The 2014 midterm elections are now behind us, and the predicted shift in the Senate’s majority party has given Republicans control of both houses of Congress. While some of its legislative priorities have been signaled in advance, it is not clear how—or if—the Republican leadership may choose to revisit the Dodd-Frank Act.
Now in its fourth year, that Act remains a lightening rod that attracts criticism for its effects on the economy, regulatory burdens, and confusion regarding rules that have yet to be finalized. House Financial Services Committee Chairman Jeb Hensarling (R-TX) and Oversight and Investigations Subcommittee Chairman Patrick McHenry (R-NC) released a committee staff report in July that made plain the majority’s perspective. Its title, Failing to End Too Big to Fail: An Assessment of the Dodd-Frank Act Four Years Later did not leave much to the imagination. Ironically, among its findings was the observation that: “The Financial Stability Oversight Council (FSOC) is an unwieldy conglomeration of regulatory officials charged with identifying risks and taking steps to mitigate them.” This comes in the same quarter that the Office of the Comptroller of the Currency (OCC) published final guidelines for strengthening governance and risk management practices for larger financial institutions. The “unwieldy conglomeration…charged with identifying risks and taking steps to mitigate them” statement can as easily be applied to inefficient risk management practices as it can to Dodd-Frank itself, and regardless of possible revisions that may be in the Act’s future, it’s safe to say that the collective mandates from the OCC, the CFPB, and the Federal Reserve promoting enterprise risk management (ERM) are here to stay. While there are many components of ERM, transaction risk management (TRM) is one of the most easily addressed, yet often overlooked areas where a financial institution can improve its overall ERM practices.
As the regulatory conditions on the ground continue to evolve, financial institutions have reached out with risk management concerns that have taken on a common pattern, with six questions raised more frequently than others.
Risk management is not new. Why are we talking about managing transaction risk now?
Risk management is as old as risk, and managing the risks surrounding transactions is something that every financial institution has done in some form or another from the first day they opened their doors for business. So why are we talking about it today like it’s something new? The financial crisis of 2008 has intensified national focus on this perennial subject on all levels, starting with the Congress, the federal regulating agencies, and on down to the community bank on our street corner. Our current regulatory environment is one that demands rigorous operational methodologies and careful analysis of data to manage those risks specifically related to the transaction. And when Fannie Mae and Freddie Mac begin requiring the Uniform Closing Data set to accompany portfolios they are purchasing, the importance of the underlying data and its validation will drastically increase.
My institution already has an ERM program—why do we need to a special program to manage transaction risk?
Transaction risk management is a necessary component of enterprise risk management and may be thought of as the data collection and analysis systems of enterprise risk management. Much in the same way a financial institution is responsible for managing its data, the Office of Financial Research (OFR) is responsible for the collection and analysis of the data that assesses the health of our financial system. In both cases, the success of data analytics starts with the data itself. It is interesting to note that the “Failing to End Too Big to Fail” report rates the OFR’s progress as “unsatisfactory” and that its “data collection efforts risk imposing substantial costs.” The OFR’s work is intended to support the Financial Stability Oversight Council (FSOC), but here again the inherent challenges of an “unwieldy conglomeration” must be overcome at both the regulatory level and the financial institution level. Data collection and analysis must be an integrated component of transaction risk management, rather than a separate, disconnected process that gets tacked on somewhere during the processing of loans. The only sustainable data analytics solution is one of automation, and one that is part and parcel of the larger TRM program.
How is transaction risk management different than compliance?
Compliance is not a new concern in the financial industry. Most financial institutions are able to stay in compliance by hiring more staff and leveraging document libraries that are intended to warrant compliance. Although compliance (or lack thereof) is top of mind for institutions today, it is only one of many inherent risks of each transaction. If nothing else, the 2008 financial crisis, the subsequent formation of the CFPB, and the increased focus on financial institutions’ policies and processes have made it clear that profitability requires more than creating additional checklists to achieve a compliant outcome. Instead, there is an increased focus on a solution that encompasses more than just compliance risk mitigation: a solution that addresses operational risk, reputation risk, liquidity risk, and other risk types. Not only will a transaction risk management solution manage compliance risk, but it also leverages technology to flush out errors and inconsistencies that may be present in transaction content. The ability to address these types of issues is critical to minimizing the operational and reputation risk to which a financial institution is exposed. The CFPB has provided a convenient method for consumers to share complaints related to their experiences with institutions. Currently, consumers have the option of posting small synopses of their complaints on the CFPB website, but the Bureau has proposed an expansion of the rule that would allow consumers to publish full narratives of complaints. This trend toward full transparency as it relates to consumer complaints (complaints that, many times, cannot be properly defended based on the institution’s obligation to protect consumer information) makes it essential for institutions to pursue a TRM solution that allows them to transact business in way that diminishes the likelihood that a consumer would find cause for complaint. Although compliance is, and will continue to be, a major component of any TRM solution, there are many other risk factors that institutions need to consider when doing business.
Risk management doesn’t make my institution more competitive…or does it?
Addressing transaction risk not only makes institutions more competitive, it also can make them more profitable. A common reaction to new regulations is for institutions to hire more employees. More hiring equates to more training and more personnel costs. If those investments are instead allocated to a transaction risk management solution, personnel can spend less time checking for errors, researching which documents are required for which transaction, and making sure no required data is missing. This allows more time to be spent building, maintaining, and enriching borrower relationships. A focus on the borrower rather than the document supports a reputation of excellence in customer service.
At what point in the transaction process does TRM start?
At its core, a TRM solution is driven by data: both the data that is specific to a given transaction and data that is more universally applicable to a financial institution’s operational processes. The TRM process starts long before any data is collected. Setting up and configuring a risk management solution helps assure institutions that policy decisions and product definitions are configured correctly within the system before a borrower walks through the door. Once this data is configured and vetted by the proper personnel, loan officers can focus on collecting only the required customer data at transaction time. These processes help ensure that each transaction, regardless of who at the institution performs it, is completed with a high level of accuracy.
Is transaction risk management a bridge too far?
A dedicated effort to manage transaction risk can sound like a target too ambitious to actually reach, and the truth is that today’s business targets may be unrealistic if you approach them with yesterday’s business systems. It’s easier for business operations to update technology processes with technology than it is to update human processes with technology. No one is designing their online banking program for dial-up or backing up their data center with floppy disks, but it’s common to hear about manual processes and laminated checklists used to manage compliance-crucial data validations. The technology is out there now to help you institute a transaction risk management program that automates and safeguards critical data analysis.
Business Change: More the Same Than Ever
It seems unlikely that the recent election will drastically change the regulatory environment created by the Dodd-Frank Act in 2010, but based on the Republican leadership’s position that the law missed the mark, we may see tinkering around its edges. Markets crave certainty even if the players do not particularly like the rules that regulate them. It is better to know how to follow an unwanted rule than not knowing what do to at all, and it may be that fear of such uncertainty becomes the force that stalls significant modifications to the Act. This congressional hesitancy, along with proposals to eliminate the Fannie Mae and Freddie Mac conservatorships, new guidelines from the OCC for risk management practices, and ongoing CFPB rule proposals that can touch every aspect of your business. Today’s mortgage industry landscape requires constant improvements in technology to ensure profitability for lenders, safeguard compliance, and open up home ownership to a new generation of Americans stung by the market collapse and toughening underwriting standards.
About The Author
Chris Appie is an attorney and Vice President of Products at Compliance Systems, Inc. (CSi). CSi is a provider of financial transaction technology and expertise serving over 1400 financial institutions across the United States. When he’s not keeping up with the CFPB he’s trying to keep his four kids under control in grocery stores and other public places. He can be reached via email at firstname.lastname@example.org.