AuditOne LLC Advisory
From Bud Genovese, Chairman
As we move into the new year, efforts to revisit and refine the Dodd-Frank Wall Street Reform and Consumer Protection Act remain in full swing. Legislators, regulators and other government agencies are continuing work to ensure that laws and regulations drafted by different US agencies align with the current administration’s goals while maintaining competitive markets and effective legislative and regulatory oversight. As part of this effort, we are seeing an increasing number of agency requests for public comments on proposed rule changes to implement the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA).
Within this issuance, we cover key changes to Dodd-Frank along with other noteworthy regulatory developments and enforcement actions that we hope your organization finds useful. This Quarterly General Compliance edition has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. We hope you enjoy! – Bud
DODD FRANK
General Updates
- Dodd-Frank requires the Bureau of Consumer Financial Protection (BCFP, formerly the Consumer Financial Protection Bureau (CFPB)) to conduct an assessment of each significant rule or order and publish a report of its assessment no later than five years after the effective date of the significant rule or order. The assessment must address, among other relevant factors, the effectiveness of the rule in meeting the purposes and objectives of Dodd-Frank. The BCFP recently published the following reports: The Ability to Repay and Qualified Mortgage Rule Assessment Report, available at: https://files.consumerfinance.gov/f/documents/cfpb_ability-to-repay-qualified-mortgage_assessment-report.pdf; and the RESPA Servicing Rule Assessment Report, available at: https://files.consumerfinance.gov/f/documents/cfpb_mortgage-servicing-rule-assessment_report.pdf
- During November 2018, the BCFP issued amended Loan Originator and Home Ownership and Equity Protection Act (HOEPA) Rule guides to reflect amendments made by Section 107 of the EGRRCPA. Links to the guides follow:
https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/bcfp_loan-originator_small-entity_compliance-guide.pdf.
https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/bcfp_hoepa_small-entity_compliance-guide.pdf - The Farm Credit Administration finalized amendments to regulations (effective January 1, 2019) governing the eligibility of non-program investments held by the Federal Agricultural Mortgage Corporation (Farmer Mac). The link follows:
https://www.federalregister.gov/documents/2018/11/02/2018-24045/organization-funding-and-fiscal-affairs-loan-policies-and-operations-and-funding-operations-farmer.
Public Comment Requests
Regulatory agencies are seeking public comments on:
- Impending legislative changes surrounding the sharing of Nonpublic Personal Information. This action could have a significant impact on the amount and type of data obtained and retained by financial institutions. Two key focus areas include:
- Ways to enhance the quality, utility and clarity of the information to be collected
- Ways to minimize the burden of the collection of information on respondents, including using automated collection techniques or other forms of information technology
The deadline to submit Comments is January 22, 2019. A link follows:
https://www.federalregister.gov/documents/2018/12/21/2018-27738/agency-information-collection-activities-submission-for-omb-review-comment-request?utm_campaign=subscription%20mailing%20list&utm_source=federalregister.gov&utm_medium=email - Impending rulemaking that would amend existing stress testing regulations to change the minimum threshold for applicability from $10 billion to $250 billion, revise the frequency of required stress tests by FDIC-supervised institutions from annual to periodic, and reduce the number of required stress testing scenarios from three to two. The deadline to submit Comments is February 19, 2019. A link follows: https://www.govinfo.gov/content/pkg/FR-2018-12-28/pdf/2018-27824.pdf
- A proposal that would establish risk-based categories for determining applicability of requirements under the regulatory capital rule, the liquidity coverage ratio rule and the proposed net stable funding ratio rule for large U.S. banking organizations. The proposal would not extend to intermediate holding companies of a foreign banking organization or its subsidiary depository institutions or federal branches or agencies of foreign banking organizations. The deadline to submit Comments is January 22, 2019. A link follows: https://www.govinfo.gov/content/pkg/FR-2018-12-21/pdf/2018-27177.pdf
- A proposed rule that would increase the threshold level at or below which appraisals would not be required for residential real estate-related transactions from $250,000 to $400,000. Applicable regulated institutions would still be required to obtain an evaluation of the real property collateral that is consistent with safe and sound banking practices. The proposed rule would also include consideration of residential property in rural areas that have been exempted from existing appraisal requirements pursuant to the EGRRCPA (evaluations would instead be required for these transactions). The deadline to submit Comments is February 5, 2019. A link follows: https://www.govinfo.gov/content/pkg/FR-2018-12-07/pdf/2018-26507.pdf
- A proposed rule to expand the eligibility to file the FFIEC 051 Call Report, to include certain insured depository institutions with less than $5 billion in total consolidated assets that meet other criteria, and to establish reduced reporting on the FFIEC 051 Call Report for the first and third reports of condition for a year. The deadline to submit Comments is January 18, 2019. A link follows: https://www.govinfo.gov/content/pkg/FR-2018-11-19/pdf/2018-24587.pdf
HEMP (MARIJUANA) DECRIMINALIZATION: WHAT DOES IT MEAN FOR BANKING?
On December 20, 2018, President Trump signed into law the Agriculture Improvement Act of 2018, a.k.a. the Farm Bill (the Act). The Act removed “hemp” from the “Controlled Substances Act”, a move that effectively decriminalizes marijuana production at the federal level. Some noteworthy changes as a result of this Act follows:
- Allows hemp production in all states – even those that have not yet acted to allow it.
- Cannabis sativa L. plants at or below 0.3% THC are no longer classified as controlled substances under the Controlled Substances Act.
- Allows hemp farmers to get crop insurance and access to federal water rights.
- Protects hemp farmers from criminal prosecution for growing hemp with elevated THC content.
What Does This Mean for Banking?
Only time will tell. To date, 22 states have decriminalized marijuana; 33 states have approved medical marijuana, and 10 states and Washington, D.C. have legalized the sale and use of marijuana. Proponents believe that the combination of Sessions’s departure and the new House composition is likely to open the door for greater marijuana law reform measures and policy changes. If and until then, financial institutions should continue conducting customer due diligence that includes registration/license verification; understanding normal and expected activity levels, including the types of products sold and the type of customers served; monitoring publicly available data sources for adverse information; and ongoing monitoring for suspicious activity. Follow this link for further details:
https://en.wikipedia.org/wiki/2018_United_States_farm_bill
CRA NEWS & DEVELOPMENTS
CRA Data on Small Business, Small Farm & Community Development Lending
On October 25, 2018, the FRB, OCC and FDIC announced the availability of CRA data on small business, small farm, and community development lending reported by certain commercial banks and savings associations. An FFIEC disclosure statement on the reported 2017 CRA data is now available for each reporting commercial bank and savings association. The FFIEC also prepared aggregate disclosure statements of small business and small farm lending for all of the metropolitan statistical areas and non-metropolitan counties in the United States and its territories. These statements are available for public inspection on the FFIEC website (www.ffiec.gov/cra).
New CRA Data Thresholds
As a result of the 2.59 percent increase in the Consumer Price Index for the period ending in November 2018, the definitions of Small and Intermediate Small institutions for CRA examinations changed (effective January 1, 2019) as follows:
- “Small Bank” or “Small Savings Association” means an institution that, as of December 31 of either of the prior two calendar years, had assets of less than $1.284 billion.
- “Intermediate Small Bank” or “Intermediate Small Savings Association” means a Small Institution with assets of at least $321 million as of December 31 of both of the prior two calendar years but less than $1.284 billion as of December 31 of either of the prior two calendar years.
A link to the joint final rule follows:
https://www.fdic.gov/news/news/press/2018/pr18100a.pdf?source=govdelivery&utm_medium=email&utm_source=govdelivery
Federal Home Loan Board Federal Housing Program & CRA
On November 28, 2018, the Federal Housing Agency issued a final rule (12 CFR Parts 1290 and 1291) to amend its regulation governing the Federal Home Loan Board Affordable Housing Program (AHP or Program). The Federal Home Loan Bank Act (Bank Act) requires banks to establish a Program to provide subsidies for long-term, low- and moderate- income, owner-occupied and affordable rental housing. Institutions subject to compliance are required to allocate annually 10 percent of its prior year’s net income to fund its Program to help subsidize the purchase, construction, and rehabilitation of affordable rental and owner-occupied housing. Homeowners and homebuyers receiving AHP subsidies must be low- or moderate-income (incomes at or below 80 percent of area median income (AMI)). For rental housing, at least 20 percent of the units must be occupied by very low-income households (incomes at or below 50 percent of AMI) and must be affordable (rents charged do not exceed 30 percent of income).
This final rule amends the FHA regulation to, amongst other things,
- provide banks with additional authority and flexibility when it comes to how AHP funds are allocated;
- allow banks to use noncompetitive project selection methods;
- ease certain project monitoring requirements;
- clarify expectations for resolving project noncompliance scenarios; and,
- eliminate some of the red tape associated with household subsidy repayments.
Worthy of note is that under the new Competitive Application Program, for-profit developers may now apply to Banks for AHP subsidies (which, prior to this rule, had been set aside for nonprofit affordable housing developers). We encourage financial institutions to consider potential CRA impacts and adjust planning and allocations accordingly.
The rule becomes effective December 28, 2018, with a qualification that – under certain conditions stated within the rule – through December 31, 2020 a Bank may comply with either the AHP regulation in effect immediately prior to this final rule’s effective date or this final rule. After January 1, 2020, Banks must only comply only with this final rule.
For more information, click on this link:
https://www.gpo.gov/fdsys/search/pagedetails.action?granuleId=2018-25635&packageId=FR-2018-11-28
HOME MORTGAGE DISCLOSURE ACT
- Banks, savings associations and credit unions with assets of $46 million or less as of December 31, 2018 are exempt from collecting HMDA data in 2019. This is a slight increase from $45 million for 2018 data. A link to the final rule (12 CFR Part 1003) follows:
https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/bcfp_final-rule_home-mortgage-disclosure-act_annual-adjustment_12-2018.pdf - The FFIEC HMDA 2019 Filing Instruction Guide can be found here:
https://s3.amazonaws.com/cfpb-hmda-public/prod/help/2019-hmda-fig.pdf - The FFIEC launched the new HMDA Platform for data collected in 2018. Key offering is that it will allow financial institutions to assess whether their sample LAR data complies with new reporting requirements in the Filing Instructions Guide for HMDA data collected in 2018.
OTHER COMPLIANCE NEWS & DEVELOPMENTS
Appraisal Regulation Guidance
On October 16, 2018, the FFIEC issued Frequently Asked Questions on the Appraisal Regulations and Interagency Appraisal and Evaluation Guidelines. A link follows:
https://www.occ.gov/news-issuances/bulletins/2018/bulletin-2018-39a.pdf
Flood Insurance
Regulatory agencies issued guidance for financial institutions on issuing loans when the National Flood Insurance Program in unavailable. A link follows:
https://www.federalreserve.gov/newsevents/pressreleases/bcreg20181228a.htm
BSA/AML
On December 28th, the FDIC announced the release of an updated technical assistance video on BSA/AML requirements, and the Treasury Department’s OFAC sanctions programs. The updated video provides an overview of current BSA/AML and OFAC requirements for directors of FDIC-supervised banks and savings associations. https://www.fdic.gov/news/news/financial/2018/fil18090.pdf
California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is effective January 1, 2020. The Act includes a 12-month “look back” requirement, which means it is a good time to pause to ensure that your financial institution has the infrastructure to comply.
https://www.caprivacy.org/
FFIEC Statement on OFAC Cyber-Related Sanctions
The FIIEC issued a statement about recent actions taken by the Department of Treasury’s Office of Foreign Asset Control (OFAC) under their Cyber-Related Sanctions Program and to the potential impact it may have on financial institutions’ risk-management programs. A link follows:
https://www.ffiec.gov/press/pr110518.htm
Telephone Consume Protection Act
On December 13, 2018, the FCC released an Order “directing the creation of a single comprehensive database for disconnected and reassigned telephone numbers.”. The Act is effectively designed to insulate certain impacted callers from Telephone Consumer Protection Act violations.
https://www.jdsupra.com/legalnews/fcc-establishes-reassigned-number-18629/
FFIEC Examination Modernization Project
On November 27, 2018, the FFIEC issued a second update on the “Examination Modernization Project”, focused on tailoring examination plans and procedures based on risk, which is another area that holds promise for reducing burden. The project identifies and assesses ways to improve the effectiveness, efficiency, and quality of community financial institutions Safety and Soundness examination processes, particularly through increased use of technology. The first update was issued on March 22, 2018, with a focus on steps taken to improve the examination process, which included the identification of areas with the potential for the most meaningful supervisory burden reduction. A link follows:
https://www.ffiec.gov/press/pr112718.htm
NOTABLE SANCTIONS AND ENFORCEMENT ACTIONS
UBS
FinCEN assessed a $14.5 million civil money penalty on UBS Financial Services, Inc. (UBSFS) for willful violations of AML Program requirements (associated with brokerage and “banking-like” services) and Section 312 of the USA Patriot Act (regarding due diligence on correspondent accounts and financial institutions). UBS was also cited for failing to provide its AML compliance officer with “the resources needed to ensure day-to-day compliance with the BSA”, adversely impacting their ability to adequately review potentially suspicious activity “triggered by its automated monitoring system and make reasonable determinations whether or not to file suspicious activity reports (SARs).” Inadequate staffing was also cited as the reason for backlogged alerts and SAR filings. The order can be found here:
www.fincen.gov/sites/default/files/enforcement_action/2018-12-18/UBS%20Assessment%2012.17.2018%20FINAL_508%20Revised.pdf
AllNations
On October 25, 2018 the FRB issued an enforcement action against AllNations Bank. Amongst other things, it requires very specific actions related to the BSA and overall Compliance Program, including improvement to controls surrounding customer due diligence, suspicious activity monitoring and reporting and resources. A link follows:
https://www.federalreserve.gov/newsevents/pressreleases/enforcement20181025a.htm
International Network of Corporations
The FTC alleges that – using shell companies and straw owners – an international network of corporations and individuals made false claims about “free” trial offers, followed by unauthorized charges to their accounts. Aside from the UDAAP implications that are more directly cited, can you see how the new BSA “beneficial ownership rule” – if followed – may have raised enough suspicion to prompt further inquiry/ investigation. A link to the FTC action follows:
https://www.ftc.gov/news-events/press-releases/2018/11/court-temporarily-halts-international-operation-allegedly
JP Morgan Chase
JPMorgan Chase recently paid $5.3 million settlement for OFAC violations. Settlement details may be found at https://www.law.com/corpcounsel/2018/10/09/jp-morgan-chases-5-3m-sanctions-settlement-some-lessons/?slreturn=20190011155721
FFIEC Statement on OFAC Cyber-Related Sanctions
The FIIEC issued a statement about recent actions taken by the Department of Treasury’s Office of Foreign Asset Control (OFAC) under their Cyber-Related Sanctions Program and to the potential impact it may have on financial institutions’ risk-management programs. A link follows:
https://www.ffiec.gov/press/pr110518.htm
USAA
It’s been a while since we’ve seen a combined Electronic Funds Transfer Act (EFTA) & Regulation E order such as the one assessed against USAA. A link follows:
https://s3.amazonaws.com/files.consumerfinance.gov/f/documents/bcfp_usaa-federal-savings-bank_consent-order.pdf
AuditOne LLC – Company Overview
AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at (949) 981-0420 or Kevin Watson, Co-CEO at (562) 802-3581 and for information about all of our audit services see AuditOneLLC.com