C OMPLIANCE OFFICERS HATE UNCERTAINTY. We need to have a game plan and know where we are going so we can plan and implement. Last November, the United States got a new Chief Compliance Officer, Donald Trump. For a while at least, there will be confusion while the industry adjusts and figures out the new game plan. For example, what will happen to the Dodd-Frank Act? A number of regulations and regulatory bodies may change under President Trump, and there is much to discuss about what the new presidency will mean to bank compliance. There may be a number of modifications in the regulatory environment that we cannot presume to anticipate at this time. While we can’t forecast for certain the changes this year will bring, we can discuss new or revised regulations, regulatory requirements, guidance, and best practices that should be a part of your 2017 compliance program. Here are the highlights: Uniform Interagency Consumer Compliance Rating System (Rating System) The prudential regulatory agencies plus the Consumer Financial Protection Bureau (Bureau), the National Credit Union Administration, and the State Liaison Committee updated the 1980 Consumer Compliance Rating System (CC Rating System). The revised CC Rating System is intended to reflect the risk-based approach to compliance management and compliance examinations; it recognizes the change from transaction testing to an evaluation of 4 | ABA BANK COMPLIANCE BY RICK FREER, CRCM O LO KIN G A H E AD YOUR 2017 GAME PLAN the effectiveness of a bank’s compliance management system, considering the size, complexity, and risk profile of each institution. The CC Rating System continues to apply a one to five rating scale, where in this case, one is the best rating, and five is the worst. The rating system is designed to incent institutions to establish and maintain strong compliance management systems. Institutions that receive a one rating will be those that not only maintain a strong compliance program, but whose systems and processes are developed to prevent, self-identify, and address compliance concerns in a proactive manner. The CC Rating System directs examiners to evaluate the following: ■■ Board and Management Supervision—Ratings consider board and management oversight and commitment, change management processes, risk identification and management processes, self-identification of issues, and actions taken to correct program deficiencies and violations. ■■ Compliance Programs—Ratings evaluate whether an institu- tion has appropriate policies and procedures consistent with product, service, and activity risks, as well as the efficacy of its compliance training efforts, monitoring and audit processes, and consumer complaint monitoring, resolution, and tracking, and reporting processes. ■■ Violations of Law and Consumer Harm—Ratings consider the root causes of violations, determine the severity of consumer harm, document the on-going nature of the violations, and assess the breadth of violations. LEONELLO/ ISTOCK, WORDS+PICTURES/ SHUTTERSTOCK The CC Rating System provides rating definitions for each of the three rating categories, but no overall rating definition samples. The CC Rating System will apply to all consumer compliance examinations that begin after March 31, 2017. You can review the rating system in the November/ December 2016 issue of ABA Bank Compliance magazine on page 24, or at www.ffiec.gov/press/pr110716.htm. Military Lending Act The most recent Military Lending Act amendment expands the rule’s coverage to include products most banks make every day. Compliance with the new regulations is required on October 3, 2016 for all covered products including payday loans, overdraft lines of credit, and most installment loans. However, provisions covering credit cards don’t become effective until October 3, 2017. While financial institutions must comply with the new rules now, there are still some elements of the regulation that need clarification. These include: the scope of the exemption for purchase money loans; whether covered borrowers may obtain loans secured by a bank account; and practical questions about systems financial institutions must use to determine military status. In addition, LOOKING AHEAD: YOUR 2017 GAME PLAN The American Bankers Association is engaged in on-going discussions with the DOD to clarify these and other issues so that financial institutions can be assured they are complying with the various legal requirements. clarification about what constitutes a “reasonable” fee that may be excluded from the military APR is necessary. The American Bankers Association is engaged in on-going discussions with the DOD to clarify these and other issues so that financial institutions can be assured they are complying with the various legal requirements. The Federal Financial Institutions Examination Council’s (FFIEC) Task Force on Consumer Compliance recently revised the interagency examination procedures for the Military Lending Act (MLA) of 2006, and examiners will use these revised examination procedures for examinations relating to MLA compliance that begin on or after October 3, 2016. However, as has been the case with rules issued recently, initial examinations should focus on an institution’s efforts to implement the new rules, including the integration of updated MLA policies and processes and employee training into the bank’s compliance management system. For more detailed information, see the September/October 2016 issue of ABA Bank Compliance magazine, page 22, or www.fdic. gov/news/news/financial/2016/fil16065.html. Flood Disaster Protection Act In November 2016, the agencies re-proposed, after a lengthy delay, a rule to implement the Private Flood Insurance Requirements of the Biggert-Waters Flood Insurance Reform Act of 2012. Comments on this new proposal are due January 6, 2017, and presumably a final rule will be published sometime in 2017. The proposal: ■■ Provides a compliance aid to help identify whether private policies meet the definition of “private flood insurance.” ■■ Permits lenders to exercise discretion to accept a private insurance policy that may not meet the regulatory definition of private flood insurance. ■■ Creates an exception to facilitate the acceptance of private policies issued by a mutual aid society. Additionally, the National Flood Insurance Program (NFIP) must be reauthorized by Congress before September 30, 2017. Experience with previous reauthorizations suggests the NFIP may be changed significantly to address ongoing concerns regarding the financial viability of the program, including efforts to enhance and foster private market solutions; maintain and improve flood risk management processes; and improve flood risk mapping. Keep an eye on developments on this issue as we proceed through 2017. For more detailed information, see the July/August 2016 issue of ABA Bank Compliance magazine, page 16. Home Mortgage Disclosure Act (HMDA) Data collection rules for HMDA were announced in the fall of 2015, and they go into effect January 1, 2018, while large reporters will begin quarterly reporting in 2020. Now that we are one year closer to full implementation of many provisions of the new 6 | ABA BANK COMPLIANCE | JANUARY–FEBRUARY 2017 HMDA rules, bankers should be far enough along in the development of an implementation plan to manage the process from start to finish. Change management project teams should consist of staff from each of the affected lines of business, compliance, and information technology. Appropriate third-party vendors also will have to be looped into the implementation process. Obviously, as revised systems and processes are developed, it will be necessary to train all staff associated with HMDA data processing. Finally, time must be allocated for testing of the new processes and to respond to any gaps or issues identified by that testing. In addition to the planning steps described above, bankers must prepare for changes scheduled to become effective in 2017. It is helpful to become familiar with the 2017 Filing Instructions Guide (FIG). This guide provides all the filing information necessary for data captured in 2017 and to be reported in 2018. The FIG outlines the data submission process, the process for validating the edit report, the officer certification process, and how to contact “HMDA help.” It also provides detailed information regarding the 2017 file and edit specifications, and frequently asked questions. For a copy of the 2017 FIG, visit www.consumerfinance. gov/data-research/hmda/static/forfilers/2017/2017-HMDA-FIG.pdf . In 2017, Institutions also should apply for a Legal Entity Identifier; a unique 20-digit alphanumeric identifier, and more information can be found at www.gmeiutility.org. Recall that in 2018, banks will report 2017 HMDA data to the Bureau, not the Federal Reserve Board. And, for those institutions that must file a resubmission of HMDA data, it will also be sent to the Bureau. Also note that banks that meet all the other criteria–which is consistent with the old HMDA rule–only have to report HMDA data collected for 2017 if they made at least 25 home purchase loans, including refinancing of home purchase loans in both years 2015 and 2016. For additional information regarding the new HMDA rules and data reporting processes, see the November/December 2016 issue of ABA Bank Compliance magazine, page 28, or www.consumerfinance.gov/policycompliance/guidance/implementationguidance/hmda-implementation/. Fair Lending and Redlining Ensuring compliance with the fair lending laws was a priority of the Obama Administration, and recent enforcement actions by the Department of Justice and the banking agencies suggest that fair lending, and redlining in particular, is being reviewed and assessed using a different regulatory lens. Traditionally, concerns about redlining were analyzed by evaluating a financial institution’s lending penetration in majority minority census tracts. Recently, however, bank lending has been assessed by comparing one institution’s outreach and marketing in these areas to its “peers.” Although this assessment has always been in the examination procedures, it was but one of the many datasets considered in reviewing suspected redlining. Another change in approach that has been identified recently is a willingness of examiners to analyze a bank’s outreach and lending in a bank’s actual, or reasonably expected, market area, as opposed only to the institution’s CRA assessment area. Financial institutions need to prepare for this new approach to assessing redlining. Remember, examiners do not have to prove redlining or general lending discrimination at the examination stage, but only need a “reason to believe” it is occurring. Therefore, institutions need to use all their data to show why the examiner allegation may be incorrect. This requires adoption of a holistic approach to evaluating fair lending compliance that merges the While we can’t forecast for certain the changes this year will bring, we can discuss new or revised regulations, regulatory requirements, guidance, and best practices that should be a part of your 2017 compliance program. institution’s business model and strategic goals with Community Reinvestment Act, HMDA, and other lending data. This approach will provide stronger and more thorough metrics to explain branch location strategy, as well as what loan level and marketing analyses are really saying about the instruction’s practices. Bottom line, bankers should know their data better than the examiners and be prepared to use it to demonstrate compliance with the fair lending laws. Product Sales and Incentive Compensation Arrangements Last year the financial world woke-up and learned that employees at a very large financial institution had been creating deposit accounts, loan products and service commitments without customer consent. This was part of an aggressive product cross-selling culture at the institution that was allowed to flourish without adequate policies, procedures and controls to monitor the activity. Product sales to customers and consumers and the associated links to employee incentive compensation arrangements became center stage for the regulatory agencies. Compounding the issue is the fact that sales practices not only have a compliance aspect (UDAAP), but also raise safety and soundness concerns. In October, the OCC and the Bureau initiated horizontal examinations of mid-size and large bank sales and incentive compensation practices. At this time, the FDIC, OCC and Federal Reserve are not planning to conduct similar examinations of smaller institutions. Nevertheless, all banks may want to review their practices to ensure the institution’s compliance management system includes strong policies, procedures, and monitoring controls related to product sales and incentive compensation. There is nothing inherently wrong with cross-selling, but as with any financial activity there must be adequate controls in place to ensure compliance and that consumers are not incurring any harm. Questions to be asked include: ■■ What is the institution’s culture? ■■ Do sales goals and incentive compensation programs align with the bank’s culture and goals? ■■ What account metrics are developed, reviewed, and questioned? ■■ Are these metrics—and the reports generated from them—designed to identify systemic risks, and not just report numbers? ■■ What happens with customer complaints? How are employee complaints or whistleblower comments evaluated and addressed? For additional information, bankers may want to consult the interagency guidance on incentive compensation policies and procedures published in June 2010 (www.occ.treas.gov/news-issuances/ bulletins/2010/bulletin-2010-24.html). The guidance is designed to assist financial institutions develop and implement strong programs that do not encourage employees that are part of incentive compensation programs to engage in imprudent risk-taking. Americans with Disabilities Act Financial institutions are covered by the Americans with Disabilities Act (ADA), enacted July 26, 1990. The Department of Justice (DOJ) is the agency charged with writing rules under the ADA. Title III of the ADA requires financial institutions JANUARY–FEBRUARY 2017 | ABA BANK COMPLIANCE | 7 LOOKING AHEAD: YOUR 2017 GAME PLAN As we look ahead to 2017, remember that clear and concise goals, partnered with a well thought-out game plan can help manage uncertainty at your institution. and others subject to the statute to provide accessible facilities and to take steps to “communicate effectively” with customers with disabilities. Effective communication includes providing free of charge, appropriate “auxiliary aids and services” or other alternative methods designed to provide the disabled customer (persons with speech, hearing or vision disabilities) access to the institution’s products and services. In 2010, the DOJ expanded the definition of auxiliary aid and services to include “accessible electronic information technology,” recognizing that new technologies, including video interpreting services, screen readers and text messaging offer additional possibilities for providing auxiliary aid or service. At the time, the DOJ issued an Advance Notice of Proposed Rulemaking signaling its intent to promulgate rules establishing standards for what constitutes an accessible website. To date, however, the DOJ has not issued a proposed rule. In fact, last summer the DOJ announced that it would not do so until 2018. Nevertheless, the lack of a rule establishing clear accessibility standards, has not stopped either the DOJ or private plaintiffs from asserting that maintaining an accessible website is an existing obligation under the ADA. For several years, plaintiffs’ attorneys have been sending demand letters to retailers and restaurants, and financial institutions are now receiving these letters as well. The letters allege that the institutions receiving them are violating the ADA by failing to provide an accessible website. The law firms that send these demand letters are willing to sue those that ignore the demand letter; as of the end of October, 2016, 244 lawsuits had been filed in federal court. This situation underscores the need to develop an accessibility work plan that includes: ■■ Developing and implementing accessibility policies and standards; ■■ Auditing website accessibility; ■■ Appointing staff to oversee all electronic information technology accessibility, and review new technology accessibility; ■■ Training your website team on ADA requirements; ■■ Creating an accessibility webpage with information related to access; ■■ Requiring accessibility in vendor contracts; and ■■ Conducting annual audits for noncompliance. For a more information see the ADA Demand Letters article in this issue on page 10. The rule includes requirements such as limiting consumers’ losses when funds are stolen or cards are lost, investigating and resolving errors, and giving consumers free and easy access to account information. Another part of the rule is the “Know Before You Owe” prepaid account disclosures. These disclosures should help consumers by providing disclosure on fees and other key factors in a clear and hopefully easy to understand format prior to purchase. Consumers will also benefit because protections generally offered with credit cards will be offered to them if their prepaid account permits them to use credit on their accounts, when they lack the money to cover the transaction. The rule covers the gamut of prepaid cards from traditional reloadable cards to P2P payments, mobile wallets, payroll cards, and government issued benefit cards. For more information on the rule go to www.consumerfinance.gov/about-us/newsroom/cfpbfinalizes-strong-federal-protections-prepaid-account-consumers/. Prepaid Final Rule Debt Collection In October 2016, the Bureau published its final Prepaid Rule. The rule is effective generally on October 1, 2017, but the requirement for financial institutions to provide their prepaid card agreements to the Bureau is not effective until October 1, 2018. In July 2016, the Bureau published an outline of proposals it is considering to regulate collection agencies and debt buyers (thirdparty debt collectors) under the Fair Debt Collection Practices Act (FDCPA). As a general matter, banks collecting their own 8 | ABA BANK COMPLIANCE | JANUARY–FEBRUARY 2017 Amended Mortgage Servicing Rules The Bureau published additional amendments to the mortgage servicing rules in October 2016. While the majority of the rules take effect October 19, 2017, provisions related to periodic statements in the event of bankruptcy and successors in interest will be effective April 19, 2018. Amendments were made to provisions on “successors in interest,” the definition of delinquency, force-placed insurance, early intervention, loss mitigation, prompt payment crediting, periodic statements, as well as technical corrections and clarifications, and how servicers must respond to requests for ownership information when Fannie Mae and Freddie Mac is the loan owner. While the effective date is later next year, it is not too early to begin your preparation. Start by understanding the new rules and begin to develop an implementation plan. Consult appropriate vendors to ascertain their preparations, especially as relates to providing modified periodic statements to borrowers in bankruptcy. Multi-state servicers should consider conducting a legal inventory of the documents necessary to confirm a successor in interest’s property ownership interest. While the rule provides examples of reasonable documents to confirm the interest, document reasonableness may vary from state to state. Read the Bureau’s Executive Summary at https://s3.amazonaws.com/files.consumer finance.gov/f/documents/08042016_cfpb_Mortgage_Servicing_ Executive_Summary.pdf . debt (first-party debt collectors) are not subject to the FDCPA. However, banks that place debt with a collection agency or sell debt to a debt buyer, will be impacted by the FDCPA rules because the outline shows the Bureau is considering rules that will govern the information about a debt that must be transferred with the debt and will govern communications with debtors. The Bureau also has indicated that it intends to write rules to govern first-party debt collectors using its authority to regulate unfair, deceptive and abusive acts or practices, but in July, Director Cordray stated that would proceed on “a separate track,” presumably signaling the Bureau’s intent to write separate rules. If this is the Bureau’s plan, we anticipate that the first-party rulemaking process could begin before summer of 2017. If by chance the Bureau changes its mind and only issues one rule, it is very possible that it could be issued in the fall of 2017. Stay tuned for further developments on this important issue for financial institutions. Examination Findings The FDIC issued FIL 51-2016 in July 2016 to remind their regulated institutions of the importance of maintaining an open communication channel with examiners and FDIC management. The directive encourages institutions to provide feedback on issues, findings, practices, and other concerns that surface during the examination process. While only the FDIC published this document, any institution that has concerns regarding their examination findings is encouraged to provide feedback to their federal regulatory agency(s). Financial institutions should be familiar with their supervisory agency’s processes for communicating with examiners, district or field offices, or headquarters staff. They should understand the appeal process and means to seek review by the agency Ombudsman. Institutions also need to understand why they are being asked to do something during an examination and the basis for violation findings or system deficiencies. Bankers should feel free to “pushback” when they disagree with the examiners or believe the examiners may not be considering all the pertinent facts necessary to reach a fair and sound decision. The examiner may be right, but the examiner needs to articulate the facts and analysis supporting the finding and any proposed remedial action or solutions, in a manner that can be understand and successfully implemented. For more information, read the article on examinations in this issue on page 24, or read the entire FIL at www.fdic.gov/news/ news/financial/2016/fil16051.html. Questions Institutions Continue to Ask We still receive questions from institutions asking when the Bureau will finalize its proposed regulation regarding the Annual Privacy Notice. The Congress passed and the President signed legislation in December 2015, and the Bureau issued a proposed rule in July 2016. The statute and proposed rule indicate that the Annual Privacy Statement does not need to be provided if the institution limits its customer sharing information to the exceptions in the statute and regulation, and has not changed its privacy notice from the one previously delivered to customers. This change became effective on enactment of the statute in December 2015. The new regime can be followed now, even though the Bureau’s proposed regulation has not yet been finalized. Also, in August 2016 the prudential regulatory agencies issued Frequently Asked Questions covering Standards for Assessing the Diversity Policies and Practices of Entities Regulated by the Agencies. While the agencies strongly encourage financial institutions to perform self-assessments on their diversity policies and practices, disclose them on their website, and provide them to the agencies, it is strictly voluntary. If your institution has performed a self-assessment and you choose to post it on your website and share with your prudential regulator you certainly can but you are not required to do so. Is there Anymore? Let’s not forget some other issues that will be around in 2017: ■■ “Know Before You Owe” (TRID), Small Dollar lending, and Arbitration: The Bureau has received industry comments on revisions to Know Before You Owe, and proposed regulations covering small dollar lending, and arbitration which presumably will be finalized in 2017 with an effective compliance date in 2017 or perhaps 2018. ■■ Third-Party Lending: The FDIC has proposed third-party lending guidance that will probably be finalized in 2017, and some if not all of the compliance responsibilities may fall to the compliance officer. ■■ BSA/AML: Anti-money laundering enforcement will probably see some on-going changes or additions to current requirements. ■■ Overdrafts: A proposal covering overdrafts plans is still lingering. Conclusion This year there is no better time to be in compliance; industry employment is at a high as we strive to comply with laws and regulations, while at the same time, ensuring that consumers are treated fairly. As we look ahead to 2017, remember that clear and concise goals, partnered with a well thought-out game plan can help manage uncertainty at your institution. And, we all deserve congratulations for the hard work and dedication we devote to the compliance culture of our institutions and our dedication to “do the right thing.” ■ A BO U T THE AU THO R: RICK FREER, CRCM, joined the ABA in December 2011 having recently retired from 42 years at the Office of the Comptroller of the Currency (OCC). Rick works on a variety of issues including fair lending, UDAAP, flood, CRA and HMDA, and teaches at schools and conferences. Rick is currently a teacher at the ABA compliance schools, a speaker at numerous national and state banking conferences, authors articles for ABA Bank Compliance magazine, and has provided expert advice in the development of the ABA Fair Lending Toolbox. Reach him at [email protected]. JANUARY–FEBRUARY 2017 | ABA BANK COMPLIANCE | 9
© Copyright 2024 Paperzz