Have you ever considered fair lending risk? Do you even know what your fair lending risks are? What is your organization’s risk tolerance? As with other areas of compliance and risk management, a risk assessment can reveal strengths, weaknesses, and gaps to create action steps for forward motion. It’s better to be proactive in knowing what the risks are and certainly less costly. Because fair lending risk encompasses all aspects of every loan transaction, conducting a fair lending risk assessment is good business. And, it’s expected by your regulator.
What is a Fair Lending Risk Assessment?
Essentially, a fair lending risk assessment is the process of identifying and measuring risks inherent in your financial institution’s lending processes across the loan life cycle, and determining what internal controls and monitoring mechanisms need to be in place to reduce or minimize the occurrence of illegal discrimination.
Federal regulators utilize the risk-based approach and it would be wise for you to do the same. The risk-based approach will give you the opportunity, in an efficient manner, to apply preventive measures to mitigate fair lending risk. The fair lending risk assessment itself is the preventative measure; a tool to identify and understand specific fair lending risks inherent to your organization. Once the risk assessment is complete, you will gain a better understanding of allocating the right amount of resources to higher risk areas.
The Fair Lending Risk Assessment: Don’t Know Where to Begin?
The format, the tool, or the scale used to measure risk in your fair lending risk assessment is arbitrary. Just be consistent. There isn’t a one-size-fits all because each organization is distinct in its size, complexity, and risk tolerance. But it is important to have these key features within your risk assessment that align with the size and complexity of your financial institution:
Define and measure inherent and residual risks specific to each risk category:
Inherent risk: Consider these adjectives to describe inherent risk. Raw. Untreated. Unprocessed. It’s the pure level of risk that will occur with the current state of controls. This current state may be lacking or insufficient of which the results of the risk assessment will help you identify. Examples of inherent risk include:
Risks within your products, services, and business lines; certain products are riskier than others
Risks tied to operational insufficiencies and failures or external factors that are beyond your organization’s control
The ramifications of noncompliance that involve financial, legal, and reputational costs
Residual risk: The amount of risk that remains after applying controls to inherent risks. Risk cannot be completely eliminated; a fact that we all must accept. The level of residual risk and your organization’s risk tolerance will then determine the actions of implementing or revising controls to manage your fair lending risk.
Identify specific risk categories unique to your organization. Consider the following:
Products, services, and business lines
Your organization’s fair lending history, risk tolerance, and previous examination results
Policies, procedures, and processes
Exception tracking and reporting
Tracking tools and reports
Vendor management of third-party relationships
Loan originator compensation
Regulations: ECOA (adverse action notices and spousal signatures are high risk areas) and HMDA (government monitoring information)
Specific fair lending risks to evaluate: redlining, steering, underwriting, pricing, marketing, servicing
Once the information has been collected on the identified categories, a deeper dive must occur to bring those risks to the surface. This deeper dive involves asking questions, lots of them. Test assumptions. Verify processes. Validate that documented policies and procedures actually mirror what you do. Are they static or do they reflect ongoing changes?
The results of your evaluation should be documented as a fair lending risk assessment. Again, the format or scale used to capture the level of risk can be approached in many different ways. Don’t make it complicated; do what makes sense and be consistent.
The Risk Assessment is Done: Now What?
Don’t let it collect dust and become stagnant. It requires action:
Manage your fair lending risk exposure by keeping the board and senior management informed and involved.
Where gaps were identified in the risk assessment process, correct quickly by updating policies, procedures, and processes. Provide training, if necessary.
Take corrective action where needed.
Make sure monitoring and reporting are ongoing.
Fine tune your fair lending compliance program elements based on the results of your risk assessment.
Remember that this risk assessment process is necessary to your organization managing its fair lending risk with success. While you may not have the dedicated resources to accomplish this task internally, don’t let that stop you. Employing a third-party vendor is a great option and should be considered. Dig in. Get started. Gain insights. Further compliance at your organization. Grow!