Categories
News

AuditOne Advisory: Liquidity Risk Management Analysis

AuditOne Advisory

From Bud Genovese, Chairman

This Advisory presents data that we have complied to help in your institution’s Liquidity Risk Management (LRM) process. AuditOne performs remote-based LRM audits every year at institutions in the Western US and around the nation. One of our ALM audit specialists, Kruskal Hewitt, has developed the following presentation of liquidity data from a variety of financial institutions. Mr. Hewitt has been a risk and portfolio manager at international and large regional banks. I hope you find this information useful, and please share with your colleagues having responsibilities related to Liquidity Risk Management and Liquidity Policy. Thank you, — Bud

AUDITONE LLC’S ANALYSIS OF LIQUIDITY LIMITS 2016 – 2018

AuditOne LLC is a leading provider of outsourced internal audit and related services for community banks, regional banks, credit unions and other financial institutions (FI). Please refer to our website for further information (www.auditonellc.com). Liquidity risk management (LRM) is among AuditOne’s audit areas, part of our Asset/Liability Management (ALM) practice. US financial institutions (FI) are expected to have regular internal audits of their monitoring and control of LRM, which requires a variety of tools.

AuditOne has compiled (anonymously) data from 67 of our LRM clients on liquidity limits. These are institutions where we have collected data from the most recent AuditOne LRM audit, going no further back than 2016, covering 67 institutions. AuditOne believes this database is relevant to our clients because it covers a relatively narrow range of asset size, geography and business lines. We update this analysis annually.

Unlike for interest rate risk, regulators have not created rules or detailed guidance on how liquidity should be modeled, measured or limited. Nor are liquidity risks straightforward to compare from one FI to another, given that liquidity limits can generally be measured/defined in various, somewhat different ways.

HOW MANY LIMITS?

Within our database of 67 FI clients, there was one that had only one liquidity policy limit measure, and another with 18. The average is eight and the median seven.

There is no correlation between balance sheet size and the number of policy measurements; the second smallest balance sheet ($70 million) has 14 policy measures and the largest ($11 billion) has only one limit.

WHICH LIMITS?

There is a broad proliferation of liquidity metrics and limits. These are presented in detail in the following two sections. However, there are three groups of liquidity limits that are more common than it first appears, because they can show up with slightly different definitions.

  1. Limit on total liquidity: These show for 56 of 67 (84%) of institutions in our LRM database. These represent some form of liquid assets as a percentage of total assets or total deposits. The ratio goes by different names, including primary liquidity ratio, total liquidity ratio. Note that many clients have more than one limit in this category.
  2. Limit on brokered deposits: 44 of 67 (66%) of institutions. This is typically measured as brokered deposits (which in turn requires precise definition) as a percentage of total assets or total deposits.
  3. Loan to deposit ratio: 25 of 67 (37%) of institutions. This is expressed as a percentage of total deposits or deposits plus borrowings. In some cases, the denominator is limited to core deposits.

It appears that the common points of liquidity risk exposure across institutions generally get appropriate attention. But we do not suggest, nor does our database analysis imply, some “ideal set” of liquidity measures.

DEFINITIONS

Brokered Deposit / Total Deposit: In the numerator, all brokered deposits (per regulatory definition) and all deposits > $250,000, unless the institution has specifically designated a core depositor.

FHLB Advances / Total Assets: In the numerator, all collateralized borrowings from the FHLB.

Liquid Assets / Total Assets: In the numerator, all assets that mature within one year plus Available for Sale securities.

Liquid Assets / Total Deposits: Ditto.

Net Loans & Leases / Total Deposits: In the numerator, total loan and lease assets net of ALLL loan loss reserving.

Net Non-Core Funding Dependence: This ratio is noncore liabilities less short-term investments divided by long term assets. Noncore liabilities are total time deposits > $250,000, plus other borrowed money, plus foreign office deposits, plus securities sold under agreements to repurchase, plus Federal Funds purchased, plus insured brokered deposits. Long term assets are net loans and leases, plus securities with a remaining maturity of one year or more, plus Other Real Estate Owned (OREO).

Wholesale Funding / Total Assets: The numerator is brokered deposits (including CDARS), plus listing service deposits, plus security repurchase agreements, plus net Fed Funds purchased.

Note that per our earlier discussion, exact definitions of many of these metrics can vary from FI to FI.

WHAT LIMIT LEVEL?

This analysis presents results across our entire database of 67 institutions, most of them in western states. The 67 have in total 106 different measures of liquidity. But of these 106, 65 are used by only one or two institutions; they represent (less popular) variations on other definitions used more broadly.

The tables below show data on individually-defined limits, some closely related to others. It was indicated earlier, for instance, that total liquidity could be expressed as a percentage of total deposits or total assets; both show below (the 2nd and 5th tables, respectively), so that we can present data on the corresponding limit levels. The tables are ordered according to frequency of occurrence of each individual limit.

We would be happy to recalculate any of the results below for subsets of institutions based on asset size, primary regulator, and/or a specific limit that is not listed below. Please contact David Kellerman (our ALM Practice Director) at 702-279-8130 or Jeremy Taylor (our CEO) at 949-981-0420.

Please note:

  • The difference between “less than” and “less than or equal to” (or “greater than” and “greater than or equal to”) is minimal (in ratio terms). In the following presentation we have made no distinction between the two. For ease of notation, only “less than” (<) and “greater than” (>) are used
  • “<%” implies a limit expressed as a maximum (i.e., the highest that ratio can go), and vice versa. In contrast, in the body of each table below, “Maximum” indicates the highest limit amount across the database and “Minimum” the lowest, independent of how the limit itself is expressed.

Net Non-Core Funding Dependence: <% *

ClientsAverageMedianMinimumMaximum
4925%25%7%60%

Liquid Assets / Total Deposits >%

ClientsAverageMedianMinimumMaximum
3317%15%10%50%

Brokered Deposit / Total Deposit: <%

ClientsAverageMedianMinimumMaximum
3114%10%5%45%

FHLB Advances / Total Assets: <%

ClientsAverageMedianMinimumMaximum
2823%25%10%40%

Liquid Assets / Total Assets: >%

ClientsAverageMedianMinimumMaximum
2612%10%5%20%

Net Loans & Leases / Total Deposits: <%

ClientsAverageMedianMinimumMaximum
2499%98%80%135%

Wholesale Funding / Total Assets: <%

ClientsAverageMedianMinimumMaximum
2231%33%10%50%

* Interpretation: The Net Non-Core Funding Dependence can be no higher than 7% for the lowest FI in our database and no higher than 60% for the highest FI. The average and median are both a policy maximum of 25%.

DATABASE MIX SUMMARY

Database mix by asset size (all dollar figures in millions):

ClientsAverageMedianMinimumMaximum
67$1,022$378$24$11,400

Database mix by primary regulator (all dollar figures in millions):

ClientsAverageMedianMinimumMaximum 
50$1,174$346$70$11,400FDIC
8$786$753$266$2,000FRB
9$391$434$24$1,069OCC

AuditOne LLC – Company Overview

AuditOne LLC’s is a leading provider of risk management services to financial institutions in the Western US and nationally. Our sole focus enables us to deliver effective and efficient internal audit and credit review services. This exclusive focus translates into exceptional benefits to our clients, including regional and community banks, credit unions and other financial institutions. We have experience with all regulatory authorities and offer a full selection of audit services comprising Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, BSA/Compliance, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge. For more information on this article, or to receive a proposal for an ALM/ IRR / Liquidity Audit, please contact Jeremy Taylor, CEO, AuditOne LLC, at Contact Us. In addition, contact Jeremy for information on how our other services can help reduce risk at your institution. Also, for more information about AuditOne LLC and all our audit services see AuditOneLLC.com

Categories
News

AuditOne Advisory: IRR Limits & Assumptions Analysis

AuditOne Advisory

From Bud Genovese, Chairman

This advisory presents data that we have complied to help you in management of your institution’s Interest Rate Risk (IRR) process. AuditOne performs remote-based IRR audits each week at institutions in the Western US and around the nation. One of our IRR audit specialists, Kruskal Hewitt, has developed the following presentation of IRR data from a variety of financial institutions. Mr. Hewitt has been a risk and portfolio manager at international and large regional banks. I hope you find this information useful and please share with your colleagues having responsibilities related to IRR modeling and related controls, thank you, — Bud

AUDITONE LLC’S ANALYSIS OF IRR LIMITS AND ASSUMPTIONS 2016 – 2018

AuditOne LLC is a leading provider of outsourced internal audit and related services for community banks, regional banks, credit unions and other financial institutions (FI). Please refer to our website for further information (www.auditonellc.com). Interest rate risk (IRR) is among AuditOne’s audit areas, part of our ALM practice. US FI are expected to have an annual internal audit of their modeling, monitoring and control of IRR. Key to modelling IRR are various forward-looking assumptions, while controlling IRR requires appropriate limits

AuditOne has compiled (anonymously) data from 91 of our IRR clients on IRR limits and assumptions. We have used data from the most recent AuditOne IRR audit, no further back than 2016. AuditOne believes this database is relevant to our clients because it covers a relatively narrow range of asset size, geography and business lines. We update this analysis annually.

DEFINITIONS

NII: Net interest income (NII) exposure is a current period (generally, at least one-year and two-year) estimate of interest-sensitive revenues and expenses under different interest rate scenarios.

EVE: Economic value of equity (EVE) is a theoretic valuation of the institution whereby cash flows from all assets and liabilities are discounted to their net present value (NPV), then summed. EVE captures long term risk in the balance sheet. Conceptually, EVE cam be thought of as the sum of the NPV of all future NII.

INSTANT vs. RAMPED INTEREST RATE SHOCKS (for NII): The averages showing in the tables below are for instant (or immediate) rate shocks (81 clients) which assumes rates change instantly, as opposed to a gradual and even rate rise (ramp) spread over 12 months.

BETA: This represents the assumed portion of a market rate change that is reflected in administered rates – most importantly, deposit rates. For example, if the driver rate is Fed Funds and the beta for saving accounts is 45%, then for every 100 basis point rise in Fed Funds, savings account rates are assumed (predicted) to rise 45 basis points. Very few of our clients have different betas for down versus up rate movements. 19 FI assume a time lag in administered rate changes; most of these lags are 15-days and only three FI exceed 30-days.

AVERAGE LIFE: Non-maturity deposits (NMDs) have no contractual maturity and therefore form a stable, longer-term funding source. In order to get a meaningful estimate of EVE, NMDs are assigned an assumed average life by account type, reflecting an assumed run-off (or decay) rate.

PARALLEL vs. NON-PARALLEL RATE SHOCKS: The standard rate shock set-up assumes the yield curve shifts in parallel fashion over the entire maturity spectrum. However, many institutions also run simulations based on flatteners, steepeners and other non-parallel shocks. These can be helpful for assessing specific balance sheet vulnerabilities. But we advise against basing IRR limits on non-parallel shocks because shock details are difficult to define for measurement and control purposes.

STATIC vs. DYNAMIC BALANCE SHEET: For NII simulations, the balance sheet can either be static (constant), with replacement of run-off assets and liabilities, or it can incorporate change, both growth and shrinkage (e.g., budgeted balances). The 2010 Interagency Guidance specified that a static balance sheet be used, though simulations could also be run off a dynamic balance sheet.

2016 – 2018 DATABASE ANALYSIS

There are no major changes from the 2015-17 report to this 2016-18 report. It presents results across the entire database of 91 FI. We would be happy to recalculate any of the results for subsets of institutions based on asset size, primary regulator, and/or model vendor. Please contact David Kellerman or Jeremy Taylor at Contact Us.

See the final section below for the key identifiers. Note, too, that we have presented only average (mean) figures in the tables below. We also computed medians, but these were very close to the corresponding averages.

NII (one-year) simulation limits

NII Shocks-200-100+100+200+300+400
Average-14.1%-8.5%-8.3%-14.1%-19.8%-24.9%

EVE simulation limits

EVE Shock-200-100+100+200+300+400
Average-18.8%-11.4%-11.7%-19.6%-27.2%-33.7%

Beta assumptions for administered deposit rates

BetaNOWSavingsMMACD
Average28.2%32.1%48.0%78.8%

Average life assumptions (in months) for NMD

Aver. LifeNOWSavingsMMADDA
Average65.458.749.360.9

NII (one-year) simulation limits

InstantRamp
810

Note: If asset and liability repricing is evenly spaced during the year (i.e., a ramped shock), then it has roughly half the impact on NII as an instantaneous shock at beginning of the year. This means that institutions running ramped shocks would be expected to have NII risk limits at roughly half the limits for instantaneous shocks.

Parallel versus non-parallel shock analysis

Parallel onlyNon-Parallel onlyBoth
41040

Balance sheet growth analysis

Static onlyDynamic onlyBoth
7119

DATABASE MIX SUMMARY

Database mix by asset size (all dollar figures in millions)

CountMaxMedianMin 
81$11,400$307$24Total

Database mix by primary regulator (all dollar figures in millions)

81MaxMedianMin 
58$11,400$307$71FDIC
9$1,023$429$194FRB
13$1,069$270$24OCC
1nananaNCUA

Database mix by model vendor (all dollar figures in millions)

81MaxMedianMin 
13$1,023$303$89ALX Consulting
5$270$227$128Baker Group IRR Monitor
7$11,400$727$230Darling Consulting BASIS
4$834$251$172FIMAC Risk Analytics
10$2,133$383$174Fiserv Sendero
5$858$110$24Plansmith Bankers GPS
8$1,266$378$71Plansmith Compass
11$1,316$241$113Jack Henry Associates Profitstars
11$4,786$429$140ZMDesk / ZMOnline
7$5,960$400$112Other Systems (6)

AuditOne LLC – Company Overview

AuditOne LLC’s is a leading provider of risk management services to financial institutions in the Western US and nationally. Our sole focus enables us to deliver effective and efficient internal audit and credit review services. This exclusive focus translates into exceptional benefits to our clients, including regional and community banks, credit unions and other financial institutions. We have experience with all regulatory authorities and offer a full selection of audit services comprising Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, BSA/Compliance, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge. For more information on this article, or to receive a proposal for an ALM/ IRR Audit, please contact Jeremy Taylor, CEO, AuditOne LLC, at Contact Us. In addition, contact Jeremy for information on how our other services can help reduce risk at your institution. Also, for more information about AuditOne LLC and all our audit services see AuditOneLLC.com

Categories
News

AuditOne Advisory: Flat and Inverted Yield Curve Implications for Interest Rate Risk

AuditOne Advisory

From Bud Genovese, Chairman

Our ALM Practice Director, David Kellerman, has offered timely suggestions to consider relative to your Interest Rate Risk (IRR) Modeling based on the recent trends in the yield curve. In addition, he presents the importance of reviewing with ALCO and the Board how the current yield curve trend and new model assumptions may impact loans and your IRR profile. Please share this with colleagues having responsibilities related to IRR modeling. We hope you find this information useful, thank you! – Bud

Implications of Flat and Inverted Yield Curves for Interest Rate Risk (IRR) Modeling

The current yield curve has turned inverted (negative spreads between the 10-year Treasury bond and the 3-month Treasury bill). A flat or inverted yield curve has preceded the last seven recessions; but a recession has not automatically followed a flat or inverted yield curve. It implies expectations of declines to come in short-term rates.

US 10-Year/Three-Month Treasury Spread Falls Below Zero

What are the implications for financial institutions as they model their interest rate risk?

Scenarios:

Institutions typically run parallel rate shocks. However, many institutions also run non-parallel rate scenarios. We highly recommend running rate scenarios that simulate a steepening of the curve and a further inversion. In “normal” periods of an upward sloping yield curve, flattener rate scenarios should also be run. This will help identify whether there is any embedded risk in the balance sheet that might be revealed through these non-parallel scenarios. The 2010 Advisory on Interest Rate Risk Management included guidance on running rate scenarios “across different tenors to reflect changing slopes and twists of the yield curve”.

Focus of Risk Management:

For over a decade now institutions have largely disregarded the risk profile for down rate scenarios. If the projected change in net interest income (NII) was outside of limits, ALCO and/or the Board allowed for the exception without the need for mitigating action plans, citing the remote likelihood of lower rates as the reason. The markets now have priced into rates a decrease in the Fed Funds rate in 2019 and perhaps another two decreases in 2020. IRR risk in down rate scenarios needs to be understood and addressed.

IRR Assumptions:

Perhaps the assumption that is impacted the most by a flat or inverted yield curve are loan prepayment assumptions. Incentives to prepay an existing fixed rate loan to move to a variable rate loan are not the same in flat and inverted yield curve environments. Institutions should at least consider whether existing assumptions for prepayments are still valid in this rate environment.

Additionally, we have seen two dynamics during the 2015-2018 rate cycle (increasing short-term rates) that are worthy of mention. Most institutions have successfully lagged increasing their posted rates for non-maturity deposits (NMDs) without an impact on NMD balances. However, we now see preliminary indications of deposit rates starting to move up, and some institutions have modeled in a “catch-up” period in case rates continue to rise whereby deposit betas for the next 100 basis point increase in rates will have a beta higher than the normal beta assumption, with the normal beta resuming after the 100 basis point increase.

Additionally, loan betas are now being discussed. These betas are almost always set at 100%. That seems to be holding true for loans tied to an index; however, loans priced individually (not directly tied to an index) have seen actual betas lower than 100% during this past rate cycle. Institutions are encouraged to do a correlation analysis for loan betas (similar to what is done for deposit betas) to see if the standard 100% beta for all loans still applies.

Average life (decay rate) assumptions have been influenced by the prolonged period of low rates, and institutions are advised to consider whether historical analysis of deposit average lives computed from 2008 until today are truly a sound foundation for future expectations.

Finally:

A reminder that best practices include a formal review of model assumptions at least annually by ALCO and/or the Board. Support for assumptions is important. Additionally, sensitivity analysis on key model assumptions should be conducted at least annually. These analyses keep ALCO and the Board informed of the potential impact that varying assumption levels might have on the IRR profile.


AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally. Our sole focus enables us to deliver effective and efficient internal audit and credit review services. This exclusive focus translates into exceptional benefits to our clients, including regional and community banks, credit unions and other financial institutions. We have experience with all regulatory authorities and offer a full selection of audit services comprising Asset/Liability Management (ALM) audits, ADA Website Compliance Review, IT/Information Security, Network Tests, Credit Review/ALLL, BSA/Compliance, ACH rules Compliance, Operations, Trust and SOX/FDICIA Testing, plus many specialty areas within each of these.

Our deep expertise is your edge. For more information on this article, please contact David Kellerman, ALM Practice Director, AuditOne LLC. For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at Contact Us. Also, for more information about AuditOne LLC and all our audit services see www.AuditOneLLC.com.

Categories
News

AuditOne General Compliance Advisory Q1 2019

AuditOne Advisory

From Bud Genovese, Chairman

Legislative and regulatory communities have been bustling. The ongoing implementation of changes associated with the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) and the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA) has created an onslaught of new committees and workgroups, Frequently Asked Questions (FAQ) updates and supplementary regulatory guidance. Enforcement actions targeting misleading and deceptive practices appear to be on the upswing. And, for the first time since the General Data Protection Regulation (GDPR) took effect, a US technology company was fined for violating Europe’s data privacy rules.

Within this issuance, we cover key Dodd-Frank updates, new Prepaid Account Rules, what’s behind the 37% rise in reported fraud in 2018, and other noteworthy regulatory developments and enforcement actions.

This Quarterly General Compliance edition has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. We hope you enjoy! – Bud

DODD-FRANK CORNER

RESPA Servicing Rule

https://files.consumerfinance.gov/f/documents/cfpb_mortgage-servicing-rule-assessment_report.pdf.

NEW PREPAID ACCOUNT RULES HAVE ARRIVED

Effective April 1, 2019, the CFPB amended Regulations E and Z to extend consumer protections to prepaid accounts. These amendments are known as the Prepaid Accounts Rule and apply to the following:

  • An account that is marketed or labeled as “prepaid” and is redeemable upon presentation at multiple, unaffiliated merchants for goods and services or usable at automated teller machines (ATMs); or
  • An account that meets all of the following:
    (1) Is issued on a prepaid basis in a specified amount or is capable of being loaded with funds after issuance;
    (2) Whose primary function is to conduct transactions with multiple, unaffiliated merchants for goods or services, to conduct transactions at ATMs, or to conduct person-to-person (P2P) transfers; and
    (3) Is not a checking account, a share draft account, or a negotiable order of withdrawal (NOW) account.

However, an account that satisfies one or both of these tests is not a prepaid account if it is any of the following:

  • An account loaded only with funds from a health savings account, flexible spending arrangement, medical savings account, health reimbursement arrangement, dependent care assistance program, or transit or parking reimbursement arrangement;
  • An account that is directly or indirectly established through a third party and loaded only with qualified disaster relief payments; a gift certificate; a store gift card; a loyalty, award, or promotional gift card; a general-use prepaid card that is both marketed and labeled as a gift card or gift certificate; or an account established for distributing needs-tested benefits in a program established under state or local law or administered by a state or local agency.

Additionally:

  • The P2P functionality of an account established by or through the U.S. government is not a prepaid account if the account’s primary function is to conduct closed-loop transactions on U.S. military installations or vessels, or similar government facilities.
  • Under the existing definition of account in Regulation E, an account is subject to Regulation E only if it is established primarily for a personal, household, or family purpose. Therefore, an account established for a commercial purpose is not deemed a prepaid account.
  • Under the existing definition in Regulation E, an account held under a bona fide trust agreement is not an account subject to Regulation E and is therefore not deemed a prepaid account.

Available Resources

Regulators developed the following chart to help institutions determine Prepaid Account Coverage:
https://files.consumerfinance.gov/f/documents/Prepaid_coveragechart_v1_10052016.pdf.

Technical specifications can be accessed here:
https://www.federalregister.gov/documents/2019/03/06/2019-03852/technical-specifications-for-submissions-to-the-prepaid-account-agreements-database?utm_campaign=subscription%20mailing%20list&utm_source=federalregister.gov&utm_medium=email.

Effective Dates

  • On Jan. 25, 2018, the CFPB issued a final rule modifying several aspects of the prepaid accounts rule and extending the overall effective date to April 1, 2019.
  • On Feb. 27, 2019, the CFPB issued technical specifications for submissions of prepaid account agreements pursuant to the prepaid accounts rule.

The Prepaid Rule does not require financial institutions to pull and replace prepaid account access devices or packaging materials that were manufactured, printed, or otherwise produced in the normal course of business prior to October 1, 2017. The Prepaid Rule does, however, require in certain circumstances that financial institutions provide to consumers notice of certain changes in terms and updated initial disclosures as a result of the Prepaid Rule taking effect. However, the Prepaid Rule provides an accommodation for financial institutions that, on the effective date, do not have readily accessible data necessary to comply with the full requirements for providing electronic and written account transaction histories or summary totals of fees. A financial institution may make available such histories and summary totals using the data for the time period it has until it has accumulated the data necessary to fully comply with the requirements.

EU & US PRIVACY INTERSECT

For the first time since the regulation took effect, a US technology company was fined for violating Europe’s data privacy rules. Although this applies most directly to the technology sector, expanded mechanisms for loan offerings increase the possibility of unknown applicability. It’s certainly worth a closer look at privacy disclosure language for nuances, particularly as talk of a US equivalent to the GDPR seems to be picking up steam.

A link follows: https://www.latimes.com/business/technology/la-fi-tn-google-france-data-privacy-20190121-story.html

DID YOU KNOW? …

According to the Federal Trade Commission (FTC), people reported losing $1.48 billion to fraud last year – an increase of 38% over 2017. Some interesting highlights:

  • Ranked at the top were imposter scams, debt collection, and identity theft.
  • The age of those that formally reported fraud may surprise you: 43% of people in their 20s reported a loss to that fraud, while only 15% of people in their 70s did.
  • Scammers like to get money by wire transfer – for a total of $423 million last year. That was the most of any payment method reported, but we also saw a surge of payments with gift and reload cards – a 95% increase in dollars paid to scammers in 2017.
  • Credit card fraud on new accounts was up 24%. In fact, misusing someone’s information to open a new credit card account was reported more often than any other forms of identity theft in 2018.
  • The top three states for fraud were Florida, Georgia and Nevada. The top three for identity theft reports were Georgia, Nevada and California.

A link to the study follows: https://www.ftc.gov/news-events/blogs/business-blog/2019/02/top-frauds-2018

OTHER COMPLIANCE NEWS & DEVELOPMENTS

Bureau of Consumer Financial Protection (BCFP) reverts to original name, except…


In April 2018, the Acting Director of the CFPB (the Bureau), Mick Mulvaney, changed the name to the BCFP, noting that the “CFPB no longer exists”. For much of 2018, rebranding was underway until December 2018, when the new Director, Kathy Kraninger, backed away from the name change, while noting that changing the name “would make it harder for consumers to find the agency’s website, file complaints, and seek help”. As of December 2018, Director Kraninger announced that she has “officially halted all ongoing efforts to make changes to existing products and materials related to the name correction initiative”, estimated to have cost upwards of $15 million. There is an exception, however. The BCFP title will still be used as an “internal nickname” within the organization. Stay tuned.

TILA-RESPA Integrated Disclosure (TRID) Rule

In March 2019, the CFPB published updated FAQs for TRID. Four additional questions were added pertaining to closing disclosures, the three-day waiting period, and model forms. A link follows:
https://files.consumerfinance.gov/f/documents/cfpb_TILA-RESPA-integrated-disclosure_frequently-asked-questions.pdf

Audit Committees

In January 2019, the International Organizations of Securities Commissions (IOSCO) issued a report on “Good Practices for Audit Committees in Supporting Audit Quality” that outlines the role Audit Committees are expected to play in fostering high-quality audits for publicly listed companies. Although the intended audience is publicly listed companies, the principles within can be easily applied to the Audit Committee of any financial institution as a form of self-assessment. A link to the report follows: https://www.iosco.org/library/pubdocs/pdf/IOSCOPD618.pdf

HMDA Reporting

On January 31, 2019, the CFPB published “Reportable HMDA Data: A Regulatory and Reporting Overview Reference Chart for Data Collected in 2019”. The chart is designed to be a reference tool for data points that are required to be collected and reported. A link follows:
https://files.consumerfinance.gov/f/documents/cfpb_reportable-hmda-data_regulatory-and-reporting-overview-reference-chart-2019.pdf

The Bureau also published policy guidance for HMDA data compiled in or after 2018, as follows:
https://www.govinfo.gov/content/pkg/FR-2019-01-31/pdf/2018-28404.pdf?utm_campaign=subscription%20mailing%20list&utm_source=federalregister.gov&utm_medium=email

Community Reinvestment Act (CRA)

The FFIEC released version 2019 for the CY 2019 CRA data due March 2, 2020. A link follows:
https://www.ffiec.gov/software/software.htm

Suspicious Activity Report (SAR) Analysis/Elder Financial Abuse

In February 2019, the CFPB released a report about key facts, trends and patterns revealed in SARs involving elder fraud filed by banks, credit unions, money transmitters, and other financial service providers.

The Bureau analyzed 180,000 SARs filed with the Financial Crimes Enforcement Network (FinCEN) from 2013 to 2017. The effort was birthed out of the increasing number of older customers falling prey to “financial exploitation by perpetrators ranging from offshore scammers to close family members”.

Notable findings:

  • SAR filings on elder financial exploitation (EFE) quadrupled from 2013 to 2017.
  • More than half of the SARs involved a money transfer. The second-most common financial product used to move funds was a checking or savings account (44%).
  • Money services businesses (MSB) have filed an increasing share of EFE SARs. In 2016, MSB filings surpassed depository institution (DI) filings. In 2017, MSB SARs comprised 58% of EFE SARs, compared to 15% in 2013.
  • Financial institutions reported a total of $1.7 billion in suspicious activities in 2017, including actual losses and attempts to steal older adults’ funds.
  • For SARs involving a loss to an older adult, the average amount lost was $34,200.
  • One third of the individuals who lost money were aged 80 or older. Adults aged 70 to 79 had the highest average monetary loss ($45,300).

A link follows: https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/cfpb_suspicious-activity-reports-elder-financial-exploitation_report.pdf

Fair Lending

On February 8, 2019, the Bureau issued its sixth Fair Lending Report to Congress. The report describes the CFPB’s fair lending activities in prioritization, supervision, enforcement, rulemaking, interagency coordination and outreach for calendar year 2017. A link follows:
https://www.govinfo.gov/content/pkg/FR-2019-02-08/pdf/2019-01568.pdf?utm_campaign=subscription%20mailing%20list&utm_source=federalregister.gov&utm_medium=email

Flood

In January 2019, regulators issued a joint final rule governing private flood insurance acceptance, effective July 1, 2019. It implements the Biggert-Waters Act provision that requires federally regulated lending institutions to accept private flood insurance policies that meet certain statutory criteria. In addition to placing the onus on the lender to determine whether a policy meets the new requirements, if the following statement is included in the flood insurance policy the institution is allowed to accept the insurance without additional review: “This policy meets the definition of private flood insurance contained in 42 U.S.C. 4012a(b)(7) and the corresponding regulation.”

Finally, the provision opens the doors for the purchase of flood insurance that may be less expensive than polices offered commercially or through the National Flood Insurance Program (NFIP). A link to the rule follows:
https://www.occ.gov/news-issuances/news-releases/2019/nr-ia-2019-15.html

Consumer Complaints

The CFPB recently published a “Complaint Snapshot” that highlights trends and data points identified as a result of analyzing consumer complaints submitted between November 1, 2016 and October 31, 2018. The majority of the complaints submitted focused on trouble during the payment process (42%) and struggling to pay mortgage (36%). A link to the document follows:
https://www.consumerfinance.gov/documents/7211/cfpb_complaint-snapshot-mortage_2019-01_liwsYNV.pdf

Fair Debt Collection Practices Act (FDCPA)

In March 2019, the Bureau published their annual FDCPA Report. The Bureau received approximately 81,500 complaints about debt collection in 2018, making debt collection one of the most common consumer complaints. A link follows:
https://files.consumerfinance.gov/f/documents/cfpb_fdcpa_annual-report-congress_03-2019.pdf

NOTABLE SANCTIONS AND ENFORCEMENT ACTIONS

Unfair, Deceptive or Abusive Acts and Practices (UDAAP)

Avant, LLC, an online lending company, settled with the FTC over charges that it engaged in unfair and deceptive lending practices. A link follows:
https://www.ftc.gov/news-events/press-releases/2019/04/online-lending-company-agrees-settle-ftc-charges-it-engaged?utm_source=govdelivery

$1.3 Billion – Office of Foreign Assets Control (OFAC) Violations

UniCredit AG (UCB) was ordered to pay a fine of $1.3 billion for routing illegal payments through US financial institutions for the benefit of the sanctioned entities in ways that concealed those entities’ involvement. According to OFAC, between January 2007 and December 2011, UCB processed over 2,000 payments totaling over $500 million. Banks that were involved in some manner with this scheme are required to establish Settlement Agreements with OFAC as part of a broader commitment to enhance sanctions compliance.

Fair Housing Act

The OCC has assessed a $25 million civil money penalty against Citibank, N.A., for violations of the Fair Housing Act, 42 USC §3601 – 3619, and its implementing regulation, 24 CFR 100. The Bank had a program that offered either reduced interest rates or a credit to closing costs. The program was applied in a manner that excluded certain applicants on the basis of race, color, national origin, and/or sex. A link follows:
https://occ.treas.gov/news-issuances/news-releases/2019/nr-occ-2019-27.html

USAA Federal Savings Bank

It’s been a while since we’ve seen a combined Electronic Funds Transfer Act (EFTA) and Regulation E order such as the one assessed against USAA. A link follows: https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/bcfp_usaa-federal-savings-bank_consent-order.pdf


AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security/Cybersecurity, ACH rules Compliance, Operations, Network Penetration Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, CEO at Contact Us and for information about all of our audit services see AuditOneLLC.com