Fair Lending: Safeguarding Sensitive Data under Dodd-Frank with Innovative Software Solutions
Hello, everyone. I'm Janine Donnelly, manager of webinars for Independent Banker. And on behalf of the ICBA and Independent Banker, I'd like to welcome you to our presentation, Fair Lending, Safeguarding Sensitive Data under Dodd Frank with Innovative Software Solutions. We will be holding a q and a session at the end of the webinar. You may ask a question at any time during the event by entering it into the q and a panel. If you experience technical difficulties during the webinar, please use the q and a panel to alert us, and someone will assist you. You may download a PDF version of today's slide deck by clicking on the drop down menu labeled event resources. You'll find that on the left side of your screen. And know that you can download those right from the platform without being disconnected from the webinar. Today's webinar is sponsored by Alligent. Alligent provides proven end to end check check payment processing, digital online, mobile banking, and information management platforms to financial institutions. Our featured speaker today is Jen Mitchell. Jen is currently Alligent's VP of sales and director of product management for AccuAccounts. AccuSystems and its flagship AccuAccount platform were acquired by Alligent in twenty twenty two, and Jen was one of AccuAccounts' first employees. Having held various roles in business development, support services, imaging, and as a trainer, Jen has been integral in the extensive market adoption of AccuAccount, and it's reached to more than fifteen thousand bankers for more than two hundred financial institutions. And with that, Jen, I'll turn the presentation over to you. Thank you, Janine. Welcome, everybody, and thank you for attending our webinar today. And thank you to our partnerships, to allow us to offer this webinar to you all today. Just to go over the meeting agenda a little bit, we're gonna talk about Alligent, and who we are and what we do. This is a very high level. We're gonna really dig into the dog Dodd Frank regulation and the changes that were made to that regulation, as well as the compliance deadlines that, have been moved and the date has actually moved forward. Just the one time so far, so we'll look at those. And then we're gonna talk about some different processes on what you can do from a paper standpoint, electronic document standpoint, and then, obviously, how you can hide this data from a software standpoint. So all Alligent's main focus is to offer an end to end solution for financial institutions. We've accomplished this by listening to the needs of our current customers and prospects to Allegiant continues to grow our products as, as changes are needed in our industry from security to compliance requirements and even the new latest and greatest technologies that they put out there. So this slide here just talks a little bit about automating the entire transaction ecosystem and what we offer. We offer software that helps financial institutions in all the departments. We offer a payment and deposit solution to manage check processing with API to third party products. This gives us the ability to do real time check fraud from on tech that from techs that were presented at the teller line, mobile deposits, or ATM. We offer process automation solutions to manage document and process workflows. This is the ECM that we're really gonna focus on today. It allows the FIs to become completely paperless throughout all departments of the financial institution. And we offer a digital banking solution that integrates with our other products. So all our innovation, we here this slide's nice because it kinda shows exactly who we are and what we've done. We currently service all types of financial institutions from the tier one FI to the credit unions to the community bank space, which is obviously our our very, deep part of our accu account world. Alligent currently offers over a hundred and twenty five integrations between all the products. So when we talk about those integrations, we're talking about, you know, the core integration, the esign integration, integrations to other platforms, LOS, those types of things. We also have several partnerships, and we have about two hundred and twenty five employees. We have dedicated development and support team from each of our products, allowing for the expertise in each of those solutions. That's big. That that allows us to become experts in each of these these products. And then most of our current customers are around the five hundred million asset size range. You can see that there. However, we have several FIs that range from the five hundred to two billion, and that's really where we're starting to see a lot of movement with our product. And, of course, then we those that are ten billion plus range. So today's webinar is really gonna focus around the fair lending safeguarding sensitive data under Dodd Frank with innovative software solutions. To start, we're really going to, again, look at the amended regulation. So the amended regulation is the section ten seventy one, And section ten seventy one amended the Equal Credit Opportunity Act to require financial institutions to compile data regarding certain business credit applications and report that that data back to the Consumer Financial Protection Bureau, also known as the CFPB. Section ten seventy one specifies several data points that require financial institutions to report on those. The purpose of section ten seventy one is to enforce fair lending laws and to identify business and community development needs and opportunities for women owned, minority owned, and small businesses. Section ten seventy one also contains several requirements regarding that information that is compiled, including the requirement for financial institutions to restrict certain access to that certain information, the requirement of maintaining certain information, and the requirement for reporting and publication of that data. So looking at the changes for the twenty twenty four, twenty twenty five for this, for this compliant or to be in compliance, number one, the requirement is to limit the access to certain data. So the final ruling implements the following. So when we look at this change, what is it really doing? It is, requiring that employees and officers are prohibited from accessing applicants' responses to the following data points when that employee or officer is involved in the decision making for the application. So if, if they're involved in any part of that decision making for the loan, they should be restricted from reviewing their minority owned status, women owned status, LGBTQ status, also regarding the principal owner's ethnicity, race, and sex. This does not apply to an employee or officer if the financial institution determines that the employee or officer should have access to one or more of the responses if they provide notice to the applicant. So as long as you're providing some type of notice to the applicant, then this information can, then be shared with whomever at, the financial institution that you determine. This rule also prohibits the financial institution to disclose the demographic information to other parties. So a little bit about the compliance deadline. Each financial institution can determine their tier by the number of covered credit transactions for small businesses. So in looking at this here, just a tier one, they are somebody who does twenty five hundred or more loans per se. And their original date for this to be in compliance with this, it was October first twenty twenty four. The new date now is July eighteenth of twenty twenty five with their first filing deadline of June first of twenty twenty six. The tier two is if you do five hundred to twenty two thousand four hundred ninety nine loans. Their original date was April first of twenty twenty five. The new date now is January sixteenth of twenty twenty six, and the first filing date deadline is June first of twenty twenty seven. The tier three are those who do a hundred to four hundred and ninety nine loans. Their original, date for their their compliance was January first of twenty twenty six. It has now been moved to October eighteenth of twenty twenty six with the first filing deadline of June first of twenty twenty seven. Just so you know, we gathered that information from the Consumer Financial Protection Bureau's website, and we are watching it closely in case dates are changed. They are not finalized, but this is the last date that we had out there. If you do need to review the process for filing, you can always visit the CFPB's website. They share a ton of information. Again, that's where we got most of our information for this presentation, and, you're more than welcome to go out there and review that, what they've they've put out there. Yeah. One of the things that, I we did put together here is how can you determine your financial institution's peers. So I did a little example so you could review this and look at it and and determine kind of what your filing be will be under your compliance here will be. So, one example on how you can determine your tier is by following this example that we have up here. So this financial institution, in my example, originated a hundred and twenty covered credit transactions for small businesses in each of the calendar years, twenty twenty two, twenty twenty three, twenty twenty four, and then only ninety in twenty twenty five. Now because that financial institution did not originate at least twenty five hundred or five hundred covered credit transactions for small businesses in each of twenty twenty two, twenty twenty three, and twenty twenty four, it is not in the tier one or tier two. Because that financial institution did originate at least a hundred covered credit transactions for small businesses in each of twenty twenty two, twenty three, and twenty four. It is in tier three and has a compliance date of October first or October eighteenth of twenty twenty six. So that's how you can find that. Again, those that example is just one small example. However, there is something I do wanna point out in that. Because financial this financial institution did not originate at least a hundred covered credit transactions for small businesses in twenty twenty five, it no longer satisfies the definition of the covered financial institution at the compliance date for tier three, which means this institution is not required to comply with the rule in twenty twenty six. So all because it didn't originate that hundred, loan that drop or a hundred and twenty loan that dropped to ninety, it now means that it does not have to, comply with the rule. So let's talk a little bit about how to manage this data. You know, now that you know that that you're trying to, manage this and and only allow certain individuals access to this information if they're not if if they're not part of the decisioning process or if they're part of the decisioning process, they're not allowed to review this information. Now how what are you gonna do with this? How are you gonna do this? So when we looked at some of the different options, one option is, obviously, if you still have everything in paper. So first, your institution really needs to think about how to manage that paper process and build a new process around how you will manage that information on those paper files. What does that look like? Who can have access? How are you gonna access that information? Just know, I actually reached out to a few of my current financial institution customers and asked them what would this look like if it was a paper process for you? So I I just took, you know, high level and and took a a little survey. And number one, they said the one thing that they would have to do is just remove that paper information altogether from the file. So your complete loan file would have no information, none of the demographic information in it. So placing those documents probably in a separate folder. And then in that folder, they would have to file that, in some other separate file cabinet or vault. So this would this would cause a lot more, let's say, paperwork, a lot more work to take this information out, place it into another folder, place it in a secure location. Then they would have to have some type of logging for check-in and check out. So just think about that. When you're looking at this and how you're gonna manage this data, what does that check-in and check out process look like? Then the final step would be is that when auditors ask for this information, it needs to be secured and there has to be some type of log or report that is available for them to review. Just something to think about with this process, how is the financial institution certain that the individuals who have access to that information are the ones who are actually, receiving that information? So how are they accessing it? Are they going and logging in and and, you know, checking in and checking out? And who's gonna manage who has access to that information? The next example that I really wanted to focus on was that electronic process. And this is more if you are taking your files and you're placing them on a shared drive of some type that you're sharing with others throughout your your bank. You know, some call it a a lending drive, some call it a share drive, whatever that might be. And FIs are storing documents on that share drive, but you're also having to build and maintain a process around that as well. Because today, you're taking and you're probably dropping those on a in that drive under a customer number and under maybe a possibly a loan number. And, you know, so you have some kind of file structure, but it everybody has access to those files. So just an idea on how you might be able to to manage that if you are using that process is you can take those images and route them through a person or a department that is not part of the decision making process for the loan. Then they would store those images in a separate drive somewhere that they would have access to. They could still do the same naming convention. It would just be somewhere separate. The next, thing to think about is is maybe you can take those images, store them in in that same, drive, but with limited access. Again, that's kind of a manual process for somebody to go out and set that limited access on those documents. And then there's also the option of images are stored in that those customer files. So right where they're at today, but then you're utilizing some type of permission on those documents. And when I talk about permissions, I'm talking, you know, somebody's having to go out there again and administer, oh, these these people have, this this access to this document once you place it into that folder. Or the image is stored in the customer's file, but it's password protected. And when we talk about password protection, I, I know that that is always a little bit harder of a process to manage because somebody has to have the password in order to share that password to gain entry into that document. But it is an option. Alright. So managing data with software. Obviously, an ECM is probably your best option. Sorry about that. I I skipped ahead there. When I talk about an ECM, it's an electronic content management, document management, those are all they intertwine. And if you currently have an ECM or you are looking to implement an ECM, I really wanna look at some of the few things you should look at for the ACM to be in compliance for the Dodd Frank Act section ten seventy one changes. These are the things you should be looking for or you should be looking for your current vendor to do for you in your current imaging system or document management system. So number one, the ability to hide documents from certain users. In my example, in this screen here, I show an application on the left hand side, and what I've done is is I've identified, within within the software that there's demographic information on this document. So I put a check mark there. Now when I go to the customer page, if I don't have access to that document, because it has demographic information, you'll see that it is, it's still there on the page. I could still review that the documents there and that it's available, but it actually gives a little warning sign that I I'm denied access to that document. So that is something that you should look for is the the ability to hide that from certain users. And, you know, you can actually go in and identify each user if they have access to the the, demographic information. Yes or no. It's just that easy. The next option is the redaction. Redaction on documents is probably, the best thing that you could really do. This gets access to the document, but not all the data on the document. So you can actually take and block out certain information to certain users. You can define those users and that can either see the information or cannot see the information. And that will show them on the screen. They're able to view everything that they need to. So the things that they need from that application or the things that they need from that that, that document are available to them, but they just wouldn't have that redaction would allow that hidden data to to not be viewable by those specific users. The next thing you wanna look at is if you wanna really look for an an ECM that offers the audit logging. And when I talk about audit logging, not just for your examiners, but it's audit logging of the documents, the document viewing, who viewed these documents, how often they view these documents, all the changes and updates that are done on specific documents, who did those changes, date and time stamps, all of that audit logging. So the that ECM should be able to give you some type of reporting that will allow you to be able to share that with examiners if they need it. But more so, it's more of a log that says, hey. These people are viewing this. Why are they viewing it? Why are they trying to access it? Why did they make changes to it, when they they made changes to it, all of those things. And those audit logs, again, can be pulled on a daily basis, weekly basis, monthly basis, quarterly, and they can be archived as they need to be for review in the future. So just looking at the ECM a little bit. Again, you have the pay we talked about the paper process and what that might look like, and I did get some input from some banks on that. The electronic process, what that might look like without a a true document imaging system or or ECM. But having an ECM in place gives you so many benefits. First of all, it puts all the images in a structured place. It's going to allow you to have the same naming convention across the board. It's going to allow you to have all of the security set up on the rules for the documents, and it's all managed within the software. It can all be reported on. The document audit logs and view reports are available through a soft through an ECM, allowing you to be able to share that information as you need to. But the biggest thing about putting an ECM in place is streamlining the process. There's no logs to manage from from this new, this new compliance. There's no set it, you just really just set it up one time in the software, and it does the work going forward. Not like you have to revisit it every time you look at it, you know, like that paper process where you happen to go in and make sure that you're taking those out, placing them in a separate folder, and placing them, with the check-in, check out. There's no additional work somebody remembering to have to go out there and set the security or the password on the document. The software will manage that for you. No one has to maintain that information. It's literally done within the software. So this was, this was something that we offered out on our website. This is actually just a little bit more information about what your institution needs to know about the Dodge Frank Act. It's a white paper that we offered out there. You are more than welcome to this is actually a clickable link. You can go out there and you can download this white paper from us. And, obviously, if you have any questions, you are more than welcome to reach out to us. And at this time, I'm gonna turn it back over to Janice. Great. Thanks, Jen. So as Jen mentioned, you can click on that link right now. It will open in a separate window and be available to you following the webinar. So, Jen, we did get some questions. Let's get started. The first question is, can we set up roles within the software that can then be assigned to specific documents? You can. Absolutely. That's a great question. So you can set up a role that says, you know, these are admins or the, another role option might be, demographic data role, and those can then be assigned to specific documents. You can absolutely do that. Great. Okay. Is there a report for auditors that will show them which users have and do not have access to the demographic information? That's a very good question as well. Yes. We do. Software most software, any ECM would offer an audit, report that will show you the users that have access. So there will be some type of user role, reporting, and it will show them exactly what type of access you have, including if you have access to the demographic information. Perfect. Okay. How about this one? With redaction, can the user still print the document to review the information? Can it be printed? That is another very, very good question. No. Our software does not allow somebody with, so you cannot print something out of our our software, if you do not have access to that document reduction. So if you try to go around the system and print it and review it, there is no way you can do it. It does not it denies you access to print that document. Gotcha. Okay. Seeing no more questions, I wanna thank everyone for attending today's webinar, and I also wanna thank Jen for sharing her expertise with us today. Later this week, watch for a follow-up email containing a link to the recording of today's webinar so you can watch it again or forward it to your colleagues in leadership to view on demand. That concludes our webinar. Thanks again, and enjoy the rest of your day.
Explore the Equal Credit Opportunity Action, Section 1071 of the Dodd-Frank Act. In partnership with Independent Banker, discover how cutting-edge software ensures compliance, protects data integrity, and fosters fairness in lending.
Watch our webinar recording to gain insights into:
- Implications of the new regulation
- Leveraging advanced software solutions for regulatory compliance
- Effective strategies for safeguarding borrower data
- Best practices to promote fairness and transparency in lending