There’s nothing like an eye-catching, robust website. Professional websites have become the home base of a solid marketing program, and, if designed and disclosed properly, create a connection and build confidence for potential clients, potentially becoming one of the most important marketing investments a company can make.
Websites require compliance management, and the content of the website should be reviewed periodically in its entirety, for more than the product disclosures. Accuracy and completeness of the information presented is elemental.
The Federal Financial Institutions Examination Council guidance on Website Content addresses overarching E-banking risk management activities:
“Financial institutions can take a number of steps to avoid customer confusion associated with their website content. Some examples of information a financial institution might provide to its customers on its website include:
- The name of the financial institution and the location of its main office (and branch offices if applicable);
- The identity of the primary financial institution supervisory authority responsible for the supervision of the financial institution’s main office;
- Instructions on how customers can contact the financial institution’s customer service center regarding service problems, complaints, suspected misuse of accounts, etc.;
- Instructions on how to contact the applicable supervisor to file consumer complaints; and
- Instructions for obtaining information on deposit insurance coverage and the level of protection that the insurance affords [if applicable], including links to the FDIC or NCUA websites at http://www.fdic.gov or www.ncua.gov, respectively.
Website Design and Administration
Few of us are web designers, or capable of web administration, and outsourcing the technical design and administration of a website has become routine for many financial institutions. Consistent with good third-party vendor management, the financial institution, however, is responsible for everything the third party does or communicates through the website. Financial institution management must ensure it has a full understanding of the operation of the website, and it must be prepared to describe the level and extent of due diligence it conducted in the selection of the vendor and ongoing oversight.
Compliance Management and Internal Controls for Mortgage Lending
We can take some clues about website compliance management and internal controls from the financial institution examination procedures. They outline the parameters that should be addressed to stand up and maintain a financial institution website.
General Website Management
- Do the board of directors and senior management have oversight of website design and implementation?
- Does the documentation, such as meeting minutes, approved written policies, and revisions, demonstrate appropriate oversight?
- Is compliance management an integral part of the development, testing, and maintenance of the financial institution’s e-banking delivery system?
- Does the compliance program and risk assessment include electronic banking issues and associated risks?
- Do the financial institution’s policies and procedures encompass e-banking delivery system activities?
- Does the financial institution have procedures in place to ensure compliance with all applicable record retention requirements for information portrayed on the website?
- Do external and/or internal auditors review the financial institution’s website?
- Are compliance personnel involved in the development, maintenance, and testing of the financial institution’s website?
- Does the financial institution have internal controls/processes in place to ensure that the website remains compliant with consumer protection laws and regulations?
- Is there a process in place to ensure that changes to the website undergo proper documentation, compliance authorization, and implementation?
- Does the financial institution’s training program adequately address e-banking compliance issues?
Consumer Protection Compliance – Fair Lending Issues
- Do any of the pages depict human images, and do the images reflect local area demographics in terms of race, age or any other prohibited basis group?
- Does the website contain any special features such as an automated property location referral or a home finder tool and would the use of this tool result in illegal discrimination?
- Do the advertisements contained on the website, by words, symbols, models or other forms of communication express, imply, or suggest a discriminatory preference or policy of exclusion in violation of ECOA or FHA?
- Do website mortgage loan advertisements discourage on a prohibited basis applicants or prospective applicants from making or pursuing an application?
- Does each page advertising mortgage loans contain the FHA logotype with the equal housing lender legend/logo?
- Does the financial institution take or accept applications for mortgage loans through its website, and, does it comply with the requirements for credit applications, including content of the application format, and prescreening, credit scoring, or any other automated underwriting tool for information submitted on-line?
Consumer Protection Compliance – Mortgage Loan Products
- Does the financial institution advertise mortgage loan products on its website, and do they comply with requirements of Regulation Z – Truth in Lending; Regulation N – Mortgage Acts and Practices – Advertising; and the Unfair, Deceptive, or Abusive Acts or Practices Act (UDAAP)?
Consumer Protection Compliance – General Compliance
- Does the financial institution comply with the notice and disclosure requirements of Regulation P – Privacy of Consumer Financial Information on its website?
- Does the website gather information about children under the age of 13, and does it comply with the provisions of the Children’s Online Privacy Protection Act (COPPA)?
- Does the financial institution electronically deliver notices and/or disclosures through its website subject to the consumer consent provisions of the E-Sign Act, and, if so, does it comply with the requirements of the Electronic Signatures in Global and National Commerce Act (E-sign Act)?
While not exhaustive, this list gives some insight into website compliance management structure. Lenders and servicers, if they are maintaining websites available to and directed at consumers, need to incorporate website compliance management into the Compliance Management System (CMS), including, but not limited to: policy, procedures, training, internal monitoring and audit, third-party vendor management, and other relevant activities. It is important to review the coverage of the laws, regulations, and rules for mortgage advertising, and ensure your institution’s compliance management is structured to address the specific requirements for your institution type (for instance, bank, nonbank, etc.).
Around the Industry:
CFPB monthly complaint report focuses on complaints from older consumers.
On the Horizon:
CFPB blogs to the public to comment on the ATR/QM rule assessment plan.
What challenges might a financial institution encounter to report HELOCs for HMDA and how can your institution successfully overcome them? Get some help here.