How to Slay the Compliance Dragon: 7 Pillars of Success for New Compliance Officers

Over the years, I’ve noticed that small lenders tend to grow their compliance function from within by staffing it with processors, underwriters, closers or other operations professionals with no compliance experience to speak of. While those individuals may have a mastery of their current roles, they’re usually unprepared when it comes to understanding the interplay of the literally hundreds of federal and state laws, rules, regulations, interpretations, guidelines and best practices that make up mortgage compliance. It’s important, then, to better understand the learning curve for all new compliance officers and what that means for your company.

Take Alice for example.

A New Compliance Star Is Born

At Astonishing Fees Mortgage, Alice is a rock star. A strong performer for the past three-plus years at this growing mortgage lender, she shined on the front lines as an entry-level processor, quickly rising to senior underwriter and, ultimately, to manager. Alice is a perfectionist, always striving to learn more, and she encourages those around her to do the same. Known to have a friendly smile and a warm demeanor, she is well-liked by all.

Bob, the company president, has been acting as its compliance officer since forming the company in 2017. Realizing he no longer can manage both roles, he just created a new compliance officer position within the company and now wants to offer it to one of his most loyal employees.

Bob arranges a meeting with Alice to offer her the position - replete with her own private office and a welcome raise. What could be better?

Without giving it a second thought, and barely containing her excitement, she accepts.

[Cue the mariachi band and break out the champagne!]

Getting Started

On Thursday, less than a week into her new role, Bob hands Alice a letter from the California Department of Business Oversight announcing their intention to begin an in-person licensee examination in less than three weeks. The letter, by the way, had been sitting on Bob’s desk since last Tuesday.

Despite the short timeframe, Bob asks Alice to run with it, and reassures her that the exam will be a piece of cake. He adds that he is headed to the Arctic circle for a ten-day climbing expedition and will have no cell phone service.

After Bob leaves her office, Alice scans the letter. The Notice of Examination provides instructions to fill out a pre-examination questionnaire, and requires a plethora of documents including the company’s CMS and policies and procedures, copies of reports from prior examinations as well as any recent internal or external audits, call reports, volume reports, complaint logs, org charts, Board meeting minutes, financials and more.

Reality Sets In

As Alice looks over the information and attempts to answer the questionnaire, she begins to notice a disturbing pattern. It is becoming increasingly clear that some of the requested items don’t exactly…exist. Policies and procedures? Well, the company does have some that were purchased from a vendor three years ago, but nobody really ever looked at them. What’s more, there’s no written LO comp or complaint management policy whatsoever.

There’s no formal compliance or QC policy either – until now, the company has relied on the loan origination system, document provider, automated compliance engine and outside QC firm for compliance, and rarely has a buyback request been made from an investor. Internal audits? there have been exactly none to speak of.

Alice’s heart starts racing. A bead of sweat begins to form on her brow and she grows pale. Having never been through an exam before, Alice begins to panic and is now beginning to wonder if taking the new job was a huge mistake…

Managing Compliance

It’s not uncommon for young mortgage professionals to be thrust into roles or situations like this that they are largely unprepared for, myself included. There is no playbook, so learning to be an effective compliance officer requires developing the skills necessary to manage compliance, and that takes time.

A seasoned compliance officer knows how to juggle a daily barrage of compliance questions from the production floor while managing licensee examinations and preparing for a quarterly Board of Directors meeting, all while assisting with a new loan origination system roll-out. Just know that it took them years to get there.

But for newbies like our friend Alice, I’ve developed the following guidelines based on my twenty-plus years of compliance and legal experience and from conversations I’ve had with some of the most well-regarded compliance leaders in the industry.

Let’s try to help Alice by giving her proven techniques that will allow her to navigate the situation successfully. As she will soon learn, these seven pillars will ultimately guide her through her entire career.

The Seven Pillars

1. Develop a Healthy Relationship With Risk

One of the most important skills a compliance officer can develop is learning how to be comfortable with the fact that there will always be exposure to compliance and operational risk. You must be able to balance the company’s financial goals with consumer protection in a manner that satisfies regulators and investors and allows the company to thrive.

As seasoned compliance professionals know too well, you will never be able to solve for all of the compliance issues before you; there’s simply not enough time or staff to get it all done. Managing for this inevitability opens the door for you to establish a process of continuous improvement.

2. Develop a Strategy and Calendar

You can't do everything at once, so mastering the art of triage is key.

Compliance triage involves assigning priorities to the most urgent matters that typically include a combination of low-hanging fruit and big-ticket challenges. Obviously, compliance issues that impact the marketability of loans or catch the watchful eye of regulators will rise to the top.

For example, TRID rule errors continues to be one of the largest issues affecting salability, so most aspects of TRID compliance must remain a priority. LO comp is another rule that often causes headaches. Marketing and advertising are hot buttons, as well as the ever-present consumer complaint management concerns, quality control practices, infosec and business continuity planning issues. You must always stay on top of HMDA and mortgage call reports to ensure all filings are accurate and timely. And any issues raised in previous licensee examinations or by an internal audit must also be prioritized for remediation, so be sure to review those reports regularly.

To be sure, that’s a lot. But just about everything else that can go on the back burner, does.

It’s important to note that nothing is ignored. Rather, the successful compliance officer develops a 12- to 18-month compliance calendar that identifies all of the issues and deadlines, setting forth a clear timeframe for resolution that can then be shared with senior management.

3. Know Your Technology

Compliance is intricately wrapped into your technology platforms, so get to know your LOS, pricing engine and doc vendor well by understanding the functionality and the limits of every system you currently use.

For example, you should think of the automated compliance solution you use as your new best friend. Who else can you trust to perform a thorough review of multiple compliance subjects on every loan without complaint? So, it makes sense to roll up your sleeves and discover exactly how the system works. This means understanding what’s behind it’s APR, QM and HOEPA calculations, how it makes prepaid finance charge determinations and calculates bona fide discount points, and whether there are any custom configurations or settings in use by your company.

It’s also a best practice to set up an internal helpdesk function to handle questions regarding the system’s compliance “fails” – usually staffed by the compliance officer or other designee with knowledge on how to fix them. Most of these issues can be quickly resolved just by looking at the data.

4. Communicate Effectively

Effectively communicating all compliance risks to senior management is a critical task for the compliance officer. A failure to get this right will make your job more difficult and increase risk to the company. Make it a habit to include key stakeholders in the conversation. Doing so will result in solidified relationships and increased trust between operations and compliance.

5. Hold Others Accountable

Accountability is the glue that holds everything together. It’s the expectation that every department and every employee is responsible for ensuring compliance, and it starts at the top. True, it’s the job of the compliance officer to identify areas of risk and then to work with impacted departments to craft a remediation plan. But it is up to each department to implement the changes and senior management to make sure the company complies. Anyone who believes that the compliance officer is solely responsible for these things is mistaken.

This concept is easiest to explain by example: the responsibility for remediating a recurring TRID rule violation lies with the operations team, not the compliance officer. The compliance officer’s role is to identify the risk, communicate the risk to the organization, work with key stakeholders to develop an appropriate solution and then hold them accountable, on behalf of senior management, for implementing it.

6. Maintain Healthy Boundaries

Many newbies mistakenly think that their role is to solve for all issues at once. Oftentimes, they feel pressure from both the production floor and the executive suite to magically fix everything. The reality is we live in a world of limited resources that directly impacts our ability to take care of it all. Therefore, learning how to manage other people’s expectations, including learning how to confidently say “no” without fear of retribution, is key.

If setting expectations involves timeframes for completion of projects, be realistic and be able to explain why. If saying no is in response to a request to do something questionable by someone on the production floor, remember that their role is to help the company be profitable - so strive to offer an alternative solution that everybody can live with.

7. Ask for Help

The most successful compliance officers network with other compliance officers and don’t hesitate to bring in outside resources to help with specific projects or issues. There are tremendous compliance networks around the country; join them and be active. In addition, when your compliance calendar (see #2 above) looks rather daunting, remember that the timeframes can always be shortened by farming high profile projects to outside firms that specialize in that area of mortgage compliance.

The Rest, As They Say, Will Follow

Compliance is fluid and resources are limited; all we can do is respond as efficiently as possible to solve as many problems as we can in a given time period. The rest will happen. Understand that no lender is completely free from compliance mistakes and that’s generally ok - so long as borrowers are sufficiently protected from potential harm and the company makes enough money to keep the lights on.

Recommendations for Alice

Based on the above, let’s return to Alice and identify the steps she needs to take to get ready for her approaching licensee examination. They include:

• Review the Notice of Examination and identify any information that is needed.

• Arrange an immediate meeting with company leadership and department heads to explain the situation and set expectations.

• Assign tasks to company leaders and department heads with firm dates for deliverables.

• Follow up regularly to ensure requests are complied with.

• Identify any known deficiencies (such as a lack of adequate or updated policies and procedures) and begin working on a strategy to remediate them.

• Identify office space far from the main production area that can be a quiet sanctuary for the examiner.

• Prepare the staff in advance for proper etiquette and what to expect when the examiner arrives.

• Be responsive to the examiner, checking in several times each day to make sure all of their needs are being met.

In the end, Alice took the advice and the exam went smoothly. Some time later, a report of examination was issued by the DBO that highlighted those things the company did well in addition to those that needed improvement. However, Alice didn’t wait for the report to arrive before beginning the process of making needed changes, including:

• Crafting new company policies

• Working with the operations team to implement compliant procedures

• Adding new training, and

• Working on an audit plan.

Bob also agreed to hire an assistant for Alice and to employ outside consultants to fill in the gaps.

Six months on, Alice is doing better than ever. She’s still on a steep learning curve but is quickly developing the confidence to weather the storm. She continues to triage and calendar, communicate with senior management and involve all departments in the remediation process. Over time, she will hone her compliance knowledge and position the company for future expansion.