24 October 2023
GAINING A COMPETITIVE ADVANTAGE THROUGH AI COMPLIANCE
While compliance may seem like a burden in the fast-paced world of Generative AI, it can also provide a competitive advantage as consumers and regulators become more discerning.
Regulation governing consumer lending is on the rise – but a disciplined approach can add value and enhance the customer experience.
This piece is in partnership with SolasAI following our joint webinar AI for Lending Webinar: Competitive Advantage & Regulatory Compliance. For more information or to watch the webinar, click here.
How does an institution ensure that loan applications are fair and transparent for everyone? This question is more pertinent than ever as banks embrace AI tools to assess the credit-worthiness of consumers, reduce decision times, and boost their marketing efforts.
It is also a priority for regulators, who have introduced a raft of measures to ensure that the technology does not violate consumer rights. In April of this year, the Consumer Financial Protection Bureau (CFPB) and three other agencies warned against discrimination and bias in automated systems.1 Then, in September, the Bureau issued a consumer protection circular reminding lenders of the requirement to provide specific, accurate reasons when taking adverse action against a consumer, in line with the Equal Credit Opportunity Act.2
These announcements join a lengthy list of rules and regulations designed to ensure fairness and protect lending customers.
Most recently, we have seen the finalization of Section 1071 of the Dodd-Frank Act, which amends ECOA to require financial institutions to gather, maintain, and report data on loan applications. Financial institutions are also anxiously awaiting a new Community Reinvestment Act Modernization Rule. If applied, this would require institutions to better serve their communities, including low- and moderate-income neighborhoods, by increasing lending in areas that need it most.
In addition, AI promises to disrupt the three lines of defense risk model for lending institutions. New systems can be complex and difficult to manage, threatening to disrupt the first line of defense responsible for internal control measures.
The second line may not have the necessary resources to develop and implement effective risk management policies and procedures, while the third may lack the necessary expertise to audit and assess the risks associated with AI systems. Banks ignore these developments at their peril.
Given all these pressures, it is critical that institutions have a robust compliance management system to ensure all requirements are being followed. This includes board and management oversight, a written compliance program, written policies and procedures, a training program, an audit, and monitoring program, as well as a complaints program.
This matters more than ever as the use of AI increases. It is imperative that banks understand all the regulations that apply to their use of the technology from general regulations related to data privacy and security, as well as specific rules that apply to the lending function.
The most successful institutions set the tone from the very top. This ensures that a strong risk culture permeates the workforce, its lending products, and customer relationships. Everyone in the organization understands their responsibilities and they execute on it.
Above all, it encourages teams to collaborate with one another for the good of the business. Traditionally, the compliance department focuses on preventing violations, while lending seeks to grow the business. Getting teams out of their silos and working together enhances service delivery, mitigates risk, and reduces the overall cost of doing business.
Capco’s experience helping clients to build a robust compliance culture bears this out. We recently worked with a fast-growing institution, advising them on the expansion of its compliance team so that it could take a more proactive approach to regulation and better support the business goals of the organization.
As a first step, the bank created a Chief Compliance Officer position, raising the profile of the compliance team and ensuring alignment with other c-suite functions. The new CCO is responsible for oversight of the entire compliance department, including consumer compliance and risk management.
Two long-time employees accepted Compliance Analyst roles, while the existing Compliance Officer position was redefined to play a more active role in compliance monitoring and testing. This restructuring enabled the institution to support business lines by developing and deploying a new monitoring program across the organization.
As a result, the bank has seen a significant improvement in its reviews and audits, and a marked reduction in the number of consumer compliance violations.
In another example, Capco worked with an institution which had recently hired an analyst to expand the team responsible for compliance with the Home Mortgage Disclosure Act (HMDA). Despite the extra pair of hands, the number of violations relating to data collection and reporting were on the rise.
We quickly determined that there was no codified process for data collection and reporting. In response, we worked with the institution and the compliance team to create a new set of HMDA procedures which prevented any further violations.
As these examples show, banks must tread a fine line when balancing the needs of the business with the expectations of regulators. To achieve positive results, you need the right blend of resources, process reengineering and leadership.
Most of all you need a clear, objective view of the situation. This is where third-party expertise adds significant value. Where internal vested interests may prevent different teams from collaborating outside of their traditional working silos, an external organization can help eradicate costly compliance failures, while boosting efficiency and improving the bottom line.
Technology is another key factor. Where automation and AI have the potential to reduce friction and boost customer engagement, a third-party will ensure that deployment of new lending systems is both optimized to the needs of customers while meeting the stringent expectations of local and regional regulators.
This includes developing policies and procedures designed to ensure that AI is used in a responsible and ethical manner, and that it complies with all applicable regulations including the Equal Credit Opportunity Act and Dodd Frank Section 1071. Institutions will need to identify and address bias in AI systems, ensure that systems are robust and secure, and monitor their performance.
A third-party will also help to mitigate the challenges facing the three line of defense risk model. It will ensure that proper information is available and consumable to all participants from risk managers to compliance officers and auditors. This includes addressing issues such as bias in AI systems and reinforcing security to protect against cyberattacks and other threats to AI-powered networks.
Equipped with transparent, readily available information, compliance and risk teams can adapt to the rapid advance and technical nuances of AI. Automated reporting tools play a critical role in this environment, accelerating time to compliance and removing human error from the equation.
Above all, engaging an outside organization to do much of the heavy lifting around compliance also ensures that the institution can focus on what truly matters – using compliant AI technology to focus on the needs of the customer and growing the business. If your institution still thinks that compliance is a burden rather than an opportunity, now is the time to reframe your thinking and reap the benefits.
1 https://www.consumerfinance.gov/about-us/newsroom/cfpb-federal-partners-confirm-automated-systems-advanced-technology-not-an-excuse-for-lawbreaking-behavior/
2 https://www.consumerfinance.gov/about-us/newsroom/cfpb-issues-guidance-on-credit-denials-by-lenders-using-artificial-intelligence/
