Categories
News

AuditOne Advisory: Audit focus in response to increased risk during the Pandemic

AuditOne Advisory

From Bud Genovese, Chairman

Audit focus in response to increased risk during the Pandemic

We at AuditOne hope that you, your colleagues and families are all keeping safe and well in these stressful times.  Many of your staff have been able to work from home, doing their part for social distancing and helping reduce viral contamination risk for everyone.  But under these circumstances, skeletal on-site staff may become stretched to complete tasks requiring on-site presence and to comply with segregation of duties and other key controls, especially with the demands you’re facing concurrently to respond to PPP and other government support program loan requests in timely fashion. 

With all this in mind, we ourselves recognize that our task in assisting you to maintain safe and prudent practices across all your functional areas becomes all the more important.  I want to assure you that we are attuned to the marked changes in risk profile across financial institutions in the current environment and to the need for our audit procedures to adapt to those changes.  Through the rest of this year, our auditors will be paying particular attention to help ensure that the integrity of client operations was not compromised during this period of upheaval when the response to COVID-19 required many changes directed at other, more pressing (e.g., health and safety-related) goals.  To accomplish this control oversight, we will give particular attention to focal period sample selection since control lapses are more likely to occur when staffing resources are stretched beyond the norm. 

We appreciate the trust that you place in us when you allow us to meet your internal audit needs.  And in such an unusual and disruptive environment, I want you to be comfortable that we are adjusting our audit activity so as to help protect you against not just the normal range of risk exposures but also, even more so, those that are elevated by the demands posed by a world now changed in ways that none of us could have predicted.

All of us at AuditOne wish you well.


AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally. Our sole focus enables us to deliver effective and efficient internal audit and credit review services. This exclusive focus translates into exceptional benefits to our clients, including regional and community banks, credit unions and other financial institutions. We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/AML Program, Automated AML System Validation, IRR and other Asset/Liability Management (ALM), ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge.  To receive an audit proposal or more information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, directly at https://www.auditonellc.com/team-contact/.  Also, for more information about AuditOne LLC and all our audit services, see www.AuditOneLLC.com.

Categories
News

IRR Limits & Assumptions Analysis – Revised

Note: This Advisory was originally issued on April 8, 2020. It contained an error in the NMD average life table that has been corrected in the version showing below.

AuditOne Advisory

From Bud Genovese, Chairman

This Advisory presents data that we have compiled to help you in management of your institution’s Interest Rate Risk (IRR) process. AuditOne performs remote-based IRR audits each week at institutions in the Western US and around the nation. One of our IRR audit specialists, Kruskal Hewitt, has developed the following presentation of IRR data on exposure limits and modeling assumptions from a range of our financial institution clients. Mr. Hewitt has been a risk manager, portfolio manager and trader at international and regional banks. I hope you find this information useful, and please share with your colleagues having responsibilities related to IRR modeling and related controls. Thank you, — Bud

AUDITONE LLC’S ANALYSIS OF IRR LIMITS AND ASSUMPTIONS 2017 – 2019

AuditOne LLC is a leading provider of outsourced internal audits for community banks and other small/mid-sized financial institutions (FIs), predominantly in the western US.  Please refer to our website (www.auditonellc.com) for further information.  Asset/Liability Management (ALM) is among AuditOne’s practice areas, and within that we perform many audits of Interest Rate Risk (IRR) management every year. US FIs are expected to have an annual internal audit of their modeling, monitoring and control of IRR.  Key to IRR modelling are several forward-looking assumptions.

AuditOne has compiled (anonymously) data from 80 of our IRR clients on IRR limits and assumptions from our last three years’ audits; we have used data from the most recent AuditOne IRR audit, no further back than 2017.  AuditOne believes this database is relevant to AuditOne clients because it covers a relatively narrow range of asset size, geography and business lines.  AuditOne updates this analysis annually.

DEFINITIONS

NII:  Net interest income.  FIs are expected to model and project (over at least a one- and two-year horizon) interest-sensitive revenues and expenses under different interest rate scenarios.

EVE:  Economic value of equity.  This is a theoretic valuation of the institution whereby cash flows from all assets and liabilities are discounted to their net present value (NPV), then summed.  EVE captures long term risk in the balance sheet.  Conceptually, EVE cam be thought of as the sum of the NPV of all future NII streams.

Instant vs. Ramped Interest Rate Shocks (for NII):  The averages showing in the tables below are for instant (or immediate) rate shocks (78 clients) which assumes rates change instantly, as opposed to a gradual and even rate rise (ramp) over 12 months.

Beta:  This represents the assumed percentage of a market rate change that is reflected in administered rates – most importantly, deposit rates.  For example, if the driver rate is Fed Funds and the beta for saving accounts is 45%, then for every 100-basis point rise in the Fed Funds rate, savings account rates are assumed (predicted) to rise 45 basis points.  Relatively few of our clients have different betas for down versus up rate movements.  Nineteen FIs assume a time lag in administered rate changes; most of these lags are 15 days and only three exceed 30 days.

Average Life:  Non-maturity deposits (NMDs) have no contractual maturity and therefore form a more stable, longer-term funding source.  In order to get a meaningful estimate of EVE, NMDs must be assigned an assumed (predicted) average life by account type.

Parallel vs. Non-Parallel Rate Shocks:  The standard rate shock set-up assumes the yield curve shifts in parallel fashion over the entire maturity spectrum.  However, many institutions also run simulations based on flatteners, steepeners and other non-parallel shocks.  These can be helpful for assessing specific balance sheet vulnerabilities.  But we advise against basing IRR limits on non-parallel shocks because shock specifications are very difficult to define for assessing limit compliance.

Static vs. Dynamic Balance Sheet:  For NII simulations, the balance sheet can either be static (constant), with like replacement of run-off assets and liabilities, or it can incorporate change, both growth and shrinkage (e.g., based on budgeted balances).  The 2010 Interagency Guidance specified that a static balance sheet be used, though simulations could also be run off a dynamic balance sheet as well.  

2017 – 2019 DATABASE ANALYSIS

There are no significant changes from the 2016 – 18 report to this 2017 – 19 report.  It presents results across the entire database of 80 IRR audit clients.  We would be happy to recalculate any of the results for subsets of institutions based on asset size, primary regulator, and/or model vendor; please contact our CEO Jeremy Taylor at 562-802-3581. 

See the final section below for the key identifiers.  Note, too, that we have presented only average (mean) figures in the tables below.  We also computed medians, but these were very close to the corresponding averages and have therefore not been presented separately here.

NII-at-risk (one-year) simulation limits

NII Shocks (bps)-200-100+100+200+300+400
Average Limit-14.3%-8.6%-8.4%-14.2%-20.3%-25.8%

EVE-at-risk simulation limits

EVE Shocks (bps)-200-100+100+200+300+400
Average Limit-18.3%-11.0%-11.4%-19.0%-26.6%-33.2%

Beta assumptions

Account TypeNOWMMASavingsCD
Average Beta (%)26.9%46.4%31.3%79.2%

Average life (AL) assumptions

Account TypeDDANOWMMASavings
Average AL (Months)62665259

Interest rate shocks (for NII limits) – number of FIs

InstantRamp
782

Note:  If asset and liability repricing is evenly spaced during the year (i.e., a ramped shock), then it has roughly half the impact on NII as an instantaneous shock at beginning of the year.  This means that institutions running ramped shocks would be expected to have NII risk limits at roughly half the limits for instantaneous shocks. 

DATABASE MIX SUMMARY

Database mix by asset size (all dollar figures in millions)

CountMaxMedianMin
80$11,400$322$24

Database mix by primary regulator (all dollar figures in millions)

80MAXMedianMin 
57$11,400$327$71FDIC
13$1,069$264$24OCC
7$834$322$194FRB
2nananaNCUA
1nananaFISCU

Database mix by primary regulator (all dollar figures in millions)

80MAXMedianMin 
14$723$308$68ALX Consulting
4$270$234$128Baker Group IRR Monitor
8$11,400$691$264Darling Consulting BASIS
4$834$251$172FIMAC Risk Analytics
9$2,133$321$174Fiserv Sendero
4$858$59$24Plansmith Bankers GPS
7$1,266$434$71Plansmith Compass
9$1,316$241$113Jack Henry Associates ProfitStar
12$4,786$426$140ZMDesk / ZMOnline
9$5,960$449$112Other Systems (8)

AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally.  Our sole focus enables us to deliver effective and efficient internal audit and credit review services.  This exclusive focus translates into exceptional benefits to our financial institution clients.  We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/ Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, a broad range of Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust/Wealth Management, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge.  For more information on this article, or to receive a proposal for Asset/Liability Management (ALM) or IRR Audits, please contact David Kellerman, ALM Practice Director, AuditOne LLC, at: Contact Us

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at: Contact Us.  Also, for more information about AuditOne LLC and all our audit services see www.AuditOneLLC.com.

Categories
News

AuditOne Advisory: Liquidity Risk Management Analysis 2020

AuditOne Advisory

From Bud Genovese, Chairman

This Advisory presents data that we have compiled to help in your institution’s Liquidity Risk Management (LRM) process. AuditOne performs many remote-based LRM audits every year at institutions in the Western US and around the nation. One of our ALM audit specialists, Kruskal Hewitt, has developed the following presentation of liquidity metrics and limits from a range of financial institutions. Mr. Hewitt has been a risk manager, portfolio manager and trader at international and regional banks. I hope you find this information useful, and please share with your colleagues having responsibilities related to Liquidity Risk Management and Liquidity Policy. Thank you, — Bud

AUDITONE LLC’S ANALYSIS OF LIQUIDITY LIMITS 2017 – 2019

AuditOne LLC is a leading provider of outsourced internal audits for community banks and other small/midsized financial institutions (FIs), predominantly in the western US.  Please refer to our website (www.auditonellc.com) for further information. Asset/Liability Management (ALM) is among AuditOne’s practice areas, and within that we perform many audits of Liquidity Risk Management (LRM) every year. US FIs are expected to have regular internal audits of their monitoring and control of LRM, which requires a variety of tools. 

AuditOne has compiled (anonymously) data from 70 of our LRM clients on liquidity limits.  These are institutions where we have used data from the most recent AuditOne LRM audit, no further back than 2017.  AuditOne believes this database is relevant to AuditOne clients because it covers a relatively narrow range of asset size, geography and business lines.  AuditOne updates this analysis annually.

WHICH LIMITS?

Regulators have not created rules or detailed guidance on how liquidity risk should be modeled, measured or limited, as there are with interest rate risk.  Nor are liquidity risks similar from one FI to another, as in investments risk (where all FIs invest in a relatively narrow range of financial instruments).  As a result, there is a broad proliferation of metrics (and limits), differing widely across institutions.  As shows below, there are only two measures that are used by more than half of our clients and only seven that are used by more than 30%.  As a result, our analysis of FI liquidity risk limits is inconclusive; rather, those limits are customized to each FI’s individual needs.

AuditOne has analyzed the limits on liquidity and funding sources of 70 regulated FIs over the period 2017 through 2019.  In this group there is one FI with only two liquidity policy limit measures, and two with as many as 18 measures; the average is nine.  There is no correlation between balance sheet size and the number of policy measurements; the second smallest balance sheet ($70 million) has 14 policy measures and the largest ($11 billion) only two limits.  The 70 FIs have in total 109 different measures of liquidity.  Of these, 71 are used by only one or two FIs.  However, 58 out of 70 FIs have at least one of the two most prevalent limits:

  • Net Non-Core Funding Dependence, used by 51 (73%) of the 70 clients
  • Loans / Deposits, used by 37 (51%)

Brokered deposits are also a common limit variable; 45 (64%) of the institutions covered have a limit on brokered deposits expressed as a percentage of either total deposits or total assets.  

Overall, we believe that our clients are satisfactorily monitoring their liquidity positions, and that the common points of liquidity risk exposure across institutions generally get appropriate attention.  We do not suggest an “ideal” set of liquidity measures.

Please note:  The difference between “less than” and “less than or equal to” (or “greater than” and “greater than or equal to,”), is minimal (in ratio terms).  In the following presentation we have made no distinction between the two.  For ease of notation, only “less than” (<) and “greater than” (>) are used.

DEFINITIONS

Brokered Deposits / Total Deposits:  In the numerator, all brokered deposits (per regulatory definition) and all deposits > $250,000 (unless the institution has designated specific large depositors as core).

FHLB Advances / Total Assets:  In the numerator, all collateralized borrowings from the FHLB.

Liquid Assets / Total Assets:  In the numerator, all assets that mature within one year plus all Available for Sale securities (all maturities).

Liquid Assets / Total Deposits:  Ditto.

Net Non-Core Funding Dependence:  Calculated as noncore liabilities less short-term investments divided by long term assets.  Noncore liabilities are total time deposits > $250,000 plus other borrowed money plus foreign office deposits plus securities sold under agreements to repurchase plus Federal Funds purchased plus insured brokered deposits.  Long term assets are net loans and leases, plus all securities less debt securities with a remaining maturity of one year or less, plus other real estate owned (non-investment).

Wholesale Funding / Assets:  The numerator is brokered deposits (including CDARS) plus listing service deposits plus security repurchase agreements plus net Fed Funds purchased.

2017 – 2019 DATABASE ANALYSIS

This analysis presents results across our entire database of 70 LRM audit clients.  We would be happy to recalculate any of the results for subsets of institutions based on asset size, primary regulator, and/or a specific limit that is not listed below; please contact our CEO Jeremy Taylor at 562-802-3581.

Note that “< %” implies a limit expressed as a maximum (i.e., the highest that ratio can go), and vice versa.  This is in contrast, in the tables below, with “Maximum” which indicates the highest limit amount across the database and “Minimum”, the lowest limit amount, whether the limit itself represents the highest or lowest the ratio in question, allowed.

Net Non-Core Funding Dependence: <%

ClientsAverageMedianMinimumMaximum
5126%25%7%60%

Loans / Deposits: <%

ClientsAverageMedianMinimumMaximum
37103%100%75%135%

On Balance Sheet Liquidity / Deposits: >%

ClientsAverageMedianMinimumMaximum
3115%15%7%40%

On Balance Sheet Liquidity / Assets:  >%

ClientsAverageMedianMinimumMaximum
3112%10%3%20%

Brokered Deposits / Total Deposits:  <%

ClientsAverageMedianMinimumMaximum
3016%13%5%75%

FHLB Advances / Assets: <%

ClientsAverageMedianMinimumMaximum
2624%25%10%40%

Wholesale Funding / Assets: <%

ClientsAverageMedianMinimumMaximum
2230%30%10%50%

DATABASE MIX SUMMARY

Database mix by asset size (all dollar figures in millions):

ClientsAverageMedianMinimumMaximum
70$1,018$371$24$11,400

Database mix by primary regulator (all dollar figures in millions):

ClientsAverageMedianMinimumMaximumRegulator
51$1,153$378$70$11,400FDIC
9$316$235$24$1,069OCC
8$721$497$209$2,000FRB
1nanananaFISCU
1nanananaNACU

AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally.  Our sole focus enables us to deliver effective and efficient internal audit and credit review services.  This exclusive focus translates into exceptional benefits to our financial institution clients.  We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/ Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, a broad range of Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust/Wealth Management, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge.  For more information on this article, or to receive a proposal for Liquidity Risk or other Asset/Liability Management Audits, please contact David Kellerman, ALM Practice Director, AuditOne LLC, at: Contact Us

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at: Contact Us.  Also, for more information about AuditOne LLC and all our audit services see www.AuditOneLLC.com.

Categories
News

AuditOne Compliance Advisory: Q4 2019 / Q1 2020

AuditOne Advisory

From Bud Genovese, Chairman

In this issue, we cover significant changes in the compliance arena, to include the OCC’s rescission of over 200 outdated rules; updated Agency exam manuals; regulatory guidance and FAQs associated with the new retirement-related SECURE Act, TILA/RESPA Integrated Disclosure (TRID) Rule, Community Reinvestment Act (CRA) and Home Mortgage Disclosure Act (HMDA); and the status of efforts to modernize regulations such as Advertising & Signage requirements, the Remittance Transfer Rule, CRA and the Fair Debt Collection Practices Act (FDCPA).  We also offer practical insights on how financial institutions can maintain an effective compliance framework while incorporating recent regulatory incentives to support the flow of credit as a result of the Coronavirus pandemic (COVID-19).  

Note: As a result of the significant increase in regulatory issuances with near to immediate impact as a result of COVID-19, we expanded this 4Q 2019 Compliance Advisory to include key compliance-related updates through March 31, 2020.

This Compliance Advisory has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. We hope you enjoy! – Bud

TIPS FOR MAINTAINING AN EFFECTIVE COMPLIANCE FRAMEWORK IN ANY ENVIRONMENT

In recent weeks, regulatory Agencies have published several communications on initiatives to support the flow of credit to households and businesses during the COVID-19 pandemic. Below, we’ve highlighted the Agency incentives most pertinent to the world of Compliance followed by some practical insights on maintaining a sound compliance framework, whether times are stable or, like now, disrupted.

AGENCY INCENTIVES TO ENCOURAGE THE FLOW OF CREDIT:

INTERAGENCY STATEMENT ON LOAN MODIFICATIONS
The FDIC, FRB, OCC, NCUA and CFPB issued an Interagency Statement on Loan Modifications and Reporting by Financial Institutions Working with Customers Affected by the COVID-19 to encourage financial institutions to work constructively with borrowers impacted by COVID-19 and provide additional information regarding loan modifications. Highlights:

  • Encourages financial institutions to work constructively with borrowers affected by COVID-19;
  • Will not criticize institutions for prudent loan modifications and will not direct supervised institutions to automatically categorize COVID-19-related loan modifications as troubled debt restructurings (TDRs);
  • Confirmed with the Financial Accounting Standards Board (FASB) that short-term modifications made on a good faith basis in response to COVID-19 to borrowers who were current prior to any relief are not TDRs;
  • Modification efforts described in the interagency statement for one-to-four family residential mortgages where loans are prudently underwritten and not past due or carried in nonaccrual status do not result in loans being considered restructured or modified for the purpose of respective risk-based capital rules; and
  • Views prudent loan modification programs in response to COVID-19 as positive actions that can effectively manage or mitigate adverse impacts on borrowers due to COVID-19, leading to improved loan performance and reduced credit risk.

The Interagency Statement also provides supervisory views on regulatory reporting of past due and nonaccrual status for loan modification programs whereby past due status should be based on the modified due date.  Additionally, it reminds institutions that loans that have been restructured will continue to be eligible as collateral at the FRB’s discount window based on the usual criteria.  This applies to financial institutions with assets under $1 billion.  A link to the statement follows: https://www.fdic.gov/news/news/press/2020/pr20038a.pdf

LETTER FROM THE NATIONAL CREDIT UNION ADMINISTRATION (NCUA) 
The NCUA recently issued a Letter that seeks to encourage credit unions to provide additional financial assistance to borrowers impacted by COVID-19…“The NCUA encourages credit unions to work with affected borrowers”…noting that  examiners “will not criticize a credit union’s efforts to provide prudent relief for members when such efforts are conducted in a reasonable manner with proper controls and management oversight.”  Among the suggested accommodations:

  • Waive overdraft, late and ATM fees;
  • Waive early withdrawal penalties on time deposits;
  • Ease credit terms and restrictions on check cashing;
  • Increase credit card limits;
  • Increase ATM daily cash withdrawal limits;
  • Ease restrictions on cashing out-of-state and non-member checks;
  • Offer payment accommodations, such as allowing borrowers to defer or skip some payments or extend the payment due dates, which would avoid delinquencies and negative credit bureau reporting caused by any COVID-19-related disruptions.

A link follows: https://www.ncua.gov/files/letters-credit-unions/20-cu-02-ncua-actions-related-covid-19.pdf

HUD, FHFA, CFPB SUPENSION OF FORECLOSURES & EVICTIONS 
Several announcements were made regarding this initiative:

  • The U.S. Department of Housing and Urban Development (HUD) and the Federal Housing Finance Agency (FHFA) temporarily suspended all foreclosures and evictions “in response to the economic shock renters and homeowners are experiencing due to the outbreak of COVID-19.”
  • The CFPB announced a moratorium on foreclosures and evictions of borrowers with federally backed mortgage loans, noting that it is a “timely and an important step in providing assurance to consumers amid ongoing concerns about the spread of the COVID-19”
  • The FHFA announced it had directed government-sponsored enterprises (GSEs) Fannie Mae and Freddie Mac to suspend foreclosures and evictions for at least 60 days due to the COVID-19 national emergency. The foreclosure and eviction suspension applies to homeowners with a GSE-backed single-family mortgage.
  • President Trump announced a suspension through April of foreclosures and evictions related to mortgages insured by the Federal Housing Administration.  The White House later put out a statement clarifying that the policy will extend at least 60 days.

PRIMARY DEALER CREDIT FACILITY 
To support the credit needs of American households and businesses, the FRB announced that it will establish a Primary Dealer Credit Facility (PDCF) that will offer overnight and term funding with maturities up to 90 days (available as of March 20, 2020).  It will be in place for at least six months and may be extended as conditions warrant.  Credit extended to primary dealers under this facility may be collateralized by a broad range of investment grade debt securities, including commercial paper, municipal bonds and a broad range of equity securities.  The interest rate charged will be the primary credit rate, or discount rate, at the Federal Reserve Bank of New York.  An explanatory link follows: https://www.investopedia.com/terms/p/primary-dealer-credit-facility-pdcf.asp

MONEY MARKET MUTUAL FUND LIQUIDITY FACILITY  (MMLF) 
The FRB launched the MMLF to enhance the liquidity and functioning of money markets and to support the economy.  The interim final rule modifies the Agencies’ capital rules so that financial institutions receive credit for the low risk of their MMLF activities, reflecting the fact that institutions would be taking no credit or market risk in association with such activities.  An explanatory link follows: https://www.investopedia.com/money-market-mutual-fund-liquidity-facility-4800304

AGENCY STATEMENTS ON CREDIT LOSS ACCOUNTING STANDARDS AND COUNTERPARTY CREDIT RISK DERIVATIVES
On March 27, 2020, the FRB, OCC and FDIC announced two actions to support the U.S. economy and allow banking organizations to continue lending to households and businesses:

TOTAL LOSS ABSORBING CAPACITY
The FRB announced a technical change and interim final rule that will phase in gradually the automatic restrictions associated with a firm’s “total loss absorbing capacity,” or TLAC, buffer requirements, if TLAC levels decline. TLAC is an additional cushion of capital and long-term debt that could be used to recapitalize a bank if it is in distress.   A link follows:  https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20200323a1.pdf

PRACTICAL INSIGHTS

While regulatory Agencies have consistently provided financial institutions assurance that they will not criticize activities designed to ensure the flow of credit to households  “when they are  conducted in a reasonable manner with proper controls and management oversight”, the expectation that consumers not be harmed remains a regulator concern – as demonstrated by a very recent suit by the CFPB against multiple institutions and individuals over FCRA, UDAAP and TSR (detailed later in this edition).

There is a saying that the Old is Forever New, which also rings true when it comes to the basics of maintaining an effective compliance framework.  So, we wanted to leave you with some basic principles that can be applied to ensure a sound Compliance environment at any time.  We hope you find the following key components of an effective Compliance Management System useful.

  • Fully document “end-to-end” compliance processes in the form of policies and procedures.
  • Update the Compliance Risk Assessment as significant changes to products, services and underlying processes occur.
  • Identify and document exception criteria (e.g., to established credit/income qualifications, fees, rates, terms, etc.).  Ensure exception criteria are consistently applied (e.g., if ATM fees are waived in location A, the same practice is applied in location B).  And if the relative risk warrants that different practices be applied, ensure that the justification is documented and that a supervisor/manager provides documented concurrence.  Where uncertainties exist, documented legal opinion is recommended.
  • Train employees on the documented processes, including any exception criteria.
  • Establish a means to monitor and enforce compliance with documented policies and procedures.  Ensure any exceptions noted are reviewed for the root cause, that consumers are all made whole individually, and that any trends are examined.
  • Identify consequences of non-compliance, including impact on performance evaluations and incentive compensation.
  • Ensure that senior management and the Board are provided periodic Compliance updates.

SECURE ACT SIGNED INTO LAW

The Setting Every Community Up for Retirement Enhancement (SECURE) Act, signed into law and effective January 1, 2020, changes certain retirement rules that are worthy of mention.  Key provisions:

  • Eliminates maximum cap for contributions to traditional individual retirement accounts
  • Allows employers to offer annuities as investment options in 401(k) plans
  • Increases required minimum distribution age to 72 (formerly 70.5) and eliminates the maximum age for IRA contributions (formerly capped at 70.5)
  • Provides small business tax incentives to set up automatic enrollment in retirement plans – and opens the door for institutions to work with a broader range of companies to offer employee retirement accounts
  • Eliminates rule that lets account beneficiaries stretch distributions across their lifetime; the entire balance must be distributed by the 10th year

Details: https://money.com/what-serure-act-retirement-law-means-for-you/

CRA MODERNIZATION

Efforts continue to rewrite rules implementing the Community Reinvestment Act (CRA) with a desire to expand qualifying activities and credit associated with activities that benefit communities outside of bank branch networks.  The comment period on proposed amendments has been extended to April 8, 2020.  A link follows:

https://www.federalregister.gov/documents/2020/02/26/2020-03766/community-reinvestment-act-regulations-extension-of-comment-period?utm_campaign=subscription+mailing+list&utm_source=federalregister.gov&utm_medium=email

ASSET THRESHOLDS:  Effective January 1, 2020, the OCC, FRB and FDIC amended their CRA regulations to adjust the asset-size thresholds.  Up to $326 million is now considered a Small Institution; from $326 million up to $1.305 billion is now Intermediate Small; and greater than $1.305 billion is now Large.

FRB ANALYTICS DATA TABLES:  The FRB recently announced the publication of Analytics Data Tables combining HMDA, CRA small business, small farm loan and manually extracted data from CRA Performance Evaluations.  This is intended to provide insight into the historical relationship between bank lending activity and regulatory assessments.  Bank attributes, deposit data, branching, demographics, and other third-party vendor data supplement the tables – a step forward in helping financial institutions prepare for CRA exams.  Links to the new CRA Analytics Data Tables as well as the User Guide and Data Dictionary follow:

OTHER COMPLIANCE NEWS, DEVELOPMENTS and ENFORCEMENT

OCC Rescinds 205 Outdated Rules and Makes Technical Amendments to Other Real Estate Owned (OREO)

FDIC Updates Risk Management Exam Module, Issues New Technology Guide

  • “In its continuing effort to encourage technological innovation in the banking sector, the FDIC’s technology lab (FDiTech) released a new guide to help financial technology companies and others partner with banks.  Conducting Business with Banks: A Guide for Third Parties is designed to help third parties understand the environment in which banks operate and navigate the requirements unique to banking. The Guide is an initial effort to address concerns that Chairman McWilliams has heard from banks and technology companies across the country related to challenges associated with on-boarding at institutions. FDiTech is working to develop additional tools and resources to increase opportunities for partnerships and eliminate unnecessary burdens and costs associated with third party risk management. In the meantime, Conducting Business with Banks should serve as a helpful guide to both banks and third parties.”  A link follows:  https://www.fdic.gov/fditech/guide.pdf?source=govdelivery&utm_medium=email&utm_source=govdelivery
  • The FDIC Risk Management examination module is now updated with a new appendix focusing on exam processes and tools.  A link follows: https://www.fdic.gov/news/news/financial/2019/fil19084.pdf

CFPB Publishes Several New Guides and FAQ’s

  • On February 1st, the CFPB announced plans to establish a new category of materials that are similar to previous compliance resources but will now be designated as “Compliance Aids.”  Of particular importance is that the CFPB asserted that – when exercising its enforcement and supervisory discretion – it does not intend to sanction, or ask a court to sanction, entities that reasonably rely on these Compliance Aids.  So, although regulated entities are not required to comply with the Compliance Aids themselves (they are required only to comply with the underlying rules and statutes), the Aids may provide a window into how the CFPB is likely to assess compliance with the requirements referenced within.  A link follows: https://www.govinfo.gov/content/pkg/FR-2020-01-27/pdf/2020-00648.pdf
  • The CFPB published two Guides that provide guidance and examples for commonly asked questions pertaining to these areas – one on disclosing construction and construction-permanent loans with a separate Loan Estimate and Closing Disclosure for each phase of the transaction, and one on disclosing a combined Loan Estimate and a combined Closing Disclosure for both phases of a construction-permanent transaction.  A link follows: https://www.consumerfinance.gov/policy-compliance/guidance/tila-respa-disclosure-rule/
  • The CFPB updated its 2013 Bulletin on Responsible Business Conduct.  The crux of the guidance focuses on building a culture of compliance internally and with service providers, in order to minimize the likelihood of violations of laws and regulations, for the overarching purpose of preventing harm to consumers.  A link follows: https://files.consumerfinance.gov/f/documents/cfpb_bulletin-2020-01_responsible-business-conduct.pdf
  • New TRID FAQs  have been issued covering Loan Estimates, Closing Disclosures, Model Forms and Lender Credits, among other areas.  A link follows: https://www.consumerfinance.gov/policy-compliance/guidance/tila-respa-disclosure-rule/tila-respa-integrated-disclosure-faqs/
  • The CFPB issued new HMDA FAQs.  Topics covered include Universal Loan Identifier & Legal Entity Identifier; Ethnicity, Race, and Sex; Discount Points; and Construction and Construction/Permanent Transactions.  A link to the most recent version, updated March 6, 2020, follows: https://files.consumerfinance.gov/f/documents/cfpb_HMDA_frequently-asked-questions.pdf
  • The 2020 edition of the “Guide to HMDA Reporting:  Getting It Right!” is now available at https://www.ffiec.gov/hmda/pdf/2020guide.pdf.  It reflects updates to incorporate content from the HMDA Rule issued by the CFPB in October 2019. 

Comment Period Extended for Modernizing Signage and Advertising Requirements & Fair Debt Collection Practices Act (FDCPA)

The FDIC announced that it is extending to April 20, 2020, the public comment period for its Request for Information (RFI) on potentially modernizing FDIC sign and advertising requirements (12 C.F.R. Part 328) to reflect how banks take deposits through various evolving channels. The RFI was published in the Federal Register on February 26, 2020, with a comment period originally set to close on March 19, 2020.  A link follows: https://www.fdic.gov/news/news/financial/2020/fil20015.html?source=govdelivery&utm_medium=email&utm_source=govdelivery

The CFPB announced that it is extending the comment period for the Supplemental Debt Collection Proposal on Time-Barred Debt, until June 5, 2020.  A link follows: https://files.consumerfinance.gov/f/documents/cfpb_debt-collection-supplemental-nprm_comment-extension-notice.pdf

Civil Money Penalty (CMP) Maximums Increased

Effective January 15, 2010, the CFPB, FDIC, FRB and NCUA CMP maximum penalties increased.  The highest CMP that may be charged by any one agency is just under $2.05 million – up from $2.01 million in 2019.  The increased amounts will apply to penalties applied toward misconduct occurring on or after Nov. 5, 2015.

Truth In Lending Exemption Threshold Change

Effective January 1, 2020, creditors with assets of less than $2.202 billion (including assets of certain affiliates) as of December 31, 2019, are exempt from the requirement to establish escrow accounts for higher priced loans,  if other requirements of Regulation Z are being met.  A link follows: https://www.federalregister.gov/documents/2019/12/23/2019-27523/truth-in-lending-act-regulation-z-adjustment-to-asset-size-exemption-threshold?utm_campaign=subscription+mailing+list&utm_source=federalregister.gov&utm_medium=email

FinCEN Issues Advisory on the FATF-Identified Jurisdictions with AML/CFT Deficiencies

FinCEN issued an advisory to financial institutions regarding the Financial Action Task Force’s (FATF) updated list of jurisdictions with strategic anti-money laundering and combating the financing of terrorism (AML/CFT) deficiencies.  These changes may affect U.S. financial institutions’ obligations and risk-based approaches regarding relevant jurisdictions.  The advisory also reminds financial institutions of the status and obligations involving these jurisdictions.  A link follows: https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2020-a001

FTC Issues Annual Letter on FDCPA Activities

The FTC shares enforcement responsibility for the Fair Debt Collection Practices Act (FDCPA) with the CFPB, which provides an annual report to Congress about debt collection practices.  The FTC prepared and provided to the CFPB the annual report for 2019.  The report concludes that during 2019, the FDIC:

  • Filed or resolved law enforcement actions against 25 defendants and obtained more than $24.7 million in judgments;
  • Banned 23 companies and individuals who engaged in serious and repeated violations of law from ever working in debt collection again;
  • Announced the return of $516,000 to 3,977 consumers who lost money to an unlawful debt collection operation previously stopped by the FTC;
  • Deployed educational materials to inform consumers about their rights and to educate debt collectors about their responsibilities under the FDCPA and FTC Act;
  • Supplied more than 27,500 copies of a fotonovela (graphic novel) on debt collection, developed for Spanish speakers, to raise awareness about scams targeting the Latino community;
  • Organized and cosponsored Common Ground conferences, bringing together law enforcement personnel, consumer advocates and community members to discuss consumer protection issues, including debt collection; and
  • Hosted public forums on small business financing and credit reporting, which raised debt collection policy issues.

A link follows: https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-enforcement-fair-debt-collection-practices-act-calendar-2019-report-bureau/ftc_annual_report_re_fdcpa.pdf

Top Frauds of 2019

During 2019, the FTC received over 1.7 million fraud reports and returned slightly over $230 million to consumers.  Imposter, Social Security, and phone scams are the most common fraud types noted.  Informational links follow: https://www.consumer.ftc.gov/features/feature-0037-imposter-scams; https://www.consumer.ftc.gov/articles/paying-scammers-gift-cards

Grace Periods

Regulatory agencies have extended grace periods for standard reporting, to include Call Reports and the HMDA LAR due March 1st of every year. Check with your local examiner for requirements specific to your jurisdiction.

CFPB Sues over Fair Credit Reporting, UDAAP and Telemarketing Sales Rule

The CFPB recently filed suit against multiple firms and individuals allegedly involved in violations of the Fair Credit Reporting Act. Charges included illegally obtaining consumer reports, unlawful advance fees, and deceptive conduct. A link follows: https://files.consumerfinance.gov/f/documents/cfpb_chou-team-realty-monster-loans_complaint_2020-01.pdf.

Membership of CFPB Task Force on Federal Consumer Financial Law Announced

This Task Force was established to  conduct a thorough examination of our current regulatory framework and report on how we can improve federal consumer financial laws to benefit and protect consumers,” said Director Kathleen L. Kraninger. Taskforce members are:

  • J. Howard Beales, III, former Professor of Strategic Management and Public Policy at the George Washington University and former Director of the Bureau of Consumer Protection at the Federal Trade Commission;
  • Thomas Durkin, Senior Economist (Retired) at the Federal Reserve Board;
  • Jean Noonan, Partner at Hudson Cook, former General Counsel at the Farm Credit Administration, and former Associate Director of the Bureau of Consumer Protection’s Credit Practice at the Federal Trade Commission; and
  • Todd J. Zywicki, Professor of Law at George Mason University (GMU) Antonin Scalia Law School, Senior Fellow of the Cato Institute, and former Executive Director of the GMU Law and Economics Center.

The CFPB announced the designation of Todd Zywicki to serve as the Chair of the Taskforce.

Note:  For additional insights on the COVID-19 pandemic response, please see AuditOne’s Pandemic Advisory issued March 24, 2020.


AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally.  Our sole focus enables us to deliver effective and efficient internal audit and credit review services.  This exclusive focus translates into exceptional benefits to our financial institution clients.  We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/ Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge.  For more information on this article, or to receive a proposal for a Compliance audit, please contact Celeste Burton, Compliance Practice Director, AuditOne LLC, at: Contact Us

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at: Contact Us.  Also, for more information about AuditOne LLC and all our audit services see www.AuditOneLLC.com.

Categories
News

AuditOne Advisory: COVID-19

AuditOne Advisory

From Bud Genovese, Chairman

This Pandemic Advisory was prepared by Kevin Tsuei, Technology Practice Director, AuditOne LLC. I hope you find this article useful as we all chart a course through these troubled waters, and also please share with your colleagues having responsibilities related to pandemic response. Thank you!—Bud

COVID-19: Communication tips for a time of crisis

COVID-19 is moving fast, and so are the regulators; the FDIC is releasing guidance almost on a daily basis, including this past weekend. If you have not visited their dedicated COVID-19 webpage, it is a good centralized source for both institutions and depositors. I’m sure that you have received many e-mails on COVID-19 responses already, but I thought you might find something focused on crisis communication tips, going beyond what the regulators have put forward, helpful during these turbulent times.

Communicating with employees

Per FDIC’s FIL-14-2020 (published March 6), the regulators advised institutions to promote employee awareness, specifically, “Communicating the risks of a pandemic outbreak and discussing the steps employees can take to reduce the likelihood of contracting an illness.” However, the guidance does not provide the communication cycles or other helpful content to share. As part of executing AuditOne’s own Pandemic Response Plan, I have used several resources, including articles from Harvard Business Review (HBR).

In the HBR articles, Lead Your Business Through the Coronavirus Crisis and How to Reassure Your Team When the News Is Scary, the authors advise on frequent COVID-19 intelligence. The authors mention that in their own organization, they were communicating every 72 hours, but they have since switched to daily at the time of publication. The frequent communication provides employees confidence that the organization is actively following the issue.

As for the contents, you have probably sent updated summaries with facts and implications. At AuditOne, we have mostly cited resources from the CDC website. If your branches are in a certain geographic area, the local county or state website is often a better resource since COVID-19 is an epidemic affecting some local geographic areas more severely than others. The CDC has acknowledged in their Situation Summary dated March 21, 2020 that some communities are still in the initiation phase of CDC’s Pandemic Interval while others are in the acceleration phase.

In times of crisis such as this, infographics can often help convey important public health information more than words. Throughout our own internal communication with employees, I try to use infographics from CDC https://www.cdc.gov/coronavirus/2019-ncov/communication/graphics.html. However, World Health Organization (WHO) or our local public health websites are good sources too:  

If you have an internal website (such as Sharepoint), the authors also advise creating a living page dedicated to COVID-19 in addition to your e-mail communication. It allows employees to find updates as well as the institution’s action plans in one place.

Communicating with customers

The FDIC’s FAQs for Financial Institutions Affected by the Coronavirus (published March 18) specifically mentions to “[r]emind customers ways they can access services without physically coming to a facility, such as online/mobile banking, ATM, telephone banking. Provide information about how to use electronic payments: bill pay, and mobile remote deposit capture services.”

In addition, the regulators also recommend, “[f]inancial institutions may want to remind customers about the safety of their money in your FDIC-insured institution and discuss deposit insurance coverage.” In fact, I observed on the FDIC COVID-19 dedicated webpage that they have added a banner since last week, to give assurance to all depositors:

This image has an empty alt attribute; its file name is PandemicAdvisoryFDICHeading.png

Times like this will draw customers and perhaps non-customers too, to your website, seeking information and assurances. That makes it a good opportunity to revisit the relevance as well as the effectiveness of your site, now that it’s become the only point of contact for many of your constituents.

Similar to having a dedicated intranet page conveying COVID-19 related communication for employees, it might be a good idea to have a dedicated COVID-19 page for your customers too, reinforcing the points above and expanding on any additional resources you can provide on these alternative servicing options.

In-person interaction with customers

It is the American social norm to shake hands. However, given what we understand about COVID-19 today, any physical contact is discouraged as it violates social distancing. This might be easier said than done, especially when community banking is all about building relationships.

In the HBR article, How to Avoid Shaking Hands, by Amy Gallo, she discussed that we can advise an employee to decide ahead of time what they are comfortable with. She stated that, “having a plan will give you confidence and potentially make it less awkward.” After your employee establishes a plan, one of the best ways to defuse any discomfort is to use humor. She gave an example of how she “got used to keeping my hand in my pocket and saying, with a smile on [her] face, [saying] ‘I guess we’re not supposed to shake hands now.’”

In the same article, Ms.Gallo referenced another author, Andy Molinsky, who suggests another cue, “saying hello at a slightly farther distance and giving a quick wave before returning [your] hand to [your] pocket.” Again, it really depends on what your employee is comfortable with.  

AuditOne’s COVID-19 action plans

In closing, I hope you find these communication tips helpful for your institution. In the last few weeks, many clients have contacted us about our Pandemic Plan. Like many organizations, we are enforcing social distancing by performing audits remotely. We are fortunate that many of our audits can be performed offsite, due to our clients increasingly requesting such arrangements over many years in order to save on travel expenses. We are utilizing both Microsoft’s and Box Enterprise’s collaborative and communication tools to help provide secure remote audit services while keeping everyone safe. We have highlighted our remote audit capabilities using the infographic below:

This image has an empty alt attribute; its file name is PandemicAdvisoryAuditOneTools.png

In addition, we understand how strain human resources can be during these difficult times. At AuditOne, we have always believed in a collaborative approach, we are not here to check boxes and create audit reports, but we are here to help you. Whether this is conducting an audit around your availability or answer any questions you might have during these turbulent times, we are always here to help. I have included a quick list of contacts below for your convenience:

Sales and Marketing: Jeremy Taylor, CEO | Contact Us
Client Support Services: Angela Canda and Myra Woods | Contact Us

You may also reach out to our individual Practice Director using our website.

AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally.  Our sole focus enables us to deliver effective and efficient internal audit and credit review services.  This exclusive focus translates into exceptional benefits to our financial institution clients.  We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/ Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge.  For more information on this article, or to receive a proposal for an ADA Website Compliance Review, IT/Information Security/Cybersecurity audit, or Network Penetration Tests please contact Kevin Tsuei, Technology Practice Director, AuditOne LLC, at: Contact US

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at Contact Us.  Also, for more information about AuditOne LLC and all our audit services see www.AuditOneLLC.com

Categories
News

Advisory January 2020

AuditOne Advisory

From Bud Genovese, Chairman

This advisory contains our first BSA Bulletin.  Our intention is to publish the Bulletin on a semiannual basis so as to provide BSA professionals with a timely resource for changes in the BSA/AML environment.  Our BSA Practice Director, Kevin K. Watson, will summarize recent regulatory communications and also share our insights obtained by extensive and ongoing experience providing BSA audit and AML system validation services to a sizable client base of financial institutions.  I hope you find this article useful – please share with your colleagues having responsibilities related to BSA/ AML compliance in this area, thank you, – Bud

BSA BULLETIN – JANUARY 2020

This document summarizes recent regulatory communications pertaining to The Bank Secrecy Act and other Anti-Money Laundering laws, regulations and guidelines.  The types of entities that are generally covered by those communications are presented in italics where applicable.  We also present our observations of recent trends in the industry based on our experience reading examination reports and enforcement orders, discussions with clients and industry professionals and keeping tabs on industry publications and media events.

Regulatory Communications

  • Kenneth Blanco, FinCEN Director, Presentation at the American Bankers Association/ American Bar Association Conference on Financial Crimes Enforcement, December 2019
  • Emphasis was placed on the increasing trend of SAR filings associated with convertible virtual currency (CVC).  FIN-2019-A003 addresses those in significant detail.  Some of the more prominent are as follows.
  • Virtual currency exchanges identifying potential unregistered, foreign located MSBs, particularly Venezuela based peer to peer exchangers.
  • Customers conducting transactions with CVC addresses linked to darknet marketplaces.
  • CVC kiosk operators have reported activity indicative of scam victims, particularly with new customers having limited knowledge of CVC, such as the elderly.
  • FFIEC, 12/3/19, Providing Financial Services to Customers Engaged in Hemp-Related Businesses.  (banks, credit unions and U.S. offices of foreign banks)
  • FinCEN, 11/8/19, Reissuance of Real Estate Geographic Targeting Orders for 12 Metropolitan Areas (title companies)
  • Joint Statement – CFTC, FinCEN, SEC, 10/11/19, Joint Statement on Activities Involving Digital Assets (banks, credit unions, U.S. offices of foreign banks, MSBs, broker/dealers, mutual funds)
  • 31 CFR Part 1010, 11/4/19, Imposition of Fifth Special Measure Against the Islamic Republic of Iran as a Jurisdiction of Primary Money Laundering Concern (all U.S. businesses and individuals)
  • Conference of State Bank Supervisors, 9/16/19 – CSBS Cannabis Job Aid (state chartered financial institutions)
  • FIN-2019-A006, 8/21/19 – Advisory to FIs on Illicit Financial Schemes and Methods Related to the Trafficking of Fentanyl and Other Synthetic Opioids (all financial institutions)
  • FIN-2019-A003, 5/9/19 – Advisory on Illicit Activity Involving Convertible Virtual Currency (all FinCEN regulated financial institutions)

Trends

  • We have noticed increased focus by regulatory examiners on independent testing (audit) reports and workpapers over the past few years.  Being one of the five pillars, this emphasis is understandable.  We applaud this effort as it contributes to enhanced quality of audit work and reduces the risk that a financial institution receives an audit that is not consistent with the level of risk.  Some of the major themes are as follows.
  • Enhanced due diligence of high risk customers should be sufficiently documented.  Some areas of examiner concern have been the following.
  • Inadequate coverage of complex customers
  • Lack of comparison of actual to expected activity
  • Lack of global analysis.  Review should be documented at both the account and customer (global) level.

Advice

  • Pay particular attention to regulatory pronouncements and communications as they signal those matters that will be of primary focus during upcoming examinations.  Based on that, we expect FIs to have monitoring procedures in place for suspicious CVC activity.
  • Use the CSBS Cannabis Job Aid as a reference resource for those states where your FI is operating.

AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally.  Our sole focus enables us to deliver effective and efficient internal audit and credit review services.  This exclusive focus translates into exceptional benefits to our financial institution clients.  We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/ Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge.  For more information on this article, or to receive a proposal for an Automated AML System Validation or BSA/ Anti-Money Laundering Program audit please contact Kevin K. Watson, BSA Practice Director, AuditOne LLC, at: Contact Us

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at Contact Us.  Also, for more information about AuditOne LLC and all our audit services see www.AuditOneLLC.com

Categories
News

AuditOne Advisory: Cannabis 2019

AuditOne Advisory

From Bud Genovese, Chairman

This advisory summarizes regulations and guidelines related to banking cannabis related businesses (CRB) and also suggests a means for your institution to comply with FinCEN’s third pillar of an effective BSA Program (independent testing) as it pertains to CRB customers.  Our BSA Practice Director, Kevin K. Watson, will review our audit approach to determine your institution’s compliance.  I hope you find this article useful – please share with your colleagues having responsibilities related to BSA/ AML compliance in this area, thank you, — Bud

According to a recent periodical by the Meredith Corporation, George Washington and Thomas Jefferson were cannabis farmers.  Apparently, the cannabis grown by our two former presidents was only of the hemp variety and cultivated for the purpose of producing cloth as opposed to the marijuana strain that can be smoked or ingested to relieve pain or induce mind altered experiences.  Interestingly, President Jefferson made the business decision to discontinue hemp farming at Monticello in 1815.  His reasoning is said to be based on the cost and benefit as the process to convert hemp to cloth was laborious and also led his enslaved laborers to complain about the hardships.  Cotton, tobacco and other crops were easier to harvest.1

The modern day problem for American society and financial institutions (FI) is how to bring the cannabis related business (CRB) into the federally insured financial services market.  The issue has been that, with cannabis being a Schedule I drug under the Controlled Substances Act, federally regulated institutions could not accept deposits without great risk.  That is despite more than 30 states having legalized cannabis for one or more uses such as for medicinal use, recreational use or for hemp and hemp derived products.  As a result, transactions have been typically conducted in cash or crypto currency outside the banking system.  The social costs of that have been high, with significant money laundering and violent crime associated with doing business in the black market.

Marijuana related businesses (MRB) and hemp related businesses (HRB) pose different concerns for a FI.  Thankfully, with the passage of the Farm Act in December 2018, the low-THC (tetrahydrocannabinol) cannabis variety, commonly known as hemp, is very near to being completely legal.  THC is the chemical ingredient that causes psychoactive effects and cannabis with levels less than .3% are considered to be hemp rather than marijuana.  Although federally legalized by the December 2018 Farm Act, cultivation and interstate sales of hemp are not technically protected unless a) grown under one of the federal pilot programs, b) the USDA has created its own plan, or c) the USDA has a separate plan for the state where the business operates from.  That hasn’t stopped many states from licensing hemp farmers.  Also, the USDA has issued an interim final rule on October 29, 2019. With the legalization of hemp cultivation and sales, processed hemp, known as CBD (Cannabidiol), is also legalized, but not as an ingredient in food or drink even though it has THC levels lower than 0.3%.  CBD products are thought to have therapeutic benefits for a variety of ailments and so are available in a variety of non-food forms such as ointments, capsules and tinctures.

Cannabis related businesses (CRB) represent unique challenges for the AML Pillars of Independent Testing and Customer Due Diligence (CDD).   As an audit firm, our responsibility pertaining to CRB is to independently test whether the FI exercises appropriate due diligence and ongoing monitoring over those customers.  This article presents our approach to that testing.  But first, it is useful to summarize the current regulatory environment.  The important regulations and guidelines are as follows.

  • Controlled Substance Act
  • U.S. Justice Department Cole Memorandum (rescinded, but still referenced by regulators)
  • FIN-2014-G001: “BSA Expectations Regarding Marijuana-Related Businesses,” FinCEN, February 14, 2014.
  • State laws2
  • The Farm Acts of 2014 and 2018

Our audit approach is to determine compliance with the most significant requirements or guidelines within those documents.  To do that we organize our test procedures as follows.

Risk assessment

Verify that the overall AML Risk Assessment considers the following pertaining to cannabis:

  • The FI’s state CRB regulatory setup (extent of legality for medicinal marijuana, recreational marijuana, and hemp or CBD)
  • Specific risks (e.g., not operating under federal regulations; hemp or CBD product inadvertently  > 0.3% THC; co-mingling or front for illegal activity; violation of one of the Cole Memo objectives)
  • Activity levels
  • Mitigating controls such as for policies and procedures, customer due diligence, and monitoring

Policies and procedures

Assess the appropriateness of policies and procedures, especially to the extent the following are addressed:

Customer Due Diligence (CDD)

For a sample of MRB and HRB customers, we verify that basic CDD processes are in place at account opening and are updated on a periodic basis, including customer identification, beneficial owner identification, expected activity documentation and customer risk rating.  There is no universal standard for risk rating cannabis related businesses, though certainly Tier I or II would be high risk in most any circumstance, FIs might want to classify most hemp/CBD and MRB Tier III as high risk so that they can be sure to conduct appropriate Enhanced Due Diligence (EDD) on  those businesses, especially suspicious activity monitoring.

We also verify that Enhanced Due Diligence (EDD) procedures described in the 2014 FinCEN Guidance on MRBs have been completed by the FI.  Those include the following:

  • Verification of appropriate and current license
  • Review of the license application
  • Consideration of information on the business from the applicable state (such as inspection reports)
  • Ongoing monitoring of public information (negative news searches)

Ongoing Monitoring

The FinCEN Guidance also requires risk based ongoing transaction monitoring for suspicious activity.    Assess whether ongoing monitoring is appropriately risk-based.  Many FIs utilize a tier classification system with businesses actually touching marijuana as Tier I and others as Tier II or III.  HRB should be its own classification.  At the very least, we expect all transactions for Tier I companies to be reviewed.  Many FIs also collect supplemental information from MRBs such as daily sales and purchasing registers and inventory reports.  As a consequence, it is typical that a specialized automated system is implemented to monitor Tier I businesses.

Suspicious Activity Reporting

The FinCEN Guidelines have specific instructions for the filing of regular SARs or limited SARs for marijuana businesses.  They do distinguish between marijuana and hemp, so we would expect that limited SARs be filed on hemp businesses, until such time as there is official guidance on how it should be treated for SAR purposes.  Our test procedure is to review a sample of marijuana and hemp businesses and assess whether SARs have been appropriately filed in compliance with the FinCEN Guidelines. 

The independent testing approach described above might alert directors, managers and BSA personnel to the most critical compliance concerns pertaining to offering financial services to CRBs.  In our opinion, cannabis banking presents a unique opportunity for community FIs in this era when deposit relationships are so difficult to develop.  With a robust control program, an associated deposit pricing mechanism and an appropriate independent testing program, the cannabis business just might take your FI to a higher place.

Sources:

  1. “History: Marijuana, Meredith Corporation”, 2019.
  2. “Cannabis Job Aid”, Conference of State Bank Supervisors (CSBS), September 2019.
  3. “Defining Marijuana Related Businesses”, Steven Kemmerling, ACAMS Today, September 20, 2016.

AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally.  Our sole focus enables us to deliver effective and efficient internal audit and credit review services.  This exclusive focus translates into exceptional benefits to our clients, including regional and community banks, credit unions and other financial institutions.  We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/ Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these. 

Our deep expertise is your edge.  For more information on this article, or to receive a proposal for an  Automated AML System Validation or BSA/ Anti-Money Laundering Program audit please contact Kevin K. Watson, BSA Practice Director, AuditOne LLC, at: Contact Us.

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at Contact Us.  Also, for more information about AuditOne LLC and all our audit services see www.AuditOneLLC.com.

Categories
News

AuditOne General Compliance Advisory: 2019 Q3

AuditOne Advisory

From Bud Genovese, Chairman

Within this Advisory, we cover legislative and regulatory rule changes introduced through July 2020, to assist your organization with strategic planning for compliance governance.  We also discuss recent OCC and CFPB court challenges and introduce an emerging threat known as Synthetic Identity Payments Fraud.  We conclude with commentary on notable compliance developments, public comment requests and enforcement actions.

This Quarterly General Compliance Advisory was prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC.  I hope you find this article useful, and also please share with your colleagues having responsibilities related to compliance. We hope you enjoy it, thank you!—Bud

IMPLEMENTING THROUGH 2020…

APPRAISALS

The FDIC, FRB and OCC issued an amended rule (the Appraisal Rule) that covers the following:

  • Increases the threshold for residential real estate transactions requiring an appraisal from $250,000 to $400,000.  For transactions exempted by the $400,000 threshold, the Appraisal Rule requires an Evaluation.
  • Incorporates the appraisal exemption for rural residential properties provided by the Economic Growth, Regulatory Relief, and Consumer Protection Act and requires evaluations for these exempt transactions.
  • Requires appraisals for federally related transactions to be subject to appropriate review for compliance with the Uniform Standards of Professional Appraisal Practice (USPAP).

The final rule becomes effective the first day after publication in the Federal Register, except for provisions related to appraisal review and the evaluation requirement related to the rural residential exemption, which become effective on January 1, 2020. A link follows: https://www.govinfo.gov/content/pkg/FR-2019-07-24/pdf/2019-15708.pdf?utm_source=federalregister.gov&utm_medium=email&utm_campaign=subscription+mailing+list

The Board of the NCUA also amended its rule to raise the CU threshold for residential real estate appraisals to $400,000, the same as for banks: 
https://www.ncua.gov/newsroom/press-release/2019/board-approves-second-chance-policy-changes

OTHER REAL ESTATE OWNED (OREO)

The OCC issued a final rule to clarify and streamline its regulation on OREO for national banks and update the regulatory framework for OREO activities at federal savings associations.  In addition to certain technical amendments and provisions, key coverage areas within the changed rule include:

  • How long a national bank or federal saving association may hold OREO
  • Methods for national banks and federal savings associations to dispose of OREO
  • Appraisal requirements applicable to OREO
  • Permissible expenditures on OREO

Certain outdated capital rules that include provisions related to OREO were also removed as part of this OCC issuance.  The final rule is effective December 1, 2019: https://www.federalregister.gov/documents/2019/10/22/2019-22823/other-real-estate-owned-and-technical-amendments

REGULATION C (HOME MORTGAGE DISCLOSURE ACT) *

The CFPB amended Regulation C to extend the current open-end line of credit HMDA reporting threshold of 500 an additional two years, to January 1, 2022 (effective January 1, 2020).  The CFPB continues to receive industry pressure to make the threshold exemption permanent.
The final rule also incorporates into Regulation C the interpretations and procedures from the interpretive and procedural rule issued by the CFPB in August 2018 (https://www.govinfo.gov/content/pkg/FR-2018-09-07/pdf/2018-19244.pdf), and further implements the amendments made to HMDA by the EGRCCPA.  The red line version of the final rule follows:
https://files.consumerfinance.gov/f/documents/cfpb_hmda_unofficial-redline-2019-final-rule.pdf
*12 CFR part 1003 implements the Home Mortgage Disclosure Act (HMDA), 12 U.S.C. 2801 through 2810, and includes coverage thresholds that determine whether financial institutions are required to collect, record, and report any HMDA data on closed-end mortgage loans or open-end lines of credit.  The EGRRCPA added partial exemptions from HMDA’s requirements for certain insured depository institutions and insured credit unions from reporting some but not all HMDA data for certain transactions.   The original rule (in October 2015) set the closed-end threshold at 25 loans in each of the two preceding calendar years, and the open-end threshold at 100 open-end lines of credit in each of the two preceding calendar years. However, in 2017, before those thresholds took effect, the CFPB temporarily increased the open-end threshold to 500 open-end lines of credit for two years (calendar years 2018 and 2019). The final rule extends this temporary threshold to January 1, 2022.

TRUTH IN LENDING ACT (TILA) APPRAISAL EXEMPTION FOR HIGH COST MORTGAGES

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) amended TILA to add special appraisal requirements for higher-risk mortgages.  Since January 2013, regulators have issued joint rules to allow for certain exemptions, including the new HPML appraisal rules for transactions of $25,000 or less.  These are adjusted annually for inflation, and effective January 1, 2020 the exemption threshold amount increased from $26,700 to $27,200, based on the CPI-W in effect on June 1, 2019.  The  exemption threshold for smaller loans will be adjusted effective January 1 of each year:
https://www.federalregister.gov/documents/2019/10/30/2019-21559/appraisals-for-higher-priced-mortgage-loans-exemption-threshold?utm_source=federalregister.gov&utm_medium=email&utm_campaign=subscription+mailing+list

HIGH VOLATILITY COMMERCIAL REAL ESTATE

Federal bank regulatory agencies finalized a rule to modify the treatment of high volatility commercial real estate (HVCRE) exposures as required by the EGRCCPA.  The final rule clarifies certain terms contained in the HVCRE exposure definition, generally consistent with their usage in the Call Report instructions. The final rule also clarifies the treatment of credit facilities that finance 1-4 family residential properties and the development of land, which is substantially similar to the proposal issued in July.

Finally, the final rule provides banking organizations with the option to maintain their current capital treatment for acquisition, development or construction loans originated between January 1, 2015 and the effective date of the final rule, April 1, 2020.
https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20191119b1.pdf

REGULATORY CAPITAL RULES

Regulators are looking to simplify certain aspects of the regulatory capital rulein response to the EGRPRA. The EGRRCPA requires the regulatory agencies to permit certain banking organizations—those predominantly engaged in custody, safekeeping and asset servicing activities—to exclude qualifying deposits at certain central banks from their supplementary leverage ratio.  The supplementary leverage ratio is one of many tools used by the agencies to determine minimum required capital levels and ensure financial stability in the event of stress in the banking system.  It applies only to large or complex internationally-active banking organizations.
Certain banking organizations (referred to as “non-advanced approaches banking organizations”) will now be subject to simplified regulatory capital requirements for certain assets (see below).  The rule only applies to banking organizations that do not use the Advanced Approaches capital framework, which are generally firms with less than $250 billion in total consolidated assets and less than $10 billion in total foreign exposure.  The rule effectively accomplishes the following:

  • Simplifies the capital treatment for mortgage servicing assets, certain deferred tax assets, investments in the capital instruments of unconsolidated financial institutions, and minority interest.
  • Allows bank holding companies and Savings & Loan holding companies to redeem common stock without prior approval unless otherwise required.
  • Makes technical amendments to (and clarifies certain aspects of) the agencies’ capital rule for both non-advanced and advanced approaches banking organizations.

The final rule is effective April 1, 2020.  Revisions to pre-approval requirements for the redemption of common stock and other technical amendments became effective October 1, 2019.  In addition, in October 2019, a rule (effective December 31, 2019) was published that establishes four criteria for determining the applicability of requirements [under the regulatory capital rule and liquidity coverage ratio (LCR)] rule for U.S. banking companies and the U.S. intermediate holding companies of certain foreign banking organizations. A link follows:
https://www.federalregister.gov/documents/2019/11/01/2019-23800/changes-to-applicability-thresholds-for-regulatory-capital-and-liquidity-requirements?utm_source=federalregister.gov&utm_medium=email&utm_campaign=subscription+mailing+list

CALIFORNIA CONSUMER PRIVACY ACT

The California Consumer Privacy Act (CCPA) of 2018 governs how businesses handle and protect data in California.As noted in our prior Advisory, the CCPA only applies to any business that meets one of the following criteria:

  • A business that earns $25,000,000 a year in revenue.
  • A business that annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices based in California. In other words, if the combined number of records of personal information from California consumers, households and/or devices exceeds 50,000, the law applies to them.
  • A business that derives 50% or more of its annual revenue by selling personal information, even if it involves fewer than 50,000 separate and distinct California entities (consumers, households, and/or devices).

There are some exemptions based on factors such as size and complexity, most of which are covered by Gramm-Leach-Bliley Act and Fair Credit Reporting Act. We recommend consultation with Legal to confirm whether exemptions apply to the full scope of entity operations. 
The CCPA was signed into law by California Governor Jerry Brown on June 28, 2018 and will become effective on January 1, 2020, leaving institutions subject to compliance a relatively small window still to become compliant.  Here’s a link:
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375

REGULATION CC (EXPEDITED FUNDS AVAILABILITY ACT)

Regulation CC, which implements the Expedited Funds Availability Act of 1987 (EFA Act), has been amended as a result of the EGRRCPA.  Key amendments include increasing (from $200 to $225) required next-day availability of the aggregate deposit of local or nonlocal checks and extending coverage to American Samoa, the Commonwealth of the Northern Mariana Islands and Guam. 
The amendments became effective August 24, 2019 (§§ 12 CFR 229.2(c), (ff), and (jj), 229.12(e), 229.43, and 12 CFR Part 1030).  Remaining amendments implement July 1, 2020.   A link follows:
https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20190624a1.pdf

OCC TO APPEAL DECISION BLOCKING FINTECH

In July 2018, the OCC announced that it would consider charter applications from companies seeking to become special-purpose national banks that would engage in one or more of the core banking activities of paying checks or lending money, but that would not take deposits or be insured by the FDIC.  However, a U.S. District Court Judge recently rendered a decision blocking charters from the OCC for non-depository, special-purpose national banks, commonly referred to as “fintech charters”.  The Judge ruled that the National Bank Act does not give the OCC authority to grant national bank charters to non-depository institutions without a statutory exception.  The question is whether this decision effectively vacates an OCC regulation permitting the charters.  The OCC announced plans to appeal the court’s decision.

CFPB STRUCTURE CHALLENGED IN COURT

The Supreme Court recently decided to consider a case brought by Seila Law, a debt relief company, that the CFPB is unconstitutional in that its director may only be removed by the President for cause and not at will. The plaintiff is arguing that the Supreme Court has “consistently recognized that the Constitution empowers the president to keep federal officers accountable by removing them from office”.  In May 2019, the 9th U.S. Circuit Court of Appeals in San Francisco upheld the CFPB structure, stating the agency’s structure is constitutional under the Supreme Court precedent that has upheld the structure of the Federal Trade Commission. The FTC’s commissioners also are removable only for cause.

Industry opinion on this matter is mixed, though the overwhelming majority agree that some form of change is needed.    Most notably, the American Bankers Association (ABA), the Independent Community Bankers of America (ICBA) and the National Association of Federal Credit Unions (NAFCU) voiced a preference for a multi-member commission to lead the agency, rather than a single director.  (The bank groups have both called for a five-member oversight body.)

Following this ruling, the CFPB decided to no longer defend a provision in the Consumer Financial Protection Act (CFPA) limiting the President’s ability to remove the director for cause. Director Kathleen Kraninger commented on this matter noting that this “does not mean the Bureau will stop its work”, while also pointing to a provision in the CFPA that, should any provision of the bureau’s statute be found unconstitutional, the remainder of the act will not be affected.

While challenges to the CFPB’s existence are not new, this is the first time that the Supreme Court will hear a case that challenges its constitutionality on these grounds.  Stay tuned.

FRB EXAMINES EFFECT OF SYNTHETIC IDENTITY PAYMENTS FRAUD

A synthetic identity is created by using a combination of real information (such as a legitimate Social Security number) with fictional information (which can include a made-up name, address or date of birth). Synthetic identities are used to commit payments fraud, which may escape detection by existing identity verification and credit-screening processes.  Over time, fraudsters can build credit and eventually purchase high-value goods and services on credit.  The ability to trace and hold fraudsters accountable is limited because the identities are effectively fake.  Other consequences could include denial of disability benefits, rejection of tax returns, and inaccuracies in health records.

The FRB wrote a white paper designed to “provide information on the current state of synthetic identity fraud, including the scope of the issue, causes, contributing factors, and its impact on the payments industry.”  Here’s a link: https://fedpaymentsimprovement.org/wp-content/uploads/frs-synthetic-identity-payments-fraud-white-paper-july-2019.pdf

REQUESTS FOR PUBLIC COMMENTS

The CFPB is requesting public comment on an assessment it will conduct on the TRID Integrated Disclosure Rule.  As part of its assessment, the CFPB  intends to address the TRID Rule’s effectiveness in meeting the purposes and objectives of Title X of the Dodd-Frank Act, the specific goals of the rule, and other relevant factors.  The public is invited to comment on the feasibility and effectiveness of the assessment plan, recommendations to improve the assessment plan, and recommendations for modifying, expanding, or eliminating the TRID Rule, among other questions. 

The TRID Rule implemented the Dodd-Frank Act’s directive to combine certain mortgage disclosures that consumers receive under TILA and RESPA and requires that all creditors use standardized forms for most transactions.  Creditors are also required to provide loan estimates and closing disclosures within three business days.”  Comments must be received by January 21, 2020.  A link to the notice follows:

https://www.consumerfinance.gov/policy-compliance/notice-opportunities-comment/open-notices/request-for-information-regarding-tila-respa-integrated-disclosures-rule-assessment

CAMEL Ratings

The FDIC and FRB are seeking information and comments regarding the consistency and usage of ratings assigned by the agencies under the Uniform Financial Institutions Rating System (more commonly known as CAMELS ratings).  Comments must be received 60 days after the October 18, 2019 publication.  A link follows: https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20191018a1.pdf

Credit Risk Review Systems   

The FDIC, FRB, OCC and NCUA are seeking comment on proposed guidance for credit risk review systems. “The proposed guidance discusses sound management of credit risk, a system of independent and ongoing credit review, and appropriate communication regarding the performance of the institution’s loan portfolio to its management and board of directors.”  The proposed guidance updates, as a stand-alone document, the elements of an effective credit risk review system currently contained in the Interagency Policy Statement on the Allowance for Loan and Lease Losses (Attachment 1 – Loan Review Systems), issued in 2006.  Comments must be received by December 16, 2019. A link follows:
https://www.fdic.gov/news/news/financial/2019/fil19060.pdf

The FDIC, FRB, OCC and NCUA are seeking comment on a proposed Interagency Policy Statement on Allowances for Credit Losses. “This proposed policy statement is intended to promote consistency in the interpretation and application of the Financial Accounting Standards Board’s (FASB) credit losses accounting standard, which introduces the current expected credit losses (CECL) methodology.”  The proposed interagency policy statement describes the measurement of expected credit losses using the CECL methodology and updates concepts and practices detailed in existing supervisory guidance that remain applicable.  CECL is effective for most public financial institutions beginning in 2020, and the FASB recently decided to defer the effective date of CECL for most other institutions to 2023. The proposed interagency policy statement would be effective at the time of each institution’s adoption of the credit losses accounting standards.”  A link follows: https://www.govinfo.gov/content/pkg/FR-2019-10-17/pdf/2019-22655.pdf?source=govdelivery&utm_medium=email&utm_source=govdelivery

OTHER COMPLIANCE NEWS & DEVELOPMENTS

The CFPB periodically publishes Supervisory Highlights to share key examination findings and communicate any noteworthy changes to its supervision program, resources, etc.  Below are key highlights from the Summer 2019 publication.

  • Credit card management:  Examiners found that entities failed to clearly and conspicuously provide disclosures required by triggering terms in online advertisements. In some instances, the triggered disclosures were available to consumers via a hyperlink that was not clearly labeled.  In other instances, consumers had to click on multiple hyperlinks and could only view the triggered disclosures after completing an eight-page application.
  • Debt collection:  Examiners found that one or more debt collectors claimed and collected from consumers interest not authorized by the underlying contracts between the debt collectors and the creditors.  In doing so, one or more debt collectors falsely represented to consumers the amount due and authorized, in violation of federal debt collection practices laws.
  • Information furnishers:  Examiners found that one or more information furnishers failed to complete dispute investigations within the required time period.  They found certain disputes where the furnisher(s) received notice from the credit reporting company (CRC) but failed to conduct an investigation or respond to the CRC.
  • Mortgage origination: In one or more examinations, examiners observed that creditors were disclosing inaccurate APRs for closed-end reverse mortgages.  Specifically, the bureau said that while conducting loan file reviews, examiners observed creditors using a unit period of one month instead of one year to calculate the APR, leading to inaccurate calculations, outside Regulation Z’s permissible tolerances.

CFPB Establishes Task Force To Modernize Consumer Financial Laws

The CFPB announced that it will establish a taskforce to examine ways to harmonize and modernize federal consumer financial laws.  The taskforce intends to produce new research and legal analysis of consumer financial laws in the United States.  The primary focus will be on updating the enumerated consumer credit laws (and their implementing regulations) and identifying gaps in knowledge that should be addressed through research, ways to improve consumer understanding of markets and products, and potential conflicts or inconsistencies in existing regulations and guidance.  The taskforce is in its infancy stages, but we will keep a pulse on this for notable announcements.

FinCEN Anti-Money Laundering Remarks

FinCEN Director Kenneth A. Blanco provided remarks at the 12th annual Las Vegas Anti-Money Laundering Conference: https://www.fincen.gov/news/speeches/prepared-remarks-fincen-director-kenneth-blanco-delivered-12th-annual-las-vegas-anti

FFIEC IT Examination Handbook Updated

The FFIEC issued the “Business Continuity Management” (BCM) booklet, which is part of the FFIEC Information Technology Examination Handbook (FIL-71-2019). This booklet replaces the Business Continuity Planning (BCP) booklet issued in February 2015.  The BCM Booklet is primarily designed to help examiners determine whether management adequately addresses risks related to the availability of critical financial products and services. 

Key highlights:

  • The change from business continuity planning to business continuity management reflects the expanded role that information technology (IT) plays in supporting business operations and meeting customer expectations.
  • Focuses on assessing an entity’s resilience through an enterprise risk management (ERM) perspective that considers technology, business operations, communication strategies, training, testing, maintenance, and improvement — issues critical to business continuity. The degree of maturity, integration and documentation between the BCM and ERM processes are recommended to be assessed commensurate with the entity’s size, complexity and risk profile.
  • Contains updated procedures to help examiners evaluate the adequacy of an entity’s business continuity management program.

A link to the BCM booklet follows: https://ithandbook.ffiec.gov/media/296178/ffiec_itbooklet_businesscontinuitymanagement.pdf

U.S. Financial Regulatory Agencies Joins the Global Financial Innovations Network 

The Commodity Futures Trading Commission (CFTC), FDIC, OCC and SEC announced that they are joining the Global Financial Innovation Network (GFIN).  The published statement follows:

U.S. financial regulators have taken proactive steps in recent years to enhance regulatory clarity and understanding for all stakeholders and promote early identification of emerging regulatory opportunities, challenges, and risks. Participation in the GFIN furthers these objectives and enhances the agencies’ abilities to encourage responsible innovation in the financial services industry in the United States and abroad. By promoting knowledge-sharing on innovation in financial services, U.S. members of GFIN will seek to advance financial and market integrity, consumer and investor protection, financial inclusion, competition, and financial stability. Participation in international organizations such as this helps U.S. financial regulators represent the interests and needs of the nation and its financial services stakeholders.

The agencies join 46 other financial authorities, central banks, and international organizations from around the globe that are members of the GFIN to foster greater cooperation among financial authorities on a variety of innovation topics, regulatory approaches, and lessons learned. 

A link to the announcement follows: https://www.dnb.com/perspectives/supply-chain/innovation-anti-money-laundering-compliance.html

NOTEWORTHY ENFORCEMENT ACTION

Bank fined $275,000 for placing marketing calls to ‘do-not-call’ registrants

An Oregon bank has agreed to pay a $275,000 civil money penalty (CMP) to the FDIC for allegedly placing telemarketing calls to consumers on the “Do-Not-Call” list, and using an automated dialing system to send pre-recorded or text messages to consumers’ cell phones.  Violations cited included the Real Estate Settlement Procedures Act (RESPA) for agreeing to pay and accept fees for the referral of mortgage loans business, and the Telephone Consumer Protection Act related to the telemarketing and cell phone calls.  Link: https://www.bankersonline.com/penalty/162832


_______________________________________________________________

AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally.  Our sole focus enables us to deliver effective and efficient internal audit and credit review services.  This exclusive focus translates into exceptional benefits to our clients, including regional and community banks, credit unions and other financial institutions.  We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/ Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge.  For more information on this article, or to receive a proposal for a Compliance audit please contact Celeste Burton, Compliance Practice Director, AuditOne LLC, at: Contact Us

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at Contact Us.  Also, for more information about AuditOne LLC and all our audit services see www.AuditOneLLC.com.