Mortgage Lenders must start planning now for the RESPA-TILA deadline! Depending on the size and offerings of your organization, you may have over 100 processes that are affected in some way by the integration of mortgage disclosure forms that is required by August 2015. Assuming that an inventory of all the current processes has already been done, the next step is to identify exactly what needs to be changed. Using a modeling approach to capture processes, requirements, risks and controls will make the transition as painless as possible.
For one Mortgage Lending Company, their goal is to have efficient processes that both comply with the new regulation and don’t exceed a level of risk that they are uncomfortable with. This means not only mapping how new workflows will meet the specific requirements of the RESPA-TILA regulation, but figuring out exactly at which points there are risks of deviation and how controls can be used to enforce compliance. Increasing levels of controls and business rules can come at a cost to process efficiency, so getting it out on the table in front of the key stakeholders is critical. Here’s the approach that’s working for one:
Compliance groups and project managers work together to capture and catalog requirements from the new regulation as well as risks of non-compliance.
Armed with detailed As-Is process documentation, project managers start modeling the To-Be processes, and indicate which steps are required by the cataloged requirements.
As the project managers model the new processes, they work with their SMEs to identify where there is risk of deviation. If there’s a risk, they catalog it and connect it to the step in the model (allowing them to report on high risk processes later). Where there’s a risk, they discuss which control or business rule could be applied. Decision points in the To-Be processes are analyzed – for example, what happens if a piece of required information isn’t available? Should the process continue, or should it stop? What is the cost of stopping the process? What is the risk of non-compliance?
There’s no question about whether the processes need to comply with the regulations (unless you get an adrenaline rush by breaking the rules). But there is room for discussion on how strict the controls need to be based on the level of risk the organization is willing to take. More controls frequently impact efficiency, cost and complexity of processes, so less is often more. By modeling how the requirements, risks and proposed controls impact the process, analysis techniques like impact reporting, simulation and what-if analysis can be applied. Armed with these tools and techniques, the decision makers are coming to compliant process design decisions that balance costs, benefits and risk.
For more on the on The RESPA-TILA Gorilla: Process Changes to Meet Compliance Needn’t Be a Walk Through the Jungle Blog Series, check out the next post: 5 More Reasons to Use Business Modeling to Manage RESPA-TILA Reform