ABAToolb x on Fair Lending ABA Members Only

Tool 3: Fair Lending Risk Assessment

About the American Bankers Association The American Bankers Association represents banks of all sizes and charters and is the voice for the nation’s $13 trillion banking industry and its two million employees. The majority of ABA’s members are banks with less than $165 million in assets. ABA’s extensive resources enhance the success of the nation’s banks and strengthen America’s economy and communities. © 2012 American Bankers Association, Washington, D.C. This publication was paid for in part with the dues of ABA member financial institutions and is intended solely for their use. Please call 1-800-BANKERS if you have any questions about this resource, ABA membership or would like to copy or license any part of this publication. This publication is designed to provide accurate information on the subject addressed. It is provided with the understanding that neither the authors, contributors nor the publisher is engaged in rendering legal, accounting, or other expert or professional services. If legal or other expert assistance is required, the services of a competent professional should be sought. This guide in no way intends or effectuates a restraint of trade or other illegal concerted action.

Fair Lending Risk Assessment Managing Fair Lending Risk—Achieving SMAART Compliance 1 Develop a Risk Profile

2

Evaluate the Quality of Fair Lending Risk Management

17

Identify Fair Lending Program Gaps

24

From Assessment to ADApTation and Accountability

29

3

Glossary Assessment Area In most cases, an institution’s town, municipality, county, some other political subdivision or the MSA in which its branches are located and a substantial portion of its loans are made. Regulatory agencies evaluate a bank’s Community Reinvestment Act performance in this area(s). Credit Administration The management of a loan transaction throughout the life of the loan, from sales to application processing, underwriting, pricing, terms and conditions, closing, servicing and default management. Delivery Channel A location or method by which loan products are made available to potential borrowers and a loan applicant can inquire about credit opportunities or apply for a credit product. Examples could include a face-to-face meeting with a bank loan officer, an Internet application or use of a mortgage broker. Disparity The difference among data related to applicants or borrowers who were approved or denied a credit application or received different pricing arrangements. For example, 35 percent of female applicants were denied auto loans while only 10 percent of male applicants were denied auto loans. Disparity Ratio For any given prohibited basis and control group being analyzed, it represents the percentage of prohibited basis group denials divided by the percentage of prohibited basis group approvals divided by the percentage of control group denials divided by the percentage of control group approvals. [(%denied pbg) / (%approved pbg) ] / [(%denied cg )/ (%approved cg)] Fair Lending Risk The risk of financial liability, damage to reputation and injury to customers from similarly situated applicants or borrowers being treated differently in violation of the anti-discrimination laws or regulations Lending Gap A geographic area within the bank’s market area or CRA assessment area where the bank has little to no lending activity. Redlining The illegal practice of refusing to make loans or imposing more onerous terms on any loans made because of the predominant race, national origin or other prohibited basis characteristics of the residents of the neighborhood in which the property is located. Risk Exposure Is the fair lending risk that exists after SMAART program controls are applied to a bank’s risk profile. (Risk Profile + SMAART Controls = Risk Exposure) Also known as residual risk. Ultimately, risk exposure should equate to the risk tolerance associated with your bank’s fair lending objectives. Risk Profile The level of risk inherent in your lending operations before SMAART compliance processes are applied. Also known as inherent risk or quantity of risk. Self-Evaluation Any study designed to assess the bank’s compliance with the Equal Credit Opportunity Act (ECOA) and the Fair Housing (FHA) Act which does not create any new data or factual information, but uses data readily available in loan or application files and other records used in credit decisioning. SMAART A scalable risk management framework that is applied to control and evaluate adherence to fair lending laws, regulations, internal policies or objectives. Steering The guiding of applicants or borrowers toward a specific product or feature on a prohibited basis rather than on an applicant or borrower’s needs or other legitimate factors.

Managing Fair Lending Risk— Achieving SMAART Compliance

T

Training

NT

RO

LS

C U LT U R E

A A

CO

LS RO NT CO

C U LT U R E

This provides a basis for developing and applying corrective measures or program improvements. You can then use the information from this process to report to your board of directors about your compliance performance and project the need for any future compliance resources.

A A M S

Tool 3: Fair Lending Risk Assessment

R T

| 1

N

T

IO

S

AT

R

IC

3. Identify any performance deficiencies or undesirable risk exposure.

M

UN

2. Evaluate how your SMAART compliance program controls for those risks.

MM

1. Develop a risk profile based on the implementation of your business strategy and the markets in which you do business.

N

S

Systems

IO

CO

R

Response

AT

M

Monitoring

IC

Understanding Accountability and managing your fair lending risk also helps you in the exam process.

Assessment

UN

Each institution must structure its risk assessment process to meet its unique circumstances, consistent with safe and sound operating standards, ensuring compliance with applicable laws and regulations and its own ethical principles and practices. While there is no universal template for generating the fair lending risk profile of your bank, this ABA tool provides a matrix and a list of detailed questions that should establish a basic foundation that can be scaled up to reflect more varied product lines, more complex product features, more elaborate delivery channels and more diverse market circumstances. The process we describe in this book has three parts:

MM

Understanding and managing your fair lending risk also helps you in the exam process. Agency examiners expect an institution to assess its fair lending risk and be able to explain the methodology and outcome. As with defining the bank’s risk profile and risk exposure in all other risk areas, such as capital, earnings or liquidity, a fair lending risk assessment gives the bank information and data to achieve the risk management results it wants.

A A

CO

It makes good business sense to understand the fair lending risk your normal business operations generate, how well you manage that risk and your track record for complying with fair lending laws and regulations. As assistant Attorney General Tomas Peres has testified, “... the success of thoughtful and comprehensive compliance work and the attention to fair lending is reflected in the fact that the vast majority of lenders are not violating the law.” (2011 Equal Credit Report to Congress, December 2011)

Develop a Risk Profile Fair lending risk is the risk that similarly situated applicants or borrowers are treated differently in violation of the law.

Identifying your risk profile ensures that bank management will focus on the types of products it offers and how many resources it wants to employ to ensure the risk profile is adequately controlled to yield a level of risk exposure that matches your fair lending objective. If management changes its lending operations, it has a base level of knowledge to evaluate how these changes will modify the bank’s risk profile and require compliance program adjustments. Fair lending risk is the risk that similarly situated applicants or borrowers are treated differently in violation of the law, resulting in liability for the bank or injury to its customers. It covers all bank lending products, including mortgage, consumer, credit card and all other consumer loan products. Commercial loan products are as are all aspects of credit-related lending activities and institution interactions with applicants and borrowers, including the following: •

Pre-application activities: such as solicitations, prescreening, marketing activities, advertising, prequalification, preapproval, customer assistance, thirdparty originators (TPOs) and processors

•

Application activities: such as lending channels (including subsidiaries), customer assistance, customer ability to repay, appraisal processes, underwriting and pricing criteria, TPOs and processors

•

Servicing activities: such as collection efforts, customer assistance, delinquency determinations, loss mitigation options, foreclosure activities, modifications and refinancings

In summary, your risk profile seeks to describe the possibility that your business plan for credit operations may fail to apply objective, safe and sound lending standards to similarly situated persons similarly in violation of the law.

2 |

ABA Toolbox on Fair Lending

In this tool, we divide fair lending risk into the following six sources: Risk Source 1: Retail Footprint and Marketing Strategy Risk Source 2: Degree of Credit Administration Discretion Allowed Risk Source 3: How Exceptions are Handled Risk Source 4: Role of Third Parties in Your Lending Operations Risk Source 5: Technical Regulation B and HMDA Requirements Risk Source 6: Fair Lending Environment

We suggest that you build your overall profile by evaluating your business by product line or business line—assessing the risk attributes of each, since they are likely to reflect variations based on different lending criteria, markets and delivery channels. We provide a series of questions to help you think about your bank’s situation and its potential for fair lending risk. If you feel these questions miss out on some areas of potential risk in your bank, we have a longer list of questions located with the tool in the aba.com/FairLendingToolbox. Only ask those that relate to your fair lending risk profile. These questions serve to identify red flags for possible risk. You may also wish to add some questions in particular areas that you have identified as risks you want to track. Keep in mind that a yes or no answer is simply an indication of risk level, not whether the issue is good or bad.

Building Your Risk Profile Matrix ABA has included a matrix as part of this tool that can be used to record your assessment of your fair lending risk profile. The matrix is organized by the sources of risk discussed below.

Tool 3: Fair Lending Risk Assessment

| 3

Risk Source 1: Retail Footprint and Marketing Strategy How you define where and to whom you will provide your particular credit products and how your loan products will be offered across those markets are fundamental business decisions that can have important fair lending risk implications. The decision to serve some markets and not others—or serve some markets differently than others—cannot be exercised in a way that discriminates against some applicants or borrowers on the prohibited basis characteristics of the people who live in that market. Pursuing geographic markets differently when they display different demographic features—even though they have similar economic characteristics from a credit risk perspective— can expose the bank to fair lending risk that is generally labeled as redlining or reverse redlining. Offering different loan products differently to borrowers distinguished by prohibited basis characteristics can expose the bank to fair lending risk that is generally labeled as steering. Evaluate your potential market reach, your actual retail footprint and your marketing and organizational strategy for delivering credit services that may vary by geography or borrower market. Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site.

Risk Profile Questions The Fair Lending Toolbox Web site has additional questions. aba.com/FairLendingToolbox

4 |

ABA Toolbox on Fair Lending

The example below can serve as a guide. Also see additional questions in the electronic resources. Market circumstances (demographic diversity, degree of competition, economic realities) 1. How diverse are the borrower characteristics in the markets covered by your retail footprint or the geographic areas adjacent to your footprint? 2. Does the bank’s CRA delineated assessment area exclude any adjacent lowor moderate-income geographies? 3. Does the bank modify its lending activities to react to the local economy? 4. Do the bank’s strategic growth plans reflect community growth and demographic trends? 5. Do unexplained lending gaps exist within your market area? 6. Do community groups in your market area express concern about adequacy of lending?

Delivery channels (organization of marketing, distribution and underwriting that varies by geography) 1. What delivery channels exist and do products or product terms vary by channel? 2. Does the bank have operating subsidiaries or loan production offices that originate loans using incentives or standards different from that of the bank? 3. Are underwriting and pricing standards consistent among lending channels and bank lending centers? 4. Are there any disparities on a prohibited basis by lending channels that originate the same product? 5. Does loan product marketing vary by geographic area or delivery channel? If so, why and does it influence the products that are available to potential borrowers who may have differing prohibited basis characteristics? 6. Does any credit administration activity, such as application processing, servicing, loss mitigation, etc., vary by any delivery channel?

Tool 3: Fair Lending Risk Assessment

| 5

Production complexity (multiplicity of credit offerings including pricing options that varies by geography or delivery channel) 1. Does the bank only offer a traditional mix of non-complex loan products? 2. Are special prices, products or services offered in some markets and not others? 3. Do different loan products penetrate geographic or borrower markets differently? 4. Is the bank using sophisticated lending platform technology to support loan production? 5. Are standards for referring applicants to other product choices, subsidiaries or other lending channels clear, objective and consistently applied. 6. Does the bank’s volume of and options for consumer, small business and commercial lending match its business strategy throughout its market area?

Marketing 1. Has the marketing and advertising media used varied recently? 2. Have new or different product sets been marketed and were they marketed throughout your market area? 3. Has marketing or advertising coverage within your market area changed recently? 4. Is marketing done in languages other than English? 5. Do marketing and advertising materials vary to promote special or limited time offers? 6. Is your level of marketing and advertising tailored or targeted to address market competition?

6 |

ABA Toolbox on Fair Lending

Risk Source 1: Retail Footprint and Marketing Strategy Factor

Limited

3----------------------------4

High

Market Circumstances

Stable Market; little competition; little demographic diversity; explainable lending patterns

Diverse market and borrower base; many competitors demographic trends not considered in strategies; unexplained lending patterns

Delivery Channels

Limited number of lending channels; no TPOs; no unexplained prohibited basis disparities by lending channel or market

Use TPOs; several lending channels; unexplained prohibited basis disparities by lending channel or market

Production Complexity

Traditional mix of non-complex product offerings; no product, price or marketing variances by market or delivery channel

Many product offerings, some complex and nontraditional; product offerings, pricing and marketing vary by market or delivery channel

Limited marketing efforts other than some on website or local newspapers; no recent changes in marketing strategies or coverage area

Extensive marketing efforts in all markets; foreign language marketing; all available media used including the Internet and social networks; continual changes in marketing strategy and coverage area

Marketing

Observations

The greater the variation of market circumstances, delivery channels and production complexity, the more risk there is for differential treatment across your retail footprint and potential borrower constituency by geographic location or borrower market segment. Risk indicators or “red flags” do not mean that fair lending violations are occurring, only that the potential exists for treating similarly situated people differently.

Tool 3: Fair Lending Risk Assessment

| 7

Risk Source 2: Degree of Credit Administration Discretion Allowed Traditional lending operations with limited market variation, narrow delivery channel options or no appreciable product complexity may still generate fair lending risk when underwriting, pricing or application processing or servicing treatment is subject to individual discretion.

A proper risk assessment should identify where there is potential for discretion in your lending operations.

A proper risk assessment should identify where there is potential for discretion in your lending operations. Review objective factors, including the volume of loans made in each decision center and subjective factors such as exception authority. Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources. Remember to evaluate each stage of your lending process: before the loan is closed, after sales, during application processing and underwriting, in servicing, in default management and during foreclosure/loss mitigation. Lending policies and procedures approved by credit administration 1. Are credit operations centralized or decentralized? 2. Have credit administration guidelines, policies or standards changed recently in any credit administration activity? 3. Are credit administration policies, procedures and standards in each credit administration activity clear and objective and communicated to appropriate staff? 4. Do procedures articulate bank expectations for providing consistent applicant/ borrower assistance in each credit administration activity? 5. Are actual practices used in each credit administration activity consistent with established policy, procedure or standard? 6. Are policies, procedures and practices in each credit administration activity devoid of any overt discriminatory language, stereotypes or geographic limitations?

8 |

ABA Toolbox on Fair Lending

Degree of discretion in the credit administration process 1. What amount of judgment or discretion can credit administration staff exercise in making decisions? 2. Does the degree of permitted discretion change by geographic area, delivery channel or credit activity—application processing, underwriting, loss mitigation, servicing, etc.? 3. Can the exercise of discretion impact lender or other staff compensation? 4. Do lenders or other staff involved in different credit activities—application processing, underwriting, servicing, etc.—document their exercise of discretion? 5. Are criteria that guide lenders and other staff discretion clear and objective and how are the criteria communicated to appropriate staff? 6. Are there disparities in the level of permitted discretion exercised in each credit administration activity by prohibited basis characteristics?

Lending results 1. Do unexplained approve/deny disparities on a prohibited basis exist by loan product or credit administration activity? 2. Do unexplained pricing and other terms and conditions exist by loan product or credit administration activity? 3. Do unexplained disparities among application processing times (in any credit administration activity) exist by prohibited basis group? 4. Is there a difference in the proportion of approved not accepted and withdrawn/ incomplete applications by a prohibited basis group? 5. Are there disparities in the percentage of prohibited basis group applicants in loan products or products with specific features relative to control group applicants? 6. Do you have disparities in the percentage of prohibited basis group applicants/ borrowers in specific credit products, servicing activities or loss mitigation solutions, for example, compared to the percentage of prohibited basis group applicants/borrowers offered different options or solutions?

Tool 3: Fair Lending Risk Assessment

| 9

Risk Source 2: Degree of Underwriting and Pricing Discretion Allowed Limited

Factor

3----------------------------4

High

Lending Policies and Procedures Approved by Credit Administration

Centralized lending; limited policy or procedures changes; practices are consistent with policies; policies and procedures are clear and objective in all credit administration activities

Decentralized lending, including TPOs; many policy changes; introduction of new products; policies and procedures not always clear or consistently communicated among each credit administration activity

Degree of Discretion in Credit Administration Process

Limited lender discretion; discretion documented in files; discretion consistent among lending channels; clear credit activity criteria; no disparities

Unlimited lender discretion in all aspects of credit administration decisioning; discretion varies by delivery channel; discretion not always documented; credit activity criteria vague; some disparities

Lending Results

Limited explainable disparities by prohibited basis group; consistent processing times; minimal number of approved/not accepted, withdrawn or incomplete applications

Unexplainable disparities by prohibited basis group; significant disparity in loan processing times; many approved/not accepted, withdrawn or incomplete applications

Observations

When considering credit administration discretion risk factors, it may be helpful to separately record your evaluation for each component, e.g., separate underwriting discretion, from pricing discretion, from servicing discretion, etc.

10 |

ABA Toolbox on Fair Lending

Risk Source 3: How Exceptions Are Handled When your loan originators can make exceptions to your established and approved lending standards that can increase fair lending risk. Similarly, exceptions from established loss mitigation procedures by servicing or default management personnel can also contribute to fair lending risk. Exceptions can be made—in many cases it may be the right decision. However, it is important that exceptions be made consistently for similar reasons to similarly situated applicants or borrowers. Exceptions should be tracked and monitored to ensure employees are being consistent in their usage. If exceptions are significant in number and management has determined that they are reasonable and consistently applied, policies and procedures should expressly incorporate those exception standards so that all employees are aware of their availability for similarly situated applicants or borrowers.

Exceptions can be made—in many cases it may be the right decision.

Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources. Exceptions 1. Is file documentation clear on why exceptions were granted? 2. Do exceptions require pre-approval? 3. Are loan credit and pricing/terms decision exceptions low in number and objective? 4. Does the incidence of exceptions vary by prohibited basis characteristic? 5. Are there particular lenders, offices or management levels that have more or less exceptions considering the number for the overall bank? What does this mean? 6. Are exceptions permitted in other credit administration activities and is there clear documentation to support the exception?

Risk Source 3: How Exceptions are Handled Factor

Number of Policy Exceptions

Limited Limited policy exceptions; exceptions well documented and tracked; no prohibited basis group disparities

3----------------------------4

High

Observations

High level of exceptions; exceptions not always documented or tracked; unexplained prohibited basis group disparities

Tool 3: Fair Lending Risk Assessment

| 11

Risk Source 4: Role of Third Parties in Your Lending Operations TPOs such as mortgage brokers, automobile dealers or various types of home improvement contractors offer banks legitimate, safe and sound business opportunities to enhance product offerings, increase bank earnings and extend lending beyond your service areas.

The risks associated with TPOs are the same as if the bank performed the activity directly.

From a fair lending perspective, the risks associated with TPOs are the same as if the bank performed the activity directly. Therefore, it is important to manage those relationships not only from a safety and soundness perspective but also for fair lending compliance. If one of your TPOs does not comply with the fair lending statutes and regulations, you may be as culpable as if you were the initial creditor. Review factors such as your knowledge of the TPO, how their operations work with respect to your products and how familiar they are with fair lending requirements. Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources. Due diligence 1. Does the bank use TPOs in the lending process that could impact fair lending compliance (brokers, servicers, appraisers, call centers, application aggregators, etc.)? 2. Do you evaluate whether the TPO control structure manages the processes you have contracted to TPOs? 3. Does the bank have written agreements with each TPO addressing its fair lending obligations? 4. Do agreements define responsibilities and accountabilities and require regular reporting? 5. Are there explicit contractual warranties for fair lending compliance undertaken by any TPO involved in the bank’s lending activities? 6. Is due diligence performed prior to beginning the relationship and periodically thereafter?

12 |

ABA Toolbox on Fair Lending

Execution 1. How frequent are there staff or customer complaints about TPO conduct? 2. Are weaknesses in TPO operations corrected promptly? 3. How extensively does the bank outsource credit administration activities? 4. Is there a formal re-approval and risk reassessment process to consider the TPO’s performance over the past period (year, quarter, etc.) to ensure that on an overall basis the relationship with the bank and its customers is satisfactory? 5. Are TPO fair lending compliance programs required to be available for review by your bank? 6. What information do you have about the quality of the training of TPOs regarding fair lending legal requirements?

Risk Source 4: Role of Third Parties in Lending Operations Factor

Limited

3----------------------------4

High

Due Diligence

Limited number of loans originated by local TPOs; contracts exist with each TPO; bank performs adequate due diligence; TPOs have good systems for controlling and monitoring loan activities

High volume of loans originated by local, statewide and national TPOs; due diligence not always performed, contacts with TPOs are inconsistent; TPOs do not perform fair lending monitoring and bank monitoring does not include fair lending issues

Execution

TPOs perform periodic reviews and findings are promptly corrected; TPOs provide bank with program reviews; TPOs provide adequate training

Fair lending controls and testing are inadequate for the volume of loans generated; fair lending training not required

Observations

Tool 3: Fair Lending Risk Assessment

| 13

Risk Source 5: Technical Regulation B and HMDA Requirements

These Regulation B questions represent just some of the technical requirements. You need to consider all those in Regulation B that are applicable to your operations.

There are other technical Regulation B requirements and policy and procedural issues that you also need to address in assessing fair lending risk. These include collecting certain information like government monitoring information, treating certain income inappropriately or requiring additional signatures when not necessary. These and other regulatory requirements are often not readily appreciated by directors, senior management or lending operations staff, so compliance staff must be alert to these requirements when evaluating risk and make sure they are accounted for in your program. HMDA and other loan data alone do not prove discrimination, but they provide a source for identifying potential fair lending risk. You should review the risks revealed in your loan data, especially HMDA, as it is available to the public and your regulator. With any data source, the data must be accurate for you to make determinations on risks that may exist and for explanations you may have related to the apparent risks. Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources. Regulation B 1. Do lenders collect information, conduct inquiries or impose conditions contrary to express requirements of Regulation B? 2. Are spousal signature requirements followed? If so, is there clear file documentation to validate the spouse’s involvement in the lending process? 3. Is government monitoring information collected in accordance with Regulation B? 4. Is appropriate loan documentation required to be kept consistent with record retention requirements? 5. Is marital status taken into consideration when processing applications, underwriting loans or securing loan collateral? 6. How do loan policies or practices handle sources of income that are not the result of current full-time income?

14 |

ABA Toolbox on Fair Lending

HMDA and other loan data 1. Does the bank have a history of HMDA data violations cited by your regulator? 2. Have HMDA data resubmissions been required in the past? 3. Is HMDA data review and submission outsourced? 4. Is the HMDA loan application register (LAR) updated quarterly? 5. Have you had to pay civil money penalties (CMPs) for inaccurate HMDA data? 6. Have members of the public requested your HMDA data?

Risk Source 5: Technical Regulation B and HMDA Requirements Factor

Limited

3----------------------------4

High

Regulation B Technical Compliance

Policies and procedures address each technical Regulation B requirement in credit administration; policies are communicated and monitored; no previous violations

Policies do not exist for each specific Regulation B technical requirement by each credit administration activity; loan documents are not properly maintained; previous violations cited

HMDA Compliance

Low number of LAR lines; no previous violations cited; no HMDA resubmissions required; data updated quarterly

Significant number of LAR lines; previous data accuracy violations cited; public entities request data annually; previous CMP levied

Observations

Tool 3: Fair Lending Risk Assessment

| 15

Risk Source 6: Fair Lending Environment

Among the perennial favorites for regulatory agencies is your data collection integrity.

It is always helpful to know what is happening in the regulatory and enforcement agencies and what others are saying about fair lending topics. This includes the supervisory emphasis, government and discrimination cases or private litigation activity in addition to media reports. Knowing what the agencies will be focusing on helps you focus your attention on specific issues you may not have considered since your regulator has never looked there before. Fair lending cases can also give you guidance as you review your program to determine if any of the issues brought forward in the case might be occurring at your institution. Among the perennial favorites for regulatory agencies is your data collection integrity. Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources. Supervisory Focus 1. Has anything material changed recently in B, FHA, UDAAP, HMDA or related state law? If so, did the bank have adequate time to implement and do all affected personnel understand the new requirements? 2. What are competitors saying about the current fair lending environment? 3. What is your regulator emphasizing in recent publications? 4. Have credit products of the type your bank offers been the focus of news coverage? 5. Is there private party litigation activity concerning products or practices like yours? 6. What are complaints saying above your fair lending practices?

Risk Source 6: Supervisory Agency Focus Limited

Factor

Fair Lending Environment

16 |

Agency fair lending emphasis is consistent and predictable; no new issues identified for review; multiple products have been reviewed in past examinations

ABA Toolbox on Fair Lending

3----------------------------4

High New fair lending issues being identified by the regulators; media coverage of specific products offered; regulator focus shifting away from mortgage lending

Observations

Evaluate the Quality of Fair Lending Risk Management Having captured the risk profile of your bank’s credit operations, you know what challenges must be faced to make sure those operations are conducted in accordance with the law. The next step of your risk assessment is to evaluate how your compliance program manages this risk to achieve good fair lending performance. Determining the quality of fair lending risk management involves evaluating how management controls fair lending risk throughout the bank. This evaluation should follow the SMAART compliance process.

Step 1 Systems—Policies, Procedures and Transaction Processing The board and senior management establish policies that reflect their commitment to ensuring fair lending compliance. Policies can be formal or informal, but must ultimately be translated into the lending activities that take place in your bank. These are your systems. Systems include programs, procedures, standards and practices that guide management and staff in following fair lending laws and regulations and the bank’s own policies and standards. Systems also include your record-keeping and reporting obligations. They are designed to prevent errors and violations and eliminate or mitigate the fair lending risk you’ve identified in your profile.

A A M

R

S

T

Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources. Systems

A A M

R

S

T

1. Are credit administration standards explicit and do they provide objective guidance for any discretion given to lenders and other appropriate staff? 2. Are permissible exceptions described in policy or well-established and are authority and instructions for documenting their exercise clear? 3. Is the expected retail footprint of any new product or new geographic market roll-out required to be considered for redlining or steering risk in our business planning phase?

A A M S

Tool 3: Fair Lending Risk Assessment

R T

| 17

4. Do procedures articulate bank expectations on providing consistent applicant assistance in all credit administration activities? 5. Does your product development committee consider how credit administration risks will be controlled to manage discretion? 6. Does the bank have well defined standards for each credit administration activity?

WEAK

Factor

Systems

18 |

Policies, procedures and standards not well documented and subjective; no policy guidance for discretion and exceptions; no established customer service standards

ABA Toolbox on Fair Lending

3----------------------------4

STRONG Well documented policies, procedures and standards for each credit administration activity; clear and objective guidance for discretion and policy exceptions; clear expectations for good customer service

Observations

S

T

Step 2 Monitoring The systems established for conducting lending operations in compliance with fair lending objectives must be monitored and managed so that you know they are being followed on a day-to-day basis. A A Consider questions like the following and note your conclusions in the matrix

M Web R site. provided in the electronic resources at the Fair Lending Toolbox The example below can serve as a guide. Also see additional questions in the S T electronic resources.

A A M

R

S

T

Monitoring 1. Are lender and other staff permitted to exercise judgement or discretion and is it monitored?

A A

2. Does the bank use a second review program in its various credit administration activities? Is the program applied to check for consistent application of established standards? Is it applied to check for whether exceptions are made available on a consistent basis across similarly situated applicants?

M

R

S

T

A A M S

R T

3. Does the bank monitor credit administration policy exceptions and servicing activities and solutions in the regular course of operations against the bank’s standards for their usage? 4. Does the bank monitor lending product volume changes and servicing activity volume and solutions by prohibited basis and geographic distribution?

A A

M

R

5. Are product disparity ratios in each credit administration activity reviewed by prohibited basis and geographic distribution?

S

T

6. Are customer concerns or questions about their experience with your credit operations recorded and evaluated by management for fair lending red flags?

Factor

Monitoring

WEAK No second review program; no monitoring of lending data, exceptions or use of discretion; disparity ratios not tracked or monitored

3----------------------------4

STRONG

Observations

Thorough second review program; monitoring in place for lending volume, prohibited basis, lender discretion and exceptions in credit administration activity

Tool 3: Fair Lending Risk Assessment

| 19

Step 3 Assessment A A M

R

S

T

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources.

1. Does the bank have quality control functions to assess fair lending compliance?

R

S

Consider questions like the following and note your conclusions in the matrix

Assessment

A A M

Periodic review of adherence to your systems and the adequacy of your monitoring is important to assess the bank’s fair lending risk exposure, management performance, transactional violations and program deficiencies. This includes such activities as audits, self-evaluations, self-tests and review of geographic lending patterns.

T

2. Does the bank audit department assess fair lending compliance throughout the credit administration process? 3. Does the board review annually the fair lending risk management program effectiveness? 4. Are fair lending risks evaluated during due diligence efforts when acquiring other institutions? 5. Does the bank conduct assessments of the fair lending risk that flows from its lending operations? 6. Are customer complaints identifying fair lending claims handled in accordance with bank processes for investigation, response and appropriate remedy and any necessary systems improvement?

WEAK

Factor

Assessment

20 |

No quality control functions to assess compliance; no selfassessments; due diligence of TPOs only focuses on safety and soundness

ABA Toolbox on Fair Lending

3----------------------------4

STRONG Appropriately frequent comparative file review of credit decisions in each credit administration activity; assessment schedule covers all lending products and credit administration activities in order of risk exposure level; TPO due diligence efforts follow agency guidance

Observations

A A M

R

S

T

Step 4 Accountability This function focuses on how the board, management and staff are answerable for fair lending risk management performance. Each level should have defined responsibilities and a process for holding them accountable for those responsibilities. Appropriately trained and qualified personnel should administer or participate in the various lending activities and programs the bank offers. Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources.

A A M S

Accountability 1. Does the board foster a strong fair lending compliance culture within the bank and provide resources necessary to fulfill the bank fair lending objectives they set? 2. Is there appropriate communication or reporting across board, senior management, business lines and compliance groups to enable each to perform their roles and be accountable for their performance?

R T

A A M S

R T

3. Does senior management incorporate bank enterprise-wide fair lending risk and performance reports in their business decisions? 4. Does the compliance staff perform periodic fair lending self-assessments and other fair lending compliance reviews, and recommend changes to policies, procedures and standards as appropriate? 5. Do business line staff and managers understand that “they own” their unit’s fair lending risk and are responsible for managing it? 6. Are there specific fair lending compliance requirements written into job descriptions of management and credit administration personnel and is the compliance unit consulted to obtain feedback when performance reviews are done or before bonuses are paid?

Factor

Accountability

WEAK Fair lending responsibilities not clearly defined; fair lending compliance not part of lender compensation; senior management not engaged in fair lending efforts

3----------------------------4

STRONG

Observations

Fair lending responsibilities clearly defined; fair lending compliance part of lender compensation; senior management actively involved with bank fair lending compliance efforts

Tool 3: Fair Lending Risk Assessment

| 21

A A M

A A

R

S

T

A A M

R

S

T

M

R

S T Step 5 Response Response can include remedying transaction violations, amending procedures and controls, correcting internal oversight deficiencies and implementing policy and system revisions. Consumer complaint handling A A provides feedback into how well risk management is functioning and is a vital part of the response component of SMAART.

M

R

Consider questions like the following and note your conclusions in the matrix

S in the electronic T provided resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources. Response 1. Does management respond promptly to fair lending regulatory examination findings? Are root causes determined for any weaknesses or violations found and are appropriate program changes established? 2. Does the bank have a process in place to capture, review and respond to consumer fair lending complaints? 3. Is management apprised when consumer complaint investigation evidences program weaknesses, customer assistance breakdowns or potential violations? 4. Is bank staff able to raise issues or concerns about the fair lending impact of bank operations? 5. Does management consider and respond to fair lending and other credit-related issues or concerns raised by local community groups? 6. Does the bank have a process in place to quickly evaluate, recommend appropriate actions and implement updated fair lending policies and procedures as new regulatory requirements are mandated or changes are made to current regulatory requirements?

WEAK

Factor

Response

22 |

Does not investigate complaints adequately; community group actions not considered in lending strategy; no consistent process for implementing regulatory change

ABA Toolbox on Fair Lending

3----------------------------4

STRONG Resolves complaints promptly and remedies causes; works with community groups to help meet community credit needs; process in place to update policies and procedures to incorporate regulatory change

Observations

A A M

A A

R

S

M

T

A A

R

S

T

M

R

S

T

Step 6 Training Personnel should be qualified to handle their assigned tasks, be trained in the various fair lending laws and regulations, and understand the institution’s fair lending policies, procedures, objectives and ethical A A A A standards. Communicating these policies, procedures and service standards is a critical part of your programs and keeps you on track with fair lending M compliance R R compliance. In addition, your professionals must M keep their knowledge up-to-date with fair lending developments.

S

T

S

T

A A M S

R T

Consider questions like the following and note your conclusions in the matrix

provided in the electronic resources at the Fair Lending Toolbox Web site. The example below can serve as a guide. Also see additional questions in the electronic resources.

A A

Training

M

R

1. Does bank staff involved in credit administration activities and technical support have fair lending knowledge and expertise appropriate to their responsibilities?

S

T

2. Does the bank fair lending training cover requirements of fair lending laws and regulations and how they apply to all credit administration activities? 3. Does the compliance officer or other compliance staff participate in compliance working groups with other local bank compliance officers or with state association compliance efforts? 4. Are the compliance officer and other bank compliance staff provided training opportunities to stay current with changing regulatory requirements and industry compliance challenges? 5. Does the bank offer fair lending training to or know that TPOs it uses provide training to their staffs? 6. Does the bank have processes for assimilating fair lending legislative and regulatory changes, as well as new fair lending hot topics being emphasized by regulatory agencies that affect its operations?

Factor

Training

WEAK Out-dated curriculum; training not provided consistently or timely to all credit administration staff; fair lending training at TPOs not required

3----------------------------4

STRONG

Observations

Training is current and provided to all credit administration staff annually and when changes occur; TPO due diligence discloses comprehensive fair lending training

Tool 3: Fair Lending Risk Assessment

| 23

Identify Fair Lending Program Gaps As we have said from the beginning, the Assessment process of a SMAART program has two major components—performance audit and risk assessment. The identification of program gaps is where compliance performance audit becomes integrated with the risk assessment process. The compliance audit determines whether what look like strong controls on paper are actually strong controls in practice. An audit looks at the functioning of your systems, your monitoring, your accountability structure, your response processes and your training. In other words, are you as SMAART as you think? These findings are then incorporated into your determination of any mismatch between your risk profile and your controls so that you can proceed to assign an appropriate rating to the risk exposure you face.

Fair lending program gaps identify loan products or loan processing activities where compliance deficiencies may exist.

24 |

These gaps also identify loan products or loan processing activities where compliance deficiencies may exist. For example, if one of the gaps is that the bank does not monitor lender discretion sufficiently to ensure their judgment is used in a non-discriminatory manner, the bank may want to perform a comparative file review to determine that the discretion was used similarly for similarly situated applicants over the period being reviewed. Or the bank may find that training is not adequate and decide to strengthen the training provided. There are many things the bank can decide to do, depending on the significance of the risk gap and whether the bank believes changes to its processes and system are warranted.

ABA Toolbox on Fair Lending

Risk Exposure Now that you have done your analysis of the bank’s fair lending risk profile, evaluated the quality of fair lending risk management processes using SMAART and determined what performance gaps exist in your fair lending compliance program, it is time to determine your level of what is often described as residual risk, but which we label as risk exposure. Fundamentally, inherent risk plus management controls yields residual risk.

Risk profile + SMAART controls = Risk exposure

Your bank seeks to achieve a level of fair lending risk exposure consistent with your risk tolerance. Successful compliance mitigation leads to a risk exposure consistent with your bank’s fair lending objectives.

Risk exposure = Risk tolerance = Fair lending objectives For example, a high quantity of fair lending risk—if mitigated and managed appropriately—does not signify a problem. A high quantity of risk combined with minimal or no risk management processes to manage that risk would be problematic, particularly in an important product line of the bank’s lending business. This product line is what would deserve attention—and therefore should be rated as a higher risk exposure. Then you can prioritize resources to correct the identified program deficiencies and achieve your fair lending objectives. The primary purpose of a risk exposure rating is to help you prioritize your efforts to address current or projected future risk exposures that are not consistent with your fair lending policies or objectives. With no regulatory guidelines on what scoring scale to use, you have the latitude to employ a rating approach that best fits your needs.

With no regulatory guidelines on what scoring scale to use, you have the latitude to employ a rating approach that best fits your needs.

Tool 3: Fair Lending Risk Assessment

| 25

Determining Your Bank’s Risk Exposure Compare the matrix you filled out when capturing your risk profile with your analysis of your compliance management program under SMAART. This comparison should allow you to reach an understanding about how well your compliance program mitigates your risk profile and the extent to which any remaining risk exposure is within your bank’s tolerance for achieving your fair lending objective. 1. From your comparison of risk profile sources and program components, determine where your fair lending compliance management system sits on a scale from strong to weak for your bank’s size, structure, resources, diversity and complexity of operations. 2. Determine your current fair lending risk exposure based on your current circumstances and performance for each SMAART component within each business or product line depending on your operational complexity. In reaching your assignment of a fair lending risk exposure rating, consider how various strengths and weaknesses you identified should be balanced. Some indicators carry more weight than others so focus on an overall risk rating not on a numerical count of how many strong or weak indicators you identified. 3. Provide comments that support your conclusion for each indicator. For example, for the indicator regarding policy exceptions a comment could be “bank policy does not permit underwriting exceptions or policy overrides unless approved by a documented second review of the application. A recent audit report indicates no exceptions to this policy were noted.”

The value of a risk assessment is in how it guides your future compliance efforts.

While the risk assessment is done at a particular point in time, its value is in how it guides your future compliance efforts. Consequently, when completing the risk exposure rating, you should take into account anticipated changes in your risk profile or compliance program for the period upon which you will rely on the assessment for management and planning. Now that you have identified your risk exposure and the current level it represents, what will it look like a year or two from now?

26 |

ABA Toolbox on Fair Lending

4. Forecast what changes may impact the bank’s fair lending risk profile. This could include such issues as projected economic events either nationally or locally, proposed changes to bank products, policies or procedures, new regulatory requirements, evolving supervisory expectations, proposed corporate acquisitions, changes in strategic direction or employee turnover. 5. Based on the information gathered in Step 4, estimate whether fair lending risk will remain at its current level or will it be increasing or decreasing? Make a note of the reasoning for your estimation. 6. Consider whether your compliance controls are going to keep pace with the anticipated trend of risk from Step 5. In other words, will there be sufficient technical and staff resources to cope with any expected changes in risk profile? Note your conclusion. 7. Combine the current risk exposure rating from Step 3 with the influence you anticipate due to future changes to arrive at your effective risk exposure rating for this assessment. At this point you are in a position to ask whether the bank’s fair lending risk exposure is consistent with your performance objectives or reveals deficiencies that should be addressed. For example, at one extreme there are decisions you may need to make regarding the likelihood that one or more areas within your lending operation need to be further improved to ensure that no discriminatory acts or practices are occurring. Risk that is moderate may be a red flag that more work may be needed to strengthen your systems and processes in one or more areas. However, actually doing a deep dive into specific issues may not be warranted at this time, but perhaps more monitoring is needed in specific areas. If overall your fair lending risk exposure is low, your systems and processes are working and no additional action is likely needed now.

Is your bank’s fair lending risk exposure consistent with your performance objectives?

So far we have described the exposure risk rating process without specifying the type of scale to use. Should it be between 1 to 10, 1 to 100, “low” “medium” “high,” or something else entirely? ABA believes you should adopt a scale that actually helps you translate the rating into action and is meaningful in the accountability process. After all, the purpose of risk assessment is to make sure the bank is successfully managing its fair lending risk, that compliance deficiencies are addressed with a sensible priority and that your performance can be readily communicated to the board in a way that enables them to understand whether staff is fulfilling the board’s policies and objectives.

Tool 3: Fair Lending Risk Assessment

| 27

The following table illustrates how different scales can represent similar priorities.

Various Risk Scales #

Risk

5

Extreme

Exposure

Ratings

Action/Accountability Description

Critical

Existing non-technical violations incurring substantial liability

High 4

High

3

Medium

2

Low

1

De minimis

0

Non-existent

Immediate

Moderate

Low

Significant likelihood of or actual violations from existing operations that should be remedied before material injury occurs

Schedule

Existing control deficiencies threaten to allow non-compliant behavior to arise from active operations or impending new business

Anticipate

Current controls have achieved compliance, but performance gaps or future regulatory or business changes warrant program improvements

Maintain

Existing controls successfully manage current and foreseeable risks

Streamline

Current controls are redundant, inefficient or represent vestiges from discontinued operations or rules

In the end, it is far less material what scale you chose than it is important to know how you will use what your fair lending compliance risk assessment tells you. Having conducted your risk assessment, you should compile appropriate work-papers and tables, compose a narrative or outline that summarizes your results: indicate program successes, identify needed improvements and prepare an action plan to implement any necessary changes.

28 |

ABA Toolbox on Fair Lending

From Assessment to ADApTation and Accountability Once you have conducted your risk assessment and determined your risk exposure, you need to decide how to address those findings by laying out a plan to reduce undesirable risk exposure, cure compliance deficiencies, apprise senior management and the board of performance and priorities and secure necessary resources and leadership commitment. As with any change management situation, you begin by analyzing where you are and what changes are called for. The initial analysis step has been the function of the risk assessment. Next steps entail developing program enhancements, applying the changes to your existing program and then testing their implementation. Overall this translates to the ADApT process: You are adapting your current fair lending compliance program to reflect the improvements called for as a result of your risk assessment. The ADApT process will lead you to an action plan for improving the program.

A ssess the fair lending risk profile of your operations and the risk exposure after applying your SMAART program to identify gaps.

D evelop the program improvements necessary to address any compliance program gaps.

Ap ply new program components in accordance with the priority derived from your assessment and train staff accordingly.

T est

program changes to assure they have been implemented as intended.

Tool 3: Fair Lending Risk Assessment

| 29

Preparing the Board Report Having decided how to go about adapting your compliance program to address any improvements or changes warranted by your risk assessment, you are now in a position to report to the board or its delegated committee. The elements of the board report should include: 1. A summary of the risk assessment that conveys where fair lending risks are well-managed and which operations do— or are projected to—expose the bank to unwanted risks or cause the bank to fall short of its fair lending objectives (incorporating appropriate performance audit or exam findings.) 2. A summary of the action plan(with priorities) to cure deficiencies or reduce expected future exposure and any implications for the lending business of the bank. 3. A summary of any budget ramifications and any policy changes that need approval. With this report you have helped the board fulfill its role in the SMAART process by giving them important risk information about the bank’s lending operations and enabling them to hold senior management and the rest of the bank staff Accountable for achieving the bank’s fair lending objectives and demonstrating compliance performance. It is not necessary to include the entire risk assessment documentation with the board report. To do so can leave the false impression that detailed review of, or knowledge about, the risk assessment process is expected from the board. It is the responsibility of management, not the board of directors, to understand the workings of your risk assessment process. The board needs only enough to appreciate that there is a process being followed to evaluate fair lending management performance, identify risk exposures at variance with the board’s overall policy and put competent staff with adequate resources in charge of corrective measures.

30 |

ABA Toolbox on Fair Lending

Risk Assessment as a Living Document The completion of one risk assessment cycle opens the door for the next cycle. The fair lending risk assessment is not meant to be a snapshot; it is meant to serve as an ongoing measure of an institution’s fair lending risk. The document should be amended when entering new markets, introducing new products or whenever changes occur that materially impact the risk level. Recommendations for improvement should be made and tracked, with improvements noted over time. Make it a comprehensive document, with an executive overview and appendices that describe your risk measurement methodology, controls and identified gaps, along with recommendations for addressing those gaps. By keeping current with changing business operations and changing compliance controls, you will be ready to demonstrate that fair lending risk management is keeping pace with your bank’s growing lending business.

Your risk assessment should be amended when entering new markets, introducing new products or whenever changes occur that materially impact the risk level.

Tool 3: Fair Lending Risk Assessment

| 31

1120 Connecticut Avenue, NW | Washington, DC 20036 l aba.com | 1-800-BANKERS