Skip to main content

Tag: Consumer Financial Protection Bureau (CFPB)

How recent CFPB guidance changes affect financial institutions

Written by admin on . Posted in Blog, Compliance & Regulations.

By Bill Elliott, CRCM; director of compliance education, Young & Associates

Since its inception in 2011, the Consumer Financial Protection Bureau (CFPB) has responded to a wide range of issues — even without an act of Congress, such as with the Truth in Lending Act. The agency has relied on compliance bulletins, advisory opinions, interpretive rules and circulars to provide information regarding priorities and interpretations of federal consumer financial laws.

With a new administration in Washington, the CFPB has gone through a long and difficult transition that (as of this writing) is still not complete. Pending lawsuits and uncertainties created by the administration may cause additional changes, so changes in the agency may continue.

The original plan for the agency was to have a measure of independence from the natural changes from administration to administration. Over the last 14 years, mostly through court cases, the agency’s independence has eroded. The actions discussed below are, at least at some level, the direct result of that erosion.

Latest CFPB guidance changes

CFPB Acting Director Russell Vought
CFPB Acting Director Russell Vought

On May 12, 2025, CFPB Acting Director Russell Vought announced the withdrawal of 67 guidance documents, consisting of:

  • Eight policy statements
  • Seven interpretive rules
  • 13 advisory opinions
  • 39 other guidance documents such as circulars and bulletins

The reasoning behind this action was that policies implemented by guidance represent an unfair regulatory burden and might be contrary to federal law.

“In many instances, this guidance has adopted interpretations that are inconsistent with the statutory text and impose compliance burdens on regulated parties outside of the strictures of notice-and-comment rulemaking,” Vought said. “But even where the guidance might advance a permissible interpretation of the relevant statute or regulation, or afforded the public an opportunity to weigh in, it is the Bureau’s current policy to avoid issuing guidance except where necessary and where compliance burdens would be reduced rather than increased.”

Vought further outlined the new policy and the reasons for it:

  • The CFPB commits to issuing guidance only when that guidance is necessary and would reduce compliance burdens rather than increase them. “Historically, the Bureau has released guidance without adequate regard for whether it would increase or decrease compliance burdens and costs,” he wrote. “Our policy has changed.”
  • The CFPB commits to reducing its enforcement activities in conformance with President Trump’s directive to deregulate and streamline bureaucracy. He noted that many of the CFPB’s enforcement responsibilities overlap or duplicate other state and federal regulatory efforts.
  • “Finally, to the extent guidance materials or portions thereof go beyond the relevant statute or regulation, they are unlawful, undermining any reliance interest in retaining that guidance,” he said.

This may not signal the demise of all 67 items. The CFPB stated it intends to continue reviewing these guidance documents. Some may ultimately be reinstated, at least in part. Until that happens, the CFPB and presumably all other banking regulators will not enforce or otherwise rely upon the guidance documents.

A closer look at the CFPB withdrawals

Many of these withdrawn guidance documents received justified criticism. For example, the Bureau withdrew the 2024 circular titled Improper Overdraft Opt-In Practices. This document imposed additional requirements, well beyond what the regulation requires, on institutions’ record-keeping practices. This occurred without going through formal notice-and-comment rulemaking under the Administrative Procedure Act.

Two other notable withdrawals:

The first involves Unfair, Deceptive or Abusive Acts or Practices (UDAAP) concerns with digital platforms involving non-mortgage consumer financial products and services.

Although the CFPB removed this document, it kept an advisory opinion that addresses similar UDAAP concerns and Real Estate Settlement Procedures Act (RESPA) Section 8 issues for digital platforms offering mortgage products.

The second rescission involved the issue of sexual preference under Regulation B. Sexual preference should never be a reason for denying a loan, but some may interpret rescission of that document as removing some protections for that segment of the lending public.

In spite of these removals, the CFPB continues to pursue cases involving consumer reporting, online installment lending, mortgage lending and debt collection.

CFPB priorities

In April 2025, Mark Paoletta, chief legal officer of the CFPB, sent a memorandum to all staff setting forth the priorities of the new leadership.

Key aspects of the priorities include the following:

  • A shift back to prioritizing banks over nonbanks and enlisting the states to conduct supervision and enforcement over nonbanks.
  • A focus on mortgages (highest priority), consumer reporting, debt collection, fraudulent overcharges and fees.
  • A deprioritization of peer-to-peer platforms and lending, consumer data, remittances and digital payments, among other areas.

If you would like to review the entire CFPB document, you can find it here.

Contact Young & Associates today at consultants@younginc.com if we can assist in any way with these or any other regulatory compliance issues.

Compliance – 2025 & beyond

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

By Bill Elliott, CRCM; director of compliance education, Young & Associates

Over the last few years we have dealt with changes to regulation, followed by lawsuits, followed by resolution (in some cases).

The original intent of the CFPB was to have a governmental department that was independent of the rest of the federal government. The leader of the CFPB would not be a political appointment. For good or ill, that has changed due to decisions by the Supreme Court. As a result, this agency has become part of each administration and experiences changes in direction based on the results of elections.

Some of the discussion below includes other agencies, as they are part of the same trend.

CRA

Regulators published the new CRA rule, which was due for partial implementation last year. However, there is a lawsuit pending, challenging the regulation. That lawsuit still has not reached the resolution stage, and all federal regulators have said publicly that they are going to follow the old CRA regulation until resolution occurs.

The intent of the new CRA regulation was to try to take as much examiner judgment out of the rating system as possible, with the result of fairer reviews for banks. While an excellent goal, I am not sure that the pending regulation accomplishes this. In any event, all banks and regulators will follow the existing regulation until the court battles have concluded. The CFPB is not part of the new CRA rule, just the primary regulators, but this is part of the same trend.

Beneficial ownership

Congress passed the Corporate Transparency Act, requiring the federal government to collect beneficial ownership information. That process began in 2024, and required your smaller commercial customers to share a lot of information with the federal government.

The federal government said that compliance was actually going well. But late in 2024, once again in response to a lawsuit, everything ground to a halt. Your customers who have not yet complied may have to comply at some point in the future, and are welcome to comply now, but currently do not have to comply.

The lawsuit generally addresses whether Congress could pass a law such as this in the first place. We do not know where it will go from here, and because of the issue, we may have to wait for the Supreme Court to rule on it. Another example of the current environment.

1071

1071 (Regulation B, Subpart B)  is perhaps the regulation that will create the greatest problems for banks and their customers. Although many banks face implementation a year or more in the future, your customers will likely consider the current regulation invasive. Amongst other things, the regulation requires banks to ask small business owners their sexual preferences, orientations, etc. Many of your customers will consider this none of the government’s business. And this particular information is not required under the Dodd Frank Act.

While a small business owner could be discriminated because of their LGBTQ+ status, we would hope that that would not happen. This is a rule with good intentions, however, the approach in the regulation will create more difficulties for banks and their small commercial customers than we would like. We will see what happens with the change in administration and CFPB leadership.

Conclusion

There are other rules pending. For instance, privacy is becoming a bigger and bigger issue as we get more and more electronic. These sorts of regulations are probably going to be useful but we will have to wait and see how the final regulations read, and then maybe wait through lawsuits once again.

A regulatory environment that was less chaotic would be better for all of us, but that does not appear to be something that we can count on. Enjoy the ride.

In this ever-changing environment, having a knowledgeable compliance partner is essential. At Young & Associates, we specialize in helping financial institutions interpret, implement, and manage compliance requirements with confidence. Whether you need regulatory guidance, risk assessments, or compliance program reviews, our team is here to support you.

Reach out to Young & Associates today to discuss your compliance needs.

The future of mortgage loan buybacks

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, Internal Audit, Mortgage Quality Control, News.

By Donald Stimpert, manager of secondary market QC, Young & Associates

Understanding the rising risk of loan buybacks

The secondary mortgage market is evolving rapidly, and with it, lenders face increasing pressure to maintain strict quality control (QC) standards. Loan buybacks — once considered an occasional risk — have become a growing concern as investors, government-sponsored enterprises (GSEs) and regulatory bodies scrutinize loan origination and underwriting processes more closely.

Recent economic uncertainty, fluctuating interest rates and regulatory changes have only amplified repurchase risks, making it imperative for financial institutions to adopt proactive strategies to mitigate potential buybacks before they impact profitability.

Why are mortgage loan buybacks increasing?

Several factors contribute to the rise in loan repurchase demands, including:

1. Heightened investor scrutiny

With a more volatile lending environment, investors and GSEs such as Fannie Mae and Freddie Mac are intensifying post-closing reviews to identify underwriting errors, miscalculations, and misrepresentations.

2. Rising interest rates and loan performance issues

As interest rates climb, borrowers with recent mortgages may be at a higher risk of delinquency. A worsening performance trend in loans increases investor caution, leading them to revisit underwriting quality and enforce buybacks when defects are found.

3. Evolving regulatory standards

The Consumer Financial Protection Bureau (CFPB) and other regulators continue to refine lending requirements, particularly around fair lending, borrower income verification, and compliance with TRID (TILA-RESPA Integrated Disclosure) rules. Lenders who fail to maintain strict adherence to these standards may see increased buyback requests.

4. Defect trends in loan underwriting

Recent QC reports indicate a surge in defects related to:

  • Income calculation errors
  • Debt-to-income (DTI) miscalculations
  • Missing documentation
  • Undisclosed liabilities
  • Misrepresentation of borrower information

Even minor discrepancies can trigger a repurchase demand, highlighting the need for enhanced QC measures.

Strategies to minimize repurchase risk

To reduce exposure to loan buybacks, lenders must strengthen their QC frameworks and proactively address risk areas before loans reach the secondary market.

1. Strengthen pre-funding and post-closing QC reviews

Implementing a robust pre-funding QC process helps catch potential defects before loans are sold, significantly reducing repurchase risk. Post-closing audits should be conducted consistently, ensuring that any issues are corrected before investor scrutiny.

2. Enhance data validation and borrower verification

Investors are increasingly focused on data integrity. Lenders must adopt advanced verification tools to cross-check borrower information, income, employment history, and undisclosed debts, minimizing the risk of fraud and errors.

3. Implement targeted sampling for QC reviews

Rather than relying solely on random sampling, lenders should integrate risk-based QC sampling that focuses on high-risk loan categories, such as self-employed borrowers, non-traditional income sources, or jumbo loans.

4. Maintain open communication with investors and GSEs

Establishing proactive dialogue with investors, servicers, and GSEs can help lenders identify evolving QC expectations and regulatory shifts, allowing them to adjust policies before issues escalate into buyback requests.

5. Conduct regular staff training and compliance refreshers

Underwriting and QC staff should receive continuous training on updated investor guidelines, industry best practices, and regulatory changes. Well-informed teams are less likely to overlook critical details that lead to defects.

A more proactive approach to mortgage QC

The risk of loan buybacks is unlikely to disappear, but financial institutions that take a proactive approach to mortgage quality control will be better positioned to minimize losses, maintain strong investor relationships, and protect their bottom line.

By integrating technology-driven audits, enhanced borrower validation, and risk-based QC sampling, lenders can significantly reduce repurchase exposure and navigate the evolving secondary market with confidence.

Is your institution prepared to mitigate repurchase risk? Young & Associates offers customized Mortgage QC solutions designed to enhance your quality control processes and protect your loan portfolio. Contact us today to learn how we can help safeguard your secondary market loan sales.

Key insights from CFPB Supervisory Highlights, winter 2024

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

As the regulatory environment continues to evolve, the latest CFPB Supervisory Highlights offer crucial insights for financial institutions navigating an increasingly complex landscape. Issue 37 shines a spotlight on deposit operations, credit furnishing practices, and the burgeoning short-term lending market, while also addressing significant enforcement actions and new rules. Here’s what community banks need to learn — and act on.

Overdraft fees: A continuing challenge

For years, overdraft and non-sufficient funds (NSF) fees have drawn regulatory scrutiny. This issue of Supervisory Highlights confirms that some practices—such as re-presentment NSF fees and Authorize-Positive Settle-Negative (APSN) overdraft fees — remain problematic. Despite progress, core processors often set fee structures to charge these fees by default unless institutions actively intervene.

Takeaway for community banks
It’s time to re-evaluate fee structures. Ensure that your core processor’s systems are configured to align with updated regulatory expectations. Educate staff and consumers about these changes to build trust and avoid regulatory pitfalls.

Furnishing data: Accuracy matters

Banks that furnish data to credit reporting agencies are under the microscope. The CFPB found widespread failures to maintain procedures for identity theft notifications, conduct thorough investigations of disputes, and ensure data accuracy. This isn’t just about compliance—it’s about your reputation.

Actionable Insight
Community banks should strengthen internal controls and train employees on handling credit disputes. Investing in accurate, consumer-friendly data practices not only mitigates risk but also reinforces your institution’s credibility.

Short-term lending: Transparency is key

The Supervisory Highlights also scrutinize the exploding popularity of Buy Now, Pay Later (BNPL) programs and paycheck advance products. Findings revealed deceptive marketing practices, delayed dispute resolutions, and loan denials tied to trivial payment processing errors.

Why it matters
Even if your bank doesn’t offer these products, they’re reshaping consumer expectations. Transparency in terms and processes isn’t optional—it’s a competitive necessity.

Technology pitfalls: Lessons from enforcement actions

This issue features notable enforcement actions, including a $1.5 million penalty against VyStar Credit Union for botching the launch of an online banking platform. Consumers faced months of restricted access to their accounts, incurring fees and frustration.

A word of caution
Digital transformation is critical for community banks to stay relevant, but poorly executed rollouts can damage trust. Rigorous testing and a solid contingency plan can safeguard against consumer harm and regulatory penalties.

New rules to watch

The CFPB issued a final rule governing overdraft practices at large institutions, capping fees unless they are minimal. Additionally, supervisory authority now extends to digital payment platforms processing over 50 million transactions annually.

What’s next for community banks?
Stay proactive in monitoring new rules and adapting processes. Even if you’re not directly impacted by these changes, they signal the regulatory trends shaping the future.

Final thoughts: Protecting your institution

The themes in this issue of Supervisory Highlights boil down to a central lesson: consumer protection is non-negotiable. Whether it’s ensuring accurate reporting, transparent lending, or seamless technology implementation, community banks must prioritize their customers’ experience.

By addressing these areas, you’re not just avoiding penalties — you’re fortifying your role as a trusted partner in your community. For tailored guidance, connect with Young & Associates, your partner in navigating the ever-changing regulatory landscape. Contact us for tailored solutions to support your institution’s goals.

Managing customer complaints is important to an effective CMS

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation, News.

By William J. Showalter, CRCM, Senior Consultant, Young & Associates

Financial institution supervisory agencies view a formal process for managing complaints from bank customers as an important element in an effective compliance management system (CMS). The second 2024 issue of the Consumer Compliance Outlook from the Federal Reserve Board (FRB) includes three articles on this.

The FRB is quoted in one of these articles in an unequivocal statement on this issue:

“Consumer complaints are a critical component of the risk-focused supervisory program. The Federal Reserve uses data on consumer complaint activity in its supervisory processes when monitoring financial institution, scoping and conducting examinations, and analyzing applications.”

The other federal agencies agree with this viewpoint. So, banks and thrifts have found that, if they do not handle customer complaints in a formal, consistent manner, their CMS will be viewed with a more critical eye.

Benefits of managing customer complaints

One positive aspect of proactively managing the customer complaint process is there is no real downside. The only “downside” is that such a process shines a light on the extent of complaints, and their underlying causes. But, this disadvantage is actually an advantage. What you don’t know really can hurt you.

The positive results from complaint management can include:

  • Uncovering and dealing with shortcomings in product features, bank processes, customer service and more early before they present real threats
  • Improving customer satisfaction with the bank, and enhancing the bank’s efforts to serve the banking needs of its community
  • Resolving fair treatment issues at an early stage
  • Realigning bank products, processes, and services with regulatory requirements and expectations
  • Heading off potential UDAAP (unfair, deceptive, or abusive acts and practices) issues
  • Reducing the institution’s reputation risk.

Managing customer complaints

The bank already has formal processes, with assigned responsibilities, for handling errors/disputes asserted by customers related to electronic banking (Regulation E, EFTA), open-end credit (Regulation Z, TILA) and mortgage loan servicing (HUD Regulation X, RESPA). Appropriate treatment of complaints in these areas are mandated by the respective regulations.

A formal process to address customer complaints in other areas is considered an industry best practice. It is also a necessary component of an effective CMS by regulators. The structure of this program will vary depending on the culture of the bank and other internal factors.

There are some common elements that form the basis of any sound customer complaint program, including:

  • Define what is considered as a “complaint.” This is considered as crucial to success in this area, so defining “complaint” broadly is seen as a sound practice.
  • Make sure everyone knows how important it is to respond promptly and accurately to any customer complaints. This is a basis for giving good customer service.
  • Appoint a central point (an individual or an office) to be in charge of your complaint response program, especially those referred by the regulators. Also, make sure that all bank staff is aware of how to handle complaints, including where to refer them. Branch managers can be charged with handling customer service issues occurring at their branches that do not involve regulatory issues (fair lending, EFTA, etc.). However, they should report on these complaints and resolutions to the central complaint point to track any trends that arise.
  • Establish uniform standards and timeframes for investigating customer complaints. The time limits you set should be reasonable and probably not significantly longer than those set by regulations for some error resolutions (EFTA, TILA).
  • Ensure that the process includes determining the root cause of complaints being investigated.
  • Document your investigation (e.g., copies of relevant documents and reports) of each customer complaint and the bank response.
  • Ensure that regulators are informed promptly of the results of investigations of any complaints referred by regulatory agencies.
  • Maintain a database of your customer complaints, either manually or using some spreadsheet or database software. This step allows you to mine the data related to this process for information about problems with your products, customer service, potential fair treatment/lending issues and so forth.

Results

The database discussed in the final bullet above can provide a wealth of information about how customers view your bank, your product mix, your service levels and many other facets of your business. It also provides you with an opportunity to discern trends in their infancy, allowing you to deal with negative issues early or enhance the benefits from positive developments.

A proactive approach to customer complaint management derives many benefits for the bank. These include reducing conflicts with customers, enhancing the bank’s public image, improving bank relations with regulators and creating a competitive advantage for the bank.

The newest supervisor

For the past decade or so, there has been a more active and visible regulatory presence in this area – the Consumer Financial Protection Bureau (CFPB). The CFPB established a complaint database to which consumers can submit complaints about financial service providers, have their complaints forwarded to the providers for response and give the public a window on this process and its outcomes.

The CFPB also periodically analyses the results of this process, usually for one or another particular financial service area – student loans one time, mortgage servicing another, yet another financial service another time. The other agencies, as noted earlier, analyze data related to consumer complaints that are handled through each of them.

The agencies often view data about consumer complaints to be an indicator of a need for future regulations. This view is reinforced by provisions in the Dodd-Frank Act of 2010.

The purpose of the CFPB database is to provide consumers with one central point through which they can submit complaints about financial service providers, without having to search through the maze of regulatory agencies first, and follow the results. Another purpose is to provide a gauge for how well financial service providers are serving their particular customer bases.

While the CFPB database can be a useful tool, financial institutions should have a goal of trying to deal with their own customers’ complaints and concerns themselves, before customers become so frustrated that they feel the need to turn to supervisory agencies.

How Y&A can help

At Young & Associates, we understand the critical role that managing customer complaints plays in building an effective compliance management system. Our full suite of regulatory compliance consulting and advisory services is tailored to the needs of community financial institutions. We help ensure you can navigate complex regulatory requirements with confidence. We can help with compliance outsourcing, our VCC Program, compliance management reviews or risk assessment facilitation. Let us simplify your compliance processes so you can focus on achieving your strategic goals. For more information, please contact us today

Implementing Compliance: Key Principles & Practices

Written by admin on . Posted in Advice, Blog, Compliance & Regulations, Consultation.

By: Bill Elliott, CRCM, Director of Compliance Education at Young & Associates

There is no question that laws and regulations materially change the way banks do business. The recent new laws and regulations have, more than ever before, crossed over the consumer protection regulatory line and into bank management. This complicates your life, and the starts and stops do not make it easier. 

Consider the “1071 Rule,” which amounted to HMDA for commercial loans, with even more invasive questions. The underlying law was passed in 2010 (the Dodd-Frank Act), and the CFPB took almost 13 years to implement it, only to be stopped by the courts for stepping way beyond the requirements of the law. The updated CRA regulation is also now being challenged in the courts. 

Compliance does not happen in a vacuum. Many of the regulations cover multiple disciplines within the bank, and many departments have to be involved in implementing the solution. This article discusses some of the basics of implementing compliance within your organization, as well as an approach that we believe is critical to the success of any bank. 

The Key Ingredients

To establish a successful compliance program, the following ingredients must exist:  

  • Board of Directors support 
  • Management support 
  • Staff development 
  • A viable and structured compliance network (compliance council) 
  • Compliance monitoring  

Board of Directors Support

The board is ultimately responsible for the success or failure of the compliance program, just as they are for any other aspect of the bank’s risk management. The board needs a flow of information to assist them in understanding the compliance function and the current status of the program. The board must also understand the stresses for compliance and ensure that there are adequate resources to facilitate success. 

Management Support

Management must be actively involved in the development of the compliance program. Although management may not design and develop the program, they should provide direction and ensure that there are resources to support its establishment and maintenance. Management must stay involved by monitoring the progress of the program through requiring periodic reports. 

Staff Development

Staff development involves providing staff with the necessary background to understand the purpose of compliance, the structure to support the program, and the technical skills to it out effectively. Management must direct the designated person or council and allow them the resources, including the resource of time, to fully implement the compliance program. 

A Practical Solution: The Compliance Council

In order to address the compliance burden, we believe banks should use a compliance council. This is NOT a committee. It is a reporting mechanism, where each area of the bank is responsible for the compliance duties that impact their jobs. At the council, they report progress or lack thereof in meeting those requirements.  

The results of the compliance council meeting are reduced to writing. Those minutes then go to management and the board so that they understand the current compliance situation in which the bank finds itself. A compliance council aids the institution in the following ways: 

  • The compliance council is comprised of representatives from each major area of the institution, thereby building continuity into the program. 
  • The compliance council builds compliance into the daily operational procedures of each area so that the institution can function from a practical and preventive focus. 
  • The compliance council incorporates comprehensive compliance coverage through its composition, i.e., lending, customer service, and operations. 
  • The compliance council establishes a compliance link to planning for new products and services. Each area of the institution can establish the compliance details during the planning and implementation stages. 
  • The compliance council allows the institution to include monitoring procedures in the daily workflow that integrates compliance without creating unnecessary work burdens i.e., the use of checklists and most common concern policies. 
  • The compliance council enables the institution to create an effective training and communications channel for all compliance issues. The council members will be able to take information back to their respective areas. 

Choosing the Compliance Council

The compliance council’s objective is to spread the duties among a small group of individuals to reduce the burden on anyone and increase coverage of the compliance function. Compliance has expanded far beyond just “letting the compliance officer deal with it.” 

The persons who are chosen might be representatives from: 

  • real estate lending, 
  • consumer lending, 
  • customer service, 
  • deposit operations, and 
  • compliance administration. 

Of course, banks are free to add others, such as BSA, branch administration, etc. 

The use of management in an advisory capacity can help to ensure accountability. It is difficult to say “I did not have time” or something similar in front of a senior manager. But hopefully, this is not necessary in most banks. The “minutes” of the meeting become a useful tool for management and the board to understand the current compliance position of the bank. 

If there is a regulatory change that involves multiple disciplines, then and only then does the “council” become a “committee” to address the common issue. 

Authority and Credibility

It is important for the compliance officer and the compliance council to develop sufficient authority to operate within the bank. Without this authority, the officer and the council will be ineffective.  

Assuming that the board of directors and executive management have clearly granted the compliance officer and the compliance council sufficient authority with which to operate, the compliance officer and the compliance council must ensure their own credibility to retain any authority that the board of directors and management have granted them. 

The compliance council’s biggest barrier involves establishing credibility with the bank’s employees. For example, if in the eyes of the employees, the compliance council is an informational source to help them do their job, the council will succeed. If communication channels are established but never work, the council will fail. The key to the success of the compliance council is to establish, implement, monitor, and enforce the compliance function throughout the bank. 

Effective Compliance Implementation

Navigating the dynamic landscape of banking regulations requires proactive strategies and a collaborative approach across all levels of an institution. As the regulatory environment continues to evolve, compliance becomes increasingly complex, necessitating a robust framework, dedicated oversight, and effective implementation to ensure adherence. 

Empowering Banks for Regulatory Compliance Success

At Young & Associates, we understand the challenges banks face in implementing and maintaining effective compliance programs. Our team of experts is committed to providing tailored solutions that empower banks to navigate regulatory requirements with confidence and efficiency. 

Ready to streamline your compliance efforts and fortify your institution against compliance risk? Partner with Y&A for comprehensive regulatory compliance consulting services. Contact us today to learn more about how we can support your bank in alleviating regulatory burdens. 

HMDA and CRA Adjustments Are Here

Written by admin on . Posted in Advice, Compliance & Regulations, Consultation, HMDA.

By: William J. Showalter, CRCM, CRP

There are changes that arrived with the new year of 2024 to Home Mortgage Disclosure Act (HMDA) compliance for banks and thrifts in many areas. No, the Consumer Financial Protection Bureau (CFPB) is not repealing Regulation C or adding more detail to the required data we collect and report. The existing rule is still in place. 

The changes we will look at here are driven by the decennial (every 10 years) adjustments by the Office of Management and Budget (OMB) to geographic units used by the federal government, including the Census Bureau, for statistical purposes. The particular geographic units that impact bank and thrift HMDA compliance are Metropolitan Statistical Areas (MSAs) since they are a qualifying location factor for lenders in determining HMDA coverage. 

The OMB’s changes will also have possible effects on bank and thrift compliance with the Community Reinvestment Act (CRA) in the drawing of institutional CRA “assessment areas.” 

These latest changes were effective when issued by OMB – July 21, 2023 – so they can impact 2024 HMDA coverage. 

OMB Action 

The OMB completed a process of delineating Core Based Statistical Areas (CBSAs) based on 2020 Census data and the American Community Survey and Census Population Estimates Program for 2020 and 2021. A CBSA is a geographic entity associated with at least one core of 10,000 or more population, plus adjacent territory that has a high degree of social and economic integration with the core as measured by commuting ties. The standards designate and delineate two categories of CBSAs: Metropolitan Statistical Areas and Micropolitan Statistical Areas.  

The general concept of a metropolitan statistical area is that of an area containing a large population nucleus and adjacent communities that have a high degree of integration with that nucleus. The concept of a micropolitan statistical area closely parallels that of the metropolitan statistical area, but a micropolitan statistical area features a smaller nucleus. The purpose of these statistical areas is unchanged from when metropolitan areas were first delineated: The classification provides a nationally consistent set of delineations for collecting, tabulating, and publishing federal statistics for geographic areas. 

The new delineations are found in OMB Bulletin 23-01 at https://www.whitehouse.gov/wp-content/uploads/2023/07/OMB-Bulletin-23-01.pdf 

HMDA Coverage 

Regulation C covers any “financial institution,” as defined by the regulation and its underlying HMDA statute. “Financial institution” means, in part, a bank, savings association, or credit union that: 

  • On the preceding December 31, had assets in excess of the asset threshold established and published annually by the CFPB for coverage by HMDA, based on the year-to-year change in the average of the Consumer Price Index for Urban Wage Earners and Clerical Workers, not seasonally adjusted, for each 12-month period ending in November, rounded to the nearest million – $56 million for 2024 HMDA coverage 
  • On the preceding December 31, had a home or branch office in a Metropolitan Statistical Area (MSA) [Micropolitan Statistical Areas have no HMDA impact.] 
  • In the preceding calendar year, originated at least one home purchase loan (excluding temporary financing such as a construction loan) or refinancing of a home purchase loan, secured by a first lien on a one-to four-family dwelling, and 
  • Meets one or more of the following two criteria: is federally insured or regulated; or the mortgage loan referred to in the previous bullet was insured, guaranteed, or supplemented by a federal agency or was intended for sale to Fannie Mae or Freddie Mac
  • Meets at least one of the following criteria in each of the two preceding calendar years: originated at least 25 closed-end mortgage loans that are not excluded by §1003.3(c)(1) through (10) or (c)(13), or originated at least 200 open-end lines of credit that are not excluded by the cited section of Regulation C 

There are also similar qualification criteria for for-profit mortgage lenders that are not banks, thrifts, or credit unions, which we will not detail here. 

The qualification criterion impacted by OMB’s action is the geographic one, the second bullet above. If a financial institution that otherwise meets HMDA coverage criteria has an office in an MSA on December 31, then it is covered by HMDA for the following year. For many lenders, determining HMDA coverage is a one-time exercise (other than those who are right around the asset-size threshold). 

Ohio MSA Changes 

I will use my native Ohio as an example of what the MSA changes mean to banks and thrifts and their compliance with HMDA requirements. 

Three counties in Ohio were shuffled into Metropolitan Statistical Areas in this latest OMB action – one being added to an existing MSA and two comprising a new MSA. No Ohio counties were removed this time from MSAs in which they were formerly included. 

Ashtabula County has been added to the Cleveland MSA. Erie and Ottawa counties have been included in the new Sandusky MSA. 

There were also some changes in non-Ohio parts of MSAs that include other Ohio counties. Lenders in the Cincinnati, Huntington-Ashland, and Youngstown-Warren MSAs should look for these additions and deletions of neighboring states’ counties. 

All the details of the new Ohio geographic delineations can be found in the OMB Bulletin mentioned above. The list of MSAs and micropolitan statistical areas by state is in List 6 (with Ohio on pages 168-169) of the OMB Bulletin, while five additional lists in the bulletin give other breakdowns of the geographic delineations, including the counties included in each. 

HMDA Impact 

In 2023, there was no impact for HMDA reporting because the new MSA delineations were not in effect on December 31, 2022. 

However, they were in effect December 31, 2023, which has the following impacts: 

  • Banks and thrifts with offices in Ashtabula, Erie, and Ottawa counties, and in no other MSA counties, now have to begin collecting HMDA data January 1, 2024, and make their first reports of that data by March 1, 2025.
  • Unlike 10 years ago, there are no banks and thrifts whose offices in Ohio counties have made them subject to HMDA reporting (i.e., no offices in other MSA counties) that will no longer have to collect HMDA data beginning in 2024. (Note that such banks would still be obligated to report their 2023 HMDA data by March 1, 2024.) 

If your institution has an office in any of the counties affected by the MSA changes, be sure to review how this action affects your HMDA compliance beginning in 2024. 

CRA Impact 

MSAs affect the CRA compliance efforts of banks and thrifts, too. They come into play in drawing up an institution’s CRA assessment area (AA), as well as in the small business and small farm lending disclosure statements prepared by regulators annually for institutions reporting their data (all except for “small” retail banks and thrifts).  

The CRA rules require that an institution’s CRA AA consist generally of one or more MSAs or metropolitan divisions – using the MSA or metropolitan divisions boundaries that were in effect as of January 1 of the calendar year in which the delineation is made – or one or more contiguous political subdivisions e.g., counties, cities, or towns). 

A CRA AA may not extend substantially beyond an MSA boundary or beyond a state boundary unless the assessment area is located in a multistate MSA. If a bank or thrift serves a geographic area that extends substantially beyond a state boundary, the bank must delineate separate AAs for the areas in each state. If a bank or thrift serves a geographic area that extends substantially beyond an MSA boundary, it must delineate separate AAs for the areas inside and outside the MSA. 

The regulators prepare annually, for each MSA and the nonmetropolitan portion of each state, an aggregate disclosure statement of small business and small farm lending by all institutions subject to reporting of that data (all except “small” retail banks and thrifts). 

Therefore, the redrawn MSA boundaries might have an impact on your institution’s CRA compliance. Each bank and thrift with the affected counties in its CRA AA should review its delineation to make sure that the changes do not require an adjustment to those delineations. If any adjustments are needed, they should be made by April 1 – when any updating of CRA public files must be accomplished (including the map of your CRA AA).  

Links 

This OMB Bulletin provide the six lists of statistical areas that are available electronically at the link stated above or from the OMB website at https://www.whitehouse.gov/omb/information-for-agencies/bulletins/.  This update, historical delineations, and other information about population statistics are available on the Census Bureau’s website at https://www.census.gov/programs-surveys/metro-micro.html.

Young & Associates: Your Trusted Partner in Regulatory Compliance

In navigating the intricacies of HMDA and CRA compliance, Young & Associates stands ready to support community banks and credit unions. Our regulatory compliance consulting services ensure a seamless adherence to evolving regulations. Stay ahead with Young & Associates – your trusted partner in compliance excellence. Contact us today for tailored solutions that empower your financial institution.

Considerations for AI Adoption at Community Financial Institutions

Written by admin on . Posted in Advice, Consultation, Information Technology.

By: Mike Detrow, CISSP 

You have probably seen the headlines claiming that artificial intelligence (AI) models such as ChatGPT will soon replace many human jobs. Marketing campaigns are also touting the use of AI by vendors to improve the effectiveness of their data analysis tools. If you have not already started to think about the application of AI for banking operations, you will likely be evaluating it soon. Just as with any other risk management practice, it is best to evaluate new technologies proactively rather than waiting until your vendors force you to use them or your employees begin using them without your knowledge. 

The purpose of this article is to identify the risks associated with machine learning and generative AI that you should consider as you are evaluating use cases for AI at your financial institution. Machine learning is the use of training data and algorithms that allow computers to imitate intelligent human behavior more realistically. Generative AI uses machine learning to allow a computer to generate new content such as text, images, video, or sounds based on specific input provided by a user.  

The Role of AI in Financial Institutions: A Look at Practical Applications 

First, let’s explore potential use cases for AI in community financial institutions. Some of the applications that we have seen so far include: 

  • Document development, such as job descriptions, policies, and marketing materials 

Risk Factors for AI Implementation in Community Financial Institutions 

Next, let’s examine some of the potential risks associated with the use of AI in community banks and credit unions. One of the biggest concerns with the use of AI is the security of non-public information. Entering such data into an AI model that is not under the complete control of the financial institution or one of the institution’s vendors introduces the risk of this information being disclosed, resulting in the potential misuse of this sensitive data. 

In addition to security concerns, there are other risks which should be considered. Results provided by AI-driven decision-making models could be biased based on the data that was used to train the model. Also, the information provided by AI models may be inaccurate or misleading, which could inadvertently result in an employee disseminating such incorrect information if not thoroughly vetted.  

Building a Strong Foundation for AI Risk Management within Your Financial Institution 

Now that you are aware of the risks associated with AI, what should you do to evaluate its potential within your bank or credit union? To safeguard your financial institution in the era of rapid AI adoption, it’s imperative to set guidelines early. The first step is to establish a group within your institution that will provide oversight for AI. If you already have an IT Steering Committee, this role will likely be assigned to this committee as it should already include the appropriate employees for this task. If you do not have an IT Steering Committee, you should consider establishing a cross-functional group of employees drawn from various areas of the institution to handle AI oversight. 

The first initiative for your AI oversight group should include a discovery process to identify any existing use of AI at the financial institution. It is possible that employees are already using ChatGPT to help develop marketing materials, for writing scripts or macros, or they may be using web browser plugins to improve productivity. Some of your vendors may also be using AI for various tasks associated with delivering services to your financial institution or customers, such as AML models, loan underwriting, and website virtual assistants or chatbots 

This group should develop a plan to identify any employee use of AI, whether it be through engaging in conversations with employees or potentially through employing the use of web traffic analysis. Keep in mind that your IT staff may not be the only employees that are potentially using AI within your financial institution.  

Additionally, your AI oversight group should review vendor documentation and, if deemed necessary, reach out to vendors to determine how they may be using AI. The purpose of this discovery process is to determine whether any non-public data has been put at risk based on any current or prior use of AI by employees or vendors so that appropriate actions can be taken to address any potential data misuse and prevent any further inappropriate AI usage.  

Once the AI oversight group has identified existing utilization of AI by employees and vendors and addressed any potential security concerns, the next step is to formally establish the institution’s risk appetite related to AI. This is achieved by documenting it within a policy that will be approved by the board and provided to employees for their acknowledgement. You should consider the following criteria within your policy: 

  • Definition of AI and the associated risks 
  • Authorization Process: Clearly defined IT Steering Committee approval requirements for new use cases. 
  • Vendor Risk Management: Due diligence practices for new vendors and ongoing monitoring of existing vendors to understand their AI usage and the potential risks involved. 
  • Acceptable Use: Employee guidelines for the usage of AI models such as ChatGPT and browser plugins, data security, output verification process, etc. 
  • Ethical and Legal Requirements: Guidelines for nondiscrimination, regulatory compliance, and adherence to other institution policies. 
  • Intellectual Property Protection: Measures to safeguard intellectual property rights and copyrighted material. 
  • Incident Response: Procedures to detect and report any suspected security incidents. 

It is important to note that it is likely not feasible to implement an outright ban of AI at the financial institution within your policy, especially as some of your vendors are likely already using AI or will be using it in the near future. 

With the use of AI expected to increase very rapidly over the next few years, it is imperative for management to establish guidelines for its use as early as possible to limit the potential for its misuse at your institution. 

Y&A’s Solution for Secure AI Adoption and Risk Preparedness within Financial Institutions 

In the rapidly evolving landscape of AI integration within the financial sector, striking a balance between reaping the potential benefits of this technology and practicing effective risk management can be challenging. It’s crucial to adopt a risk-ready approach to scaling AI integration in order to safeguard the future of your institution. The proliferation of AI applications shows no signs of slowing, making it wise to proactively address risks before regulatory measures come into effect. 

To streamline the process of addressing AI risk, Young & Associates offers a customizable AI policy that you can tailor to your financial institution’s specific needs. Click here to learn more about this product. 

Should you have any questions about this article, please reach out to Mike Detrow, Director of Information Technology, at mdetrow@younginc.com or contact us on our website. 

Overdraft Programs and Fees: Navigating the Regulatory Maze

Written by admin on . Posted in Advice, Compliance & Regulations, Consultation.

By: Karen S. Clower, CRCM and William J. Showalter, CRCM, CRP

Fee income practices in overdraft programs have garnered increasing attention from regulatory bodies such as the CFPB, OCC, NCUA, and FDIC. The risks associated with overdraft practices are growing, and overlooking them can pose significant threats to your financial institution.

These regulatory developments are of particular concern for both APSN (Authorize Positive, Settle Negative) and NSF (Non-Sufficient Funds) fee practices. With both federal and state regulators scrutinizing these areas, it’s a critical time for financial institutions to review their overdraft and insufficient funds procedures. Unpacking the intricate world of overdraft programs, understanding fair banking risks, and adopting best practices to mitigate them have never been more crucial.

Multiple Re-Presentment Fees Under the Microscope

The FDIC revised their Supervisory Guidance on Multiple Re-Presentment NSF Fees in June 2023. The core message from this guidance is the importance of transparency in re-presentment practices. The FDIC emphasizes that re-presentment practices may be deceptive when lacking clear disclosure and unfair when they lead to the assessment of multiple NSF fees for a single transaction.

A re-presentment occurs when a transaction is initially declined due to insufficient funds, followed by the merchant resubmitting the transaction, which may incur additional NSF fees. In many instances, customer disclosures do not fully convey the nature of these re-presentment practices, elevating the risk of consumer harm and regulatory violations. It is prudent for financial institutions to review and update disclosures to avoid causing consumer harm and accumulating violations.

Identifying Potential Risks Associated with NSF Fees on Re-Presented Transactions

Examiners have identified several risk factors related to the assessment of NSF fees on re-presented transactions:

  • Consumer Compliance Risk: Charging multiple NSF fees for the same unpaid transaction can breach Section 5 of the FTC Act, which prohibits unfair or deceptive practices. Not adequately informing customers can mislead and potentially harm them.
    • Deceptive Practices: The FDIC finds charging multiple NSF fees without proper disclosure deceptive.
    • Unfair Practices: Inadequate customer advice on fee practices can be unfair, particularly if it causes harm and offers no benefits to the consumer.
  • Third-Party Risk: Third-party involvement in payment processing and tracking re-presented items can lead to risks. Institutions should monitor these arrangements closely.
  • Litigation Risk: Charging multiple NSF fees may lead to litigation. Many institutions have faced class-action lawsuits and substantial settlements for inadequate fee disclosures.

Managing NSF Fee Risks

The FDIC encourages financial institutions to review their practices and disclosures regarding NSF fees for re-presented transactions. Note that a highlight of the most recent update to their supervisory guidance is that their current approach does not involve requesting financial institutions to conduct lookback reviews absent a likelihood of substantial consumer harm. To mitigate the risk of consumer harm and legal violations related to multiple re-presentment NSF fees, financial institutions are encouraged to consider the following:

  • Eliminating NSF fees.
  • Charging only one NSF fee for the same transaction, even if it’s re-presented.
  • Reviewing policies and practices, clarifying re-presentment practices, and providing customers with updated disclosures.
  • Clearly and prominently disclosing NSF fee amounts, when they are imposed, and the conditions under which multiple fees may apply to a single transaction.
  • Reviewing customer notification practices and fee timing to enable customers to avoid multiple fees for re-presented transactions.

These recommendations are based on supervisory observations to date and do not impose any legal obligations to financial institutions. While not mandatory, these steps help in reducing the risk of consumer harm.

FDIC’s Supervision of Re-Presentment NSF Fees: A Closer Look

The FDIC has a specific approach when it comes to overseeing and enforcing regulations regarding multiple re-presentment NSF fee practices. Their main aim is to identify and correct issues related to re-presentment, with a focus on ensuring that customers who have been harmed receive the necessary solutions.

As part of their process for assessing compliance management systems, the FDIC acknowledges institutions that take proactive steps to identify and rectify violations. Importantly, if institutions have already addressed these violations before a consumer compliance examination, examiners generally won’t cite UDAP violations.

When financial institutions proactively identify issues related to re-presentment NSF fees, the FDIC has clear expectations:

  • They should take corrective actions, which include providing restitution to affected customers.
  • There should be a prompt update to NSF fee disclosures and account agreements for all customers, both new and existing.
  • Consideration should be given to implementing additional risk mitigation practices to reduce potential unfairness risks.
  • Monitoring of ongoing activities and customer feedback is essential to ensure that corrective actions are sustained over time.

The FDIC evaluates the need for restitution by considering the potential harm to consumers as a result of the practice, the institution’s record-keeping practices, and any challenges associated with collecting and reviewing transaction data or information related to the frequency and timing of re-presentment fees. In cases where examiners identify law violations related to re-presentment NSF fee practices that have not been self-identified and fully corrected before an examination, the FDIC may contemplate various supervisory or enforcement actions, including the imposition of civil monetary penalties and the requirement for restitution where necessary.

What About APSN Fee Practices?

The regulatory focus extends beyond just re-presentment fees. One noteworthy concern is the practice of charging overdraft fees for transactions that were initially authorized with a positive balance but later settled with a negative balance, referred to as APSN transactions. Here is an overview of the FDIC’s Supervisory Guidance on Charging Overdraft Fees for Authorize Positive, Settle Negative Transactions, which was revised in April 2023 to expand upon the related 2019 Supervisory Highlights article:

Complexity in Overdraft Programs: Overdraft programs, transaction clearing, and settlement processes are intricate. APSN transactions involve consumers being assessed overdraft fees when they had sufficient account balances at the time of transaction initiation but no longer at settlement. This means it is hard for consumers to predict when fees might be assessed and how to avoid them.

Available Balance vs. Ledger Balance: Financial institutions typically use either an available balance method or a ledger balance method for assessing overdraft-related fees. The available balance can be affected by pending debit transactions. Some institutions, especially with the available balance method, assess overdraft fees on transactions authorized when the available balance is positive but posted when the balance is negative.

Unintended Consequences: In some cases, this practice leads to multiple overdraft fees being charged. Unanticipated overdraft fees can cause considerable harm to consumers. The consumer cannot reasonably avoid these fees, and their complexity further compounds the issue. This situation raises the risk of violations of consumer protection laws.

Mitigating Risks: Financial institutions are encouraged to review their practices regarding charging overdraft fees for APSN transactions. This entails ensuring that customers are not charged overdraft fees for transactions they could not anticipate or avoid. This includes monitoring third-party arrangements for compliance, evaluating core processing systems, and improving disclosures to accurately convey fee practices.

With a deep understanding of re-presentment and APSN transactions, financial institutions can effectively navigate the complex landscape of fee income and compliance. A proactive approach can aid in protecting consumers, ensuring regulatory compliance, and maintaining your institution’s reputation.

Balancing Overdraft Fee Income and Compliance

Weighing compliance and reputational risks against the revenue your overdraft program generates is crucial. While fee income is essential, safeguarding your financial institution’s reputation should always be a top priority. Striking the right balance between compliance and revenue is key.

Regulatory Insights and Recent Enforcement Actions

To stay ahead in the realm of overdraft programs, monitoring the insights and actions of regulatory bodies is essential. The CFPB, FRB, OCC, NCUA, and FDIC provide guidance and updates that can directly impact your operations. Recent enforcement actions underscore the consequences of non-compliance. Analyzing these cases can provide insights into areas where institutions have faltered and help you steer clear of similar missteps.

Your Overdraft Compliance Solution: Young & Associates

Managing overdraft programs while staying compliant with fair banking regulations is a complex task. At Young & Associates, we are here to guide you through this maze, ensuring that your financial institution not only thrives financially but also maintains a strong reputation in the industry. By understanding the risks, learning from common pitfalls, and implementing best practices, you can create a robust overdraft program that benefits both your institution and your customers.

For more in-depth guidance tailored to your unique circumstances, reach out to our team of experts. Together, we can navigate the regulatory compliance landscape and keep your financial institution on the path to success. Contact us today.

HMDA Alert – Smaller Mortgage Producers May Have to Comply in 2023

Written by admin on . Posted in Uncategorized.

By Bill Elliott, CRCM; Director of Compliance Education

On September 23, 2022, the United States District Court for the District of Columbia issued an order vacating (cancelling) the 2020 Home Mortgage Disclosure Act (HMDA) Final Rule. That final rule changed the limits for closed-end mortgage loans. At the time, that final rule raised the “minimum” for mandatory reporting from 25 to 100 closed-end mortgage loans in each of the two preceding years.

The court vacated that change, and so the threshold for HMDA reporting in the regulation for 2023 and into the future has been reset back to 25 closed-end loans. Banks that have been able to avoid HMDA because they made fewer than 100 loans are required to comply in 2023. A blog entry issued by the Consumer Financial Protection Bureau (CFPB) on December 8, 2022 stated that the CFPB (and we presume the prudential regulators) will not require backfiling, nor would they cite banks for the absence of 2020, 2021, and 2022 filing data, but said nothing about 2023. Therefore, if your bank made more than 25 closed-end mortgage loans in 2021 and 2022, HMDA is now a requirement for closed-end mortgage loan reporting for your institution – starting January 1, 2023.

We are unsure why the CFPB waited about 10 weeks to inform us. But you will need to dust off those old policies, procedures, systems, and operations to come into compliance, or perhaps create new policies, procedures, and operations in a hurry. Additionally, there may be applications from 2022 that do not have the government monitoring information in file, because it would have been a violation for non-HMDA banks to collect that information. We believe that your institution needs to go back and collect that information for all loans that had an application in 2022, but that close in 2023.

The 25 vs. 100 threshold was a decision made by the CFPB, and that was reversed. The partial exemption changes – impacting a number of the data elements required to be collected – were the result of a change in law, so the partial exemption remains unaffected by this reversal.

HMDA Review
Do you need a validation of your HMDA data prior to the 3/1/23 filing deadline? Young & Associates offers an off-site compliance review of your institution’s HMDA data. Using our secure file transfer system, we will validate your HMDA data to detect errors and issues before the filing deadline. For more information on our HMDA Review service, click here or contact Karen Clower, Director of Compliance, at 330.422.3444 or kclower@younginc.com.

The UDAAP Hammer Drops

Written by admin on . Posted in Compliance & Regulations, Uncategorized.

By: William J. Showalter, CRCM, CRP, Senior Consultant

In our last issue, we discussed what UDAAP is and how to set up a program in your bank to avoid trouble in this important area. Our title admonished you, “Don’t Let UDAAP Spook You, Take Control.” If you have not yet taken control of UDAAP compliance, you may have been spooked by developments over the past 12 months or so. There have been three big UDAAP enforcement actions involving three financial service providers of all sizes during that time.

Background
Section 5 of the Federal Trade Commission (FTC) Act has been around for over 70 years and prohibits “unfair or deceptive acts or practices” (UDAP), the predecessor to UDAAP. Banking regulators have had the responsibility to enforce bank and thrift compliance with UDAP rules, while the FTC had the authority to interpret the statute and write any rules. The Federal Reserve Board (FRB) was given interpretive and rule-writing authority when this part of the FTC Act was amended in 1975 but continued largely to defer to the FTC.

Title X of the Dodd-Frank Act (DFA) codified UDAP law specifically for financial institutions, eliminated the FRB’s rule-writing authority, added an “abusive” standard, and moved rule-writing authority to the CFPB. The acronym became UDAAP – unfair, deceptive, or abusive acts or practices.

What are We Dealing With?
All these standards or characteristics are quite subjective. The elements of unfairness and deception have been established by statute, as well as interpretation over the years by the FTC in various enforcement actions and interpretive documents. The element of being abusive was established, in general terms, in statute by the DFA.

To be unfair, an act or practice must cause or be likely to cause substantial injury to consumers that the consumers cannot reasonably avoid or that is not outweighed by countervailing benefits. Substantial harm usually involves monetary harm, including a small monetary harm to each of a large number of consumers. A three-part test is used to determine whether a representation, omission, act, or practice is deceptive. First, the representation, omission, act, or practice must mislead or be likely to mislead the consumer. Second, the consumer’s interpretation of the deception must be reasonable under the circumstances. And, lastly, the misleading representation, omission, act, or practice must be material. “Material” means that it is likely to affect a consumer’s decision regarding a product or service. An abusive act or practice materially interferes with the ability of the consumer to understand a term or condition of a consumer financial product or service. Such an act or practice also includes one that takes unreasonable advantage of: the consumer’s lack of understanding of material risks, costs, or conditions of a product or service; the consumer’s inability to protect his interests in selecting or using a financial product or service; or the consumer’s reasonable reliance on the “covered person” (including a banker) to act in the interests of the consumer.

Recent UDAAP Enforcement Actions
In about the year 2000, banks first saw significant enforcement of UDAP (now UDAAP) from the banking agencies when the Office of the Comptroller of the Currency (OCC) took the lead. The OCC concluded that it had authority to address a violation of the FTC Act even regarding a challenged practice that was not specifically prohibited by regulation.

The three bank-related UDAAP enforcement actions to which we referred above are:

  • The Consumer Financial Protection Bureau (CFPB) issued a Consent Order to Discover Bank (Greenwood, DE) and two subsidiaries ordering Discover to pay at least $10 million in consumer redress and a civil money penalty (CMP) of $25 million for violating a 2015 CFPB Order, the Electronic Fund Transfer Act, and the Consumer Financial Protection Act of 2010. The 2015 Order was based on the CFPB’s finding that Discover misstated the minimum amounts due on billing statements as well as tax information consumers needed to get federal income tax benefits. The agency also found that Discover engaged in illegal debt collection practices. The 2015 Order required Discover to refund $16 million to consumers, pay a penalty, and fix its unlawful servicing and collection practices.
    However, more recently the CFPB found that Discover violated the 2015 order’s requirements in several ways – misrepresenting minimum loan payments owed, amount of interest paid, and other material information. Discover also did not provide all the consumer redress the 2015 Order required. In addition, the CFPB found that Discover engaged in unfair acts and practices by withdrawing payments from more than 17,000 consumers’ accounts without valid authorization and by cancelling or not withdrawing payments for more than 14,000 consumers without notifying them. The agency also found that Discover engaged in deceptive acts and practices in violation of the CFPA by misrepresenting to more than 100,000 consumers the minimum payment owed and to more than 8,000 consumers the amount of interest paid. Some consumers ended up paying more than they owed, others became late or delinquent because they could not pay the overstated amount, while others may have filed inaccurate tax returns
  • The Federal Deposit Insurance Corporation (FDIC) issued an order to Umpqua Bank (Roseburg, OR) that the bank pay a CMP of $1,800,000 following the FDIC’s determination that the bank engaged in violations of Section 5 of the Federal Trade Commission Act in the commercial finance and leasing products issued by its wholly owned subsidiary, Financial Pacific Leasing, Inc. According to the FDIC, these violations included engaging in deceptive and/or unfair practices related to certain collection fees and collection practices involving excessive or sequential calling, disclosure of debt information to nonborrowers, and failure to abide by requests to cease and desist continued collection calls.
  • The FDIC also issued an order to pay a CMP of $129,800 to Bank of England (England, AR). The bank consented to the order without admitting or denying the violations of law or regulation.
    The FDIC determined that the bank violated Section 5 of the Federal Trade Commission Act because bank loan officers located in the Bloomfield, MI loan production office (LPO) misrepresented to consumers that certain Veterans Administration (VA) refinance loan terms were available when they were not, and that the bank’s misrepresentations at the Bloomfield LPO regarding terms for VA refinancing loans were deceptive, in violation of Section 5.

How to Deal with These Issues
As we advised in our previous article, banks and thrifts should be proactive in addressing areas prone to UDAAP issues. You can anticipate potential problems by, in part, tracking enforcement actions as indicators of where regulators are looking for issues (and finding them).

The steps we spelled out to help in this proactive approach are:

  • Establish a positive compliance culture by positive words, actions, and attitudes from the top down.
  • Enforce compliance performance which, coupled with the overt support from the top, makes it clear to all that this is a crucial element in the success of the organization and any related individual rewards (bonuses, raises, promotions, etc.)
  • Involve compliance early in product design, marketing planning, and so forth.
  • Focus on vulnerable customers, including the young, less educated, immigrants, elderly, etc., within your community, paying particular attention to how your marketing, product recommendations, and disclosures are directed to such populations

It is much easier – and less expensive – to plan and lay appropriate groundwork to avoid problems than it is to repair damages after inappropriate and illegal actions blow up. The reactive approach can cause the bank immeasurable reputation harm, which is much more costly than any monetary penalties, and much more difficult to recover from.
For more information on how the Young & Associates compliance team can assist with your UDAAP compliance, contact us at mgerbick@younginc.com or 330-422-3482.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question