The government will implement the General Data Protection Regulation (GDPR) through the Data Protection Bill, which was announced in the Queen’s Speech on Wednesday 21 June 2017.The GDPR, which been designed to protect EU citizens from privacy and data breaches, will include mandatory breach notifications delivered in a 72-hour period where a breach is likely to result in a risk for the rights and freedoms of individuals. Subjects will also be able to discover whether personal data concerning them is being processed, where it is being processed, and for what purpose.The GDPR will give individuals more control over their own data, enabling subjects to receive personal data concerning them, and to transmit it to the data controller of their choice. Subjects can additionally remove their consent to have their personal data erased, or circulation or processing of their data stopped.Organisations that do not comply with GDPR legislation, effective from 25 May 2018, can be fined up to 4% of their annual global turnover or €20 million, whichever is the greater amount.The legislation will apply to organisations located within the EU, as well as organisations based outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. The GDPR will be applicable for all organisations processing and holding the personal data of subjects who live in the EU, regardless of where the organisation is located.The Data Protection Bill will legislate to accommodate the GDPR. Ongoing Brexit negotiations and the UK’s decision to leave the European Union (EU) are not expected to affect the commencement of the regulation in 2018.The Data Protection Bill aims to ensure that the UK is compliant with its obligations while it remains a member of the EU. After leaving the EU, the Bill will help the UK to maintain its ability to share data with other EU member states, as well as internationally.The Bill will also work to establish a new data protection regime for non-law enforcement data, replacing the existing Data Protection Act 1998. This is designed to empower individuals to have more control over their personal data and ensure that the data protection framework is suitable for today’s digital age. The Bill also aims to modernise the data processing regimes used by law enforcement agencies, and update the powers and sanctions available to the Information Commissioner.Helen Baker, partner at Sackers, said: “With the Queen’s Speech last week, we now know that there will be a UK Bill that will become a UK Act. [Pension] schemes, and everybody else that needs to comply, do still need to be looking at GDPR. GDPR is going to be with us in May next year. It will apply automatically and will carry on applying while we’re in the EU, and although we don’t know lots about what’s going to be in the UK Act, it sounds as though it’s going to have a lot of the features of the GDPR.“As we come out of the EU and we have the Great Repeal Bill, effectively the Act is going to plug in behind [that] because regardless of whether we are in the EU or not, data protection legislation is due an update, not least because of how technology has moved on since 1998. Plus, we are going to need to have a framework that is fit for purpose for doing business in the EU. I think it’s part of an evolution rather than necessarily a big game changer.“We don’t really have the information to know [whether the Bill will have a bearing on pensions and benefits] for certain one way or another. I think the expectation is GDPR will [have an impact] and it’s a big enough overhaul of the whole data protection regime that schemes are going to need to do things and take action. If the new UK Bill mirrors it substantially, then it’s all going to feed through.”Read more about what the Queen’s Speech 2017 means for pay and benefits.
in Daily Dose, Government, Headlines, News The mortgage industry is still adjusting to the TILA-RESPA Integrated Disclosure (TRID) rule, and although the dust has seemingly settled community banks are still battling with the regulation.Even though the industry struggled with TRID implementation and there’s a good chance that delays continue, there’s a feeling that the worst has passed.Eric Rawlings, Chief Technology Officer at Digital Risk and Janice Minchenberg, Director of Implementation Management at Digital Risk discuss how “bolt-on” technology meant to make lending systems compliant remains costly, inefficient, and a band-aid solution, especially among community institutions.MReport: There has been a lot of talk about how increased regulation has been tough on community banks. How are they adjusting to the implementation of TRID?Rawlings and Minchenberg: If you ask them, not well. The Community Banks did not have the luxury of funding an in-house solution to the TRID compliance challenges, as compared to larger financial institutions. As a result, they have had to purchase technology from third-party vendors, but these technologies are not perfect; there are compliance issues that not only slow down the pace of the business, but also expose them to regulatory liability and could even make the loan unsaleable on the secondary market. The problem community banks are facing is that many investors interpret the changes differently: Agency loans have not been an issue for them because the GSEs allow more leeway for “errors” (currently), but Jumbo and Bond loans have more confusion and are at a higher risk of being deemed unsaleable. Larger lenders still face the same challenges, but they have the ability to portfolio loans and retain servicing. Thus, the potential for risk and financial loss is greater for community banks, where just a few unsalable loans can have devastating effects on the bottom-line. Additionally, Community Banks have the added cost of seeking external pre-closing quality control services, as well as external training, webinars, LOS systems and counsel, to reduce the risk of producing unsaleable loans. Unsurprisingly, community lenders have been outspoken regarding these issues in their efforts to secure grace periods and to ensure the industry understands that the depth of the TRID impact has been different for smaller lenders.MReport: What are a couple of the major TRID compliance issues you have been hearing about or that you have experienced within the community bank space?Rawlings and Minchenberg: The biggest issue so far for community lenders has been the software reconfigurations necessary to begin processing TRID loans in the first place. TRID combined prior forms, created two new forms, changed timelines and made minor details more important than ever. For example, the LE and the CD have different rules of rounding numbers, and most systems do not accurately capture that. Another issue for Community Banks is the longer timeframes for closing, which lengthens the period for the locked interest rate. Community Banks have to sell the loans within the lock period they locked with the investor, so if the lock period is lengthened, they have to pass along the cost of the extended lock period onto the customer. Larger Banks can absorb this cost, so Community Banks’ pricing is becoming less competitive. Additionally, many large banks have been issuing credits to the consumer for errors, rather than issuing changes in circumstances and delaying closings. Community Banks cannot eat those costs and must instead re-disclose and wait for the time periods to be met. Following the timeframes has also created issues with many lenders inadvertently issuing a re-disclosed LE after the CD may have been issued, causing a violation and potential penalty or even an unsaleable loan. As a result, the community banks with weaker internal support for technology and fewer resources have taken more time to verify the accuracy of the documents via personnel review, costing them money and time. Even with these reviews, mistakes have still occurred, and the potential for liability weighs heavily on the community lending leaders.MReport: Do you see TRID compliance becoming less or more of an issue over the next year among community banks?Rawlings and Minchenberg: We believe that TRID compliance will be more of an issue in the short-term. The issue will begin to resolve once the inaccuracies within the LOS systems have been discovered and corrected, Investors become more comfortable with the changes, the Closing Attorneys/Title Companies are on the same page, and employees understand the requirements. Even with the CFPB’s recent response to the Mortgage Bankers’ Association regarding deference to good faith efforts in TRID compliance, the technology solutions for TRID still, at some point, must work properly. Good faith will only take a community bank so far. Employing a vendor solution that fails again, for example, may have a significant detrimental impact on business. Either way, TRID will remain the focus of community banks in the New Year as they search diligently for a true solution. Most of these kinks will be worked out but community banks in the long-term; however, community banks will still be faced with the additional cost to validate compliance reviews, and consumers who obtain loans from community banks will be required to pay higher fees to compensate for the longer lock periods, closing time frames, and additional costs the lenders and closing attorneys/ title companies have had to incorporate. We recommend that large lenders and community banks obtain third-party assistance from compliance and technology experts, such as Digital Risk, who can bridge the gaps between technology solutions and newly implemented regulations.MReport: What role does technology play in TRID regulation? Has it been effective among community banks? Or is it just a temporary solution?Rawlings and Minchenberg: Yes, Technology plays a very large role in TRID regulations and will not be a temporary solution. Technology will be ongoing for many calculations, alerts for increased fees, tolerance violations, accurate date requirements, deadlines, proper calculations, rounding, placement of fees and the output forms properly extracting the correct data into the correct fields. Technology will also remain important to the tracking of the disclosures, how they were submitted to the consumer, and the need for an increased amount of electronic signatures. As rates increase and Adjustable Rate Loan programs become more dominant, it will be even more important that technology is properly configured, since there are many additional fields that will be required. In fact, many of these additional fields have not been tested at this time because ARM loans are currently not popular.Many community banks do not have their own LOS systems and usually purchase a third-party LOS system, which enables them to rely on that vendor to apply the adjustments and updates. We believe in this case, community banks may have an upper hand over the larger banks as they have the ability to have the corrections made by their LOS vendor, rather than having to either hire internal technical support or depend on the internal team to figure out a workaround. Many large lenders have had to install a manual work around until their inside technology teams can incorporate improvements to their systems, thereby leading them to hire third-party vendors to get them caught up and back on track. Technology will also be required to assist in reminders and alerts for timing of the disclosures, proper calculations for the different definitions of business days, tracking, and retaining proof of the intent to proceed, methods of document delivery and receipt and document retention.MReport: As lenders engage in more efforts to bring Millennials into the housing market, the availability and efficiency of lender technology will be emphasized. How can community banks reach this generation effectively?Rawlings and Minchenberg: Having come-of-age in an era of incredibly quick technological development, Millennials expect the option of doing business quickly, virtually, and from anywhere they choose. The ability for electronic delivery, e-signature and smart phone applications will be in demand to allow for the ease of following the loan process through real-time electronic updates and texting. Because of the pace of technology development and the power of brand recognition in the Millennial generation, community banks are at a disadvantage as the cost of obtaining this type of technology may be out of reach for them. As a result, community banks must be targeted in their efforts by focusing on the technology most aligned with Millennial expectations. Streamlining these few aspects of technology will have the largest impact on the Millennial Customer Experience, while incurring the most reasonable expense.Click here to learn more about Digital Risk. Community Banks Digital Risk TILA-RESPA Integrated Disclosure Rule TRID 2016-01-08 Staff Writer The Worst of TRID is Yet to Come for Community Banks January 8, 2016 717 Views Share