share of the customer relationship.
They are also loan managers responsible for protecting lenders, safeguarding documents and data, and providing accurate and timely reports.
It’s a big job with many moving parts requiring constant diligence and reliability. Therefore, the selection of a fintech loan manager is best managed through thorough questioning and verification of capabilities and performance track record.
SOP under review
Here are the compliance and security standard operating procedures to consider when verifying a loan servicer:
- Ensure a comprehensive plan to meet best practices for data and system security. All certification requirements should be checked regularly to ensure the latest standards are in place. Penetration tests performed by third-party vendors to audit all data and system security protocols are important to double-check to thwart the financial crime referenced in the report.
- Redouble your commitment to security with an internal committee that regularly reviews and audits all risks and confirms a robust business continuity plan. For documentation, ask how the loan manager handled the rapid shift to remote work due to the pandemic. Their business continuity plan and execution under high stress circumstances will provide valuable insight into their performance on behalf of clients.
- Learn about backup service capabilities and capabilities. By definition, the backup service intervenes when the main systems fail or are interrupted. Confirm that the service agent’s system and organization checks are up to date. For example, do they operate under the American Institute of Certified Public Accountants (AICPA) SOC® 1 Type 2 auditing and reporting protocols, which cover internal controls for risk management, logical access, change management, data security and data availability?
The backup service should seamlessly step in in the event of a failure of the primary service, optimizing the performance of the asset owner’s portfolio, maintaining effective communications with the client’s customers, and preparing to take over as main service within an agreed period. As part of this process, comprehensive document retention, loan validation and auditing, as well as PCI/DSS-compliant merchant account services and credit card processing capabilities will further strengthen security measures. security.
- Deliver exemplary onboarding alongside security and regulatory/compliance due diligence. According to the report, “Frictionless onboarding precedes rapid growth…According to the Financial Action Task Force (FATF), “inconsistent customer onboarding and due diligence obligations” are the biggest contributing factor to the increased costs and reduced speed”. Larger companies, in particular, have noted the downside of tedious integration… Thoroughness and speed are both in order. Leading fintechs don’t trade onboarding speed for thoroughness. This is short-sighted and can expose the business to regulatory and compliance issues. The pressure to accelerate integration often leaves businesses vulnerable to a lack of early warning signs when approving account openings or transactions… Fragmented systems and platforms also limit automated transaction monitoring and due diligence.
- Dive deep into federal and state regulatory and compliance due diligence. Customer due diligence, paying full attention to customer experiences that will dictate best practices, is a multi-pronged effort. Some of the ongoing efforts of a loan officer should include: continuing education each year, studying litigation trends, reviewing legislative sessions, and gathering information and ideas from multiple industry groups; tap into the enormous resource of the collection and credit industry communities doing business in Washington, DC; and stay up to date on the status of several hundred pending state bills at all times.
- Dot the I’s of compliance and cross the T’s with loan servicers who engage in customer collections on behalf of customers. Depending on the scope of the lender’s operations, this requires understanding ever-changing federal and state-by-state regulations. The Consumer Financial Protection Bureau (CFPB) has broad authority to regulate the industry through policymaking, enforcement, and penalizing bad actors with significant fees. Customers deserve the know-how to get it right and gain new insights into existing and future regulations. Substantial changes to the Fair Debt Collection Practices Act (FDCPA) protecting consumers from overly aggressive debt collection require full compliance.
- Ask for proof of a successful “fire test”. Documentation of current and complete regulatory and safety compliance should be readily available for review. Compliance and security are ever-evolving areas that require a comprehensive understanding of the processes and necessary protections and customized customer needs. Even proven track records are powerfully tested when an unpredictable catastrophic event such as a pandemic occurs. Continuity and the ability to function in a rapidly changing world come to the fore. Loan servicing companies must be ready to pivot very quickly both in collection and security compliance.
Loan department compliance warrants substantial attention and investment of time, money and resources.
- About the Author
- last articles
Shaun is the President and Chief Revenue Officer of Concord Servicing, LLC. Founded in 1988, Concord is a world-class loan servicing financial technology company, providing innovative, flexible and scalable portfolio management solutions to meet the demands of loan originators and capital providers (and their clients). ) in several asset classes.