Skip to main content

Overdraft programs and fees: Navigating the regulatory maze

Written by admin on . Posted in Advice, Compliance & Regulations, Consultation.

By: Karen S. Clower, CRCM and William J. Showalter, CRCM, CRP

Fee income practices in overdraft programs have garnered increasing attention from regulatory bodies such as the CFPB, OCC, NCUA, and FDIC. The risks associated with overdraft practices are growing, and overlooking them can pose significant threats to your financial institution.

These regulatory developments are of particular concern for both APSN (Authorize Positive, Settle Negative) and NSF (Non-Sufficient Funds) fee practices. With both federal and state regulators scrutinizing these areas, it’s a critical time for financial institutions to review their overdraft and insufficient funds procedures. Unpacking the intricate world of overdraft programs, understanding fair banking risks, and adopting best practices to mitigate them have never been more crucial.

Multiple re-presentment fees under the microscope

The FDIC revised their Supervisory Guidance on Multiple Re-Presentment NSF Fees in June 2023. The core message from this guidance is the importance of transparency in re-presentment practices. The FDIC emphasizes that re-presentment practices may be deceptive when lacking clear disclosure and unfair when they lead to the assessment of multiple NSF fees for a single transaction.

A re-presentment occurs when a transaction is initially declined due to insufficient funds, followed by the merchant resubmitting the transaction, which may incur additional NSF fees. In many instances, customer disclosures do not fully convey the nature of these re-presentment practices, elevating the risk of consumer harm and regulatory violations. It is prudent for financial institutions to review and update disclosures to avoid causing consumer harm and accumulating violations.

Identifying potential risks associated with NSF fees on re-presented transactions

Examiners have identified several risk factors related to the assessment of NSF fees on re-presented transactions:

  • Consumer compliance risk: Charging multiple NSF fees for the same unpaid transaction can breach Section 5 of the FTC Act, which prohibits unfair or deceptive practices. Not adequately informing customers can mislead and potentially harm them.
    • Deceptive Practices: The FDIC finds charging multiple NSF fees without proper disclosure deceptive.
    • Unfair Practices: Inadequate customer advice on fee practices can be unfair, particularly if it causes harm and offers no benefits to the consumer.
  • Third-party risk: Third-party involvement in payment processing and tracking re-presented items can lead to risks. Institutions should monitor these arrangements closely.
  • Litigation risk: Charging multiple NSF fees may lead to litigation. Many institutions have faced class-action lawsuits and substantial settlements for inadequate fee disclosures.

Managing NSF fee risks

The FDIC encourages financial institutions to review their practices and disclosures regarding NSF fees for re-presented transactions. Note that a highlight of the most recent update to their supervisory guidance is that their current approach does not involve requesting financial institutions to conduct lookback reviews absent a likelihood of substantial consumer harm. To mitigate the risk of consumer harm and legal violations related to multiple re-presentment NSF fees, financial institutions are encouraged to consider the following:

  • Eliminating NSF fees.
  • Charging only one NSF fee for the same transaction, even if it’s re-presented.
  • Reviewing policies and practices, clarifying re-presentment practices, and providing customers with updated disclosures.
  • Clearly and prominently disclosing NSF fee amounts, when they are imposed, and the conditions under which multiple fees may apply to a single transaction.
  • Reviewing customer notification practices and fee timing to enable customers to avoid multiple fees for re-presented transactions.

These recommendations are based on supervisory observations to date and do not impose any legal obligations to financial institutions. While not mandatory, these steps help in reducing the risk of consumer harm.

FDIC’s supervision of re-presentment NSF fees: A closer look

The FDIC has a specific approach when it comes to overseeing and enforcing regulations regarding multiple re-presentment NSF fee practices. Their main aim is to identify and correct issues related to re-presentment, with a focus on ensuring that customers who have been harmed receive the necessary solutions.

As part of their process for assessing compliance management systems, the FDIC acknowledges institutions that take proactive steps to identify and rectify violations. Importantly, if institutions have already addressed these violations before a consumer compliance examination, examiners generally won’t cite UDAP violations.

When financial institutions proactively identify issues related to re-presentment NSF fees, the FDIC has clear expectations:

  • They should take corrective actions, which include providing restitution to affected customers.
  • There should be a prompt update to NSF fee disclosures and account agreements for all customers, both new and existing.
  • Consideration should be given to implementing additional risk mitigation practices to reduce potential unfairness risks.
  • Monitoring of ongoing activities and customer feedback is essential to ensure that corrective actions are sustained over time.

The FDIC evaluates the need for restitution by considering the potential harm to consumers as a result of the practice, the institution’s record-keeping practices, and any challenges associated with collecting and reviewing transaction data or information related to the frequency and timing of re-presentment fees. In cases where examiners identify law violations related to re-presentment NSF fee practices that have not been self-identified and fully corrected before an examination, the FDIC may contemplate various supervisory or enforcement actions, including the imposition of civil monetary penalties and the requirement for restitution where necessary.

What about APSN fee practices?

The regulatory focus extends beyond just re-presentment fees. One noteworthy concern is the practice of charging overdraft fees for transactions that were initially authorized with a positive balance but later settled with a negative balance, referred to as APSN transactions. Below is an overview of the FDIC’s Supervisory Guidance on Charging Overdraft Fees for Authorize Positive, Settle Negative Transactions, which was revised in April 2023 to expand upon the related 2019 Supervisory Highlights article.

Guidance overview

Complexity in Overdraft Programs: Overdraft programs, transaction clearing, and settlement processes are intricate. APSN transactions involve consumers being assessed overdraft fees when they had sufficient account balances at the time of transaction initiation but no longer at settlement. This means it is hard for consumers to predict when fees might be assessed and how to avoid them.

Available Balance vs. Ledger Balance: Financial institutions typically use either an available balance method or a ledger balance method for assessing overdraft-related fees. The available balance can be affected by pending debit transactions. Some institutions, especially with the available balance method, assess overdraft fees on transactions authorized when the available balance is positive but posted when the balance is negative.

Unintended Consequences: In some cases, this practice leads to multiple overdraft fees being charged. Unanticipated overdraft fees can cause considerable harm to consumers. The consumer cannot reasonably avoid these fees, and their complexity further compounds the issue. This situation raises the risk of violations of consumer protection laws.

Mitigating risks: Financial institutions are encouraged to review their practices regarding charging overdraft fees for APSN transactions. This entails ensuring that customers are not charged overdraft fees for transactions they could not anticipate or avoid. This includes monitoring third-party arrangements for compliance, evaluating core processing systems, and improving disclosures to accurately convey fee practices.

With a deep understanding of re-presentment and APSN transactions, financial institutions can effectively navigate the complex landscape of fee income and compliance. A proactive approach can aid in protecting consumers, ensuring regulatory compliance, and maintaining your institution’s reputation.

Balancing overdraft fee income and compliance

Weighing compliance and reputational risks against the revenue your overdraft program generates is crucial. While fee income is essential, safeguarding your financial institution’s reputation should always be a top priority. Striking the right balance between compliance and revenue is key.

Regulatory insights and recent enforcement actions

To stay ahead in the realm of overdraft programs, monitoring the insights and actions of regulatory bodies is essential. The CFPB, FRB, OCC, NCUA, and FDIC provide guidance and updates that can directly impact your operations. Recent enforcement actions underscore the consequences of non-compliance. Analyzing these cases can provide insights into areas where institutions have faltered and help you steer clear of similar missteps.

Your overdraft compliance solution: Young & Associates

Managing overdraft programs while staying compliant with fair banking regulations is a complex task. At Young & Associates, we are here to guide you through this maze. We help ensure that your institution not only thrives financially but also maintains a strong reputation. By understanding the risks, learning from common pitfalls, and implementing best practices, you can create a robust overdraft program..

For more in-depth guidance tailored to your unique circumstances, reach out to our team of experts. Together, we can navigate the regulatory compliance landscape and keep your financial institution on the path to success. Contact us today.

Ensuring compliance in a BSA/AML compliance program: Independent testing

Written by admin on . Posted in Compliance & Regulations.

By: Edward Pugh, AAP, CAMS, CAMs-Audit, CFE

One of the key components of a financial institution’s compliance with BSA/AML regulatory requirements is independent testing of the BSA/AML Program. Independent testing may be performed by an institution’s internal audit department, outside auditors, consultants, or other qualified independent parties. There is no regulatory requirement establishing the frequency of BSA/AML independent testing; rather, the frequency should be commensurate with the money laundering/terrorism financing risk profile of the institutions. Many institutions conduct independent testing every 12 to 18 months, increasing frequency if there are any significant changes in the risk profile, such as changes in systems, compliance staff, products, mergers/acquisitions, or an institution’s size. Significant errors or deficiencies may also warrant more frequent independent testing to validate mitigating or remedial measures.

Often, the need for a truly independent assessment, combined with limitations in staffing capacity, prompts institutions to engage an external entity to conduct a comprehensive evaluation of their BSA/AML program compliance. Thus, it is critical to ensure that the independent review provides an unbiased assessment of an institution’s BSA/AML compliance efforts, identifies potential risks or weaknesses, and offers recommendations for improvement. Some key components of a satisfactory BSA/AML independent program audit or testing include the following:

  • Scoping and planning: The scope of the review should be based on a risk assessment of the institution’s products, services, customers, and geographic locations. The scoping and planning phase often relies on the institution’s own BSA/AML risk assessment, but if it is inadequate, the external auditor may determine the scope. Additionally, any changes in the business or regulatory environment, as well as any issues identified in previous audits or examinations, should be taken into account.
  • Independence: The audit/testing should be conducted by individuals who are independent of the BSA/AML compliance program. While internal auditors may be acceptable, a BSA Officer or assistant would not be. This ensures that any findings are objective and unbiased.
  • Qualifications and training of auditors: Persons conducting the independent testing should have sufficient knowledge and understanding of the BSA, AML, and related regulations. They should be trained in auditing principles and procedures and understand the various risks financial institutions face.
  • Review of the BSA/AML compliance program: The audit should include a comprehensive review of the BSA/AML Compliance Program, including its policies and procedures, risk assessment, internal controls, training programs, and the role and performance of the BSA Officer.
  • Transaction testing: Thorough transaction testing should be conducted to verify compliance with BSA/AML requirements, such as customer identification, suspicious activity reporting, customer due diligence, currency transaction reporting, and record keeping requirements.
  • Assessment of training programs: The institution’s BSA/AML training programs should be reviewed to ensure they are adequate, up-to-date, and effective in educating employees about the BSA/AML responsibilities. The Board of Directors training should also be reviewed.
  • Reporting: An audit report should be produced that clearly communicates findings, including any weaknesses or deficiencies in the compliance program. Appropriate recommendations for improvement should also be provided where necessary.

A comprehensive and effective BSA/AML independent program audit is essential for financial institutions to ensure compliance with the various laws and regulations pertaining to BSA/AML. Some issues pertaining to independent testing that are frequently found in Reports of Examination include lack of independence on the part of the auditor(tester), insufficient scope, and insufficient transaction testing. A comprehensive and independent audit of an institution’s BSA/AML compliance program not only facilitates regulatory adherence, but also pinpoints and highlights any existing program deficiencies.

Additional Resources: FFIEC BSA/AML Assessing the BSA/AML Compliance Program – BSA/AML Independent Testing

Young & Associates works with financial institutions of all sizes to help them avoid regulatory pitfalls and develop strong BSA/AML compliance programs. For more information, contact me at epugh@younginc.com or 330.422.3475.

The purpose of BSA/AML model validation – Common findings

Written by admin on . Posted in Compliance & Regulations.

By: Edward Pugh, CAMS, CAMS-Audit, AAP, CFE, Consultant

For many financial institutions, the concept of a BSA/AML Model Validation is new. In the past, model validations were in the domain of larger financial institutions, typically with $1 Billion or more in assets. In general, model validations are a component of model risk management (MRM), and the guidance for MRM doesn’t easily conform to AML models, particularly models purchased from vendors. To rectify this, the regulatory agencies released an Interagency Statement of Model Risk management for Bank Systems Supporting Bank Secrecy Act/Anti-Money Laundering Compliance in April 2021. We have found that subsequent to the release of this guidance, examiners are frequently requesting that model validations be completed for financial institutions of all sizes.

The purpose of Anti-Money Laundering (AML) model validation is to evaluate the effectiveness and accuracy of an AML model in identifying potentially suspicious transactions and preventing money laundering and terrorist financing activities.

A BSA/AML model validation consists primarily of three components:

  • Conceptual soundness – This entails (among other considerations) the review of documentation and empirical evidence used and variables selected for the model. Much of this information is found in the implementation documentation.
  • Ongoing monitoring – This component confirms that the model is appropriately implemented and is performing as intended. Additionally, the processes and procedures for changes to the model are evaluated. For example, when an agent is added or thresholds are changed, what is the process leading up to the change?
  • System/outcome analysis – This verifies that the alerts generated are indeed valid. On the flip side, is the model missing transactions due to parameter settings or data issues?

Common findings

As more financial institutions are having model validations performed, we have found some common findings, both in validation reports and examination reports. Below are some of the most common findings. Reviewing these findings may help a financial institution prepare for its first validation. These include:

  • Data quality issues – Appropriate data is not flowing to the model. This often includes monetary instrument information, wire information, ATM activity, and NAICS codes. A particular concern is 314(a) lists – data from closed accounts and non-customer transactions (such as monetary instrument purchases) is not included in the searches.
  • Inadequate model governance – This includes lack of model documentation, lack of proper oversight and controls, and lack of model testing.
  • Lack of documentation of filtering thresholds – This includes documentation as to why thresholds were selected, as well as why/how any subsequent changes were made.
  • Missing or incomplete mapping documentation – Mapping documentation demonstrates how inputs from various systems flow into the AML Model. This information is usually included in the implementation documentation, though issues often arise when new products and services are introduced.
  • No reconciliation procedure – Institutions should periodically reconcile the data between the system feeding the data into the model and the model. This ensures that transactions are appropriately monitored.

While this list is not exhaustive, it does shed some light as to what auditors and examiners are looking for when it comes to model performance. Addressing these issues prior to a model validation or examination can help the process go more smoothly.

In conclusion

BSA/AML model validation is essential for both financial institutions and regulatory bodies to ensure that AML models are working as intended and regulatory requirements are being met. Young & Associates performs customized BSA/AML Validations and Reviews and collaborates with many of the AML software providers throughout the validation and review to provide a seamless process for our clients. If you would like more information on this article, or on how we can assist your organization, please contact me at epugh@younginc.com or 330.422.3475.

HMDA alert – Smaller mortgage producers may have to comply in 2023

Written by admin on . Posted in Compliance & Regulations, HMDA.

By Bill Elliott, CRCM; director of compliance education, Young & Associates

On September 23, 2022, the United States District Court for the District of Columbia issued an order vacating (canceling) the 2020 Home Mortgage Disclosure Act (HMDA) Final Rule. That final rule changed the limits for closed-end mortgage loans. At the time, that final rule raised the “minimum” for mandatory reporting from 25 to 100 closed-end mortgage loans in each of the two preceding years.

HMDA changes

The court vacated that change, and so the threshold for HMDA reporting in the regulation for 2023 and into the future has been reset back to 25 closed-end loans. Banks that have been able to avoid HMDA because they made fewer than 100 loans are required to comply in 2023. A blog entry issued by the Consumer Financial Protection Bureau (CFPB) on December 8, 2022 stated that the CFPB (and we presume the prudential regulators) will not require backfiling, nor would they cite banks for the absence of 2020, 2021, and 2022 filing data, but said nothing about 2023. Therefore, if your bank made more than 25 closed-end mortgage loans in 2021 and 2022, HMDA is now a requirement for closed-end mortgage loan reporting for your institution – starting January 1, 2023.

We are unsure why the CFPB waited about 10 weeks to inform us. But you will need to dust off those old policies, procedures, systems, and operations to come into compliance, or perhaps create new policies, procedures, and operations in a hurry. Additionally, there may be applications from 2022 that do not have the government monitoring information in file, because it would have been a violation for non-HMDA banks to collect that information. We believe that your institution needs to go back and collect that information for all loans that had an application in 2022, but that close in 2023.

The 25 vs. 100 threshold was a decision made by the CFPB, and that was reversed. The partial exemption changes – impacting a number of the data elements required to be collected – were the result of a change in law, so the partial exemption remains unaffected by this reversal.

HMDA review

Do you need a validation of your HMDA data prior to the 3/1/23 filing deadline? Young & Associates offers an off-site compliance review of your institution’s HMDA data. Using our secure file transfer system, we will validate your HMDA data to detect errors and issues before the filing deadline. For more information on our HMDA Review service, click here or contact Karen Clower, Director of Compliance, at 330.422.3444 or kclower@younginc.com.

2023 Rescission Reference Chart

Written by admin on . Posted in Compliance & Regulations.

View and download the Young & Associates 2023 Rescission Reference Chart to assist your lenders in preparing the Notice of Right to Cancel. Please forward this document to someone in your organization who will use this helpful tool.

For 44 years, Young & Associates has provided consulting, training, and practical tools for the banking industry. Thank you for the opportunity to serve your needs.


Looking for the latest calendar? Click here to access the 2025 Rescission Reference Chart!

Ensure your advertising is complete, clear, and compliant

Written by admin on . Posted in Compliance & Regulations.

In today’s competitive environment, getting the word out about your products and services is crucial. Do your ads meet regulatory expectations, include all advertising terms, and clearly explain what your products and services are to your customers and potential customers?

Get peace of mind with Young & Associates’ Advertising Review Service.

It’s easy!

As part of the advertising review engagement, Young & Associates will:

  • Review all print and electronic advertising material provided by the bank. *
  • Respond to each submitted item in writing within 2 business days, presenting any compliance issues that may be present in the ad.
  • There is no minimum or maximum number of advertisements in a year. Submit advertisements that require that “second look.”
    * The review will not include verification of any APR or APY.

Trusted guidance

Young & Associates provides an unmatched depth of practical expertise. Our compliance consultants are comprised of former banking executives, compliance regulators, and tenured finance professionals. We’re uniquely qualified to understand and solve your challenges, because we have personally experienced those same issues. For more information on this service, contact Karen Clower at kclower@younginc.com or 330.422.3444.

To submit your ad for review click here.

Considering anti-money laundering software for your institution

Written by admin on . Posted in Compliance & Regulations, Information Technology.

By: Edward Pugh, CAMS, consultant

For many financial institutions, one of the most impactful purposes of the Anti-Money Laundering Act of 2020 is the encouragement of technological innovation and the adoption of new technology by financial institutions to more effectively counter money laundering and the financing of terrorism. While a requirement to adopt technology in the AML space is not spelled out, the encouragement is being meted out in regulatory exams. Industry professionals have noted that the asset-size thresholds for scrutiny of the adoption of technology (or lack thereof) is decreasing.

AML advantages

Aside from regulatory expectations, there are many advantages in adopting AML technology solutions, which include better detection capability, more efficient workflows, better information flow, and many others. There is a plethora of providers in the marketplace offering a wide range of products and capabilities. However, the aim of this article is to lay out some considerations once the decision to adopt new technologies has been made.

Here are some things to consider:

  • Risk Assessment. Your institution’s BSA/AML risk assessment should drive the technology selection process. It is important to be able to demonstrate that the technology does in fact mitigate the risks that were assessed. The risk assessment can also serve as a guide in determining the sophistication of the software needed; a lot of products in the market may offer many features and options that may not be necessary.
  • Data. Data quality is the most important aspect of implementing AML software technology. Any implementation will require time to be devoted to data cleansing and mapping. Most vendors offer varying levels of assistance depending on your needs. Whether this part of the process is handled in-house or through a vendor, there will be costs associated with data preparation.
  • Future-proof. While no technology can be “future-proof,” it is important to have a platform that is robust and can handle upgrades or changes in your institution’s core software and any ancillary systems that may be feeding data into the AML software. There should also be a clear process for updates as regulations, laws, and criminal typologies change or are discovered.
  • Maintenance. BSA/AML evolves constantly. Financial institutions and their customers continually change. Over time, fine-tuning scenarios and thresholds is an important periodic activity. Some software allows the institution to conduct changes to the model while others require more vendor involvement. It’s an important area to consider when choosing between the numerous options.
  • Efficiency. Properly implemented, quality AML platforms will reduce the compliance burden in your institution. However, it is important to note that there will be “growing pains” in the beginning. One of the most common surprises is the often-dramatic increase in alerts generated. This is usually due to new scenarios being monitored, and much more transaction data being monitored. It can also be due to data quality issues that can arise during implementation. This surge in alerts is temporary. The efficiency comes as the system is fine-tuned and staff becomes more acquainted with the platform and its capabilities.

More on AML

One final thought: Think big, start small. AML platforms can be customized and upgraded. For many institutions, the choices are overwhelming. Of course, there are many other factors that must be taken into account, especially cost. Having a clear understanding of the above-mentioned considerations will help weigh the cost considerations in choosing between the many options available in the marketplace.

For more information on the selection of AML software, contact us at mgerbick@younginc.com or 330.422.3482. And if your institution has AML software in place, please read the following article, AML Validation & Review, to learn more about how we can assist your financial institution in the validation and review of your existing AML software. Our BSA team is uniquely qualified to guide you through this often complicated and technical process, and we look forward to working with you to achieve your goals.

AML validation & review

Written by admin on . Posted in Compliance & Regulations, Information Technology.

The increasing sophistication of Anti-Money Laundering/Combating the Funding of Terrorism (AML/CFT) software and modeling techniques and the broader application of these models have played an undeniable role in the enhanced effectiveness of AML/CFT programs in financial institutions.

The regulatory agencies are utilizing more analytical and statistical specialists in BSA examinations. Additionally, recent BSA examinations demonstrate that the de facto threshold for regulatory scrutiny of AML models continues to decrease. All AML models must follow the guidance of OCC Bulletin 2011-12 and the subsequent Interagency Statement on Model Risk Management for Bank Systems Supporting Bank Secrecy Act/Anti-Money Laundering Compliance (4/9/21), which outline the expectations for model risk management, especially the need for independent review and model validations.

Young & Associates can assist you with our AML validation and review

Customized for your institution and as required by the regulators, our AML validation and review addresses:

  • Conceptual Soundness. We focus on the design, methodology, and construction of the model. This includes analysis and review of the model documentation, assumptions and limitations, data quality and completeness, and implementation
  • Ongoing Monitoring. We make sure that the model is working efficiently and as intended to meet your institution’s business objectives, and ensure that it is tailored to the institution’s Risk Assessment (AML Program Management). This includes model tuning and calibration, which is driven by several Key Performance Indicators (KPIs).
  • Outcomes Analysis. We examine the model’s output, including alerts generated from transaction monitoring, along with the supporting information used for investigation. Above-the-line and below-the-line testing ensures that alerts are accurate and complete. The team also assesses monitoring rules and parameters.

Young & Associates collaborates with many of the AML software providers throughout the validation and review to make the process as seamless to your institution as possible.

Trusted guidance in BSA/AML compliance

Young & Associates provides an unmatched depth of practical expertise. Our BSA compliance team includes former banking executives, compliance regulators, and tenured finance professionals who hold the CAMS (Certified Anti-Money Laundering Specialist) designation. We’re uniquely qualified to understand and solve your challenges, because we have personally experienced those same issues. We can assist you with your AML validation and review, contact us at mgerbick@younginc.com or 330.422.3482.

The UDAAP hammer drops

Written by admin on . Posted in Compliance & Regulations.

By: William J. Showalter, CRCM, CRP, Senior Consultant

In our last issue, we discussed what UDAAP is and how to set up a program in your bank to avoid trouble in this important area. Our title admonished you, “Don’t Let UDAAP Spook You, Take Control.” If you have not yet taken control of UDAAP compliance, you may have been spooked by developments over the past 12 months or so. There have been three big UDAAP enforcement actions involving three financial service providers of all sizes during that time.

Background

Section 5 of the Federal Trade Commission (FTC) Act has been around for over 70 years and prohibits “unfair or deceptive acts or practices” (UDAP), the predecessor to UDAAP. Banking regulators have had the responsibility to enforce bank and thrift compliance with UDAP rules, while the FTC had the authority to interpret the statute and write any rules. The Federal Reserve Board (FRB) was given interpretive and rule-writing authority when this part of the FTC Act was amended in 1975 but continued largely to defer to the FTC.

Title X of the Dodd-Frank Act (DFA) codified UDAP law specifically for financial institutions, eliminated the FRB’s rule-writing authority, added an “abusive” standard, and moved rule-writing authority to the CFPB. The acronym became UDAAP – unfair, deceptive, or abusive acts or practices.

What are we dealing with?

All these standards or characteristics are quite subjective. The elements of unfairness and deception have been established by statute, as well as interpretation over the years by the FTC in various enforcement actions and interpretive documents. The element of being abusive was established, in general terms, in statute by the DFA.

An act or practice is unfair if it causes or is likely to cause substantial injury to consumers that they cannot reasonably avoid or that countervailing benefits do not outweigh. Substantial harm usually involves monetary harm, including a small monetary harm to each of a large number of consumers. A three-part test determines whether a representation, omission, act, or practice is deceptive. First, the representation, omission, act, or practice must mislead or be likely to mislead the consumer. Second, the consumer’s interpretation of the deception must be reasonable under the circumstances.

Lastly, the misleading representation, omission, act, or practice must be material. “Material” means that it is likely to affect a consumer’s decision regarding a product or service. An abusive act or practice materially interferes with the ability of the consumer to understand a term or condition of a consumer financial product or service. Such an act or practice also includes one that takes unreasonable advantage of: the consumer’s lack of understanding of material risks, costs, or conditions of a product or service; the consumer’s inability to protect his interests in selecting or using a financial product or service; or the consumer’s reasonable reliance on the “covered person” (including a banker) to act in the interests of the consumer.

Recent UDAAP enforcement actions

In about the year 2000, banks first saw significant enforcement of UDAP (now UDAAP) from the banking agencies when the Office of the Comptroller of the Currency (OCC) took the lead. The OCC concluded that it had authority to address a violation of the FTC Act even when a challenged practice was not specifically prohibited by regulation.

The three bank-related UDAAP enforcement actions to which we referred above are:

  • The Consumer Financial Protection Bureau (CFPB) issued a Consent Order to Discover Bank (Greenwood, DE) and two subsidiaries ordering Discover to pay at least $10 million in consumer redress and a civil money penalty (CMP) of $25 million for violating a 2015 CFPB Order, the Electronic Fund Transfer Act, and the Consumer Financial Protection Act of 2010. The 2015 Order was based on the CFPB’s finding that Discover misstated the minimum amounts due on billing statements as well as tax information consumers needed to get federal income tax benefits. The agency also found that Discover engaged in illegal debt collection practices. The 2015 Order required Discover to refund $16 million to consumers, pay a penalty, and fix its unlawful servicing and collection practices.
  • However, more recently the CFPB found that Discover violated the 2015 order’s requirements in several ways – misrepresenting minimum loan payments owed, amount of interest paid, and other material information. Discover also did not provide all the consumer redress the 2015 Order required.
  • In addition, the CFPB found that Discover engaged in unfair acts and practices by withdrawing payments from more than 17,000 consumers’ accounts without valid authorization and by cancelling or not withdrawing payments for more than 14,000 consumers without notifying them. The agency also found that Discover engaged in deceptive acts and practices in violation of the CFPA by misrepresenting to more than 100,000 consumers the minimum payment owed and to more than 8,000 consumers the amount of interest paid. Some consumers ended up paying more than they owed, others became late or delinquent because they could not pay the overstated amount, while others may have filed inaccurate tax returns
  • The Federal Deposit Insurance Corporation (FDIC) issued an order to Umpqua Bank (Roseburg, OR) that the bank pay a CMP of $1,800,000 following the FDIC’s determination that the bank engaged in violations of Section 5 of the Federal Trade Commission Act in the commercial finance and leasing products issued by its wholly owned subsidiary, Financial Pacific Leasing, Inc. According to the FDIC, these violations included engaging in deceptive and/or unfair practices related to certain collection fees and collection practices involving excessive or sequential calling, disclosure of debt information to nonborrowers, and failure to abide by requests to cease and desist continued collection calls.
  • The FDIC also issued an order to pay a CMP of $129,800 to Bank of England (England, AR). The bank consented to the order without admitting or denying the violations of law or regulation.
    The FDIC determined that the bank violated Section 5 of the Federal Trade Commission Act because bank loan officers located in the Bloomfield, MI loan production office (LPO) misrepresented to consumers that certain Veterans Administration (VA) refinance loan terms were available when they were not, and that the bank’s misrepresentations at the Bloomfield LPO regarding terms for VA refinancing loans were deceptive, in violation of Section 5.

How to deal with these issues

As we advised in our previous article, banks and thrifts should be proactive in addressing areas prone to UDAAP issues. You can anticipate potential problems by, in part, tracking enforcement actions as indicators of where regulators are looking for issues (and finding them).

The steps we spelled out to help in this proactive approach are:

  • Establish a positive compliance culture by positive words, actions, and attitudes from the top down.
  • Enforce compliance performance which, coupled with the overt support from the top, makes it clear to all that this is a crucial element in the success of the organization and any related individual rewards (bonuses, raises, promotions, etc.)
  • Involve compliance early in product design, marketing planning, and so forth.
  • Focus on vulnerable customers in your community, including the young, less educated, immigrants, and elderly, and pay particular attention to how you direct your marketing, product recommendations, and disclosures to such populations.

It is much easier – and less expensive – to plan and lay appropriate groundwork to avoid problems than it is to repair damages after inappropriate and illegal actions blow up. The reactive approach can cause the bank immeasurable reputation harm, which is much more costly than any monetary penalties, and much more difficult to recover from.

For more information on how the Young & Associates compliance team can assist with your UDAAP compliance, contact us at mgerbick@younginc.com or 330-422-3482.

Don’t let UDAAP spook you, take control

Written by admin on . Posted in Compliance & Regulations.

The Consumer Financial Protection Bureau (CFPB) celebrated Halloween in 2012 by releasing its updated Supervision and Examination Manual (version 2.0). The manual includes updated examination procedures for assessing compliance with Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) rules. The updated examination procedures give bankers a guide for what their examiners will be looking for in terms of UDAAP compliance, including the then-new “abusive” standard.

Background

Section 5 of the Federal Trade Commission (FTC) Act has been around for over 70 years and prohibits “unfair or deceptive acts or practices” (UDAP), the predecessor to UDAAP. Banking regulators have had the responsibility to enforce bank and thrift compliance with UDAP rules, while the FTC had the authority to interpret the statute and write any rules. The Federal Reserve Board (FRB) was given interpretive and rule-writing authority when this part of the FTC Act was amended in 1975 but continued largely to defer to the FTC.

It was not until the year 2000 that banks saw significant enforcement of UDAP from the banking agencies when the Office of the Comptroller of the Currency (OCC) took the lead. The OCC concluded that it had authority to address a violation of the FTC Act even regarding a challenged practice that was not specifically prohibited by regulation.

Then, Title X of the Dodd-Frank Act (DFA) codified UDAP law specifically for financial institutions, eliminated the FRB’s rule-writing authority, added the “abusive” standard, and moved rule-writing authority to the CFPB.

What is UDAAP?

All of these standards or characteristics are quite subjective. The elements of unfairness and deception have been established by statute, as well as interpretation over the years by the FTC in various enforcement actions and interpretive documents. The element of being abusive was established, in general terms, in statute by the DFA.

In brief, these standards are:

  • Unfair. To be unfair, an act or practice must cause or be likely to cause substantial injury to consumers, harm that the consumers cannot reasonably avoid or that is not outweighed by countervailing benefits. Substantial harm usually involves monetary harm, including a small monetary harm to each of a large number of consumers.
  • Deceptive. A three-part test is used to determine whether a representation, omission, act, or practice is deceptive. First, the representation, omission, act, or practice must mislead or be likely to mislead the consumer. Second, the consumer’s interpretation of the representation, omission, act, or practice must be reasonable under the circumstances. And lastly, the misleading representation, omission, act, or practice must be material. “Material” means that it is likely to affect a consumer’s decision regarding a product or service.
  • Abusive. An abusive act or practice materially interferes with the ability of the consumer to understand a term or condition of a consumer financial product or service. Such an act or practice also includes one that takes unreasonable advantage of: the consumer’s lack of understanding of material risks, costs, or conditions of a product or service; the consumer’s inability to protect his interests in selecting or using a financial product or service; or the consumer’s reasonable reliance on the banker (or other “covered person”) to act in the interests of the consumer.

How to handle UDAAP

Banks and thrifts need to make sure their consumer compliance programs are proactive in addressing areas prone to UDAAP issues. Anticipate potential problems; do not wait for problems to arise because by then it may be too late to prevent serious consequences.

A few steps that can help establish a proactive compliance regime are:

  • Establish a positive compliance culture. Senior management and the board need to make it clear that compliance is a fundamental element of the institution’s business – both compliance with the technical requirements (disclosures, computations, etc.) and, at least equally important, with the underlying spirit or fundamental principles of the consumer protection laws.
  • Enforce compliance performance. To succeed, the bank needs to make compliance important to its officers and staff – by not only ensuring overt support from the top, but also by making it an integral part of how employees’ performance is measured and rewarded (or not). For example, an officer with high loan production with high compliance error rates or fairness issues, should not be rewarded for one (production) without being penalized for the other (compliance failures).
  • Involve compliance early. Compliance cannot be an exercise in looking for violations and other problems after the fact. To be truly effective and efficient, compliance must be integrated into the business processes – involved in product design, marketing planning, etc., at the ground level.
  • Focus on vulnerable customers. An important way to avoid UDAAP problems is to pay particular attention to those customers, or potential customers, who might be more vulnerable to unfair, deceptive, or abusive acts or practices. Examples of such potentially vulnerable populations might include the young, less educated, immigrants, elderly, and so forth. The bank should be particularly sensitive to how it couches its marketing, product recommendations, disclosures, etc., to such populations.

Benefits of a regime

Such a positive, proactive compliance regime can help the bank prevent most UDAAP (and other compliance) problems before they even arise. This approach is much more cost-efficient than running what a compliance officer I knew years ago called a “fix-it shop,” having to try to fix compliance problems after they have occurred. Years ago, such an approach was not desirable, but might have been survivable. However, today, it could prove disastrous – especially with the rise of UDAAP.

Contact Y&A today

For more information on this article or how Young & Associates can assist your organization with UDAAP compliance, contact Dave Reno at 330.422.3455 or dreno@younginc.com.

The value of internal audit through a fresh set of eyes

Written by admin on . Posted in Compliance & Regulations.

There is risk in every aspect of the banking industry and the regulatory environment seems to continually change. As to the governance and control functions of the industry, it may be refreshing to the board of directors, audit committee, and executive management to have their internal audit function re-assessed and validated through a fresh set of eyes to assure that the controls in place are functioning as intended.

Why consider an internal audit?

A strong internal control system, including an independent and effective internal audit function, is part of sound corporate governance. The board of directors, audit committee, senior management, and supervisors must be satisfied with the effectiveness of the internal audit function, that policies and practices are followed, and that management takes appropriate and timely corrective action in response to internal control weaknesses identified by internal auditors. An internal audit function provides vital assurance to a board of directors (who ultimately remains responsible for the internal audit function, whether in-house or outsourced) as to the quality of the internal control system. In doing so, the function helps reduce the risk of loss, regulatory criticism, and reputational damage to the organization.

All internal auditors (whether in-house or outsourced) must have integrity and professional competence, including the knowledge and experience of each internal auditor and of team members collectively. This is essential to the effectiveness of the internal audit function. We encourage internal auditors to comply with and to contribute to the development of national professional standards, such as those issued by the Institute of Internal Auditors, and to promote due consideration of prudent issues in the development of internal audit standards and practices.

Every activity of the organization (including outsourced activities) should fall within the scope of the internal audit function. The scope of the internal audit function’s activities should ensure adequate coverage of matters of regulatory interest within the audit plan. Regular communication by the audit committee, management, and affected personnel is crucial to identify the weaknesses and risk associated to assure that timely remedial actions are taken.

How Young & Associates can help

Young & Associates can independently assess the effectiveness and efficiency of the organization’s internal control, risk management, and governance systems and processes to provide assurance that the internal control structure in place operates according to sound principles and standards. For more information on how we might provide internal audit services specific to your organization’s needs, whether it is outsourced or co-sourced, please contact Dave Reno at 330.422.3455 or email to dreno@younginc.com.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question