C
OMPLIANCE OFFICERS HATE UNCERTAINTY.
We need to have a game plan and know where we are
going so we can plan and implement. Last November,
the United States got a new Chief Compliance Officer, Donald
Trump. For a while at least, there will be confusion while
the industry adjusts and figures out the new game plan. For
example, what will happen to the Dodd-Frank Act?
A number of regulations and regulatory bodies may change under President
Trump, and there is much to discuss about what the new presidency will
mean to bank compliance. There may be a number of modifications in the
regulatory environment that we cannot presume to anticipate at this time.
While we can’t forecast for certain the changes this year will bring, we
can discuss new or revised regulations, regulatory requirements, guidance,
and best practices that should be a part of your 2017 compliance program.
Here are the highlights:
Uniform Interagency Consumer Compliance Rating
System (Rating System)
The prudential regulatory agencies plus the Consumer Financial Protection
Bureau (Bureau), the National Credit Union Administration, and the State
Liaison Committee updated the 1980 Consumer Compliance Rating System
(CC Rating System). The revised CC Rating System is intended to reflect the
risk-based approach to compliance management and compliance examinations; it recognizes the change from transaction testing to an evaluation of
4 | ABA BANK COMPLIANCE
BY RICK FREER, CRCM
O
LO KIN G
A H E AD
YOUR 2017
GAME PLAN
the effectiveness of a bank’s compliance management system, considering
the size, complexity, and risk profile of each institution.
The CC Rating System continues to apply a one to five rating scale, where in
this case, one is the best rating, and five is the worst. The rating system is designed
to incent institutions to establish and maintain strong compliance management
systems. Institutions that receive a one rating will be those that not only maintain
a strong compliance program, but whose systems and processes are developed to
prevent, self-identify, and address compliance concerns in a proactive manner.
The CC Rating System directs examiners to evaluate the following:
■■ Board and Management Supervision—Ratings consider board and
management oversight and commitment, change management processes,
risk identification and management processes, self-identification of issues,
and actions taken to correct program deficiencies and violations.
■■ Compliance Programs—Ratings evaluate whether an institu-
tion has appropriate policies and procedures consistent with
product, service, and activity risks, as well as the efficacy
of its compliance training efforts, monitoring and audit
processes, and consumer complaint monitoring, resolution, and tracking, and reporting processes.
■■ Violations of Law and Consumer Harm—Ratings
consider the root causes of violations, determine the
severity of consumer harm, document the on-going nature of the violations, and assess the breadth of violations.
LEONELLO/ ISTOCK, WORDS+PICTURES/ SHUTTERSTOCK
The CC Rating System provides rating definitions for each of the three
rating categories, but no overall rating definition samples. The CC Rating System will apply to all consumer compliance examinations that begin
after March 31, 2017. You can review the rating system in the November/
December 2016 issue of ABA Bank Compliance magazine on page 24, or at
www.ffiec.gov/press/pr110716.htm.
Military Lending Act
The most recent Military Lending Act amendment expands the rule’s coverage to include products most banks make every day. Compliance with
the new regulations is required on October 3, 2016 for all covered products including payday loans, overdraft lines of credit, and most installment
loans. However, provisions covering credit cards don’t become effective
until October 3, 2017.
While financial institutions must comply with the new
rules now, there are still some elements of the regulation that need clarification. These include:
the scope of the exemption for purchase
money loans; whether covered
borrowers may obtain loans
secured by a bank account;
and practical questions
about systems financial
institutions must use
to determine military
status. In addition,
LOOKING AHEAD: YOUR 2017 GAME PLAN
The American Bankers Association is engaged in on-going
discussions with the DOD to clarify these and other issues
so that financial institutions can be assured they are
complying with the various legal requirements.
clarification about what constitutes a “reasonable” fee that may
be excluded from the military APR is necessary.
The American Bankers Association is engaged in on-going
discussions with the DOD to clarify these and other issues so that
financial institutions can be assured they are complying with the
various legal requirements.
The Federal Financial Institutions Examination Council’s
(FFIEC) Task Force on Consumer Compliance recently revised
the interagency examination procedures for the Military Lending
Act (MLA) of 2006, and examiners will use these revised examination procedures for examinations relating to MLA compliance
that begin on or after October 3, 2016. However, as has been the
case with rules issued recently, initial examinations should focus
on an institution’s efforts to implement the new rules, including
the integration of updated MLA policies and processes and employee training into the bank’s compliance management system.
For more detailed information, see the September/October 2016
issue of ABA Bank Compliance magazine, page 22, or www.fdic.
gov/news/news/financial/2016/fil16065.html.
Flood Disaster Protection Act
In November 2016, the agencies re-proposed, after a lengthy delay, a
rule to implement the Private Flood Insurance Requirements of the
Biggert-Waters Flood Insurance Reform Act of 2012. Comments
on this new proposal are due January 6, 2017, and presumably
a final rule will be published sometime in 2017. The proposal:
■■ Provides a compliance aid to help identify whether private
policies meet the definition of “private flood insurance.”
■■ Permits lenders to exercise discretion to accept a private insurance policy that may not meet the regulatory definition of
private flood insurance.
■■ Creates an exception to facilitate the acceptance of private policies issued by a mutual aid society.
Additionally, the National Flood Insurance Program (NFIP)
must be reauthorized by Congress before September 30, 2017.
Experience with previous reauthorizations suggests the NFIP may
be changed significantly to address ongoing concerns regarding
the financial viability of the program, including efforts to enhance
and foster private market solutions; maintain and improve flood
risk management processes; and improve flood risk mapping.
Keep an eye on developments on this issue as we proceed through
2017. For more detailed information, see the July/August 2016
issue of ABA Bank Compliance magazine, page 16.
Home Mortgage Disclosure Act (HMDA)
Data collection rules for HMDA were announced in the fall of
2015, and they go into effect January 1, 2018, while large reporters will begin quarterly reporting in 2020. Now that we are one
year closer to full implementation of many provisions of the new
6 | ABA BANK COMPLIANCE | JANUARY–FEBRUARY 2017
HMDA rules, bankers should be far enough along in the development of an implementation plan to manage the process from start
to finish. Change management project teams should consist of
staff from each of the affected lines of business, compliance, and
information technology. Appropriate third-party vendors also will
have to be looped into the implementation process. Obviously, as
revised systems and processes are developed, it will be necessary
to train all staff associated with HMDA data processing. Finally,
time must be allocated for testing of the new processes and to
respond to any gaps or issues identified by that testing.
In addition to the planning steps described above, bankers must
prepare for changes scheduled to become effective in 2017. It is
helpful to become familiar with the 2017 Filing Instructions Guide
(FIG). This guide provides all the filing information necessary for
data captured in 2017 and to be reported in 2018. The FIG outlines
the data submission process, the process for validating the edit report, the officer certification process, and how to contact “HMDA
help.” It also provides detailed information regarding the 2017
file and edit specifications, and frequently asked questions.
For a copy of the 2017 FIG, visit www.consumerfinance.
gov/data-research/hmda/static/forfilers/2017/2017-HMDA-FIG.pdf .
In 2017, Institutions also should apply
for a Legal Entity Identifier; a unique
20-digit alphanumeric identifier, and
more information can be found
at www.gmeiutility.org.
Recall that in 2018,
banks will report 2017
HMDA data to the Bureau,
not the Federal Reserve
Board. And, for those institutions that must file a resubmission of HMDA data, it will also
be sent to the Bureau. Also note
that banks that meet all the other
criteria–which is consistent with the
old HMDA rule–only have to report
HMDA data collected for 2017 if they
made at least 25 home purchase loans,
including refinancing of home purchase
loans in both years 2015 and 2016. For
additional information regarding the new
HMDA rules and data reporting processes,
see the November/December 2016 issue
of ABA Bank Compliance magazine, page
28, or www.consumerfinance.gov/policycompliance/guidance/implementationguidance/hmda-implementation/.
Fair Lending and Redlining
Ensuring compliance with the fair lending laws was a priority
of the Obama Administration, and recent enforcement actions
by the Department of Justice and the banking agencies suggest
that fair lending, and redlining in particular, is being reviewed
and assessed using a different regulatory lens.
Traditionally, concerns about redlining were analyzed by evaluating a financial institution’s lending penetration in majority
minority census tracts. Recently, however, bank lending has been
assessed by comparing one institution’s outreach and marketing
in these areas to its “peers.” Although this assessment has always
been in the examination procedures, it was but one of the many
datasets considered in reviewing suspected redlining. Another
change in approach that has been identified recently is a willingness of examiners to analyze a bank’s outreach and lending in a
bank’s actual, or reasonably expected, market area, as opposed
only to the institution’s CRA assessment area.
Financial institutions need to prepare for this new approach to
assessing redlining. Remember, examiners do not have to prove
redlining or general lending discrimination at the examination
stage, but only need a “reason to believe” it is occurring. Therefore,
institutions need to use all their data to show why the examiner
allegation may be incorrect. This requires adoption of a holistic
approach to evaluating fair lending compliance that merges the
While we can’t
forecast for certain
the changes this year
will bring, we can discuss
new or revised regulations,
regulatory requirements,
guidance, and best practices
that should be a part of your
2017 compliance program.
institution’s business model and strategic goals with Community Reinvestment Act, HMDA, and other lending data. This
approach will provide stronger and more thorough metrics to
explain branch location strategy, as well as what loan level and
marketing analyses are really saying about the instruction’s practices. Bottom line, bankers should know their data better than the
examiners and be prepared to use it to demonstrate compliance
with the fair lending laws.
Product Sales and Incentive Compensation
Arrangements
Last year the financial world woke-up and learned that employees at
a very large financial institution had been creating deposit accounts,
loan products and service commitments without customer consent.
This was part of an aggressive product cross-selling culture at the
institution that was allowed to flourish without adequate policies,
procedures and controls to monitor the activity. Product sales to
customers and consumers and the associated links to employee
incentive compensation arrangements became center stage for
the regulatory agencies. Compounding the issue is the fact that
sales practices not only have a compliance aspect (UDAAP), but
also raise safety and soundness concerns.
In October, the OCC and the Bureau initiated horizontal examinations of mid-size and large bank sales and incentive compensation practices. At this time, the FDIC, OCC and Federal
Reserve are not planning to conduct similar examinations of
smaller institutions. Nevertheless, all banks may want to review
their practices to ensure the institution’s compliance management system includes strong policies, procedures, and monitoring
controls related to product sales and incentive compensation.
There is nothing inherently wrong with cross-selling, but as with
any financial activity there must be adequate controls in place
to ensure compliance and that consumers are not incurring any
harm. Questions to be asked include:
■■ What is the institution’s culture?
■■ Do sales goals and incentive compensation programs align
with the bank’s culture and goals?
■■ What account metrics are developed, reviewed, and questioned?
■■ Are these metrics—and the reports generated from them—designed to identify systemic risks, and not just report numbers?
■■ What happens with customer complaints? How are employee complaints or whistleblower comments evaluated and
addressed?
For additional information, bankers may want to consult the interagency guidance on incentive compensation policies and procedures published in June 2010 (www.occ.treas.gov/news-issuances/
bulletins/2010/bulletin-2010-24.html). The guidance is designed
to assist financial institutions develop and implement strong programs that do not encourage employees that are part of incentive
compensation programs to engage in imprudent risk-taking.
Americans with Disabilities Act
Financial institutions are covered by the Americans with Disabilities Act (ADA), enacted July 26, 1990. The Department of
Justice (DOJ) is the agency charged with writing rules under
the ADA. Title III of the ADA requires financial institutions
JANUARY–FEBRUARY 2017 | ABA BANK COMPLIANCE | 7
LOOKING AHEAD: YOUR 2017 GAME PLAN
As we look ahead to 2017, remember that
clear and concise goals, partnered with
a well thought-out game plan can help
manage uncertainty at your institution.
and others subject to the statute to provide accessible facilities
and to take steps to “communicate effectively” with customers
with disabilities. Effective communication includes providing
free of charge, appropriate “auxiliary aids and services” or other
alternative methods designed to provide the disabled customer
(persons with speech, hearing or vision disabilities) access to the
institution’s products and services.
In 2010, the DOJ expanded the definition of auxiliary aid and
services to include “accessible electronic information technology,”
recognizing that new technologies, including video interpreting
services, screen readers and text messaging offer additional possibilities for providing auxiliary aid or service. At the time, the DOJ
issued an Advance Notice of Proposed Rulemaking signaling its
intent to promulgate rules establishing standards for what constitutes an accessible website. To date, however, the DOJ has not
issued a proposed rule. In fact, last summer the DOJ announced
that it would not do so until 2018.
Nevertheless, the lack of a rule establishing clear accessibility
standards, has not stopped either the DOJ or private plaintiffs
from asserting that maintaining an accessible website is an existing
obligation under the ADA.
For several years, plaintiffs’ attorneys have been sending demand letters to retailers and restaurants, and financial institutions are now receiving these letters as well. The letters allege that
the institutions receiving them are violating the ADA by failing
to provide an accessible website. The law firms that send these
demand letters are willing to sue those that ignore the demand
letter; as of the end of October, 2016, 244 lawsuits had been filed
in federal court.
This situation underscores the need to develop an accessibility
work plan that includes:
■■ Developing and implementing accessibility policies and
standards;
■■ Auditing website accessibility;
■■ Appointing staff to oversee all electronic information technology accessibility, and review new technology accessibility;
■■ Training your website team on ADA requirements;
■■ Creating an accessibility webpage with information related to
access;
■■ Requiring accessibility in vendor contracts; and
■■ Conducting annual audits for noncompliance.
For a more information see the ADA Demand Letters article
in this issue on page 10.
The rule includes requirements such as limiting consumers’
losses when funds are stolen or cards are lost, investigating and
resolving errors, and giving consumers free and easy access to
account information.
Another part of the rule is the “Know Before You Owe” prepaid
account disclosures. These disclosures should help consumers by
providing disclosure on fees and other key factors in a clear and
hopefully easy to understand format prior to purchase. Consumers
will also benefit because protections generally offered with credit
cards will be offered to them if their prepaid account permits
them to use credit on their accounts, when they lack the money
to cover the transaction.
The rule covers the gamut of prepaid cards from traditional
reloadable cards to P2P payments, mobile wallets, payroll cards,
and government issued benefit cards. For more information on the
rule go to www.consumerfinance.gov/about-us/newsroom/cfpbfinalizes-strong-federal-protections-prepaid-account-consumers/.
Prepaid Final Rule
Debt Collection
In October 2016, the Bureau published its final Prepaid Rule.
The rule is effective generally on October 1, 2017, but the requirement for financial institutions to provide their prepaid card
agreements to the Bureau is not effective until October 1, 2018.
In July 2016, the Bureau published an outline of proposals it is
considering to regulate collection agencies and debt buyers (thirdparty debt collectors) under the Fair Debt Collection Practices
Act (FDCPA). As a general matter, banks collecting their own
8 | ABA BANK COMPLIANCE | JANUARY–FEBRUARY 2017
Amended Mortgage Servicing Rules
The Bureau published additional amendments to the mortgage
servicing rules in October 2016. While the majority of the rules
take effect October 19, 2017, provisions related to periodic statements in the event of bankruptcy and successors in interest will be
effective April 19, 2018. Amendments were made to provisions on
“successors in interest,” the definition of delinquency, force-placed
insurance, early intervention, loss mitigation, prompt payment
crediting, periodic statements, as well as technical corrections
and clarifications, and how servicers must respond to requests
for ownership information when Fannie Mae and Freddie Mac
is the loan owner.
While the effective date is later next year, it is not too early to
begin your preparation. Start by understanding the new rules and
begin to develop an implementation plan. Consult appropriate
vendors to ascertain their preparations, especially as relates to
providing modified periodic statements to borrowers in bankruptcy. Multi-state servicers should consider conducting a legal
inventory of the documents necessary to confirm a successor in
interest’s property ownership interest. While the rule provides
examples of reasonable documents to confirm the interest, document reasonableness may vary from state to state. Read the Bureau’s
Executive Summary at https://s3.amazonaws.com/files.consumer
finance.gov/f/documents/08042016_cfpb_Mortgage_Servicing_
Executive_Summary.pdf .
debt (first-party debt collectors) are not subject to the FDCPA.
However, banks that place debt with a collection agency or sell
debt to a debt buyer, will be impacted by the FDCPA rules because
the outline shows the Bureau is considering rules that will govern
the information about a debt that must be transferred with the
debt and will govern communications with debtors.
The Bureau also has indicated that it intends to write rules to
govern first-party debt collectors using its authority to regulate
unfair, deceptive and abusive acts or practices, but in July, Director Cordray stated that would proceed on “a separate track,”
presumably signaling the Bureau’s intent to write separate rules.
If this is the Bureau’s plan, we anticipate that the first-party
rulemaking process could begin before summer of 2017. If by
chance the Bureau changes its mind and only issues one rule,
it is very possible that it could be issued in the fall of 2017.
Stay tuned for further developments on this important issue
for financial institutions.
Examination Findings
The FDIC issued FIL 51-2016 in July 2016 to remind their
regulated institutions of the importance of maintaining an
open communication channel with examiners and FDIC
management. The directive encourages institutions to provide
feedback on issues, findings, practices, and other concerns that
surface during the examination process. While only the FDIC
published this document, any institution that has concerns
regarding their examination findings is encouraged to provide
feedback to their federal regulatory agency(s).
Financial institutions should be familiar with their supervisory
agency’s processes for communicating with examiners, district or
field offices, or headquarters staff. They should understand the
appeal process and means to seek review by the agency Ombudsman. Institutions also need to understand why they are being
asked to do something during an examination and the basis for
violation findings or system deficiencies. Bankers should feel free
to “pushback” when they disagree with the examiners or believe the
examiners may not be considering all the pertinent facts necessary
to reach a fair and sound decision. The examiner may be right, but
the examiner needs to articulate the facts and analysis supporting
the finding and any proposed remedial action or solutions, in a
manner that can be understand and successfully implemented.
For more information, read the article on examinations in this
issue on page 24, or read the entire FIL at www.fdic.gov/news/
news/financial/2016/fil16051.html.
Questions Institutions Continue to Ask
We still receive questions from institutions asking when the Bureau
will finalize its proposed regulation regarding the Annual Privacy
Notice. The Congress passed and the President signed legislation
in December 2015, and the Bureau issued a proposed rule in July
2016. The statute and proposed rule indicate that the Annual
Privacy Statement does not need to be provided if the institution
limits its customer sharing information to the exceptions in the
statute and regulation, and has not changed its privacy notice from
the one previously delivered to customers. This change became
effective on enactment of the statute in December 2015. The new
regime can be followed now, even though the Bureau’s proposed
regulation has not yet been finalized.
Also, in August 2016 the prudential regulatory agencies issued
Frequently Asked Questions covering Standards for Assessing
the Diversity Policies and Practices of Entities Regulated by the
Agencies. While the agencies strongly encourage financial institutions to perform self-assessments on their diversity policies and
practices, disclose them on their website, and provide them to the
agencies, it is strictly voluntary. If your institution has performed
a self-assessment and you choose to post it on your website and
share with your prudential regulator you certainly can but you
are not required to do so.
Is there Anymore?
Let’s not forget some other issues that will be around in 2017:
■■ “Know Before You Owe” (TRID), Small Dollar lending, and
Arbitration: The Bureau has received industry comments on
revisions to Know Before You Owe, and proposed regulations
covering small dollar lending, and arbitration which presumably will be finalized in 2017 with an effective compliance date
in 2017 or perhaps 2018.
■■ Third-Party Lending: The FDIC has proposed third-party
lending guidance that will probably be finalized in 2017, and
some if not all of the compliance responsibilities may fall to the
compliance officer.
■■ BSA/AML: Anti-money laundering enforcement will probably
see some on-going changes or additions to current requirements.
■■ Overdrafts: A proposal covering overdrafts plans is still
lingering.
Conclusion
This year there is no better time to be in compliance; industry
employment is at a high as we strive to comply with laws and
regulations, while at the same time, ensuring that consumers are
treated fairly. As we look ahead to 2017, remember that clear and
concise goals, partnered with a well thought-out game plan can
help manage uncertainty at your institution. And, we all deserve
congratulations for the hard work and dedication we devote to
the compliance culture of our institutions and our dedication to
“do the right thing.” ■
A BO U T THE AU THO R:
RICK FREER, CRCM, joined the ABA in December 2011 having
recently retired from 42 years at the Office of the Comptroller of
the Currency (OCC). Rick works on a variety of issues including
fair lending, UDAAP, flood, CRA and HMDA, and teaches at
schools and conferences. Rick is currently a teacher at the ABA
compliance schools, a speaker at numerous national and state
banking conferences, authors articles for ABA Bank Compliance
magazine, and has provided expert advice in the development of
the ABA Fair Lending Toolbox. Reach him at [email protected].
JANUARY–FEBRUARY 2017 | ABA BANK COMPLIANCE | 9