Compliance

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance 

With the change in management of the CFPB, we are seeing changes in how they operate. When they published their Regulatory Agenda for Fall 2017 (late as usual – it appeared in January 2018), they restated what Section 1021 of the Dodd-Frank Act specified as the objectives of the Bureau, including:

• Providing consumers with timely and understandable information to make responsible decisions about financial transactions
• Protecting consumers from unfair, deceptive, or abusive acts and practices and from discrimination
• Addressing outdated, unnecessary, or unduly burdensome regulations
• Enforcing federal consumer financial law consistently in order to promote fair competition, without regard to the status of a covered person as a depository institution
• Promoting the transparent and efficient operation of markets for consumer financial products and services to facilitate access and innovation

They stated that their work in pursuit of those objectives can be grouped into three main categories:

1. Implementating statutory directives
2. Other efforts to address market failures, facilitate fair competition among financial services providers, and improve consumer understanding
3. Modernizing, clarifying, and streamlining consumer financial regulations to reduce unwarranted regulatory burdens

Implementing Statutory Directives

In this area, the CFPB is continuing efforts to facilitate implementation of critical consumer protections under the Dodd-Frank Act. They listed three efforts under way. They include:

• Regulation C (Home Mortgage Disclosure Act)
• Mortgage servicing changes
• Continuing to improve the TRID portion of Regulation Z

The CFPB also listed other projects that are “in the works,” but probably nowhere near completion.

Other Efforts To Address Market Failures, Facilitate Fair Competition among Financial Services Providers, and Improve Consumer Understanding

In this area, the CFPB said they were considering rules, such as:

• Payday loans, auto title loans, and other similar credit products
• Debt collection
• Overdraft programs on checking accounts
• Prepaid financial products
• Modernizing, streamlining, and clarifying consumer financial regulations

Many of the regulations are approaching 50 years old and are out of date with the current world. For instance, Regulation B allows you to turn down a customer for not having a land line phone in the home. That was fine in the 1970s, but probably not relevant now. Updating this and many other regulations is overdue, including looking at the effectiveness of some of the more recent changes, which they say they will be doing.

Conclusion

We will have to wait and see what happens. As with all bureaucracies, and based on their past performance, changes are likely to appear slowly. In general, it appears that “new regulations” may slow down a bit, giving us in the industry a chance to catch up.

Young & Associates, Inc. offers a wide variety of compliance services to help your bank satisfy these compliance requirements. If we can help you “catch up” or improve your response to any of the regulations, we stand ready to assist. Please contact Karen Clower, Compliance Operations Manager, at kclower@younginc.com or 330.422.3444 and she will be happy to discuss our services with you.

By: Bill Elliott, CRCM, Manager of Compliance Services

For those of us who are news junkies, the current environment is interesting. Unfortunately, the environment is also so toxic that it is difficult to determine what actually may or may not happen during 2018.

We do know that some items that are being considered. For instance, bills are pending regarding issues like HMDA, flood, qualified mortgages, and call reports for smaller institutions. It remains to be seen whether any of these bills (or any of the other bills pending) actually will become law, or whether Congress will continue the infighting that has resulted in a haphazard and uncertain regulatory and law environment.

Home Mortgage Disclosure Act (HMDA)
Based on the questions we have received at Young and Associates, Inc., it would appear that that the 2018 HMDA implementation (so far) is going fairly well. However, we have received numerous questions regarding issues that were not addressed directly in the “HMDA Instructions.” This is not new or surprising, as not every situation can be covered in a rule as massive as HMDA.

For HMDA, as with every other new/updated regulation, preparation was the key. The regulatory world is getting so complicated that it is necessary for banks to really consider all processes and procedures to avoid either duplication of work or unnecessary work.

Customer Due Diligence
Speaking of duplication and unnecessary work, one of the items that must be addressed quickly is the new Customer Due Diligence rule under the Bank Secrecy Act, effective May 11, 2018. While many regulations can be handled by only one division of the bank, this regulation will impact almost everyone, as it requires updates regarding the ownership of a business every time a new account is opened. Accounts can be loans, deposits, safe deposit boxes, or any other kind of account that you may offer. It will require the customer to inform you of all individuals who own at least 25% of the business, as well as indicating a control person for the business.

For new loans, this will most likely be an inconvenience, although driver’s licenses and/or other methods of identification will be required every time a new commercial loan to a business with at least one 25% or more owner (LLC, partnership, corporation, etc.) is opened.

For deposits or other account types, this may mean what is now a 30-minute procedure to open a new account will become a multi-day ordeal, as the person opening the account may well not be the only owner, and certainly will not have identification information for all 25% owners and control persons with them (including identification). The only saving grace is that every financial institution will have to deal with this issue, so there will be no competitive advantage or disadvantage. With a May time limit, if your institution has not started the implementation process, time is running short.

Consumer Protection
As you well know, there has been a change in the administration of the Consumer Financial Protection Bureau (CFPB). With Mr. Cordray’s recent exit from the agency, it is likely that’s the CFPB will consider new approaches to the issue of consumer protection. To this end, the CFPB has announced steps to request information from the public and review how things are done, how they actually impact or help the consumer, and how they impact and create costs for the industry.

Some of the requests will be more useful than others. The first request to be issued by the CFPB will seek public comment on Civil Investigative Demands (CIDs), which are issued during an enforcement investigation. Comments received in response to this RFI and all others that follow will help the Bureau evaluate the existing framework and determine whether any changes are warranted. Make sure you are part of the process by commenting or otherwise making your voice heard.

Conclusion
If we can offer you training, implementation assistance, or any other compliance related service, please contact Karen Clower, Compliance Operations Manager, at kclower@younginc.com or 330.422.3444.

By: William J. Showalter, CRCM, CRP; Senior Consultant

The Consumer Financial Protection Bureau (CFPB) issued a final rule making several technical corrections and clarifications to the expanded data collection under Regulation C, which implements the Home Mortgage Disclosure Act (HMDA). The regulation is also being amended to temporarily raise the threshold at which banks are required to report data on home equity lines of credit (HELOC).

These amendments take effect on January 1, 2018, along with compliance for most other provisions of the newly expanded Regulation C.

Background
Since the mid-1970s, HMDA has provided the public and public officials with information about mortgage lending activity within communities by requiring financial institutions to collect, report, and disclose certain data about their mortgage activities. The Dodd-Frank Act amended HMDA, transferring rule-writing authority to the CFPB and expanding the scope of information that must be collected, reported, and disclosed under HMDA, among other changes.

In October 2015, the CFPB issued the 2015 HMDA Final Rule implementing the Dodd-Frank Act amendments to HMDA. The 2015 HMDA Final Rule modified the types of institutions and transactions subject to Regulation C, the types of data that institutions are required to collect, and the processes for reporting and disclosing the required data. In addition, the 2015 HMDA Final Rule established transactional thresholds that determine whether financial institutions are required to collect data on open-end lines of credit or closed-end mortgage loans.

The CFPB has identified a number of areas in which implementation of the 2015 HMDA Final Rule could be facilitated through clarifications, technical corrections, or minor changes. In April 2017, the agency published a notice of proposed rulemaking that would make certain amendments to Regulation C to address those areas. In addition, since issuing the 2015 HMDA Final Rule, the agency has heard concerns that the open-end threshold at 100 transactions is too low. In July 2017,  the CFPB published a proposal to address the threshold for reporting open-end lines of credit. The agency is now publishing final amendments to Regulation C pursuant to the April and July HMDA proposals.

HELOC Threshold
Under the rule as originally written, banks originating more than 100 HELOCs would have been generally required to report under HMDA, but the final rule temporarily raises that threshold to 500 HELOCS for data collection in calendar years 2018 and 2019, allowing the CFPB time to assess whether to make the adjusted threshold permanent.

In addition, the final rule corrects a drafting error by clarifying both the open-end and closed-end thresholds so that only financial institutions that meet the threshold for two years in a row are required to collect data in the following calendar years. With these amendments, financial institutions that originated between 100 and 499 open-end lines of credit in either of the two preceding calendar years will not be required to begin collecting data on their open-end lending (HELOCs) before January 1, 2020.

Technical Amendments and Clarifications
The final rule establishes transition rules for two data points – loan purpose and the unique identifier for the loan originator. The transition rules require, in the case of loan purpose, or permit, in the case of the unique identifier for the loan originator, financial institutions to report “not applicable” for these data points when reporting certain loans that they purchased and that were originated before certain regulatory requirements took effect. The final rule also makes additional amendments to clarify certain key terms, such as “multifamily dwelling,” “temporary financing,” and “automated underwriting system.” It also creates a new reporting exception for certain transactions associated with New York State consolidation, extension, and modification agreements.

In addition, the 2017 HMDA Final Rule facilitates reporting the census tract of the property securing or, in the case of an application, proposed to secure a covered loan that is required to be reported by Regulation C. The CFPB plans to make available on its website a geocoding tool that financial institutions may use to identify the census tract in which a property is located. The final rule establishes that a financial institution would not violate Regulation C by reporting an incorrect census tract for a particular property if the financial institution obtained the incorrect census tract number from the geocoding tool on the agency’s website, provided that the financial institution entered an accurate property address into the tool and the tool returned a census tract for the address entered.

Finally, the final rule also makes certain technical corrections. These technical corrections include, for example, a change to the calculation of the check digit and replacement of the word “income” with the correct word “age” in one comment.

The HMDA final rule is available at www.consumerfinance.gov/policy-compliance/rulemaking/final-rules/regulation-c-home-mortgage-disclosure-act/.

Updated HMDA Resources
The CFPB also has updated its website to include resources for financial institutions required to file HMDA data. The updated resources include filing instruction guides for HMDA data collected in 2017 and 2018, and HMDA loan scenarios. They are available at www.consumerfinance.gov/data-research/hmda/for-filers.

For More Information
For more information on this article, contact Bill Showalter at 330-422-3473 or
wshowalter@younginc.com.

For information about Young & Associates, Inc.’s newly updated HMDA Reporting
policy, click here. In addition, we are currently updating our HMDA Toolkit.

To be notified when the HMDA Toolkit is available for purchase, contact Bryan
Fetty at bfetty@younginc.com.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance and Adam Witmer, CRCM, Senior Consultant

Beginning in 2018, you will be faced with two major changes to Home Mortgage Disclosure Act (Regulation C 12 CFR § 1003). They are:

1. Changes to the existing rules
2. Addition of new rules

While the new rules will be challenging to navigate, the changes to the existing rules could prove to be extremely challenging, as long-established procedures and understandings are going to change. The following are a list of some of the biggest modifications.

Reporting Changes
Loan Volume Test. The new rules have two separate loan volume tests, one for closed-end and one for open-end.
The closed-end test is 25 covered loans. If your bank originates 25 “covered” loans (defined as not excluded closed-end loans or open-end loans), you will then report closed-end loans.

The open-end test is 100 covered loans. If your bank originates 100 open-end covered loans, then you will report open-end loans. There is a regulatory proposal to change this to 500 open-end for a couple of years, and we expect that to occur. The challenge here relates to business purpose loans.

All consumer purpose loans (generally HELOCs) will count, but business purposes loans may also count. Excluded loans will be open-end loans (such as an equity loan for operating expenses) that are not for a purchase, refinance, or home improvement purpose. But open-end loans such as this are refinanced, and will become reportable.

If your financial institution only meets one test, you only report the type of loans for the test you meet. This means some institutions will only report closed-end loans. Some will only report open-end loans. And others will report both.

Dwelling Secured. Under prior HMDA rules, one definition of Home Improvement included loans that were not secured by a dwelling. Under the new rules, only loans secured by a dwelling will be reportable.

Temporary Financing. The rules now only talk about financing that will be replaced by new financing. The old rules specifically excluded construction and bridge loans.

Agricultural Loans. The new rules now exempt all agricultural loans. In the past, the agricultural loan exemption only applied to purchases, which meant that when an agricultural loan was refinanced, it required HMDA reporting. Now, all agricultural purpose loans are exempt.

Preapproval Requests. Preapproval requests that are approved but not accepted are now required reporting rather than optional reporting.

Submission Process. The CFPB is going to use a cloud-based program for HMDA submissions. This means that reporters using the FFIEC software are going to have a much more difficult time. You will want to think about software options. If you are not using third-party software already, you will need to work out logistics of using the new reporting system.

Items to Consider
Our training manual for our live HMDA presentation runs 210 pages, so this is just an overview of some of the items that must be considered. Time is growing short. If your institution is going to be subject to the new rules, then training for everybody involved in the process is necessary. And for most readers, this will include more than one person.

For the future, if you are not subject to the HMDA regulation, be careful of expansion. If you open a branch in an MSA, suddenly HMDA will become part of your life. So beware of a good deal on the land or the lease – the costs of HMDA could easily dwarf the savings. If you are a HMDA reporter already, remember that any compliance requirement only gets paid for one of two ways – the applicants/customers pay for it, or it comes out of the stockholder’s pocket. Fee changes may be in your future.

HMDA Tools – Coming Soon
Young & Associates, Inc. is currently developing a HMDA Toolkit which will be available shortly, as well as a customizable HMDA policy. As there is HMDA text that the CFPB is changing and correcting (due out soon, we hope), we are not ready for release just yet. But we hope to keep the timetable reasonable. The HMDA policy will be available to purchase September 1, 2017.

We will also be offering an off-site HMDA Review beginning in 2018. We will review as many or as few loans as you would like to make sure you are on track. Billing will be based on the number of files reviewed, so you will control your costs.

Detailed information for all of these items will be available soon. If you are interested in the HMDA toolkit, HMDA policy, or HMDA reviews, we will be happy to discuss these products and services with you at any time.

Good luck – we will all need it. For more information on this article or how Young & Associates, Inc. can assist you in this process, contact us at compliance@younginc.com or 330.422.3450.

Young & Associates, Inc. is pleased to announce that Mary Green, Consultant, has earned the industry designation of Certified AML and Fraud Professional (CAFP) by the Institute of Certified Bankers, a subsidiary of the American Bankers Association (ABA). This certification demonstrates the ability to detect, prevent, monitor, and report current and emerging money laundering and fraud risks.

By: Bill Elliott, Senior Consultant and Manager of Compliance

We usually try to use this space to share information that will help you prepare for what has been released, and for what will be required in the coming months. However, at this writing we find ourselves in a unique position; almost nothing (at least in the near term) is changing is the world of compliance. That does not mean that we can relax too much, just that we have a little time to catch up and get ready for the next round of changes.

Here is a sampling of where we are today: ƒƒ

• Expedited Funds Availability (Regulation CC) Update: The CFPB promised it for late last fall, but have not yet released it. (Note: this is maybe their fifth release date.) They have been working on it for about 6 years.
• Privacy (Regulation P) Update: This was also promised for last fall, but it has not yet appeared. In the interim, the prudential regulators have stated that banks that do not share (and therefore have no opt out) can follow the new privacy law. This means no annual privacy notice mailings of any kind, unless your privacy notice has to change. If you do change your notice and/or start to share, you will have to mail the new notice to all customers annually, so you may want to think about the mailing expense before you make any changes that would require the annual mailing.
• Prepaid Cards Update: The new prepaid card rule has been delayed for six months (April 2018) to allow for the changes that will essentially turn all prepaid cards that have the ability to be reloaded into an “account.” They will then have rights similar to an account holder; they can ask for transaction histories, dispute items, etc. This is probably going to make these cards more expensive and therefore less attractive to your customers, and may end up not being a profitable item for many banks.
• TRID Update: They have published a proposal, but we will have to wait to see what the final rule looks like. It will be a number of months at least before anything is finalized on this subject.
• Home Mortgage Disclosure Act Update: The major item on the compliance agenda for 2017 is the Home Mortgage Disclosure Act. Management needs to assure that staff training occurs – and soon. We created a manual for our live seminars that runs 210 pages. We also created a listing of every possible code that might be needed, and that runs 33 pages in Excel. So this will not be an easy transition, and waiting until December to think about it does not seem like a good idea. If you do not have an LEI number and you are a HMDA bank, you should get it very soon. It will be required for 2018. We should also mention that the CFPB published a 150-page update with changes and corrections to the HMDA rule. These changes should be final by the first of the year.

Stay Tuned
We will continue to use the newsletter to keep you informed as the CFPB finally publishes updates and new regulations. But in the near term, the staff can work on absorbing what already has been issued. If we can help in any way, please feel free to call Karen Clower at 330.422.3444 for assistance. She can also be reached at kclower@younginc.com. 

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance

On October 5, 2016, the CFPB issued a final rule amending Regulations E and Z to create comprehensive consumer protections for prepaid financial products. The result of this rule is that many of you may not continue to offer these accounts, and those of you who do not currently offer the accounts may not want to start. The purpose of this article is not to talk you into or out of these products, but to give you the basic facts so that you can make the best decision for your institution.

The Prepaid Rule runs 1,501 pages, so we can only do an overview in this article. You may also want to look at the following: http://www.consumerfinance.gov/policy-compliance/guidance/implementation-guidance/prepaid

Another site worth your time might be: http://www.consumerfinance.gov/policy-compliance/rulemaking/final-rules/prepaid-accounts-under-electronic-fund-transfer-act-regulation-e-and-truth-lending-act-regulation-z/

Prepaid Accounts
The Prepaid Rule adds the term “prepaid account” to the definition of “account” in Regulation E. Payroll card accounts and government benefit accounts are prepaid accounts under the Prepaid Rule’s definition. Additionally, a prepaid account includes a product that is either of the following, unless a specific exclusion in the Prepaid Rule applies:

1. An account that is marketed or labeled as “prepaid” and is redeemable upon presentation at multiple, unaffiliated merchants for goods and services or usable at automated teller machines (ATMs); or
2. An account that meets all of the following:
   1. Is issued on a prepaid basis in a specified amount or is capable of being loaded with funds after issuance
   2. Whose primary function is to conduct transactions with multiple, unaffiliated merchants for goods or services, to conduct transactions at ATMs, or to conduct person-to-person (P2P) transfers
   3. Is not a checking account, a share draft account, or a negotiable order of withdrawal (NOW) account

There are exceptions to the rule. Under the existing definition of account in Regulation E, an account is subject to Regulation E if it is established primarily for a personal, household, or family purpose. Therefore, an account established for a commercial purpose is not a prepaid account.

Pre-Acquisition Disclosures
The Prepaid Rule contains pre-acquisition disclosure requirements for prepaid accounts. The requirements are detailed. However, there often will be a reseller of these products, meaning that the seller must prepare this disclosure for you. This “short form” disclosure includes general information about the account.

Outside but in close proximity to the short form disclosure, a financial institution must disclose its name, the name of the prepaid account program, any purchase price for the prepaid account, and any fee for activating the prepaid account.

There is also a long form disclosure which sets forth comprehensive fee information as well as certain other key information about the prepaid account.

The Prepaid Rule includes a sample form for the long form disclosure. The long form disclosure must include a long laundry list of items that details every nook and cranny of the account’s use. The Prepaid Rule also requires financial institutions to make disclosures on the access device for the prepaid account, such as a card. If the financial institution
does not provide a physical access device for the prepaid account, it must include these disclosures on the website, mobile application, or other entry point the consumer uses to electronically access the prepaid account.

All these disclosures are in addition to your standard Regulation E initial disclosure. The initial disclosures must include all of the information required to be disclosed in the pre-acquisition long form disclosure.

Error Resolution and Limitations on Liability
Prepaid accounts must comply with Regulation E’s limited liability and error resolution requirements, with some modifications. This may or may not be your problem, depending on who owns the account. But if your third-party vendor must give the customer these rights, the cost will likely go up, possibly making selling these cards a problem.

Periodic Statements and the Periodic Statement Alternative
The Prepaid Rule requires financial institutions to provide periodic statements for prepaid accounts, such as payroll accounts. However, a financial institution is not required to provide periodic statements for a prepaid account if it makes certain information available to a consumer, such as:

• Account balance information by telephone
• ƒElectronic account transaction histories for the last 12 months
• ƒƒWritten account transaction histories for the last 24 months

Overdraft Credit Features
The Prepaid Rule amends Regulations E and Z to regulate overdraft credit features that are offered in connection with prepaid accounts. It adds the term “hybrid prepaid credit card” to Regulation Z and sets forth specific requirements
that apply to hybrid prepaid-credit cards. Doing something like this will materially increase your costs. Of course, there are many more rules on the subject that we cannot include in this article.

Effective Dates
The Prepaid Rule is generally effective on October 1, 2017.

What Should You Do?
Over the next few months, you need to talk with any existing companies that you do business with for this kind of product. They may still be struggling with how they are going to approach this, so you may not get all your answers immediately. But you need to know what your role is going to be after October 1, 2017 so that you can make the best decision for your institution. And all new product offerings, whether internal or external, need to be examined carefully to make sure that you can comply with the rules.

For more information about this article, contact Bill Elliott at 1.800.525.9775
or compliance@younginc.com.

 

 

Effective DATES: The final rules are effective July 11, 2016. Banks must comply  with these rules by May 11, 2018 (Applicability Date).

Summary
Banks have not been required to know the identity of the individuals who own or control their legal entity customers (also known as beneficial owners). This is viewed as a weakness of the system that they are trying to correct.

FinCEN believes that there are four core elements of CDD:
1. Customer identification and verification
2. Beneficial ownership identification and verification
3. Understanding the nature and purpose of customer relationships to develop a customer risk profile
4. On-going monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information

Banks must now identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted). A bank may rely on the beneficial ownership information supplied by the customer, provided that it has no knowledge of facts that would call into question the reliability of the information. The identification and verification procedures for beneficial owners are very similar to those for individual customers under a bank’s customer identification program (CIP), except that for beneficial owners, the institution may rely on copies of identity documents. Banks are required to maintain records of the beneficial ownership information they obtain, and may rely on another bank for the performance of these requirements, in each case to the same extent as under their CIP rule.

The AML program requirement for banks now explicitly includes risk-based procedures for conducting ongoing customer due diligence, to include understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile.

A customer risk profile refers to the information gathered about a customer at account opening used to develop a baseline against which customer activity is assessed for suspicious activity reporting. This may include self-evident information such as the type of customer or type of account, service, or product. The profile may, but need not, include a system of risk ratings or categories of customers.

In addition, CDD also includes conducting ongoing monitoring to identify and report suspicious transactions and to maintain and update customer information. For these purposes, customer information shall include information regarding the beneficial owners of legal entity customers. The regulation requires that banks conduct monitoring
to identify and report suspicious transactions. Because this includes transactions that are not of the sort the customer would be normally expected to engage, the customer risk profile information is used (among other sources) to identify such transactions. This information may be integrated into the bank’s automated monitoring system, and may be used after a potentially suspicious transaction has been identified, as one means of determining whether or not the identified activity is suspicious.

When a bank detects information (including a change in beneficial ownership information) about the customer in the course of its normal monitoring that is relevant to assessing or reevaluating the risk posed by the customer, it must update the customer information, including beneficial ownership information. Such information could include, e.g., a significant and unexplained change in the customer’s activity, such as executing cross-border wire transfers for no apparent reason or a significant change in the volume of activity without explanation. This applies to all legal entity
customers, including those existing on the Applicability Date.

This provision does not impose a categorical requirement that banks must update customer information, including beneficial ownership information, on a continuous or periodic basis. Rather, the updating requirement is event-driven, and occurs as a result of normal monitoring.

Your Response
This is going to entail changes mostly in the deposit area. Your loan area probably already collects most of this information, as they require guarantees. Also note that we stated at the beginning of this article that the mandatory date is not until 2018. It is likely that there will be changes so an immediate response to this rule does not seem reasonable. Please, however, do not lose sight of this timetable to make sure you have it in place in plenty of time before the mandatory dates. If we can help in any way, please let us know. We will also be happy to assist in any other way to help you meet your BSA and compliance needs. This could include hands-on assistance and/or consulting assistance depending upon your needs. For more information, contact us at 1.800.525.9775 or compliance@younginc.com.