Nsight Blog | Ncontracts

Defining Fair Lending Audits, Risk Assessments, Self-Tests & More

Written by Kimberly Boatwright, CRCM, CAMS | Feb 23, 2016 2:30:00 PM

Whether you're a compliance novice or an old pro, you may have questions about compliance. We've noticed a bit of confusion over the differences between Fair Lending audits, risk assessments and self-testing. In this quick post, we'll define those key terms (plus a few more) and explain how they fit together.

Even seasoned compliance pros may have questions about certain areas of Fair Lending compliance. While researching for our recent post on Fair Lending compliance management programs, we noticed that compliance officers have questions about the distinctions between self-tests, risk assessments and independent audits. While it's not too difficult to find a clear definition, understanding how they all fit together is a little more complicated. 

In this short post, we'll define those terms, and help show you how all these pieces fit together to create a strong Fair Lending compliance management program.

Risk Assessment: A Fair Lending risk assessment is a snapshot, a point-in-time evaluation of your institution's risk. It can be conducted internally or by a consultant. Fair Lending risk assessments enable the compliance officer to identify the program's regulatory risk and establish a risk profile. A risk assessment also allows the institution to control risk through appropriate risk management tactics and focus on high-risk areas. 

Risk assessments should be conducted at least annually, or sooner if there are changes to the business, product offerings, geography or risk exposure. Many institutions conduct a risk assessment at the beginning of the year, to set the stage for compliance success. If you don't have a risk assessment yet, you need one.

Independent Audit: An independent audit is a test that gauges the effectiveness of an institution's compliance program. It can be a test of the whole Fair Lending program, or more narrowly focused. These are usually conducted by a third party, but may be done in-house if the audit department is independent of the compliance function. In either case, the auditor needs to have the expertise and understanding of the area being tested in order to complete the audit.

Internal Audit: As mentioned above, an internal audit is an audit completed by an independent party within the institution. This may be a department that is tasked with reviewing or testing departments to ensure compliance and/or adherence to policies, procedures, regulations, etc.

Regulatory Audit: A regulatory audit is simply another word for an exam.

Self-Tests and Self-Examinations:  When it comes to Fair Lending, there is a difference between Self-Tests and Self-Evaluations. 

  • Self-Evaluations – A common and effective monitoring system is the fair lending self-evaluation process. A self-evaluation can be any process than an institution establishes to assess its fair lending posture.  The scope and nature of these evaluations vary widely among institutions based on a bank’s size and risk profile, but the following are most common:  second review of denied applications; analysis of HMDA data for disparities; comparative file review; monitoring of lending policy exceptions.
  • Self-Tests – Under ECOA, self-test is defined as “any program, practice, or study designed and used specifically to determine the extent or effectiveness of a creditor’s compliance with the act or Regulation B; and creates information that is not available and cannot be derived from files/records related to credit transactions.” The report or results of the self-test that a creditor voluntarily conducts are privileged, but the privilege applies only if appropriate corrective action is being or has been taken.  Self-testing and corrective action does not expunge or extinguish legal liability for violations of law; however, corrective action will be considered a substantial mitigating factor.  The most common types of self-testing are:  use of mystery shoppers to identify pre-application discrimination and surveys of loan applicants after decision.

According to the Interagency Fair Lending Examination Procedures Appendix, examiners “may request the results of self-evaluations,” but “should not request the results of self-tests.”

Data Analysis: Data analysis is the process of verifying, analyzing, modeling and interpreting your institution's data. Data analysis helps institutions identify red flags, uncontrolled risk or areas that are likely to draw regulatory focus, like disparities. It's an important part of many different elements of the compliance risk management process, included in risk assessments as well as self-testing and regulatory exams.

Related: How to Build a Strong Fair Lending & Redlining Compliance Management System