QuestSoft Compliance Cafe Blog

Sign up to receive our monthly newsletter!

The CRA Examination Process Explained

Aug 8, 2017 by Brian Arnesen

The Community Reinvestment Act (CRA) was enacted by Congress and has been in effect since 1977. The Community Reinvestment Act was created to ensure depository institutions are meeting the credit needs of the local communities. Depository institutions undergo CRA exams about every 3 years, depending on past performance. Every business quarter, the Federal Deposit Insurance Corporation (FDIC) releases the CRA Examination Schedule. The exam schedule is divided up by region and lists the information about the specific bank that is being examined. There are multiple agencies that conduct CRA examinations including The Federal Reserve System, FDIC, The Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS).

FDICCRA Examination Schedule

There are 3 phases to an examination:

1.    Pre-examination Planning: Examiners gather information from the FDIC records and contact the institution to request specific information and documents.

2.    Review and Analysis: Examiners evaluate an organization’s compliance management system and its effectiveness. They will analyze any weaknesses and violations. Examiners will also assess risk to consumers based on a bank’s practices.

3.    Communicating Findings: Examiners will discuss their findings with management and provide a Report of Examination that documents both the strengths and weaknesses of a bank’s CMS.


Know What Examiners are Looking For

If you want to have a successful CRA exam, you need to know exactly what the examiner will be looking for. In short, examiners are looking for anything that appears to be a fair lending violation. According to the American Bankers Association, “fair lending practices prohibit discrimination based on race, color, religion, national origin, sex, marital status, age, source of income, or whether a person exercises rights granted under the Consumer Credit Protection Act.” An examiner will look at your bank from a variety of angles. Examiners use both risk-focused and process-oriented approaches during their evaluation. A risk-focused approach investigates operational areas where compliance errors present the greatest potential risk to cause consumer harm. Risk-focusing takes into consideration a banks products, services, markets, structure and operations to evaluate the quality of an institution’s compliance management system. A process-oriented approach will investigate a bank’s internal methods to ensure compliance with laws and regulations.

Determining Risk

An examiner will create a compliance risk profile of your institution using the risk-focusing approach. They will also assess the quality of your institution’s compliance management system (CMS) and consider the inherent risks in regard to the complexity of your institution’s business operations and product offerings. Larger banks are expected to have more risk and therefore more complex compliance programs. An examiner will also test certain transactions based on what they deem to have a high risk of causing consumers harm or where your institution’s compliance efforts seem weak.

Evaluating The Compliance Management System

The next thing an examiner will look at while evaluating an institution's CMS is management’s oversite of the CMS and the level of resources being dedicated towards compliance. Examiners want to ensure that your institution is doing everything possible to detect, prevent and avoid compliance risks. The FDIC clearly states that “conclusions about the adequacy of a bank’s CMS must be based on the effectiveness of those elements that are in place, taken as a whole, for that bank’s particular operations.” This means that just because a smaller bank doesn’t have as comprehensive of a CMS as a large bank doesn’t mean they will receive a lower score – as long as there are no major compliance issues. Institutions need to implement compliance programs that fit their size and complexity. If your compliance program is minimal but prevents violations your CRA score won’t be affected.

After your institutions CMS is examined, your compliance program will be looked at. This includes policies and procedures as well as products, services, and activities that your institution takes part in. Examiners will also look at the responsiveness and effectiveness of the consumer complaint process. Examiners want to make sure institutions are doing their due diligence.

On Site Evaluation

Examiners will look at a few key areas of a bank’s operations when assessing compliance. The FDIC lists these as the main areas they evaluate:

• The commitment of the Board of Directors, management, and staff to compliance.

• Qualifications of the compliance officer or designated staff.

• Scope and effectiveness of compliance policies and procedures.

• The effectiveness of training.

• Thoroughness of monitoring and any internal/external reviews or audits.

• Responsiveness of the Board and management to the findings of internal/external reviews and to the findings of the previous examination.

So now that we know what an examiner is looking for, we can prepare ahead of time by enacting certain policies and procedures to limit any instances of unintentional fair lending violations. Conducting both pre- and post-closing audits are a great way to ensure any errors are caught and corrected. Software such as Compliance EAGLE and Compliance RELIEF were created specifically for this.

Grading an Institution

CRA ratings are made available to the public after an examination is concluded. During the evaluation phase, a banks strong performance in certain areas does have the ability to compensate for poor performance in others. The underlying determination is your bank using safe banking practices. Your CRA rating will affect how often your bank undergoes examinations with the average being every three years for good performance.

The CRA rating is as follows:

Outstanding: A financial institution has a record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.

Satisfactory: An institution has a satisfactory record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.

Needs to Improve: An institution in this group needs to improve its overall record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.

Substantial Noncompliance: An institution in this group has a substantially deficient record of helping to meet the credit needs of its assessment area, including low- and moderate-income neighborhoods, in a manner consistent with its resources and capabilities.

Although most financial institutions are used to undergoing CRA exams, the process is still stressful and resource intensive. QuestSoft created the CRA RELIEF module of Compliance RELIEF to enable institutions to see what examiners see. CRA RELIEF provides detailed reports and analysis of an institutions lending data.