Skip to main content

How recent CFPB guidance changes affect financial institutions

Written by admin on . Posted in Blog, Compliance & Regulations.

By Bill Elliott, CRCM; director of compliance education, Young & Associates

Since its inception in 2011, the Consumer Financial Protection Bureau (CFPB) has responded to a wide range of issues — even without an act of Congress, such as with the Truth in Lending Act. The agency has relied on compliance bulletins, advisory opinions, interpretive rules and circulars to provide information regarding priorities and interpretations of federal consumer financial laws.

With a new administration in Washington, the CFPB has gone through a long and difficult transition that (as of this writing) is still not complete. Pending lawsuits and uncertainties created by the administration may cause additional changes, so changes in the agency may continue.

The original plan for the agency was to have a measure of independence from the natural changes from administration to administration. Over the last 14 years, mostly through court cases, the agency’s independence has eroded. The actions discussed below are, at least at some level, the direct result of that erosion.

Latest CFPB guidance changes

CFPB Acting Director Russell Vought
CFPB Acting Director Russell Vought

On May 12, 2025, CFPB Acting Director Russell Vought announced the withdrawal of 67 guidance documents, consisting of:

  • Eight policy statements
  • Seven interpretive rules
  • 13 advisory opinions
  • 39 other guidance documents such as circulars and bulletins

The reasoning behind this action was that policies implemented by guidance represent an unfair regulatory burden and might be contrary to federal law.

“In many instances, this guidance has adopted interpretations that are inconsistent with the statutory text and impose compliance burdens on regulated parties outside of the strictures of notice-and-comment rulemaking,” Vought said. “But even where the guidance might advance a permissible interpretation of the relevant statute or regulation, or afforded the public an opportunity to weigh in, it is the Bureau’s current policy to avoid issuing guidance except where necessary and where compliance burdens would be reduced rather than increased.”

Vought further outlined the new policy and the reasons for it:

  • The CFPB commits to issuing guidance only when that guidance is necessary and would reduce compliance burdens rather than increase them. “Historically, the Bureau has released guidance without adequate regard for whether it would increase or decrease compliance burdens and costs,” he wrote. “Our policy has changed.”
  • The CFPB commits to reducing its enforcement activities in conformance with President Trump’s directive to deregulate and streamline bureaucracy. He noted that many of the CFPB’s enforcement responsibilities overlap or duplicate other state and federal regulatory efforts.
  • “Finally, to the extent guidance materials or portions thereof go beyond the relevant statute or regulation, they are unlawful, undermining any reliance interest in retaining that guidance,” he said.

This may not signal the demise of all 67 items. The CFPB stated it intends to continue reviewing these guidance documents. Some may ultimately be reinstated, at least in part. Until that happens, the CFPB and presumably all other banking regulators will not enforce or otherwise rely upon the guidance documents.

A closer look at the CFPB withdrawals

Many of these withdrawn guidance documents received justified criticism. For example, the Bureau withdrew the 2024 circular titled Improper Overdraft Opt-In Practices. This document imposed additional requirements, well beyond what the regulation requires, on institutions’ record-keeping practices. This occurred without going through formal notice-and-comment rulemaking under the Administrative Procedure Act.

Two other notable withdrawals:

The first involves Unfair, Deceptive or Abusive Acts or Practices (UDAAP) concerns with digital platforms involving non-mortgage consumer financial products and services.

Although the CFPB removed this document, it kept an advisory opinion that addresses similar UDAAP concerns and Real Estate Settlement Procedures Act (RESPA) Section 8 issues for digital platforms offering mortgage products.

The second rescission involved the issue of sexual preference under Regulation B. Sexual preference should never be a reason for denying a loan, but some may interpret rescission of that document as removing some protections for that segment of the lending public.

In spite of these removals, the CFPB continues to pursue cases involving consumer reporting, online installment lending, mortgage lending and debt collection.

CFPB priorities

In April 2025, Mark Paoletta, chief legal officer of the CFPB, sent a memorandum to all staff setting forth the priorities of the new leadership.

Key aspects of the priorities include the following:

  • A shift back to prioritizing banks over nonbanks and enlisting the states to conduct supervision and enforcement over nonbanks.
  • A focus on mortgages (highest priority), consumer reporting, debt collection, fraudulent overcharges and fees.
  • A deprioritization of peer-to-peer platforms and lending, consumer data, remittances and digital payments, among other areas.

If you would like to review the entire CFPB document, you can find it here.

Contact Young & Associates today at consultants@younginc.com if we can assist in any way with these or any other regulatory compliance issues.

The risk of requiring guarantors: ECOA and Regulation B explained

Written by admin on . Posted in Blog, Compliance & Regulations.

By William J. Showalter, CRCM; senior consultant, Young & Associates

You would think after nearly 50 years, we could get this one right. The law passed in the mid-1970s and the rules for additional signatures have not really changed since. But, joint signature issues comes up regularly at banks, thrifts and other lenders to this day. Regulation B, which implements the Equal Credit Opportunity Act (ECOA), is pretty straightforward on this point.

Regulation B explained

Regulation B prohibits a lender from requiring an additional signer, especially a spouse, if an applicant qualifies for individual credit on his or her own merits. State law may require a joint owner of collateral to sign documents the lender reasonably believes are necessary to perfect its security interest. Generally, the co-owner must sign some form of security agreement or mortgage deed. However, check with your legal counsel to verify what signatures you need to perfect a security interest.

We have heard of many financial institutions having gender and marital discrimination issues cited in examinations. Your examiners clearly are looking at these issues and are finding problems.

Sex and marital status discrimination

The ECOA prohibits discrimination against loan applicants and customers on any of nine “prohibited bases,” including the original pair – sex and marital status. These aspects of applicants have nothing to do with creditworthiness.

There are a number of ways to discriminate along gender or marital status lines, including:

  • Refusing to grant credit or extending it on less favorable terms to female applicants.
  • Requiring cosigners for female applicants, regardless of creditworthiness.
  • Aggregating incomes and financial resources for married joint applicants but not for unmarried joint applicants.
  • Refusing to allow an applicant to choose to obtain credit using a birth-given surname, a married surname or a combined surname.
  • Terminating or changing an open-end account, without any evidence of inability or unwillingness to repay the debt when a customer’s marital status changes.
  • Requiring a spouse as a co-borrower for a married applicant.
  • Requiring spouses of married officers of a company to sign loan guarantees with the officers.

Blind spot

The spousal signature issue seems to challenge lenders, particularly commercial lenders, the most in the sex/marital status discrimination area. As noted above, a lender cannot require an applicant’s spouse or any other additional party to sign a debt instrument if the applicant meets creditworthiness standards without the extra signature.

Yet examiners still hear of senior bank managers and lenders who try to ‘tie up’ borrowers by requiring as many signatures as possible, often including spouses’ signatures on the note or guarantee. Bank and thrift examiners continue to find spousal signatures on notes or guarantees without any explanation in the file.

This practice—requiring a signature simply because the applicant is married—constitutes substantive discrimination and disparate treatment based on marital status. It harms the applicant, who cannot obtain individual credit, and the spouse, who must incur personal liability for a loan never sought and never required their signature.

In 2018, only one Federal Financial Institution Examinations Council (FFIEC) agency, the National Credit Union Administration (NCUA), referred a case of ECOA discrimination to the Department of Justice. That single referral followed 89 referrals from other agencies over the previous five years.

Significantly, the NCUA made its referral on the basis of marital status discrimination.

Regulatory response to Regulation B

In March 2003, the Federal Reserve Board (FRB) revised its Regulation B, which implements the ECOA to really just say, “We mean business. We mean what we have said for years and years.”

The Official Staff Commentary on Regulation B already stated that the fact that an applicant submits a joint financial statement may not be used to presume the application is for joint credit. With the 2003 amendments, the FRB revised Regulation B itself to say the same thing, since the FRB stated that commercial lenders, in particular, had not seemed to get the point.

To further make this point, the FRB added a requirement that a lender have some form of documentation for any additional signatures. The Commentary requires applicants to show their intent to apply for joint credit at the time of application. A promissory note signature does not prove intent to apply for joint credit. Applicants can establish intent with signatures or initials on a credit application, or on a separate form affirming their intent to apply for joint credit. The FRB (and now the Consumer Financial Protection Bureau, CFPB) requires a method of establishing intent that is distinct from the process of affirming the accuracy of information. Joint signatures at the end of an application are usually not enough.

The Commentary also states that lenders may not assume a borrower will transfer property title to remove it from collectors’ reach. The message—seemingly aimed at commercial lenders—is clear: using spousal guarantees to shore up a loan is not an acceptable way to underwrite business credit. Prudent, safe, and sound credit underwriting requires taking a security interest in property that supports the loan, rather than relying on guarantees that amount to little more than a moral commitment in bankruptcy court.

Other regulatory help for Regulation B

The Federal Deposit Insurance Corporation (FDIC) issued two Financial Institution Letters (FIL) with guidance on Regulation B’s spousal signature requirements to assist lenders in complying with their obligation to treat applicants fairly. Both are now classified as inactive – apparently as part of an effort to lessen regulatory burden several years ago – but still contain relevant and current guidance.

The earlier FIL (FIL-9-2002) includes steps financial institutions can take to avoid problems with the signature rules. Lenders should review and revise loan policies and procedures to eliminate those that are inconsistent with the spousal signature rules.

Specifically, those that require the:

  • Guarantee of a loan to a closely held corporation by the spouses of the partners, officers, directors or shareholders of the corporation.
  • Signature of the spouse on the note when the applicant submits a joint financial statement.
  • Signature of the spouse on the note when jointly owned assets are offered as collateral.

This FIL also advises lenders to add guidance on state law regarding what signatures are necessary in particular situations. Loan staff should be trained periodically on these rules to ensure they remain aware of what is expected and how to avoid compliance trouble. The FIL also recommends that compliance reviews include checks for spousal signature violations, particularly in loans to closely held corporations and in business loans supported by jointly owned property.

The later FIL (FIL-6-2004) includes a flowchart that guides lenders through the process of deciding when an additional signature may be required and when it is not.

Both issuances are available on the FDIC’s website under Inactive Financial Institution Letters. They can help all financial institutions — not just those directly supervised by the FDIC — avoid problems in this important area.

If we can help, please feel free to contact us.

OFAC extends record retention requirements

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

By Veronica Madsen; Consultant, Young & Associates

On March 21, 2025, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) published its final rule to adopt the interim final rule extending certain recordkeeping requirements from five to 10 years. This extension is consistent with the statute of limitations for violations of certain sanctions administered by OFAC and became effective on the date of publication in the Federal Register.

The final rule also extended the period during which civil monetary penalties may accrue for late filing of reports required to be submitted to OFAC (e.g., blocked property and reject reports or reporting required under specific licenses), from five years to 10 years. The potential penalty amounts did not change.

The changes stemmed from the 21st Century Peace through Strength Act (Public Law 118-50), signed into law on April 24, 2024, which extended the statute of limitations for civil and criminal violations of the International Emergency Economic Powers Act (50 U.S.C. 1701), and the Trading with the Enemy Act (50 U.S.C. 4301), from five years to 10 years.

OFAC published an interim final rule on September 13, 2024, and requested public comment. Despite the concern financial institutions needed more time to acquire additional resources and storage capacity, and to adjust their current recordkeeping practices to conform to the new recordkeeping requirements, OFAC finalized the rule as written due to the length of time provided since the law was passed.

What records must be retained longer?

Under the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual, transactions subject to the extended record retention requirement relate to the full and accurate record of each rejected transaction, including all reports submitted to OFAC. For blocked property (including blocked transactions), records must be maintained for the period the property is blocked and for 10 years after the date the property is unblocked.

How should banks prepare for this OFAC change?

Because the rule became effective upon publication, banks that have not already prepared for this change should ensure their systems are updated to retain these documents longer; policies, procedures and the OFAC risk assessment are amended to reflect the new retention requirement and extended risk of penalties associated with late filings; prepare or amend training content; and prepare for potentially increased compliance costs.

Conclusion

Navigating this kind of regulatory shift can feel overwhelming, especially when it demands swift operational changes and long-term strategic planning. That’s where Young & Associates can help. Our compliance experts are ready to assist with updating your OFAC programs, reviewing risk assessments, and supporting your team in building a sustainable, compliant approach to record retention. Contact us today to ensure your institution is fully prepared for this new 10-year horizon.

Compliance – 2025 & beyond

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

By Bill Elliott, CRCM; director of compliance education, Young & Associates

Over the last few years we have dealt with changes to regulation, followed by lawsuits, followed by resolution (in some cases).

The original intent of the CFPB was to have a governmental department that was independent of the rest of the federal government. The leader of the CFPB would not be a political appointment. For good or ill, that has changed due to decisions by the Supreme Court. As a result, this agency has become part of each administration and experiences changes in direction based on the results of elections.

Some of the discussion below includes other agencies, as they are part of the same trend.

CRA

Regulators published the new CRA rule, which was due for partial implementation last year. However, there is a lawsuit pending, challenging the regulation. That lawsuit still has not reached the resolution stage, and all federal regulators have said publicly that they are going to follow the old CRA regulation until resolution occurs.

The intent of the new CRA regulation was to try to take as much examiner judgment out of the rating system as possible, with the result of fairer reviews for banks. While an excellent goal, I am not sure that the pending regulation accomplishes this. In any event, all banks and regulators will follow the existing regulation until the court battles have concluded. The CFPB is not part of the new CRA rule, just the primary regulators, but this is part of the same trend.

Beneficial ownership

Congress passed the Corporate Transparency Act, requiring the federal government to collect beneficial ownership information. That process began in 2024, and required your smaller commercial customers to share a lot of information with the federal government.

The federal government said that compliance was actually going well. But late in 2024, once again in response to a lawsuit, everything ground to a halt. Your customers who have not yet complied may have to comply at some point in the future, and are welcome to comply now, but currently do not have to comply.

The lawsuit generally addresses whether Congress could pass a law such as this in the first place. We do not know where it will go from here, and because of the issue, we may have to wait for the Supreme Court to rule on it. Another example of the current environment.

1071

1071 (Regulation B, Subpart B)  is perhaps the regulation that will create the greatest problems for banks and their customers. Although many banks face implementation a year or more in the future, your customers will likely consider the current regulation invasive. Amongst other things, the regulation requires banks to ask small business owners their sexual preferences, orientations, etc. Many of your customers will consider this none of the government’s business. And this particular information is not required under the Dodd Frank Act.

While a small business owner could be discriminated because of their LGBTQ+ status, we would hope that that would not happen. This is a rule with good intentions, however, the approach in the regulation will create more difficulties for banks and their small commercial customers than we would like. We will see what happens with the change in administration and CFPB leadership.

Conclusion

There are other rules pending. For instance, privacy is becoming a bigger and bigger issue as we get more and more electronic. These sorts of regulations are probably going to be useful but we will have to wait and see how the final regulations read, and then maybe wait through lawsuits once again.

A regulatory environment that was less chaotic would be better for all of us, but that does not appear to be something that we can count on. Enjoy the ride.

In this ever-changing environment, having a knowledgeable compliance partner is essential. At Young & Associates, we specialize in helping financial institutions interpret, implement, and manage compliance requirements with confidence. Whether you need regulatory guidance, risk assessments, or compliance program reviews, our team is here to support you.

Reach out to Young & Associates today to discuss your compliance needs.

Checking your BSA program is more important than ever

Written by admin on . Posted in Advice, Blog, BSA & AML, Compliance & Regulations, Consultation, Internal Audit, News.

By William J. Showalter, CRCM; senior consultant, Young & Associates

Over the past year, we have seen at least 27 Bank Secrecy Act (BSA) enforcement actions from an array of financial institution supervisory agencies.  Banks of all sizes continue to be hit with cease and desist (C&D) orders, formal agreements, consent orders, and even civil money penalties (CMP).  Five of these actions involved monetary penalties of some sort totaling nearly $4 billion – all but about $109 million coming from one case with four federal agency actions against one bank, and one $100,000 CMP imposed against an individual for BSA noncompliance.  These enforcement actions remind us that even community banks and thrifts must have thorough and well-managed BSA compliance programs.

The enforcement actions do not spell out specifics of what the agencies found at each institution, but they do give us important insights into what the regulators will expect during your next BSA compliance exam.

Community banks should evaluate their BSA compliance programs in light of the corrective actions that regulators require these institutions to take.

Another important issue that financial institution management should remember is that the USA PATRIOT Act made BSA compliance as important as Community Reinvestment Act (CRA) compliance in getting an application approved.  The act adds BSA as a factor for consideration in merger transactions. The agency must take into consideration “the effectiveness of any insured depository institution involved in the proposed merger transaction in combating money laundering activities.”  This means that banks and thrifts must have more than a written BSA program.  They must be able to demonstrate that the program works.

BSA compliance programs

All insured banks and thrifts must develop, administer, and maintain a program that assures and monitors compliance with the BSA and its implementing regulations, including recordkeeping and reporting requirements. Such a program can help protect a bank against possible criminal and civil penalties and asset forfeitures.

At a minimum, the board of directors must approve a bank’s written internal compliance program and note the approval in the board meeting minutes.

The program must include at least the following elements:

  • A system of internal controls to assure ongoing compliance
  • Independent testing of compliance
  • Daily coordination and monitoring of compliance by a designated person
  • Training for appropriate personnel
  • Risk-based customer due diligence/beneficial ownership procedures

Internal controls for the BSA

Senior management is responsible for assuring an effective system of internal controls for the BSA, including suspicious activity reporting, and must demonstrate its commitment to compliance by:

  • Establishing a comprehensive program and set of controls, including account opening, monitoring, and currency reporting procedures
  • Requiring that senior management be kept informed of compliance efforts, audit reports, identified compliance deficiencies, and corrective action taken – to assure ongoing compliance
  • Making BSA compliance a condition of employment
  • Incorporating compliance with the BSA and its implementing regulations into job descriptions and performance evaluations of bank personnel

Independent testing of compliance

The bank’s internal or external auditors should be able to:

  • Attest to the overall integrity and effectiveness of management systems and controls, and BSA technical compliance
  • Test transactions in all areas of the bank with emphasis on high-risk areas, products, and services to assure the bank is following prescribed regulations
  • Assess employees’ knowledge of regulations and procedures
  • Assess adequacy, accuracy, and completeness of training programs
  • Assess adequacy of the bank’s process for identifying suspicious activity

Internal review or audit findings should be incorporated after each assessment into a board and senior management report and reviewed promptly.  Appropriate follow up should be assured.

Regulators increasingly expect the BSA audit or testing program to also include these elements:

  • Confirmation of the integrity and accuracy of management information reports used in the AML compliance program
  • Overall integrity and effectiveness of the program
  • Evaluation of management’s efforts to resolve violations deficiencies
  • Evaluation of the effectiveness of the suspicious activity monitoring systems
  • Review of the BSA risk assess­ment for reasonableness given the bank’s risk profile

BSA compliance officer

A bank or thrift must designate a qualified bank employee as its BSA compliance officer, who has day-to-day responsibility for managing all aspects of the BSA compliance program and compliance with all BSA regulations.  The BSA compliance officer may delegate certain BSA compliance duties to other employees, but not compliance responsibility.

The bank’s board of directors and senior management must assure that the BSA compliance officer has sufficient authority and resources – time, funding, staffing – to administer effectively a comprehensive BSA compliance program.  And, the BSA officer must have a direct reporting channel to the board of directors.

Board of directors

The board must ensure that it exercises supervision and direction of the BSA/AML program.  This involves making sure that the institution develops sound BSA/AML policies, procedures, and processes that are approved by the board and implemented by management.  The board also has to ensure that the bank maintains a designated BSA officer with qualifications commensurate with the bank’s situation.  As noted above, the BSA officer must report directly to the board and be vested with sufficient authority, time, and resources.  The board must provide for an adequate independent testing of BSA/AML compliance.  The board should bear in mind that it has the ultimate responsibility for the institution’s BSA compliance.

Training

Financial institutions must ensure that appropriate bank personnel are trained in all aspects of the regulatory requirements of the BSA and the bank’s internal BSA compliance and anti-money laundering (AML) policies and procedures.

An effective training program includes provisions to assure that all bank personnel, including senior management, who have contact with customers (whether in person or by phone), who see customer transaction activity, or who handle cash in any way, receive appropriate training.  Board members also need to receive regular BSA/AML training, though at a much higher level with less detail than institution line employees.

The training needs to be ongoing and incorporate current developments and changes to the BSA, AML laws, and agency regulations.  Banks should address new and different money laundering schemes involving customers and financial institutions. The program should also include examples of money laundering schemes and cases, tailor them to the audience, and explain how the audience can detect or resolve such activities.

Another focus of the training should be on the consequences of an employee’s failure to comply with established policy and procedures (e.g., fines or termination).  These programs also should provide personnel with guidance and direction in terms of bank policies and available resources.

Beneficial ownership procedures

The beneficial ownership rule contains three core requirements:

  • Identifying and verifying the identity of the beneficial owners of companies opening accounts
  • Understanding the nature and purpose of customer relationships to develop customer risk profiles, and
  • Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

A beneficial owner is an individual who owns more than 25 percent of the equity interest in a company or is the single individual who exercises control.  Also subject to these requirements is the one person who has control of each legal entity customer.

Beyond the basics

BSA enforcement actions continue to raise the bar for all financial institutions. BSA compliance programs must meet additional standards to be considered adequate to address the ever‑evolving challenges that arise over time.

  • Customer due diligence (CDD). Verifying a customer’s name, address, date of birth and identification number will satisfy the basic BSA customer identification requirements.  However, these four pieces of information will not be enough to help an institution deter­mine a customer’s typical account activity.  The recent C&D orders make clear that regulators expect community bank managers to use information collected as part of the institution’s CDD process to predict the type, dollar amount, and volume of transactions that a customer is likely to conduct.  This expectation goes beyond the new beneficial ownership rule to extend CDD expectations to the broader customer base. Regulators directed several institutions subject to the recent round of enforcement actions to develop specific procedures to describe how the institution will conduct customer due diligence. As computer and software technology has improved, regulators have come to expect small and large banks to gather and review information about the normal range of a customer’s banking activities.  They view the CDD processes and analysis as providing the framework that enables institutions to comply with suspicious activity reporting requirements.
  • Account & transaction monitoring. A number of institutions that received the most recent orders did not have adequate, or any, procedures for detecting and reporting suspi­cious activities. The enforcement actions make clear that community banks must specify in writing how the institu­tion will analyze and use customer information to detect suspicious activities.  As this area gets more complex, it becomes more difficult to try to maintain an adequate suspicious activity monitoring regimen without some form of automated monitoring.

Conclusion

The costs of being subject to an enforce­ment action go beyond extra regulatory scrutiny in subsequent examinations.  Institutions under the latest round of actions must report the enforcement action in communications with their shareholders and spend significant sums of money to hire outside consultants to train employees, audit the revised BSA programs and backfile required reports.  They also must submit planned actions to the regulators involved for prior approval, as well as report regularly (usually quarterly) on their progress in remediating the deficiencies that led to their particular enforcement action.

An interagency BSA enforcement policy statement clarifies that regulators will not issue formal enforcement actions for minor BSA infractions.  These enforcement actions are levied against financial institutions – including community banks – with significant breakdowns in their BSA compliance systems. The consent and other orders show that regulators expect all banks to have very specific procedures for collecting customer information, predicting customer account activity, utilizing transaction monitoring reports, and training and managing employees with BSA-related responsibilities.

Be sure that you are not an object lesson for your banking fellows.  If we can help, contact us today.

The future of mortgage loan buybacks

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, Internal Audit, Mortgage Quality Control, News.

By Donald Stimpert, manager of secondary market QC, Young & Associates

Understanding the rising risk of loan buybacks

The secondary mortgage market is evolving rapidly, and with it, lenders face increasing pressure to maintain strict quality control (QC) standards. Loan buybacks — once considered an occasional risk — have become a growing concern as investors, government-sponsored enterprises (GSEs) and regulatory bodies scrutinize loan origination and underwriting processes more closely.

Recent economic uncertainty, fluctuating interest rates and regulatory changes have only amplified repurchase risks, making it imperative for financial institutions to adopt proactive strategies to mitigate potential buybacks before they impact profitability.

Why are mortgage loan buybacks increasing?

Several factors contribute to the rise in loan repurchase demands, including:

1. Heightened investor scrutiny

With a more volatile lending environment, investors and GSEs such as Fannie Mae and Freddie Mac are intensifying post-closing reviews to identify underwriting errors, miscalculations, and misrepresentations.

2. Rising interest rates and loan performance issues

As interest rates climb, borrowers with recent mortgages may be at a higher risk of delinquency. A worsening performance trend in loans increases investor caution, leading them to revisit underwriting quality and enforce buybacks when defects are found.

3. Evolving regulatory standards

The Consumer Financial Protection Bureau (CFPB) and other regulators continue to refine lending requirements, particularly around fair lending, borrower income verification, and compliance with TRID (TILA-RESPA Integrated Disclosure) rules. Lenders who fail to maintain strict adherence to these standards may see increased buyback requests.

4. Defect trends in loan underwriting

Recent QC reports indicate a surge in defects related to:

  • Income calculation errors
  • Debt-to-income (DTI) miscalculations
  • Missing documentation
  • Undisclosed liabilities
  • Misrepresentation of borrower information

Even minor discrepancies can trigger a repurchase demand, highlighting the need for enhanced QC measures.

Strategies to minimize repurchase risk

To reduce exposure to loan buybacks, lenders must strengthen their QC frameworks and proactively address risk areas before loans reach the secondary market.

1. Strengthen pre-funding and post-closing QC reviews

Implementing a robust pre-funding QC process helps catch potential defects before loans are sold, significantly reducing repurchase risk. Post-closing audits should be conducted consistently, ensuring that any issues are corrected before investor scrutiny.

2. Enhance data validation and borrower verification

Investors are increasingly focused on data integrity. Lenders must adopt advanced verification tools to cross-check borrower information, income, employment history, and undisclosed debts, minimizing the risk of fraud and errors.

3. Implement targeted sampling for QC reviews

Rather than relying solely on random sampling, lenders should integrate risk-based QC sampling that focuses on high-risk loan categories, such as self-employed borrowers, non-traditional income sources, or jumbo loans.

4. Maintain open communication with investors and GSEs

Establishing proactive dialogue with investors, servicers, and GSEs can help lenders identify evolving QC expectations and regulatory shifts, allowing them to adjust policies before issues escalate into buyback requests.

5. Conduct regular staff training and compliance refreshers

Underwriting and QC staff should receive continuous training on updated investor guidelines, industry best practices, and regulatory changes. Well-informed teams are less likely to overlook critical details that lead to defects.

A more proactive approach to mortgage QC

The risk of loan buybacks is unlikely to disappear, but financial institutions that take a proactive approach to mortgage quality control will be better positioned to minimize losses, maintain strong investor relationships, and protect their bottom line.

By integrating technology-driven audits, enhanced borrower validation, and risk-based QC sampling, lenders can significantly reduce repurchase exposure and navigate the evolving secondary market with confidence.

Is your institution prepared to mitigate repurchase risk? Young & Associates offers customized Mortgage QC solutions designed to enhance your quality control processes and protect your loan portfolio. Contact us today to learn how we can help safeguard your secondary market loan sales.

Key insights from CFPB Supervisory Highlights, winter 2024

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

As the regulatory environment continues to evolve, the latest CFPB Supervisory Highlights offer crucial insights for financial institutions navigating an increasingly complex landscape. Issue 37 shines a spotlight on deposit operations, credit furnishing practices, and the burgeoning short-term lending market, while also addressing significant enforcement actions and new rules. Here’s what community banks need to learn — and act on.

Overdraft fees: A continuing challenge

For years, overdraft and non-sufficient funds (NSF) fees have drawn regulatory scrutiny. This issue of Supervisory Highlights confirms that some practices—such as re-presentment NSF fees and Authorize-Positive Settle-Negative (APSN) overdraft fees — remain problematic. Despite progress, core processors often set fee structures to charge these fees by default unless institutions actively intervene.

Takeaway for community banks
It’s time to re-evaluate fee structures. Ensure that your core processor’s systems are configured to align with updated regulatory expectations. Educate staff and consumers about these changes to build trust and avoid regulatory pitfalls.

Furnishing data: Accuracy matters

Banks that furnish data to credit reporting agencies are under the microscope. The CFPB found widespread failures to maintain procedures for identity theft notifications, conduct thorough investigations of disputes, and ensure data accuracy. This isn’t just about compliance—it’s about your reputation.

Actionable Insight
Community banks should strengthen internal controls and train employees on handling credit disputes. Investing in accurate, consumer-friendly data practices not only mitigates risk but also reinforces your institution’s credibility.

Short-term lending: Transparency is key

The Supervisory Highlights also scrutinize the exploding popularity of Buy Now, Pay Later (BNPL) programs and paycheck advance products. Findings revealed deceptive marketing practices, delayed dispute resolutions, and loan denials tied to trivial payment processing errors.

Why it matters
Even if your bank doesn’t offer these products, they’re reshaping consumer expectations. Transparency in terms and processes isn’t optional—it’s a competitive necessity.

Technology pitfalls: Lessons from enforcement actions

This issue features notable enforcement actions, including a $1.5 million penalty against VyStar Credit Union for botching the launch of an online banking platform. Consumers faced months of restricted access to their accounts, incurring fees and frustration.

A word of caution
Digital transformation is critical for community banks to stay relevant, but poorly executed rollouts can damage trust. Rigorous testing and a solid contingency plan can safeguard against consumer harm and regulatory penalties.

New rules to watch

The CFPB issued a final rule governing overdraft practices at large institutions, capping fees unless they are minimal. Additionally, supervisory authority now extends to digital payment platforms processing over 50 million transactions annually.

What’s next for community banks?
Stay proactive in monitoring new rules and adapting processes. Even if you’re not directly impacted by these changes, they signal the regulatory trends shaping the future.

Final thoughts: Protecting your institution

The themes in this issue of Supervisory Highlights boil down to a central lesson: consumer protection is non-negotiable. Whether it’s ensuring accurate reporting, transparent lending, or seamless technology implementation, community banks must prioritize their customers’ experience.

By addressing these areas, you’re not just avoiding penalties — you’re fortifying your role as a trusted partner in your community. For tailored guidance, connect with Young & Associates, your partner in navigating the ever-changing regulatory landscape. Contact us for tailored solutions to support your institution’s goals.

U.S. industrial transition: Insights for metro areas and community banks

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

The FDIC’s analysis of U.S. industrial transitions between 1970 and 2019 reveals the profound effects of economic shifts on metro areas and the community banks serving them. These transitions, driven by the decline of manufacturing and the rise of service-based economies, created challenges and opportunities for local economies and financial institutions. Below, we explore the key findings from this study and their implications for community banks.

The decline of manufacturing and economic shifts

Over five decades, the national economy moved away from manufacturing, with industries like steel, textiles, and machinery experiencing steep employment declines. Metro areas heavily reliant on these sectors, particularly in the Northeast and Midwest, faced significant economic stagnation. For example, cities like Youngstown, Ohio, and Flint, Mich., struggled to replace lost industries, leading to slower population growth, aging demographics, and economic contraction. Meanwhile, metro areas in the South and West benefited from population inflows and economic diversification, fostering stronger economic growth.

Challenges for community banks in high-transition metros

Community banks in metros with high levels of industrial transition faced significant challenges. These banks experienced weaker deposit and branch growth compared to their counterparts in other regions. Their loan portfolios were heavily concentrated in single-family residential loans, with less exposure to business-related lending, which limited their growth potential. Despite these challenges, community banks in high-transition metros showed resilience during periods of economic stress, such as the Savings and Loan Crisis and the Great Financial Crisis, with lower failure rates than banks in other regions.

Strategies for success: High-performing banks

Amid these challenges, a subset of high-performing community banks in high-transition metros found success through strategic adaptability. These banks diversified their loan portfolios, expanded operations beyond their local metro areas, and emphasized commercial lending. By focusing on growth opportunities outside their immediate regions and strengthening their balance sheets, these banks outperformed both their local peers and many banks in more stable metros. Their success underscores the importance of innovation and diversification in navigating economic transitions.

The role of metro diversification

Larger, more industrially diversified metros, such as San Jose, Calif., demonstrated the benefits of economic adaptability. San Jose successfully transitioned from computer manufacturing to a broader technology-driven economy, supported by high-paying jobs in professional, scientific and technical services. This highlights the critical role of industrial diversity in building resilience during times of economic change. Smaller, less diversified metros struggled to recover, illustrating the importance of proactive economic planning and investment in diverse industries.

Lessons for future transitions

The FDIC study offers valuable lessons for navigating future economic shifts. These include those driven by climate change and clean energy transitions. Metro areas and community banks that prioritize diversification, invest in high-growth industries and adapt to changing market demands will be better equipped to manage these transitions. By learning from past challenges, financial institutions can position themselves as resilient and innovative partners in their communities.

Supporting community banks through transition

As community banks navigate the challenges of economic shifts, Young & Associates is here to help. Our expert guidance can assist financial institutions in diversifying portfolios, expanding operations, and developing strategies for resilience. Contact us today to learn more about our tailored services. Also, subscribe to our newsletter for the latest insights and updates.

Understanding NCUA’s guidance on overdraft and NSF fees: Key takeaways for credit unions

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

The NCUA released its December 2024 Letter to Credit Unions (24-CU-03), which sheds light on the risks and regulatory concerns surrounding overdraft and non-sufficient funds (NSF) fee practices. This guidance helps federally insured credit unions mitigate compliance, reputation and litigation risks while maintaining fair and transparent practices for their members. Below, we break down the essential points of the letter, tailored for credit union leaders.

The problem with unanticipated fees

Credit unions may face significant risks if their overdraft or NSF fee policies result in fees that members cannot reasonably anticipate or avoid. These fees can lead to:

  • Substantial Member Harm: Unexpected fees strain members financially and undermine trust.
  • Regulatory Violations: Such practices may be deemed unfair or deceptive under the FTC Act and the Consumer Financial Protection Act (CFPA).
  • Heightened Risks: Credit unions expose themselves to reputational, consumer compliance, third-party, and litigation risks.

NCUA IDs key risk areas in overdraft and NSF fee practices

The NCUA identified several problematic practices:

  1. Authorize Positive, Settle Negative (APSN) Fees:

    • Credit unions charge fees when a transaction is authorized with sufficient funds but settles with insufficient funds because of intervening transactions.
    • Such practices are likely unfair under federal regulations, especially if members cannot anticipate the fees.

  2. Multiple NSF Representment Fees:

    • Credit unions charge additional fees when a returned check or ACH item is presented multiple times without sufficient funds.
    • Members cannot often control or predict when items will be represented, which makes these fees unfair and deceptive.

  3. Returned Deposited Item (RDI) Fees:

    • Credit Unions assess fees on members for depositing checks that are returned unpaid.
    • Members typically have no way to foresee these occurrences, increasing compliance and reputational risks.

  4. Other High-Risk Practices:

    • High or No Limits on Fees: Charging excessive fees in a single day creates undue financial burdens on members.
    • Inaccurate Disclosures: Failing to clearly disclose fee practices or transaction cutoff times can mislead members and violate regulations.
    • Reordering Transactions: Prioritizing larger transactions to maximize overdraft fees is likely to be considered unfair.

Risk management best practices

To address these risks, the NCUA recommends that credit unions:

  • Conduct comprehensive reviews:

    • Analyze all aspects of overdraft and NSF fee programs, including disclosures, processing systems and member communications.
    • Evaluate member complaints and fee structures for fairness and transparency.

  • Mitigate risks:

    • Eliminate fee practices that members cannot reasonably anticipate or avoid.
    • Self-identify and reimburse members for fees assessed under unfair practices.
    • Consult legal counsel to ensure compliance with applicable laws.

  • Enhance member support:

    • Offer alternatives such as linked savings accounts, affordable lines of credit or short-term loans.
    • Provide educational resources to help members manage their accounts effectively.

NCUA’s supervisory approach

The NCUA will continue reviewing overdraft and NSF programs during examinations to ensure compliance and risk mitigation. The agency encourages credit unions to take proactive measures and will view self-corrected violations and member reimbursements favorably during examinations. Enforcement actions may include restitution for harmed members and other penalties for non-compliance.

This guidance emphasizes the importance of transparency, fairness and compliance in managing overdraft and NSF fee practices. By implementing the NCUA’s recommended best practices, credit unions can reduce risk exposure, enhance member trust and align with regulatory expectations.

How we can help

At Young & Associates, we specialize in helping credit unions navigate complex compliance requirements. Contact us for tailored solutions to evaluate and improve your overdraft and NSF fee programs. Sign up for our newsletter to stay informed about the latest regulatory updates and best practices in the credit union industry.

The OCC 2024 Annual Report: A summary for financial institutions

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

The OCC 2024 Annual Report provides a comprehensive overview of the federal banking system, highlighting stability, strategic priorities and regulatory advancements. This report underscores the importance of proactive risk management, fairness in banking practices and adapting to evolving technology and environmental challenges.

The report reaffirms the strength of the federal banking system and notes that 99 percent of banks hold strong capital positions, while 92 percent maintain strong capital adequacy, asset quality and management. These metrics reflect the resilience of financial institutions in the face of economic uncertainties.

Strategic priorities for the Federal Banking System

The OCC’s strategic priorities for 2024 focus on four critical areas:

  • Guarding against complacency: Banks are encouraged to remain vigilant and manage both traditional and emerging risks effectively.
  • Promoting fairness: Efforts to reduce lending inequities and biases in financial practices continue to be a priority.
  • Adapting to digitalization: The integration of financial technologies and artificial intelligence must be managed responsibly to ensure security and trust.
  • Addressing climate risks: Large banks are expected to develop frameworks to mitigate climate-related risks, both physical and transitional.

Key focus areas for financial institutions

  1. Fraud prevention and cybersecurity:
    • Rising threats, including AI-driven fraud, call for advanced detection systems and secure authentication processes.
    • The increasing reliance on fintech partnerships highlights the need for robust third-party risk management frameworks.
  2. Operational resilience:
    • Operational resilience, including robust recovery planning, is critical to maintaining financial stability.
    • Recent regulatory updates require banks with over $100 billion in assets to expand recovery planning and testing.
  3. Regulatory modernization:
    • Enhanced transparency in bank mergers aims to foster competition and benefit underserved communities.
    • Updates to the Community Reinvestment Act (CRA) strengthen fair lending practices and promote financial inclusion.
  4. Digital innovation:
    • Artificial intelligence and automation are reshaping the banking landscape. The OCC emphasizes fairness, accountability, and transparency in AI applications.
    • Open banking and real-time payment systems offer growth opportunities, but financial institutions must implement them with customer trust and regulatory compliance in mind.

Financial System Resilience

The federal banking system demonstrated financial resilience in 2024, but challenges persist:

  • Revenue growth: The OCC’s revenue increased by 2.8% in FY 2024, totaling $1.22 billion, driven by higher interest earnings and bank assessments.
  • Profitability pressures: Declines in net interest margins and rising credit costs affected profitability, particularly for community banks.

Operational resilience remains a cornerstone of financial stability. The OCC highlights the importance of maintaining adequate liquidity, robust capital levels, and strategic recovery planning to mitigate risks.

The OCC’s 2024 Annual Report emphasizes the importance of adaptability, fairness, and resilience in navigating an increasingly complex financial landscape. Financial institutions must align their strategies with these priorities to ensure compliance, enhance customer trust and foster long-term stability.

Learn More:
Young & Associates offers expert guidance in compliance, risk management, and operational resilience. Contact us for tailored solutions to support your institution’s goals. Sign up for our newsletter to stay informed about the latest industry trends and insights.

Key insights from the OCC Semiannual Risk Perspective (fall 2024)

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, Lending & Loan Review, News.

Top trends in banking risk

The OCC’s report emphasizes maintaining sound risk management practices to address growing challenges.

  • Fraud activity: External fraud schemes targeting consumers and banks are rising. Sophisticated tactics, including AI-driven fraud, demand enhanced detection and prevention measures.
  • Credit risks: Commercial real estate (CRE) remains a focal point, with stress in office and luxury multifamily segments. Retail credit risks are stable but show signs of increased delinquencies in auto loans and credit cards.
  • Operational risks: Cybersecurity and third-party risks are elevated, reflecting the increasing complexity of the banking environment.
  • Compliance pressures: Adapting to dynamic regulatory changes and addressing data governance gaps are critical to ensuring compliance.

Fraud and cybersecurity: A call for action

Fraudulent activities targeting the banking system have surged, driven by innovative schemes such as:

  • Wire transfer fraud: Fraudsters impersonate trusted entities to steal funds.
  • Check fraud: Criminals manipulate stolen checks or sell them on dark web platforms.
  • AI-driven attacks: Deepfakes and AI-enhanced social engineering pose new threats.

What banks can do:

  • Implement advanced fraud detection systems.
  • Educate customers about fraud prevention.
  • Strengthen authentication and transaction monitoring systems.

Credit risk: Stabilizing but uneven

The report identifies pockets of credit risk:

  • Commercial Real Estate (CRE): Stress is evident in the office sector, with rising costs and valuation declines. Multifamily CRE faces challenges from oversupply and increased regulatory expenses.
  • Retail credit: Stable overall but experiencing increased delinquencies in credit cards and auto loans.

What banks can do:

  • Conduct regular stress testing for CRE portfolios.
  • Enhance monitoring and adjust allowances for credit losses based on emerging risks.

Operational resilience and technology adoption

The banking sector is rapidly digitizing, adopting new technologies to meet evolving customer needs.

However, these advancements come with heightened risks:

  • Third-party risks: Increased reliance on fintech partnerships expands the cyberattack surface.
  • Legacy system challenges: Aging infrastructure complicates modernization efforts.
  • AI adoption: Compliance risks are significant as banks explore advanced AI applications.

What banks can do:

  • Strengthen third-party risk management frameworks.
  • Invest in post-quantum encryption and legacy system upgrades.
  • Implement comprehensive governance for AI-based tools.

Market and climate-related financial risks

Banks face dual pressures from market dynamics and climate-related risks:

  • Net Interest Margins (NIM): Higher funding costs are compressing margins, requiring strategic adjustments.
  • Climate impact: Increased natural disasters highlight the importance of climate risk management frameworks.

What banks can do:

  • Focus on liquidity stress testing and modeling depositor behavior.
  • Engage with clients to manage climate-related transition risks effectively.

Economic outlook: Challenges ahead

The U.S. economy remains resilient but shows signs of slowing:

  • Housing market: Affordability issues and “rate lock-in” effects are dampening demand.
  • Consumer spending: Despite strong spending in 2024, rising costs and a cooling labor market could create headwinds.

Preparation tips:

  • Monitor consumer credit health closely.
  • Adapt lending standards to evolving economic conditions.

Staying ahead in a dynamic environment

The OCC’s Fall 2024 Semiannual Risk Perspective outlines a roadmap for navigating complex risks in the federal banking system. Financial institutions should prioritize robust fraud prevention, proactive credit risk management and strategic technology adoption. By addressing these challenges, banks can safeguard their operations and thrive in an ever-changing economic landscape.

Explore more:
Discover how Young & Associates can help your institution mitigate risks, strengthen compliance and enhance operational resilience. Contact us today for tailored solutions to navigate these challenges effectively. Sign up for our newsletter to stay informed about industry insights and updates.

2025 Rescission Calendar – Free download now available

Written by admin on . Posted in Advice, Announcements, Blog, Compliance & Regulations, Consultation, Lending & Loan Review, News.

The right of rescission, governed by Regulation Z under the Truth in Lending Act (TILA), remains a cornerstone of consumer protection in the lending industry. For financial institutions, ensuring compliance with rescission rules is not only a regulatory requirement but also a reflection of their commitment to protecting borrowers’ rights. However, the intricacies of rescission—covering timing, disclosure requirements, and exceptions—can make this area of compliance challenging for many lenders.

To support your institution in navigating these complexities, Young & Associates is proud to offer a free downloadable Rescission Reference Chart, designed to simplify compliance with rescission rules.


Click Here to Get Your 2025 Rescission Calendar

 

What is the 3 Day Right of Rescission?

The right of rescission provides consumers with the ability to cancel certain credit transactions that involve a lien on their principal dwelling. This cooling-off period, typically three business days, is intended to allow borrowers time to evaluate the terms of their transaction without pressure. While the concept is straightforward, compliance involves navigating strict rules related to timing, notification and disclosure.

Does Presidential Inauguration Day affect rescission periods?

No. While federal employees in the Washington, D.C. area are granted a holiday on Presidential Inauguration Day (January 20th), this holiday applies only to those “employed in” the designated Inauguration Day Area and does not affect rescission periods.

According to § 1026.2(a)(6) of Regulation Z, a “business day” for rescission purposes is defined as all calendar days except Sundays and the legal public holidays listed in 5 U.S.C. 6103(a), such as New Year’s Day, Martin Luther King Jr. Day, Washington’s Birthday, and others. Inauguration Day is not among these specified legal public holidays and therefore does not impact rescission timelines.

Common challenges in rescission compliance

Despite its importance, rescission often presents challenges for financial institutions. Here are some common issues:

  1. Identifying covered transactions
    Not all transactions are subject to rescission. Determining whether a loan qualifies—such as refinances or home equity lines of credit—requires careful evaluation of loan terms and lien positions.
  2. Proper timing of the rescission period
    The rescission period must be calculated accurately, taking into account business days and excluding holidays. Miscalculations can result in compliance violations.
  3. Providing accurate and timely disclosures
    Borrowers must receive clear and complete rescission notices and required disclosures at the time of closing. Any inaccuracies can extend the rescission period or expose the lender to liability.

  4. Handling rescission notices
    If a borrower exercises their right to rescind, lenders must act swiftly to return funds and terminate the lien within 20 calendar days. Delays or errors in this process can lead to penalties.

How do you calculate a 3 day rescission period?

The rescission period typically begins the business day following the signing of loan documents and ends at midnight on the third business day.

How the calendar can help

Young & Associates’ Rescission Reference Chart is a comprehensive tool that simplifies the complexities of rescission compliance. This chart provides:

  • A clear breakdown of covered and exempt transactions.
  • Guidelines for accurately calculating the rescission period.
  • Tips for ensuring proper disclosure and handling rescission notices.

Whether you’re training new staff or refreshing your understanding of rescission rules, this chart offers a practical and easy-to-use resource to enhance your compliance program.

Why rescission matters

Non-compliance with rescission rules can result in extended rescission periods, regulatory scrutiny or even legal action. By ensuring your institution has a solid grasp of rescission requirements, you not only avoid potential risks but also reinforce your reputation as a trusted and reliable lender.

Download free today

Young & Associates is dedicated to helping financial institutions like yours maintain compliance while streamlining operations. Our Rescission Reference Chart is just one of the many tools we offer to support your success. Equip your team with the knowledge and tools they need to navigate rescission with confidence. With Y&A by your side, you can focus on serving your customers while staying compliant with ease.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question