Categories
News

AuditOne Compliance Advisory: 2018 Q3

AuditOne LLC Advisory

From Bud Genovese, Chairman

Regulatory reform is alive and well, and the regulatory community is actively responding. Announcements about new regulatory communication vehicles and publications, enhanced websites, and amendments have been plentiful. While promising, it has not come with a reduction in compliance enforcement. To the contrary. American Banker recently reported that there was a 63% increase in net new enforcement actions in the second quarter of 2018 from a year earlier. The study detailed that while there has been an easing in requirements surrounding qualified mortgages, exam schedules and Call Reports, higher risk compliance areas such as Fair Lending, money laundering and CRA continue to receive a high level of scrutiny. Better time than any to take a pulse on your institution’s readiness to handle changes. Consider whether there is a sound Project Management and Change Control infrastructure in place to help management and employees quickly adapt to changes to systems, operations, and internal controls, as necessary, to maintain satisfactory levels of compliance.

Within this issuance, we cover changes to Dodd Frank along with a variety of key regulatory developments that we hope your organization finds useful. This Quarterly General Compliance edition has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. We hope you enjoy! – Bud

DODD FRANK

On July 21, 2010, President Barack Obama signed the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 into law, in response to the global financial crisis of 2008. On May 24, 2018, President Trump signed S. 2155, the Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCPA) into law, which eased certain Dodd-Frank rules and regulations. Our second quarter 2018 General Compliance Advisory included an overview of the key provisions of S. 2155. Below are a few key updates:

  • The Federal Reserve Board (FRB) issued Consumer Affairs Letter CA-18-4 to address the restoration of the Protecting Tenants at Foreclosure Act. Under the law, the immediate successor in interest at foreclosure must provide bona fide tenants with 90 days’ notice prior to eviction and allow tenants with leases to occupy property until the end of the lease term. However, the lease can be terminated on 90 days’ notice if the unit is sold to a purchaser who will occupy the property. The FRB Consumer Affairs Letter CA-18-4 is available at www.federalreserve.gov/supervisionreg/caletters/caltr-1804-attachment.pdf.
  • The Consumer Financial Protection Bureau (CFPB) issued an interpretive and procedural rule to implement and clarify changes made to HMDA by section 104 of the EGRRCPA. To support implementation of the rule, the CFPB published an executive summary and updated the Filing Instructions Guide for HMDA data collected in 2018. The rule provides a partial exemption to some smaller volume banks and credit unions from some HMDA data filing requirements. Federal agencies emphasized that the new law will not affect the format of the Loan Application Registers for institutions filing 2018 data in 2019. The rule can be accessed here: https://www.consumerfinance.gov/policy-compliance/rulemaking/final-rules/partial-exemptions-from-requirements-of-home-mortgage-disclosure-act-under-regulation-c/.
  • On September 21, 2018, the CFPB issued an interim final rule to update the CFPB’s model forms for the Summary of Consumer Identity Theft Rights and the Summary of Consumer Rights to incorporate a notice of rights required by a new provision of the Fair Credit Reporting Act (Regulation V), added by the EGRRCPA: https://www.federalregister.gov/documents/2018/09/18/2018-20184/summaries-of-rights-under-the-fair-credit-reporting-act-regulation-v.
  • Stemming from a desire to expand the number of insured depository institutions and U.S. branches/ agencies of foreign banks eligible for an 18-month on-site examination cycle, federal banking agencies issued interim final rules that generally would allow qualifying insured depository institutions with less than $3 billion in total assets to benefit from an extended 18-month on-site examination cycle: https://www.federalreserve.gov/newsevents/pressreleases/bcreg20180823a.htm.

TRID GETS A PARTIAL OVERHAUL

In July 2017, the CFPB issued a revised TRID rule containing a plethora of amendments and corrections to the original rule. Timely, as many in the financial services industry have struggled with rule interpretation for certain loans, transaction types and scenarios. Mandatory compliance is required for applications received on or after October 1, 2018.

It would be wise to ensure your organization’s policies and procedures are updated to comply with the revised rule, and that employees are appropriately trained. A review of the system of record and vendor relationships to ensure related software and vendor services are up-to-date is also recommended.

The new rule, a noteworthy 560 pages, can be found here:
https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/201707_cfpb_Final-Rule_Amendments-to-Federal-Mortgage-Disclosure-Requirements_TILA.pdf.

BANK SECRECY ACT/ ANTI-MONEY LAUNDERING NEWS

  • Exceptive relief is now permanent … After consulting with stakeholders and financial institutions, the Financial Crimes Enforcement Network (FinCEN) announced on September 7, 2018 that it has permanently granted “exceptive relief” to covered financial institutions from the Beneficial Ownership Rule’s requirement to identify and verify beneficial ownership information on or after May 11, 2018, as a result of the following:
    1. CD rollovers;
    2. loan renewals, modifications, and extensions that do not require underwriting review and approval;
    3. commercial line of credit or credit card account renewals, modifications or that do not require underwriting review and approval; and
    4. safe deposit box rental renewals.

    Important to note that this relief does not apply to the initial opening of any of the types of accounts listed above, nor does it relieve any covered financial institution of its customer due diligence requirements under AML program rules. A link to the ruling follows: https://www.fincen.gov/sites/default/files/administrative_ruling/2018-09-07/Permanent%20Exceptive%20Relief%20Extension%20of%20Compliance%20Date%20CDs_final%20508.pdf

  • The Bank Secrecy Act/Anti-Money Laundering (BSA/AML) InfoBase website – a vehicle to share bank examination procedure information with examiners, financial institutions, the public, and other stakeholders – was redesigned to improve the overall user experience. Updates were made to site navigation search and mobile-friendly capabilities, as well as to functionality that allows users to download various sections of the FFIEC BSA/AML Examination Manual. The redesigned website can be found here: https://bsaaml.ffiec.gov.
  • On October 3, 2018, federal regulators announced that community banks and credit unions will be allowed to share resources in an effort to bolster BSA compliance and AML obligations. Collaborative arrangements, as described in the statement, are typically most beneficial to financial institutions with a community focus, less complex operations, and lower-risk profiles for money laundering or terrorist financing. The announcement can be found here: https://www.fincen.gov/sites/default/files/2018-10/Interagency%20Statement%20on%20Sharing%20BSA%20Resources%20-%20%28Final%2010-3-18%29%20%28003%29.pdf.

ELDER FINANCIAL ABUSE: COMPONENTS OF A SOUND POLICY

Increasing regulator focus on the risk and exposure associated with elder financial abuse warrants a brief pause to assess whether current policies and practices are strong enough to pass muster during your next regulatory exam. To place your institution in the best compliance position, you’ll want to ensure your organization’s policies and practices address the following:

  • A definition of elder/adult dependent financial abuse
  • That all officers and employees of the bank or credit union are “mandated reporters”
  • The obligation to file a report of suspected financial abuse
  • That the suspected financial abuse must be reported by telephone immediately to the local Adult Protective Services (APS) branch or local law enforcement, followed by a written report sent within two working days to the same agency
  • Training requirements
  • Address the need to file a Suspicious Activity Report (SAR)
  • How the reporting of suspected abuse will be handled internally, such as notifying the compliance officer, manager, or supervisor
  • Board review/approval of Financial Elder Abuse Policy, at least annually

REGULATION CC AMENDED

On September 12, 2018, the FRB published a final rule that amends Subpart C of Regulation CC to address situations where there is a dispute as to whether a check has been altered or was issued with an unauthorized signature and the original paper check is not available for inspection. These amendments continue the FRB’s efforts to update Regulation CC to reflect the evolution of the nation’s check collection system from one that is largely paper-based to one that is virtually all electronic. The amended rule is effective January 1, 2019. The FRB release can be found here: https://www.federalreserve.gov/newsevents/pressreleases/bcreg20180912a.htm

OTHER COMPLIANCE NEWS, DEVELOPMENTS and ENFORCEMENT

Federal Trade Commission (FTC) Issues Report On Efforts to Protect Older Consumers

The report, Protecting Older Consumers 2017-2018: A Report of the FTC, outlines the FTC’s research, law enforcement, and education efforts aimed at protecting older Americans. Interesting fact: In 2017, older adults were more likely to report fraud than younger people, and in those reports, indicated less frequently that they had lost money. But does this mean their overall risk profile is lower? Read on. The facts may surprise you: http://safetycouncil.thesafetyinstitute.org/ftc-details-efforts-to-protect-older-consumers-in-report-to-congress/

2018 Census Data Now Available

The FFIEC’s Geocoding System has been updated with 2018 Census demographic data. Click on the “What’s New” tab on the Community Reinvestment Act page of the FFIEC website at www.ffiec.gov/cra

Enhanced CRA Filing Software

The FFIEC released updated software for reporting and filing 2018 CRA data required from covered banks and thrifts under the Community Reinvestment Act (CRA). This version facilitates data entry for calendar year 2018 data that must be submitted by March 1, 2019: www.ffiec.gov/software/software.htm.

Consumer Compliance Supervision Bulletin

The FRB has announced the launch of the Consumer Compliance Supervision Bulletin – a new publication that will “provide bankers and others interested in consumer protection with high-level summaries of pertinent supervisory issues.” The Bulletin is intended to enhance transparency regarding the agency’s consumer compliance supervisory program and highlight violations that have been identified. It will also provide practical steps for institutions to consider when managing consumer compliance risks, and will briefly highlights recent regulatory and policy developments. The first issue focuses on:

  • Fair Lending (redlining, discriminatory loan pricing and underwriting);
  • UDAAP (unfair or deceptive acts or practices involving overdrafts, loan officer misrepresentations and products and services marketed to students);
  • Military Lending Act; and,
  • Other recent regulatory and policy developments

The Bulletin is available at: www.federalreserve.gov/publications/files/201807-consumer-compliance-supervision-bulletin.pdf.

Noteworthy Enforcement Action

TCF National Bank: The CFPB reaches $30 million settlement with TCF National Bank regarding its marketing and sale of overdraft services: https://www.law.com/nationallawjournal/2018/07/20/cfpb-reaches-30m-settlement-with-tcf-national-bank/?slreturn=20180922092506

Stay tuned for more data on emerging activities surrounding Fintech and Cybercurrency BSA/Anti-Money Laundering enforcement.


AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see AuditOneLLC.com

Categories
News

Current Regulatory Hot Spots

AuditOne Advisory

From Bud Genovese, Chairman

This advisory provides summarized data of the hot regulatory topics we have seen in the field while performing recent credit reviews, compliance and internal audits. This information was delivered in a WBA Webinar by our Co-CEO, Jeremy Taylor. The hot topics include criticisms in the areas of Credit, ALM, BSA, IT and Compliance. Please share with others, as appropriate, and we hope this advisory will be beneficial to you! – Bud

See Current Regulatory Hot Spots at AuditOneLLC.com

AuditOne LLC – Company Overview

AuditOne LLC provides quality risk management services to financial institutions. We have become the largest independent provider due to our sole focus delivering responsive, exceptional internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas.

Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see AuditOneLLC.com

Categories
News

More Options for Capital Management

AuditOne LLC Advisory

From Bud Genovese, Chairman

This advisory provides a summary of the potential effect of the new law impacting small bank regulator capital options. It is presented by our ALM Practice Director, David Kellerman, in a concise and informative manner. Also, we understand that a rules clarification is still needed from the regulators. Please share with others as appropriate, and we hope this advisory will be beneficial to you! – Bud

EGRRCP Act

With President Trump’s signing of the Economic Growth, Regulatory Relief, and Consumer Protections (EGRRCP) Act, banks with under $10 billion in assets now have more flexibility when managing their capital to meet regulatory standards. The regulatory bodies (the Federal Reserve Board (FRB), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC)) still have work to do to define terms. Effort is also needed to communicate how this new law will integrate into the Basel III simplification framework which was proposed in September 2017.

Banks over $10 billion in asset size have to comply with the Basel III capital framework. Banks under $10 billion in asset size will now have three regulatory capital options, each of which is explained in more detail below:

  1. Basel III
  2. Small Bank Holding Company Policy Statement (if assets are under $3 billion)
  3. Opt out of Basel III and adopt the Community Bank Leverage Ratio with minimum tangible equity to tangible assets of between 8% and 10%.

These alternatives will allow banks the flexibility to choose the structure that best fits with their individual strategic plans and risk profile. Banks should consider within their strategic plan how asset growth rates and which sources of capital the institution may have in determining which alternative to choose.

Each alternative carries its own complexities and potential benefits:

Basel III

Basel III was finalized in 2013 and the fully phased-in effective date is January 1, 2019.  Minimum ratios are defined as:

Tier 1 leverage ratio (average assets)4%
Common Equity Tier 1 ratio (risk weighted assets)7%
Tier 1 leverage ratio (risk weighted assets)8.5%
Total capital ratio (risk weighted assets)10.5%

Capital Conservation Buffers should also be considered. The capital conservation buffer of 2.5%, comprised of Common Equity Tier 1, is established above the regulatory minimum capital requirement (including all regulatory ratios except for the Tier 1 leverage ratio). Capital distribution constraints will be imposed on a bank when capital levels fall within this range. Banks will be able to conduct business as normal when their capital levels fall into the conservation range as they experience losses. The constraints imposed only relate to distributions, not the operation of the bank.

Complexity comes in the form of the computation of capital in the ratios as there are numerous adjustments required. As mentioned previously, the Basel III simplification proposes additional changes to the computations that should be considered once it is finalized. Among the several potential benefits of this alternative are flexibility in the use of Tier 2 capital and lower risk weightings for lower risk assets.

Small Bank Holding Company Policy Statement

Implemented in 1986, the Policy Statement is now applicable to holding companies with less than $3 billion in assets as well as to savings and loan holding companies.  One of the most significant considerations of this alternative is that there cannot be significant non-bank activities.  The alternative does allow for a more generous use of debt at the holding company level which can be down-streamed to the subsidiary banks as Tier 1 capital.  This permits debt to be used to help finance mergers and acquisitions.  As an example of the added flexibility of this structure, Small Bank Holding Companies can carry 75% debt to 25% equity (which needs to be reduced to 25% debt within 12 years) versus Basel II maximum debt usage for Bank Holding Companies over $10 billion of just 19%.  Each subsidiary bank must be well-capitalized and there are potential dividend restrictions as well.   If your Bank is near the $3 billion threshold and are utilizing this framework, plans to transition to either Basel III or the new Community Bank Leverage Ratio (Tangible Equity to Tangible Asset) framework need to be considered.

Community Bank Leverage Ratio (Tangible Equity to Tangible Assets from 8% to 10%)

This alternative is a very much simplified framework for small banks and bank holding companies. There are no guidelines yet as to what qualifies as tangible capital, but stay tuned to communications from your regulator. If your institution has higher risk weighted assets or significant deductions from Basel III common equity Tier 1 capital, you may want to review the merits of this regulatory capital alternative. Based on recent Call Report filings, most small banks already meet the 10% tangible equity to tangible assets requirement. Those institutions could opt out of Basel III and into the new Community Bank Leverage Ratio with no intervening steps needed. Benefits of this alternative include not being subject to Basel II capital penalties or adverse risk weightings. Alternatively, institutions with low risk-weighted assets would recognize no benefit for those holdings.

Conclusion

While the new EGRRCP Act provides for simplification of capital requirements for small banks and small bank holding companies, the decision making as to which regulatory capital framework to choose is potentially not a simple one.  Financial advisors should be consulted as more information becomes available from regulators.


AuditOne LLC – Company Overview

AuditOne LLC provides quality risk management services to financial institutions. We have become the largest independent provider due to our sole focus delivering responsive, exceptional internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas.

Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see AuditOneLLC.com

Categories
News

AuditOne Compliance Advisory: 2018 Q2

AuditOne LLC Advisory

From Bud Genovese, Chairman

In light of recent regulatory developments, we thought it important to add to our Quarterly Compliance Advisory a standing Dodd-Frank section that will continue to receive updates in future editions as pertinent information becomes available. Within this issuance, we also cover key Compliance News, Developments and Enforcement. This edition has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. We hope you enjoy! – Bud

DODD FRANK

On July 21, 2010, President Barack Obama signed the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 into law, in response to the global financial crisis of 2008. On May 24, 2018, President Trump signed S. 2155, the Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCP Act) into law, which eased certain Dodd-Frank rules and regulations. 

Key S.2155 provisions follow:

  • Institutes longer Exam Cycles for smaller banks.  Allows well-managed and highly capitalized banks with up to $3 billion in assets to have full-scope, on-site examinations every 18 months, rather than every 12 months.
  • Exempts from the Volcker Rule all banks with less than $10 billion in assets.  This exemption allows banks that were otherwise prevented from engaging in speculative activities with taxpayer-insured deposits the ability to now trade for profit and invest in hedge funds and private equity funds.
  • Ends mandated Stress Tests for banks with under $100 billion in assets
  • Raises the threshold for enhanced regulatory oversight from $50 billion to $250 billion.  This means that most larger banks in the US will no longer be subject to Dodd Frank’s heightened Capital and Liquidity requirements, and enhanced risk management standards, some of which were derived from Basel III.  Also allows certain foreign institutions to tally their U.S. assets in ways that keep them under that $250 billion threshold. 
  • Permits Federal Savings Associations with less than $20 billion in total assets to choose to be regulated like national banks without changing their charter
  • Amends the Truth in Lending Act to allow institutions with less than $10 billion in assets to waive “Ability-To-Pay” requirements for certain residential mortgage loans. Other mortgage-lending provisions related to appraisals, mortgage data, employment of loan originators, manufactured homes, and transaction waiting periods are also modified.  For example, there is an appraisal exemption for rural mortgage portfolio loans of less than $400,000 if unable to find a state-certified/licensed appraiser to perform the Appraisal in a timely manner. Also, appraisal services donated by fee appraisers as charitable contributions will be considered “customary and reasonable” under TILA (Habitat for Humanity).  Changes to Ability-To-Pay requirements are meant to collectively eliminate certain consumer protections against overpriced and adjustable rate mortgages, simultaneously expanding lending options that had been available prior to the 2008 global financial crisis.
  • Classifies loans made for one-to-four-unit, non-owner-occupied residences as Residential Real Estate Loans, as opposed to business loans, a noted benefit to credit unions as they will no longer count against a credit unions’ member business lending cap of 12.25% of assets.
  • Removes the three-day wait period required for the combined TRID mortgage disclosure if a creditor extends to a consumer a second offer of credit with a lower annual percentage rate
  • Exempts from certain Home Mortgage Disclosure Act reporting requirements institutions originating less than less than 500 closed-end mortgage loans or less than 500 open-end lines of credit in each of the two preceding calendar years.
  • Eliminates Escrow requirements for higher-cost mortgages made by banks and credit unions with assets of up to $10 billion
  • Provides a safe harbor for properly trained financial employees who report alleged Elder Financial Abuse
  • Allows Social Security Administration to accept electronic consumer consent for banks verifying customer Identity to combat “synthetic” identity fraud
  • Makes Online Banking Initiation easier by authorizing a national standard for banks to scan and retain information from driver’s licenses and identity cards as part of a customer online onboarding process, via smartphone or website.
  • Requires the U.S. Department of Treasury to conduct a study on the risks that Cyber Threats may pose to financial institutions, and to assist homeowners in remediating Lead and Asbestos Hazards
  • Requires the holder of a Student Loan to release a co-signer from the obligation if the student borrower dies. 
  • Amends the United States Housing Act of 1937 to reduce Inspection requirements and Environmental-reviewequirements for certain smaller, rural public-housing agencies
  • Provides certain Predatory Lending protections to veterans and directs the Financial Literacy and Education Commission to establish best practices for institutions of higher learning to teach financial literacy skills.

Proponents of S. 2155 argue that it will open markets, increase access to capital for home purchases and discourage bailouts.  The opposition, however, argues that it weakens consumer protection against fraudulent practices in home sales, and opens the door for a repeat of the unsustainable housing market in the period leading up to the Great Recession.  Effective dates for S. 2155 range from immediate to unspecified, with certain provisions implementing through May 2021. The American Bankers Association prepared a useful timeline for all changing provisions that can be found here:
https://www.aba.com/Advocacy/Issues/Documents/S2155-Effective-Dates.pdf

Other Dodd-Frank News

  • Protecting Tenants at Foreclosure Act (PTFA): The PTFA was initially implemented on May 20, 2009 under Dodd-Frank to protect tenants from eviction because of foreclosure.  The Act expired on December 31, 2014 and was reinstated on June 23, 2018 (without an expiration date) with the signing of S.2155 into law. 
  • Community Reinvestment Act, Home Mortgage Disclosure Act and Bank Secrecy Act: In conjunction with the effort to roll back certain Dodd-Frank provisions are efforts to review provisions of existing consumer protection regulations such as these for opportunities to ease the regulatory burden on banks and credit unions.  No changes announced yet.

OTHER COMPLIANCE NEWS, DEVELOPMENTS & ENFORCEMENT

California Consumer Privacy Act of 2018

On June 28th, California became the first state to enact domestic regulation that piggybacks off the EU’s General Data Protection Regulation (GDPR). Known as the California Consumer Protection Act, it becomes effective January 2020 and seeks to give consumers greater control over the sharing and use of personal information. Among other things it establishes consumers’ right to access personal information, to request deletion of such information, and to opt out of personal information being sold. A link to the legislation follows:  https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180AB375

CFPB Will Not Penalize Institutions for HMDA Errors in 2018 and 2019

On July 5, 2018, the CFPB issued the following statement on the implementation of the EGRRCP Act Amendments to the Home Mortgage Disclosure Act: “…The Bureau does not intend to assess penalties with respect to errors in data collected in 2018 and reported in 2019. Collection and submission of the 2018 HMDA data will provide financial institutions an opportunity to identify any gaps in their implementation of amended Regulation C and make improvements in their HMDA compliance management systems for future years. Any examinations of 2018 HMDA data will be diagnostic to help institutions identify compliance weaknesses, and the Bureau will credit good-faith compliance efforts”.

CFPB’s Indirect Auto Lender Bulletin Nullified

In 2013, the CFPB issued Bulletin 2013-02 (Indirect Auto Lending and Compliance with the Equal Credit Opportunity Act) to regulate dealer markups that could result in pricing disparities on the basis of race, national origin or other prohibited bases.  Although the Bulletin prompted auto finance companies to take a closer look at dealer compensation programs and dealers (vendors) with whom they partnered, it also created a high level of industry concern around the CFPB’s reliance on statistical models to identify potential Fair Lending abuses.  Since auto dealers are prohibited from collecting race and ethnicity data from consumers, adversaries cited that output from these models could not be reasonably relied upon.  On May 21, 2018, President Trump signed into law bill S.J. Res.57, which nullifies CFPB Bulletin 213-02.  https://www.consumerfinance.gov/about-us/newsroom/statement-bureau-consumer-financial-protection-enactment-sj-res-57/

White House Names CFPB Director Successor

Acting director Mick Mulvaney’s tenure at the Consumer Financial Protection Bureau ended, by statute, on June 22, 2018.  The White House recently nominated Kathy Kraninger, his subordinate.  Ms. Kraninger is a Georgetown Law graduate and has worked for the Department of Homeland Security and for the Senate Appropriations Committee’s Homeland Security Subcommittee.

Beneficial Ownership Information

FinCEN and certain other regulatory agencies remain in dialogue about the benefits and risks associated with creating a national beneficial ownership database to help financial institutions comply with BSA Beneficial Ownership requirements that went into effect May 11, 2018.  Some companies have begun contracting with banks/FI’s to help obtain this information. 

RESPA/TILA

In response to expressed concerns from the financial community, the CFPB amended RESPA/TILA disclosure requirements implemented in Regulation Z to remove a timing restriction that prevented creditors from disclosing cost changes after having provided initial Closing Disclosures.  Changes to closing costs are sometimes necessary, e.g., because of a consumer request for a rate lock extension or loss of a home sales contract.  Under the current rule, if the change occurred after the specified time limit for providing revised Closing Disclosures, the associated cost(s) could not be passed on to the consumer.  In response, some creditors elected to employ alternative options to recoup applicable costs, including denying the application/credit or spreading the cost across all consumers in the form of higher fees – both of which defeat the purpose and intent of the original legislation.  Effective Date: June 1, 2018
Link: https://www.gpo.gov/fdsys/pkg/FR-2018-05-02/pdf/2018-09243.pdf

Regulation CC Changes Effective July 1, 2018

AuditOne’s EFT Practice Director recently issued a detailed communication on the various changes associated with Regulation CC.  We encourage you to read it in detail, as there is some great practical advice on how your institution can create an optimal compliance environment.  As was noted in a clarifying statement that followed, changes in Regulation CC hold limits have not yet been finalized, as they are dependent upon proposed Reg J changes, which are still pending and out for comment at present.

Regulation A Amendment

In May 2018, the Federal Reserve Board approved amendments to Regulation A, which governs extensions of credit by Federal Reserve Banks, to make certain technical adjustments including reflecting the expiration of the Term Asset Backed Securities Loan Facility (TALF) program.  The final amendments revise the provisions regarding the establishment of the primary credit rate at the discount window in a financial emergency, and delete obsolete provisions relating to the use of credit ratings for collateral for extensions of credit under the former TALF program. The final amendments became effective June 8, 2018, 30 days after the date of publication in the Federal Register.  Here’s the link: https://www.federalregister.gov/documents/2018/05/09/2018-09805/regulation-a-extensions-of-credit-by-federal-reserve-banks

Mortgage Servicing

The CFPB recently published an updated Small Entity Compliance Guide for Mortgage Servicing.  Key changes include a coverage chart for mortgage servicing provisions under Regulations X and Z, as well as guidance on periodic statement exemptions.  The updated guide may be accessed through the CFPB’s Mortgage Servicing webpage at:
https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/cfpb_mortserv_guide_v3.1.pdf

Vendor/Third Party Risk Management

Vendor Management continues to receive heightened scrutiny, and is of growing importance considering newer risk components such as cybersecurity, online privacy, outsourced operations, cloud computing and various high-profile breaches that have occurred.  Vendor management controls for vendors with consumer compliance implications, such as third-party products, have also received heightened attention.  We encourage ongoing monitoring and a formal audit, at least annually, to ensure compliance with evolving expectations.

Notable Enforcement Action

For those financial institutions that perhaps remain on the fence about whether to develop a standalone UDAAP Risk Assessment and ongoing monitoring program, this recent enforcement action may pique your interest:

On April 20th the OCC and CFPB imposed a $1 billion fine ($500 million each) against Wells Fargo.  The OCC opined that Wells Fargo violated “the unfair practices prong of Section 5 of the Federal Trade Commission (FTC) Act”.  This Act declares that unfair or deceptive acts or practices affecting commerce are illegal. However, unlike many consumer protection laws, Section 5 of the FTC Act also applies to transactions with businesses and not just consumers.  The CFPB further added that the Bank violated the Consumer Financial Protection Act (i.e., the Dodd-Frank Act that established the CFPB).  According to the OCC and CFPB, Wells Fargo violated the Acts in the following ways:

  • Improper placement and/or maintenance of collateral protection insurance (CPI) policies on automobile loan accounts. As a result, borrowers were improperly charged CPI premiums, interest and fees. In some cases, loans went into delinquency and vehicles were improperly repossessed.
  • Customers were charged mortgage interest rate lock extension fees even though the Bank had caused the loan closing to fail to occur within the mortgage interest rate lock period. As a result, customers were improperly charged mortgage interest rate extension fees when the Bank should have borne the cost.

AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us  and for information about all of our audit services see AuditOneLLC.com

Categories
News

Changes to Regulation CC

AuditOne Advisory 

From Bud Genovese, Chairman

Genelle Wrzesinski, Senior Associate and Electronic Funds Transfer Practice Director, based in our Northern California office, has written the article below that summarizes the details, including what auditors and examiners will look for, contained in the revised Regulation CC rules effective July 1, 2018. Please feel free to forward this useful column to any appropriate people in your financial institution, thank you.  – Bud

Changes to Regulation CC

Background

The Federal Reserve published a final rule amending Regulation CC on May 31, 2017, with an effective date of July 1, 2018.  It more recently issued a commentary for Regulation J changes to enable implementation of the revised Regulation CC rules.

Current check collection and return requirements will be
modified to reflect a virtually all-electronic check collection and return
environment and to encourage all depository institutions to receive, and paying institutions to send, returned checks electronically.  These changes will better align with current practices for electronic image-based processing of check collection and returns, which have been driven by many institutions signing agreements to join processing networks with their core provider. These networks follow ECCHO (Electronic Check Clearing House Organization) rules. The revised Regulation CC will adopt these rules and enable efficiencies via faster processing.  Faster payments could also come from the push for a second returned-item cash letter to paying banks each day.

While the increased hold limits and shorter return times (as outlined below) may get most attention, in fact it is the revised assignment of liability on fraudulently altered or re-deposited checks that is most
significant, together with the new warranties applying to the exchange of
imaged electronic checks.  The revisions require that a financial
institution (FI) receiving a remote or mobile deposit item indemnify any FI
that subsequently receives the original (paper) check, given that the item was already paid and settled.  However, as elaborated on below, the indemnity does not protect the subsequent FI if the check carries a restrictive endorsement.

Definitional changes

  • The routing number is revised to include the bank identification number in electronic checks.
  • “Indemnifying bank” is now defined as a bank that provides an indemnity under Section 229.34 for remote deposit capture or for an electronically-created item.
  • The MICR line includes the number established in X9.100-817 (today’s standard).
  • “Sufficient copy” is defined to include the electronic
    reproduction of a check that the recipient has agreed to receive instead of paper.
  • Subject to Regulation CC, an electronic check is treated the same as a paper check for all purposes unless otherwise noted.  However, the regulation does not give the bank the right to send an electronic check absent agreement to do so by both parties. It includes provisions for notice of nonpayment, expeditious return and warranties.
  • Banks may send information required in writing in electronic form (such as electronic statements), if there is an agreement to do so.

Revised hold limits

In 2011, Regulation CC established the limits for holds
placed on consumer DDA accounts (used for personal, family or household purposes).  FIs subject to compliance are required to make $200 available the first business day following a deposit, unless an exception hold is placed for one of the six types of eligible reason under the regulation.  For exception holds the regulation requires that $5,000 be made available the next business day (with some subject to longer hold periods in accordance with a schedule specified in Regulation CC). Effective July 1, 2018, the above-noted limits will change from $200 and $5,000 to $225 and $7,500, respectively. There is a rising concern that this change could impact ATM currency for banks that do not include $5 bills.

Note that the regulation does not cover business accounts or
personal savings, money market or CD accounts.  Also, cash deposits made
in person and electronic payments are still required to be made available next day.

Revised two-day test

The final rule requires expedited return for both paper and
electronic checks to meet the two-day test: a requirement to return to the bank of deposit (BOFD) no later than 2:00 p.m. on the second business day following check presentment to the paying bank.  The previous deadline was 4:00 p.m. on the second business day.

Handling of returned deposited items

Checks have always had endorsements on the back to indicate
the returning bank.  But not so with imaged checks, making it difficult to
determine the path of collection.  Several banks have been granted
extended return times to research the BOFD or have forwarded the item to the Fed requesting assistance.  But BOFD information is more readily available via check file record #26 (i.e., line 26 of the report attached to imaged file, provided by either the Fed or the processor).  The paying or returning bank could be liable for failing to meet this requirement if the depository bank has arrangements for return of checks electronically by “commercially reasonable means”.

In addition, there is a new requirement for the paying bank
to notify the BOFD of non-payment of items over $5,000.  This is an
increase in the threshold amount from the previous $2,500.  However, the
new notification requirements eliminate some of the information that previously had to be reported.

RCC procedures

ECCHO is working with the Federal Reserve to effect changes
to remotely-created checks (RCCs) and claims with ECCHO Rule 8 and Rule 9 warranty and claim procedures.  As mentioned above, there is currently a proposal out for complementary changes to Regulation J.  Specifically, ECCHO is proposing the use of external processing code (EPC) digit “6” to identify RCCs.  The EPC field position 44 on the MICR line will be located just left of the routing number; this can be over laid with “4” if an IRD image replacement document – i.e., photocopy of check) is created.  Use of the code is voluntary and is not an immediate solution to fraud but could identify the legitimate remote check processors.  Financial institutions will have to update agreements to require the code, and will then be required to monitor volumes and return rates.  Depository banks may then allocate liability to the depositor in their customer agreements.

Warranties, indemnifications and endorsements

With the Federal Reserve now adopting ECCHO rules, liability
will shift to the depository bank for altered or forged checks.  This
introduces a “rebuttable presumption” (i.e., presumed liability to the BOFD) that can be overcome if the original check is made available for all parties in the dispute, in which case standard UCC rules would apply.

The revisions will also allow FIs operating in multiple
states to have clearer guidelines when subjected to out-of-state
jurisdiction.  They will affect claims with duplicate warranty – i.e.,
when a receiving bank pays an item already paid – because warranty is valid
even if demand for duplicate payments results from a fraudulent check about which the warrantying bank had no knowledge.  This scenario can occur with remote and mobile deposit capture systems; however, Regulation CC applies to consumers, so it is mobile deposit that represents the major risk.

The depository bank’s indemnity provides that:

  • The truncating bank accepts deposit of electronic image
    or information related to the original check
  • It does not receive the original check
  • It receives settlement or other consideration for the
    deposited check
  • It does not receive return of check unpaid

There is an exception for a restrictive endorsement, which
includes “For mobile deposit only – Bank name”, even though the bank will not have the item in their possession.  Banks will need to work with their core processor to ensure virtual endorsements include this restrictive
verbiage.  Also, it is very important to train bank operations staff on
the teller line not to accept any over the counter deposits with checks that
include a restrictive endorsement sprayed when an item is processed with a
remote capture scanner, to help mitigate potential losses from duplicate
processing.

What auditors and examiners will look for

These changes will impact several areas of auditing, though
this will await further clarifications, including complementary changes to
Regulation J.

For a Central or Branch Operations audit (e.g., Fed
returns), there will be additional requirements:

  • Review of the Federal Reserve monthly fee statement to
    determine whether fees were assessed for needlessly forwarding a check to
    be researched by the Federal Reserve instead of looking at record #26 for
    the BOFD information.
  • Reason codes should be reviewed, as “Refer to Maker”
    will no longer be allowed.
  • Review training records to ensure over the counter
    deposits do not include restrictive endorsements for mobile or remote
    deposit captured items.

For Compliance audits, reviews are likely to include the
following:

  • Change in $ limits of holds.
  • Timely release of funds for availability.
  • Changes for $ limits of notification of returns for
    large items ($5,000 and over)
  • Changes with deadline time of returns at 2:00 p.m.

For EFT Audits covering remote deposit capture and mobile
deposit capture, reviews are likely to include the following:

  • Require a closer review
    of changes to the bank’s agreements with restrictive endorsement
    requirements.
  • Ensure that endorsement
    requirements are met.

     

    • Review whether core
      processors include the restrictive virtual endorsements that will include
      “For Mobile Deposit Only with the name of the Bank”.  Client’s
      account numbers will not be a requirement.
    • If the core processor
      does not virtually provide the endorsement, review how the bank is
      ensuring it is present prior to deposit capture processing.

Resources and reference tools

Genelle Wrzesinski has over 35 years of hands-on experience in banking operations and compliance/BSA management, working in various community and regional banks. She holds a B.Sc. in Business Administration, has earned the AAP (Accredited ACH Professional) certification, and regularly attends compliance seminars and conferences.


AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see AuditOneLLC.com

Categories
News

LRM Advisory: Q1 2018

AuditOne LLC Advisory

From Bud Genovese, Chairman

Kruskal Hewitt, a Senior Associate based in our New York City office, has written an article below that summarizes how financial institutions are monitoring and controlling their exposure to liquidity risk. Funds management is always a critical component of financial risk management but especially so in the current macroenvironment and in view of regulatory concerns over “surge deposit” risk.

Mr. Hewitt tracked this data from the numerous Liquidity Risk audits we perform each year. We’ve compiled (anonymously) into a very useful database the data gathered in those audits. Please feel free to forward this informative column to any appropriate people in your financial institution.  For the best viewing experience, please go to our website.  Thank you.  – Bud

AUDITONE LLC’S ANALYSIS OF LIQUIDITY LIMITS 2015 – 2017

AuditOne LLC is a leading provider of outsourced internal audits for community banks and other small/mid-sized financial institutions. Please refer to our website https://www.auditonellc.com for further information about AuditOne. Among AuditOne’s practice areas is liquidity risk management (LRM). US financial institutions are expected to have regular internal audits of their monitoring and control of LRM, which requires a variety of tools.

AuditOne has compiled (anonymously) data from 76 of our LRM clients on liquidity limits. These are institutions where we have used data from the most recent AuditOne LRM audit, no further back than 2015. AuditOne believes this database is relevant to AuditOne clients because it covers a relatively narrow range of asset size, geography and business lines. AuditOne will update this analysis annually.

WHICH LIMITS

Regulators have not created rules or detailed guidance on how liquidity should be modeled, measured or limited. As a result, there is a broad proliferation of measurements (and limits), differing widely across institutions. There is no single measure that is used by more than two thirds of our clients and only seven that are used by more than a third. As an illustration of the diversity, we have clients that have only one liquidity measurement subject to a limit while there are some with more than 15.

However, these figures can be a bit misleading. For example, a metric targeting a particular aspect of liquidity risk may show up in a number of different forms and definitions. Another example, some banks monitor against a limit while others may monitor and report the same metric but without imposing a (maximum or minimum) limit. We believe that most of our clients are satisfactorily monitoring their liquidity position, and that the common points of liquidity risk exposure across institutions generally get appropriate attention.

Please note: the difference between “less than” and “less than or equal to” (or “greater than” and “greater than or equal to,”), is minimal (in ratio terms). In the following presentation we have made no distinction between the two. For ease of notation, only “less than” (<) and “greater than” (>) are used.

DEFINITIONS

Brokered Deposit / Total Deposit: In the numerator, all brokered deposits (per regulatory definition) + all deposits > $250,000, unless the institution has specifically designated a core depositor.

FHLB Advances / Total Assets: In the numerator, all collateralized borrowings for the FHLB.

Liquid Assets / Total Assets: In the numerator, all assets that mature within one year + Available for Sale securities.

Net Loans & Leases / Total Deposits & Borrowings:

Net Non-Core Funding Dependence: This ratio is noncore liabilities less short-term investments divided by long term assets. Noncore liabilities are total time deposits > $250,000 + other borrowed money + foreign office deposits + securities sold under agreements to repurchase + Federal Funds purchased + insured brokered deposits. Long term assets are net loans and leases + securities – debt securities with a remaining maturity of one year or less + other real estate owned (non-investment).

Total Liquidity/ Total Assets: The numerator is short term assets – short term liabilities + off-balance sheet liquid resources.

Wholesale Funding / Total Assets: The numerator is brokered deposits (including CDARS) + listing service deposits + security repurchase agreements + net Fed Funds purchased.

2017 DATABASE ANALYSIS

This is our first analysis and presentation of this data. It presents results across our entire database of 76 institutions. However, we would be happy to recalculate any of the results for subsets of institutions based on asset size, primary regulator, and/or a specific limit that is not listed below. Please contact either Jeremy Taylor or Kevin Watson at 562-802-3581.
Note that “<%” implies a limit expressed as a maximum (i.e., the highest that ratio can go), and vice versa. This is in contrast, in the tables below, with “Maximum” which indicates the highest limit amount across our database and “Minimum”, the lowest limit amount, whether the limit itself represents the highest or lowest the ratio in question is allowed to go.

Net Non-Core Funding Dependence: <%

ClientsAverageMedianMinimumMaximum
5027%25%10%60%

Net Loans & Leases / Total Deposits & Borrowings: <%

ClientsAverageMedianMinimumMaximum
45101%95%75%135%

Total Liquidity/ Total Assets: >%

ClientsAverageMedianMinimumMaximum
3917%15%5%50%

Brokered Deposit / Total Deposit: <%

ClientsAverageMedianMinimumMaximum
3214%10%5%45%

Liquid Assets / Total Assets: >%

ClientsAverageMedianMinimumMaximum
3111%10%5%20%

FHLB Advances / Total Assets: <%

ClientsAverageMedianMinimumMaximum
2823%25%10%40%

Wholesale Funding / Total Assets: <%

ClientsAverageMedianMinimumMaximum
2335%30%10%120%

DATABASE MIX SUMMARY

The following tables describe the 76 institutions in the database.  All dollar figures are in millions.

Database mix by asset size:

CountMaxAverageMedianMin
76$8,603$656$330$24

Database mix by primary regulator:

CountMaxAverageMedianMin 
57$8,603$721$292$60FDIC
9$927$557$525$276FBR
9$993$345$245$24OCC
0nanananaNCUA

Kruskal has been a Senior Associate with AuditOne since 2014, specializing in ALM (asset/liability management) audit and consulting work. He has considerable experience in the treasury and trading areas, including derivatives, investments and foreign exchange, in addition to interest rate and liquidity risk. Prior to AuditOne, he was with a Japanese utility, managing market and credit risk. Before that his background included market risk management with a large US regional bank and with multinational banks in the US, Asia and Europe. Kruskal holds a BA in Mathematics and an MBA from Northeastern University. His certifications include PRM (Professional Risk Manager), FRM (Financial Risk Manager), and CALMS (Certified ALM Specialist).


AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see AuditOneLLC.com

Categories
News

AuditOne Compliance Advisory: 2018 Q1

AuditOne LLC Advisory

From Bud Genovese, Chairman

The Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) are at the forefront of sweeping changes.  In this edition, we cover recent updates to FinCEN BSA guidance, the launch of FinCEN Exchange, Marijuana Related Business impacts, Cryptocurrency, BSA Examination Trends and more.  Additionally, the Senate has recently stepped up efforts on bipartisan legislation designed to roll back changes made to the lending landscape by the Dodd-Frank Act.  Finally, we will share some information on recent Compliance developments and enforcement actions.  This has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC.  We hope you enjoy! – Bud

Economic Growth, Regulatory Relief, and Consumer Protection Act

Earlier this morning, the Senate passed the Economic Growth, Regulatory Relief, and Consumer Protection Act (“the Bill”), a bipartisan bill that effectively amends and relaxes certain acts and requirements to increase access to capital for home purchases.  As stated, the Bill accomplishes the following:

  • Amends the Truth in Lending Act to allow institutions with less than $10 billion in assets to waive “Ability-To-Pay” requirements for certain residential mortgage loans. Other mortgage-lending provisions related to appraisals, mortgage data, employment of loan originators, manufactured homes, and transaction waiting periods are also modified.
  • Amends the United States Housing Act of 1937 to reduce inspection requirements and environmental-review requirements for certain smaller, rural public-housing agencies.
  • Amends the Bank Holding Company Act of 1956 to exempt banks with assets valued at less than $10 billion from the “Volcker Rule,” which prohibits banking agencies from engaging in proprietary trading or entering certain relationships with hedge funds and private-equity funds.
  • Modifies provisions relating to enhanced prudential regulation for financial institutions, including those related to stress testing, leverage requirements, and the use of municipal bonds for purposes of meeting liquidity requirements.  Certain banks are also exempted by the Bill from specified capital and leverage ratios, with federal banking agencies directed to promulgate new requirements.
  • Requires credit reporting agencies to provide credit-freeze alerts and includes consumer-credit provisions related to senior citizens, minors, and veterans.

Relaxed rules are intended to increase lenders’ appetite for consumer lending.  The potential downside is that relaxed standards might create an economic environment equivalent to what we experienced in 2008, a time that had not been seen since the Great Depression of the 1930’s.   The potential upside, however, is that while the same historical alphabet soup of consumer regulations will remain, the modified consumer disclosure rules implemented as a result of Dodd-Frank could be trimmed or removed, thereby cutting costs and potentially making borrowing more accessible and less expensive.  There will likely be changes in the House before the bill becomes law.  Stay tuned.

https://www.congress.gov/bill/115th-congress/senate-bill/2155

EconBank Secrecy Act (BSA)/Anti-Money Laundering (AML)

RECENT DEVELOPMENTS

Marijuana Related Businesses (MRBs)

The Department of Justice (DOJ) recently issued a memorandum that encouraged all U.S. Attorneys to prosecute for marijuana-related activities. The memo also addressed the return of the Controlled Substance Act, which prohibits the cultivation, distribution and possession of marijuana, all of which are activities that can lead to charges related to money laundering and BSA. Although the Cole Memo has been rescinded, there has been no further guidance from FinCEN addressing the impact on an institution’s SAR filings or the banking of a MRB. Without further guidance from FinCEN, we encourage financial institutions to continue to file SARs as normal on MRBs and to make sure your Five Pillars are ironclad should you decide to venture into this arena.

Launch of FinCEN EXCHANGE

On December 4, 2017, FinCEN announced the launch of a new program to enhance information sharing with financial institutions. Participation in FinCEN Exchange is voluntary. However, it is encouraged as it helps Treasury meet their objective to strengthen the anti-money laundering framework. FinCEN Exchange will include regularly scheduled briefings across the nation with law enforcement to obtain information related to illicit finance and national security threats. If the briefings conclude that an institution may have relevant information that law enforcement wants to obtain, 314a and 314b will likely facilitate the information exchange.

FinCEN BSA FAQ Update

  • Removal of requirement for depository institutions to file a Designation of Exempt Person form with respect to the transfer of currency to or from any of the 12 Federal Reserve Banks (in accordance with amended 31 CFR 1020.315);
  • Updated guidelines for filing the Designation of Exempt Person form; and,
  • New guidance concerning the types of identifying information financial institutions should obtain when a federal, state or local government official engages in a transaction over a certain amount in an official capacity.

See: https://www.fincen.gov/answers-frequently-asked-bank-secrecy-act-bsa-questions

E-Filing

FinCEN changed the type of file format that will be accepted through the e-filing system. By May 2018, all Currency Transaction Reports (CTR)s for batch filers must be uploaded in an XML based file. The format change for Suspicious Activity Reports (SAR)s will take effect in June 2018.

Cryptocurrency
Cryptocurrency is a relatively new concept in the world of banking, best described as a payment technology method that has a direct impact on money laundering efforts.  Two Acts created a path for civil and criminal regulation of cryptocurrency exchanges:

  • The Money Laundering Suppression Act of 1994, which requires Money Service Businesses (MSBs) to register with FinCEN on a biennialbasis.
  • The USA PATRIOT Act (2001), which made it a federal crime to operate a money transmitter business without a money transmitter license in any state that required such a license.

Moreover, the invention of Bitcoin in 2009 and introduction of other virtual currencies have served to increase regulatory concern for illegal behavior.  As a result, FinCEN issued interpretive guidance for virtual currency exchanges “to clarify the applicability of the regulations implementing the BSA to persons creating, obtaining, distributing, exchanging, accepting, or transmitting virtual currencies”. Virtual Currency is defined broadly in the Guidance to include all manner of items used as a medium of exchange … and any currency that “either has an equivalent value in real currency or acts as a substitute
for real currency.”  The guidance also clarified the following:

  • BSA requirements for MSBs apply equally to any cryptocurrency exchange that does business in the United States or with U.S. persons, regardless of the nationality of its ownership or its physical location.
  • Exchangers and administrators are considered money transmitters that must register as MSBs, thereby making them subject to BSA requirements to develop robust anti-money laundering compliance programs.
  • A user of virtual currency is not an MSB under FinCEN’s regulations and therefore is not subject to MSB registration, reporting, and recordkeeping regulations.
  • Money transmitters must comply with the obligations that the BSA and FinCEN place on those types of businesses.
  • For financial institutions with broker dealer subsidiaries, the SEC is responsible for enforcement of current registration, disclosure, and antifraud requirements of the securities laws applicable to those who issue or deal in cryptocurrencies.

Since 2015, there has been an increasing number of criminal complaints regarding the operation of unlicensed MSBs related to cryptocurrencies.  Three notable cases involved the following companies: E-gold, a digital gold currency and alternative payment system that was processing more than $2 billion worth of transactions per year; BTC-e, an Eastern European cryptocurrency exchange that conducted around $300 million in transactions of Bitcoin; and Ripple Labs, a company that builds products utilizing the decentralized cryptocurrency known as XRP, with sales of XRP currency totaling over $1.3 million.   Refer to Enforcement Actions Section of this Advisory for details.

The culmination of guidance on Cryptocurrency points to three primary obligations of money transmitters that we recommend be considered by lending institutions as part of Know Your Customer (KYC) programs:

  • Registered with FinCEN?
  • Have a risk-based AML and KYC program?
  • Filing suspicious activity reports (i.e., for purposefully obscured and anonymized transactions or for individuals associated with the transaction that are “widely reported as associated with criminal or civil violations of U.S. law”)?

Beneficial Ownership

Beginning May 11, 2018, financial institutions will be required to collect CIP on 25% owners of legal entity customers as well as at least one “controlling” person, requiring a drill down through multiple LLC layers as applicable.  FinCEN has not yet issued clarifying guidance on areas addressed in the new rule that suggest procedures should be “risk-based.” FinCEN did, however, recently indicate that they recognized the need for clarification by stating that they may be issuing additional guidance with a release of updated FAQs on the new rule. In addition, the regulators are updating the FFIEC BSA Examination Manual to address the new rule.

BSA/AML EXAMINATION TRENDS

Always helpful to pause and take stock of how well your institution fares when it comes to BSA examination “hot topics” and trends.  Some best practices that we recommend follow:

  • BSA Policy
    • Ensure written procedures address all customers and products.
  • Suspicious Activity Monitoring
    • Continually ensure software settings and rules address the Bank’s specific BSA/AML risk profile, making adjustments as warranted.
  • Risk Assessment (RA)
    • Provide meaningful historical data to support management’s analysis, including risk trends, mitigating controls, and residual risk for each product, service and customer.
    • Update the RA to include information on countries with which the Bank conducts international transactions, to provide a more accurate assessment of the inherent risk in those transactions.
    • Incorporate level and trend analysis on SARs and CTRs filed, including exempt customers to assess the risk changes within the Bank’s customer base from year to year.
  • Customer Identification Program/Customer Due Diligence/Enhanced Due Diligence
    • Ensure CIP forms contain complete information on primary identification, including a written description of the Bank’s primary method of positive identification such as government-issued driver’s license, ID Card, or passport.  Clearly evidence date of birth and OFAC checks conducted.
    • Perform enhanced due diligence on high-risk customers, including politically exposed persons, non-resident aliens, cash-intensive businesses, non-government organizations, charities, and money transmitters. Those with complex cash flows are potentially more susceptible to money laundering and terrorist financing.

Other Compliance Developments

HMDA

The FFIEC issued the 2018 HMDA Getting It Right Guide.  This edition reflects changes to Regulation C taking effect January 1, 2018. While the Guide serves as a valuable resource for HMDA reporting requirements, please note that it does not include guidelines about the HMDA e-filing process.  This information is separately maintained on the FFIEC website and can be found at www. consumerfinance.gov/data-research/hmda/for-filers and www.ffiec.gov/hmda/.

Flood

With the federal government shutdown on January 19, 2018, the authority of the Federal Emergency Management Agency (FEMA) to issue flood insurance policies under the National Flood Insurance Program (NFIP) lapsed.  Subsequently, on January 22, 2018, the NFIP was reauthorized (by legislation passed by Congress and signed by the President) to February 8, 2018.  After a brief government shutdown, Congress passed a $400 billion budget deal that was signed into law by the President that extended the NFIP to March 23, 2018.


FEMA guidance related to lapses can be found at https://nfip-iservice.com/Stakeholder/pdf/bulletin/w-17069.pdf.  Moreover, guidance issued by the banking agencies, during the 2010 lapse, may also be useful and can be found on each agency’s website at:

Automated Clearing House (ACH) Rules

ACH Rules go into effect four times per year.  NACHA has adopted a Rule to provide a new capability for moving virtually any ACH payment faster.  The rules were implemented in three phases, commencing in September 2016.  The third and last phase will become effective March 16, 2018.  Ensure that your institution is prepared to comply, with a focus on key topics such as:

  • Origination obligations
  • Receipt posting and availability
  • Credits vs. debits
  • Implementation

Notable Enforcement Actions

  • Regulators assessed the following civil money penalties (CMP) against US Bancorp for failure to maintain satisfactory risk management and oversight of the corporation’s and its subsidiary bank’s BSA/ anti-money laundering (AML) program:
  • The  OCC imposed a $50 million CMP against Rabobank, NA (Roseville, CA) for deficiencies in its BSA/AML program. https://www.occ.gov/news-issuances/news-releases/2018/nr-occ-2018-15.html
  • Flood enforcement actions have continued.  The financial institutions recently impacted are:
    • Hantz Bank (Southfield, MI), FDIC, $14,000
    • Bank of Lake Mills (Lake Mills, WI), FDIC, $5,000
    • Goldman Sachs Bank USA (New York, NY), FRB, $90,000
    • Clear Mountain Bank (Bruceton Mills, WV), FRB, $14,000
  • The Department of Justice brought a 21-count indictment against BTC-e and a Russian National international money laundering scheme, for laundering funds from the hacking of another cryptocurrency exchange.  FinCEN also assessed a $110 million CMP against BTC-e for willfully violating AML laws, and the head of Operations and Finance was individually assessed a $12 million penalty for his role in the violations.  Initially reported in July 2017, the case has current relevance as a baseline for future enforcement activity.

AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see AuditOneLLC.com