AuditOne Compliance Advisory: 2018 Q2

AuditOne LLC Advisory

From Bud Genovese, Chairman

In light of recent regulatory developments, we thought it important to add to our Quarterly Compliance Advisory a standing Dodd-Frank section that will continue to receive updates in future editions as pertinent information becomes available. Within this issuance, we also cover key Compliance News, Developments and Enforcement. This edition has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. We hope you enjoy! – Bud


On July 21, 2010, President Barack Obama signed the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 into law, in response to the global financial crisis of 2008. On May 24, 2018, President Trump signed S. 2155, the Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCP Act) into law, which eased certain Dodd-Frank rules and regulations. 

Key S.2155 provisions follow:

  • Institutes longer Exam Cycles for smaller banks.  Allows well-managed and highly capitalized banks with up to $3 billion in assets to have full-scope, on-site examinations every 18 months, rather than every 12 months.
  • Exempts from the Volcker Rule all banks with less than $10 billion in assets.  This exemption allows banks that were otherwise prevented from engaging in speculative activities with taxpayer-insured deposits the ability to now trade for profit and invest in hedge funds and private equity funds.
  • Ends mandated Stress Tests for banks with under $100 billion in assets
  • Raises the threshold for enhanced regulatory oversight from $50 billion to $250 billion.  This means that most larger banks in the US will no longer be subject to Dodd Frank’s heightened Capital and Liquidity requirements, and enhanced risk management standards, some of which were derived from Basel III.  Also allows certain foreign institutions to tally their U.S. assets in ways that keep them under that $250 billion threshold. 
  • Permits Federal Savings Associations with less than $20 billion in total assets to choose to be regulated like national banks without changing their charter
  • Amends the Truth in Lending Act to allow institutions with less than $10 billion in assets to waive “Ability-To-Pay” requirements for certain residential mortgage loans. Other mortgage-lending provisions related to appraisals, mortgage data, employment of loan originators, manufactured homes, and transaction waiting periods are also modified.  For example, there is an appraisal exemption for rural mortgage portfolio loans of less than $400,000 if unable to find a state-certified/licensed appraiser to perform the Appraisal in a timely manner. Also, appraisal services donated by fee appraisers as charitable contributions will be considered “customary and reasonable” under TILA (Habitat for Humanity).  Changes to Ability-To-Pay requirements are meant to collectively eliminate certain consumer protections against overpriced and adjustable rate mortgages, simultaneously expanding lending options that had been available prior to the 2008 global financial crisis.
  • Classifies loans made for one-to-four-unit, non-owner-occupied residences as Residential Real Estate Loans, as opposed to business loans, a noted benefit to credit unions as they will no longer count against a credit unions’ member business lending cap of 12.25% of assets.
  • Removes the three-day wait period required for the combined TRID mortgage disclosure if a creditor extends to a consumer a second offer of credit with a lower annual percentage rate
  • Exempts from certain Home Mortgage Disclosure Act reporting requirements institutions originating less than less than 500 closed-end mortgage loans or less than 500 open-end lines of credit in each of the two preceding calendar years.
  • Eliminates Escrow requirements for higher-cost mortgages made by banks and credit unions with assets of up to $10 billion
  • Provides a safe harbor for properly trained financial employees who report alleged Elder Financial Abuse
  • Allows Social Security Administration to accept electronic consumer consent for banks verifying customer Identity to combat “synthetic” identity fraud
  • Makes Online Banking Initiation easier by authorizing a national standard for banks to scan and retain information from driver’s licenses and identity cards as part of a customer online onboarding process, via smartphone or website.
  • Requires the U.S. Department of Treasury to conduct a study on the risks that Cyber Threats may pose to financial institutions, and to assist homeowners in remediating Lead and Asbestos Hazards
  • Requires the holder of a Student Loan to release a co-signer from the obligation if the student borrower dies. 
  • Amends the United States Housing Act of 1937 to reduce Inspection requirements and Environmental-reviewequirements for certain smaller, rural public-housing agencies
  • Provides certain Predatory Lending protections to veterans and directs the Financial Literacy and Education Commission to establish best practices for institutions of higher learning to teach financial literacy skills.

Proponents of S. 2155 argue that it will open markets, increase access to capital for home purchases and discourage bailouts.  The opposition, however, argues that it weakens consumer protection against fraudulent practices in home sales, and opens the door for a repeat of the unsustainable housing market in the period leading up to the Great Recession.  Effective dates for S. 2155 range from immediate to unspecified, with certain provisions implementing through May 2021. The American Bankers Association prepared a useful timeline for all changing provisions that can be found here:

Other Dodd-Frank News

  • Protecting Tenants at Foreclosure Act (PTFA): The PTFA was initially implemented on May 20, 2009 under Dodd-Frank to protect tenants from eviction because of foreclosure.  The Act expired on December 31, 2014 and was reinstated on June 23, 2018 (without an expiration date) with the signing of S.2155 into law. 
  • Community Reinvestment Act, Home Mortgage Disclosure Act and Bank Secrecy Act: In conjunction with the effort to roll back certain Dodd-Frank provisions are efforts to review provisions of existing consumer protection regulations such as these for opportunities to ease the regulatory burden on banks and credit unions.  No changes announced yet.


California Consumer Privacy Act of 2018

On June 28th, California became the first state to enact domestic regulation that piggybacks off the EU’s General Data Protection Regulation (GDPR). Known as the California Consumer Protection Act, it becomes effective January 2020 and seeks to give consumers greater control over the sharing and use of personal information. Among other things it establishes consumers’ right to access personal information, to request deletion of such information, and to opt out of personal information being sold. A link to the legislation follows:

CFPB Will Not Penalize Institutions for HMDA Errors in 2018 and 2019

On July 5, 2018, the CFPB issued the following statement on the implementation of the EGRRCP Act Amendments to the Home Mortgage Disclosure Act: “…The Bureau does not intend to assess penalties with respect to errors in data collected in 2018 and reported in 2019. Collection and submission of the 2018 HMDA data will provide financial institutions an opportunity to identify any gaps in their implementation of amended Regulation C and make improvements in their HMDA compliance management systems for future years. Any examinations of 2018 HMDA data will be diagnostic to help institutions identify compliance weaknesses, and the Bureau will credit good-faith compliance efforts”.

CFPB’s Indirect Auto Lender Bulletin Nullified

In 2013, the CFPB issued Bulletin 2013-02 (Indirect Auto Lending and Compliance with the Equal Credit Opportunity Act) to regulate dealer markups that could result in pricing disparities on the basis of race, national origin or other prohibited bases.  Although the Bulletin prompted auto finance companies to take a closer look at dealer compensation programs and dealers (vendors) with whom they partnered, it also created a high level of industry concern around the CFPB’s reliance on statistical models to identify potential Fair Lending abuses.  Since auto dealers are prohibited from collecting race and ethnicity data from consumers, adversaries cited that output from these models could not be reasonably relied upon.  On May 21, 2018, President Trump signed into law bill S.J. Res.57, which nullifies CFPB Bulletin 213-02.

White House Names CFPB Director Successor

Acting director Mick Mulvaney’s tenure at the Consumer Financial Protection Bureau ended, by statute, on June 22, 2018.  The White House recently nominated Kathy Kraninger, his subordinate.  Ms. Kraninger is a Georgetown Law graduate and has worked for the Department of Homeland Security and for the Senate Appropriations Committee’s Homeland Security Subcommittee.

Beneficial Ownership Information

FinCEN and certain other regulatory agencies remain in dialogue about the benefits and risks associated with creating a national beneficial ownership database to help financial institutions comply with BSA Beneficial Ownership requirements that went into effect May 11, 2018.  Some companies have begun contracting with banks/FI’s to help obtain this information. 


In response to expressed concerns from the financial community, the CFPB amended RESPA/TILA disclosure requirements implemented in Regulation Z to remove a timing restriction that prevented creditors from disclosing cost changes after having provided initial Closing Disclosures.  Changes to closing costs are sometimes necessary, e.g., because of a consumer request for a rate lock extension or loss of a home sales contract.  Under the current rule, if the change occurred after the specified time limit for providing revised Closing Disclosures, the associated cost(s) could not be passed on to the consumer.  In response, some creditors elected to employ alternative options to recoup applicable costs, including denying the application/credit or spreading the cost across all consumers in the form of higher fees – both of which defeat the purpose and intent of the original legislation.  Effective Date: June 1, 2018

Regulation CC Changes Effective July 1, 2018

AuditOne’s EFT Practice Director recently issued a detailed communication on the various changes associated with Regulation CC.  We encourage you to read it in detail, as there is some great practical advice on how your institution can create an optimal compliance environment.  As was noted in a clarifying statement that followed, changes in Regulation CC hold limits have not yet been finalized, as they are dependent upon proposed Reg J changes, which are still pending and out for comment at present.

Regulation A Amendment

In May 2018, the Federal Reserve Board approved amendments to Regulation A, which governs extensions of credit by Federal Reserve Banks, to make certain technical adjustments including reflecting the expiration of the Term Asset Backed Securities Loan Facility (TALF) program.  The final amendments revise the provisions regarding the establishment of the primary credit rate at the discount window in a financial emergency, and delete obsolete provisions relating to the use of credit ratings for collateral for extensions of credit under the former TALF program. The final amendments became effective June 8, 2018, 30 days after the date of publication in the Federal Register.  Here’s the link:

Mortgage Servicing

The CFPB recently published an updated Small Entity Compliance Guide for Mortgage Servicing.  Key changes include a coverage chart for mortgage servicing provisions under Regulations X and Z, as well as guidance on periodic statement exemptions.  The updated guide may be accessed through the CFPB’s Mortgage Servicing webpage at:

Vendor/Third Party Risk Management

Vendor Management continues to receive heightened scrutiny, and is of growing importance considering newer risk components such as cybersecurity, online privacy, outsourced operations, cloud computing and various high-profile breaches that have occurred.  Vendor management controls for vendors with consumer compliance implications, such as third-party products, have also received heightened attention.  We encourage ongoing monitoring and a formal audit, at least annually, to ensure compliance with evolving expectations.

Notable Enforcement Action

For those financial institutions that perhaps remain on the fence about whether to develop a standalone UDAAP Risk Assessment and ongoing monitoring program, this recent enforcement action may pique your interest:

On April 20th the OCC and CFPB imposed a $1 billion fine ($500 million each) against Wells Fargo.  The OCC opined that Wells Fargo violated “the unfair practices prong of Section 5 of the Federal Trade Commission (FTC) Act”.  This Act declares that unfair or deceptive acts or practices affecting commerce are illegal. However, unlike many consumer protection laws, Section 5 of the FTC Act also applies to transactions with businesses and not just consumers.  The CFPB further added that the Bank violated the Consumer Financial Protection Act (i.e., the Dodd-Frank Act that established the CFPB).  According to the OCC and CFPB, Wells Fargo violated the Acts in the following ways:

  • Improper placement and/or maintenance of collateral protection insurance (CPI) policies on automobile loan accounts. As a result, borrowers were improperly charged CPI premiums, interest and fees. In some cases, loans went into delinquency and vehicles were improperly repossessed.
  • Customers were charged mortgage interest rate lock extension fees even though the Bank had caused the loan closing to fail to occur within the mortgage interest rate lock period. As a result, customers were improperly charged mortgage interest rate extension fees when the Bank should have borne the cost.

AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us  and for information about all of our audit services see