How to Build A Foundation For Compliance

By

February 26, 2014

In my business of loan management software, one of the hottest topics is "Compliance." That's in quotes, because Compliance with a capital C can mean wildly different things to different lenders. We're often asked if our software can make a lender Compliant. The answer is, of course, "No software by itself can make you compliant." A lending business that complies with all rules and regulations operates on a foundation of clear processes and rules that are followed and documented.

One of the keys to a compliant lending operation seems really obvious and straightforward - manage all workflow systematically. Track every step, explain every decision, record every interaction with any party to any transaction, and keep a complete audit trail without gaps or exceptions. That sounds pretty simple, but it takes systems and a commitment to gap-free business processes to actually make it work.

A foundation for compliance is based on tracking and reporting on what's been tracked. Who did what, when, where, why, and how did they do it? Categorize every type of interaction and use templates for everything. For example, in a customer relations management (CRM) or loan management system, every type of customer complaint should be categorized by type, location, action, result, and every demographic category available for the customer. They should also be categorized by customer service rep, rep type, supervisor, time, location and all other potentially useful attributes of all internal or external staff involved in customer contact or complaint resolution.

General categories and limited or freeform descriptions aren't very useful. Very specific and narrow descriptions make the job of reporting on the nature of customer complaints much more usable and relevant, not just for regulators, but for the lenders themselves. Drilling down on the customer complaint scenario, one example of the information that should be tracked in a complaint category should look something like this:

Complaint type

    Statement not received
  • Lost
    • Mailed date
    • Mailed by
    • Weather issue
    • Plus more and add new categories as they occur
  • Not Sent
    • Processing error
    • Not due yet
    • Bankruptcy
    • Plus more and add new categories as they occur
  • Change of address
    • Notified lender
      • Notification date
      • Notification method
      • Mail
      • Phone
      • Website
    • Did not notify lender
      • New address verified?
      • Start date at new address
  • Opted in to paperless
    • Opt in date
    • Opt in method
      • Mail
      • Phone
      • Website
      • Mobile app
    • Didn't mean to opt in

In the example above, most CRM or loan management systems will be tracking many of the Who and When items, in one place or another. Building out all the why items may look somewhat tedious, but if they can be added as they occur the job is pretty simple. You can never have too many categories, but you can definitely have too few. After you've captured all the data, you'll need to report on it. If it's all on one platform, that shouldn't be too difficult. If the data lives on several platforms, there are many reporting tools that can pull it together, though that's obviously more of a challenge.

The goal of the above, as part of a foundation for compliance, is to be able to answer questions like: How many borrowers over age 65 in Illinois called in January during the noon-8pm CSR shift at the Atlanta call center to complain about statements not received even though they had opted in on the website, but didn't really mean to opt in?

Maybe no regulators are ever going to ask that exact question, but the key is that you CAN answer it and any other like it if asked. You can prove that all best efforts were made to track and document every interaction and complaint. You can answer the all-important why questions. When specific compliance reporting is required, you'll have all the data, as deep as it can possibly go.

With a rock-solid foundation for compliance, managing new and changing regulations can be approached with confidence.