Ben Giumarra

It happens to all of us: Despite our best efforts, a mistake was made.  

In many, if not all, cases where a banking regulation is violated, there is no clear requirement on what to do next. A typical institution, wanting to do the right thing, labors over this decision. “We admit we messed up, but how can we fix this?”  

So let me propose a simple framework to follow when something goes wrong, accompanied by an example applied to the framework.  

Which Regulation was Violated 

The first step is to identify the exact rule that was violated (or whether it was). 

Be as specific as possible, identifying not just the umbrella regulation (e.g. Truth in Savings), but also the specific section. This is a great starting point because surprisingly often you’ll find that a regulation itself wasn’t actually violated, but rather an investor guideline, internal policy or unofficial commentary of a regulation. Often these are prophylactic and merely protect against actual regulatory violations, as opposed to being regulatory violations themselves. Even if you’re not this lucky, you can’t take responsive action until you know exactly what you’re responding to. 

Let’s apply this to an actual example. Imagine we have a mortgage originator who was discovered using an official application with customers that are just inquiring about mortgage rates and not intending to submit formal applications. Imagine your bank realized this soon enough not to generate the thousand-page set of initial disclosures. But this still feels like a mistake was made. In this example, the specific regulatory violation that appears to exist is the ECOA rule at section 1002.5(b) that says: “A creditor shall not inquire about the race, color, religion, national origin, or sex of an applicant [except as required by HMDA].” So this does appear to be an actual violation of that regulation, because the official application collects the information about demographic data, and because an inquiry wouldn’t be HMDA-reportable. 

Guidance for Fixes 

It’s pretty rare for there to be any express regulatory guidance for what to do when an error occurs, but that’s not always the case. There are cases where a regulation or regulatory body have given instructions for what to do when an error occurs. For example, TILA provides for a 60-day window post-consummation when many disclosure errors can be corrected with a new disclosure and refund. And back when we still used the good faith estimate for most mortgage transactions, HUD had provided guidance to correct instances of missing the initial disclosure deadline by waiving all fees paid to the creditor. Where did that come from? No written statute or regulation, that’s for sure. 

In our ECOA example, I don’t believe you’ll find any express guidance on how to correct for mistakenly collecting a borrower’s demographic data. Depending on your regulator, you might actually find some less official guidance on this issue, which comes up often in commercial lending. But for the sake of using this as an example, let’s put that aside for now. 

Mitigating Harm Caused 

Take immediate action to minimize consumer harm. To do this, you’ll need to assess and understand consumer harm, in part by understanding and respecting why the rule exists. Using our ECOA example, you would probably agree the basic intent of the prohibition on collecting demographic data is to avoid the potential of discriminating against applicants based on prohibited factors. With that in mind, brainstorm how we could make up for our error here. It’s probably a little extreme for our example, but hypothetically, if we’re worried about discrimination, we could perform a fair lending analysis on each of these loans. If nothing shows up, we know the borrowers were not actually harmed. On the other hand, if we do find something improper, this gives us a chance to take remediative action. 

Stop It from Happening Again 

After dealing with consumers who have been impacted, we need to identify the root cause and make sure it doesn’t happen again. Some – myself included – might say that we need to look at this from a “CMS” perspective and update or strengthen the compliance management system – potentially affecting oversight, training, policies/procedures, monitoring, audit and other components. 

In our ECOA example, perhaps we find that this mortgage originator hadn’t received training on this issue. Or perhaps we find there needs to be greater monitoring of issues like this. Maybe mistakes like this have occurred because of a lack of accountability with neither the compliance officer or executives receiving reports on performance with items like this (going to the “oversight” prong). 

But realize that sometimes your CMS is strong enough – sometimes a mistake happened despite a perfectly functioning CMS that appropriately identified and corrected the issue in a timely manner. You’ll rarely be completely comfortable coming to this conclusion, and normally you can take some lesson away from any mistake, but don’t ruin a good system in the pursuit of perfection. 

As a “checklist thinker,” I find paradigms helpful because they break difficult decisions down into smaller bites. But you need to use those that make sense to you – I’m sure there are a dozen different ways to analyze this, and I’d love to hear about your approach!

Ben Giumarra is director of legal and regulatory affairs at Embrace Home Loans; he may be reached at bgiumarra@embracehomeloans.com.