AuditOne Compliance Advisory: 2018 Q3

AuditOne LLC Advisory

From Bud Genovese, Chairman

Regulatory reform is alive and well, and the regulatory community is actively responding. Announcements about new regulatory communication vehicles and publications, enhanced websites, and amendments have been plentiful. While promising, it has not come with a reduction in compliance enforcement. To the contrary. American Banker recently reported that there was a 63% increase in net new enforcement actions in the second quarter of 2018 from a year earlier. The study detailed that while there has been an easing in requirements surrounding qualified mortgages, exam schedules and Call Reports, higher risk compliance areas such as Fair Lending, money laundering and CRA continue to receive a high level of scrutiny. Better time than any to take a pulse on your institution’s readiness to handle changes. Consider whether there is a sound Project Management and Change Control infrastructure in place to help management and employees quickly adapt to changes to systems, operations, and internal controls, as necessary, to maintain satisfactory levels of compliance.

Within this issuance, we cover changes to Dodd Frank along with a variety of key regulatory developments that we hope your organization finds useful. This Quarterly General Compliance edition has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. We hope you enjoy! – Bud


On July 21, 2010, President Barack Obama signed the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 into law, in response to the global financial crisis of 2008. On May 24, 2018, President Trump signed S. 2155, the Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCPA) into law, which eased certain Dodd-Frank rules and regulations. Our second quarter 2018 General Compliance Advisory included an overview of the key provisions of S. 2155. Below are a few key updates:

  • The Federal Reserve Board (FRB) issued Consumer Affairs Letter CA-18-4 to address the restoration of the Protecting Tenants at Foreclosure Act. Under the law, the immediate successor in interest at foreclosure must provide bona fide tenants with 90 days’ notice prior to eviction and allow tenants with leases to occupy property until the end of the lease term. However, the lease can be terminated on 90 days’ notice if the unit is sold to a purchaser who will occupy the property. The FRB Consumer Affairs Letter CA-18-4 is available at
  • The Consumer Financial Protection Bureau (CFPB) issued an interpretive and procedural rule to implement and clarify changes made to HMDA by section 104 of the EGRRCPA. To support implementation of the rule, the CFPB published an executive summary and updated the Filing Instructions Guide for HMDA data collected in 2018. The rule provides a partial exemption to some smaller volume banks and credit unions from some HMDA data filing requirements. Federal agencies emphasized that the new law will not affect the format of the Loan Application Registers for institutions filing 2018 data in 2019. The rule can be accessed here:
  • On September 21, 2018, the CFPB issued an interim final rule to update the CFPB’s model forms for the Summary of Consumer Identity Theft Rights and the Summary of Consumer Rights to incorporate a notice of rights required by a new provision of the Fair Credit Reporting Act (Regulation V), added by the EGRRCPA:
  • Stemming from a desire to expand the number of insured depository institutions and U.S. branches/ agencies of foreign banks eligible for an 18-month on-site examination cycle, federal banking agencies issued interim final rules that generally would allow qualifying insured depository institutions with less than $3 billion in total assets to benefit from an extended 18-month on-site examination cycle:


In July 2017, the CFPB issued a revised TRID rule containing a plethora of amendments and corrections to the original rule. Timely, as many in the financial services industry have struggled with rule interpretation for certain loans, transaction types and scenarios. Mandatory compliance is required for applications received on or after October 1, 2018.

It would be wise to ensure your organization’s policies and procedures are updated to comply with the revised rule, and that employees are appropriately trained. A review of the system of record and vendor relationships to ensure related software and vendor services are up-to-date is also recommended.

The new rule, a noteworthy 560 pages, can be found here:


  • Exceptive relief is now permanent … After consulting with stakeholders and financial institutions, the Financial Crimes Enforcement Network (FinCEN) announced on September 7, 2018 that it has permanently granted “exceptive relief” to covered financial institutions from the Beneficial Ownership Rule’s requirement to identify and verify beneficial ownership information on or after May 11, 2018, as a result of the following:
    1. CD rollovers;
    2. loan renewals, modifications, and extensions that do not require underwriting review and approval;
    3. commercial line of credit or credit card account renewals, modifications or that do not require underwriting review and approval; and
    4. safe deposit box rental renewals.

    Important to note that this relief does not apply to the initial opening of any of the types of accounts listed above, nor does it relieve any covered financial institution of its customer due diligence requirements under AML program rules. A link to the ruling follows:

  • The Bank Secrecy Act/Anti-Money Laundering (BSA/AML) InfoBase website – a vehicle to share bank examination procedure information with examiners, financial institutions, the public, and other stakeholders – was redesigned to improve the overall user experience. Updates were made to site navigation search and mobile-friendly capabilities, as well as to functionality that allows users to download various sections of the FFIEC BSA/AML Examination Manual. The redesigned website can be found here:
  • On October 3, 2018, federal regulators announced that community banks and credit unions will be allowed to share resources in an effort to bolster BSA compliance and AML obligations. Collaborative arrangements, as described in the statement, are typically most beneficial to financial institutions with a community focus, less complex operations, and lower-risk profiles for money laundering or terrorist financing. The announcement can be found here:


Increasing regulator focus on the risk and exposure associated with elder financial abuse warrants a brief pause to assess whether current policies and practices are strong enough to pass muster during your next regulatory exam. To place your institution in the best compliance position, you’ll want to ensure your organization’s policies and practices address the following:

  • A definition of elder/adult dependent financial abuse
  • That all officers and employees of the bank or credit union are “mandated reporters”
  • The obligation to file a report of suspected financial abuse
  • That the suspected financial abuse must be reported by telephone immediately to the local Adult Protective Services (APS) branch or local law enforcement, followed by a written report sent within two working days to the same agency
  • Training requirements
  • Address the need to file a Suspicious Activity Report (SAR)
  • How the reporting of suspected abuse will be handled internally, such as notifying the compliance officer, manager, or supervisor
  • Board review/approval of Financial Elder Abuse Policy, at least annually


On September 12, 2018, the FRB published a final rule that amends Subpart C of Regulation CC to address situations where there is a dispute as to whether a check has been altered or was issued with an unauthorized signature and the original paper check is not available for inspection. These amendments continue the FRB’s efforts to update Regulation CC to reflect the evolution of the nation’s check collection system from one that is largely paper-based to one that is virtually all electronic. The amended rule is effective January 1, 2019. The FRB release can be found here:


Federal Trade Commission (FTC) Issues Report On Efforts to Protect Older Consumers

The report, Protecting Older Consumers 2017-2018: A Report of the FTC, outlines the FTC’s research, law enforcement, and education efforts aimed at protecting older Americans. Interesting fact: In 2017, older adults were more likely to report fraud than younger people, and in those reports, indicated less frequently that they had lost money. But does this mean their overall risk profile is lower? Read on. The facts may surprise you:

2018 Census Data Now Available

The FFIEC’s Geocoding System has been updated with 2018 Census demographic data. Click on the “What’s New” tab on the Community Reinvestment Act page of the FFIEC website at

Enhanced CRA Filing Software

The FFIEC released updated software for reporting and filing 2018 CRA data required from covered banks and thrifts under the Community Reinvestment Act (CRA). This version facilitates data entry for calendar year 2018 data that must be submitted by March 1, 2019:

Consumer Compliance Supervision Bulletin

The FRB has announced the launch of the Consumer Compliance Supervision Bulletin – a new publication that will “provide bankers and others interested in consumer protection with high-level summaries of pertinent supervisory issues.” The Bulletin is intended to enhance transparency regarding the agency’s consumer compliance supervisory program and highlight violations that have been identified. It will also provide practical steps for institutions to consider when managing consumer compliance risks, and will briefly highlights recent regulatory and policy developments. The first issue focuses on:

  • Fair Lending (redlining, discriminatory loan pricing and underwriting);
  • UDAAP (unfair or deceptive acts or practices involving overdrafts, loan officer misrepresentations and products and services marketed to students);
  • Military Lending Act; and,
  • Other recent regulatory and policy developments

The Bulletin is available at:

Noteworthy Enforcement Action

TCF National Bank: The CFPB reaches $30 million settlement with TCF National Bank regarding its marketing and sale of overdraft services:

Stay tuned for more data on emerging activities surrounding Fintech and Cybercurrency BSA/Anti-Money Laundering enforcement.

AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see