AuditOne Compliance Advisory: Q1, 2017

AuditOne Advisory

From Bud Genovese, Chairman

The first quarter of 2017 has ushered in a period of stepped-up reform that could significantly impact the regulatory landscape for banking.  This includes Key Regulatory Changes; Presidential Memos, Pronouncements, and Executive Orders; Proposed Rulemaking/Comments; HMDA Filing Resources; Other Key Issuances; and Recent Enforcement Actions.  This has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC.  We hope you enjoy! – Bud





Community Reinvestment Act (CRA)Asset-size thresholds used to define ‘‘Small Bank’’ or ‘‘Small Savings Association’’ and ‘‘Intermediate-mall Bank’’ or ‘‘Intermediate-Small Savings Association have been revised.  Beginning January 18, 2017, banks and savings associations that, as of December 31 of either of the prior two calendar years, had assets of less than $307 million are Small Banks or Savings Associations. Those with assets of at least $307 million and less than $1.226 billion as of December 31 of either of the prior two calendar year-ends are Intermediate-Small Banks or Savings Associations.January 18, 2017
Regulations E & ZThe CFPB issued a final rule to delay the Oct. 1, 2017 effective date of the rule governing Prepaid Accounts under the Electronic Fund Transfer Act (Regulation E) and the Truth in Lending Act (Regulation Z) by six months.Note that legislators have initiated a process to nullify this rule via a procedure established by the Congressional Review Act; the procedure permits
Congress to nullify a covered rule adopted by a federal agency if Congress acts while in session.  The procedure has only been known to be used once before.
Revised Implementation Date: April 1, 2018
Regulatory Freeze MemoThe White House issued a memo to executive departments and agencies calling for a pause or temporary freeze on new regulations. There were three parts to the memo:


1. For regulations that had not yet been sent to the Office of Management and Budget (OMB) for review, the memo called for work to pause until the agency was led by new leadership appointed or designated by the president.

2. For regulations that had been sent to OMB but not yet been published, the memo called for them to be withdrawn.

3. For regulations that had been published but not yet gone into effect, the instruction was to postpone their effective date by 60 days to allow for review and to consider proposing a regulation to extend them for a further period to allow for “more adequate review” of the regulation for questions of fact, law or policy.

Although there was debate about whether the regulatory agencies (i.e. OCC, CFPB, FRB, etc.) were covered as part of this memo, there is a general belief based on past practice that there would be “some effort on their part to comply with the spirit of the memo”.

January 20, 2017
Fiduciary Rule MemoPresidential memorandum directing the Labor Secretary to reexamine the rule issued under the Obama Administration that broadened the definition of who is a “fiduciary” under the Employee Retirement Income Security Act and the Internal Revenue Code, an expansion that could reach into traditional bank products such as individual retirement accounts and 401(k) plans.  Any person deemed to be a fiduciary to an account under the new rule has significantly expanded duties, obligations, and liability to the account and its owner, and is subject to the so-called “prohibited transactions” provisions of ERISA and the Code. Anyone violating a prohibited transaction faces excise taxes and civil liability.Issued February 3, 2017.  Compliance required by April 10,
Delegating Terrorist Report RequestPresidential memorandum that directs the President to review “known instances since 2011 in which a person has traveled or attempted to travel to a conflict zone in Iraq or Syria from the United States to join or provide material support or resources to a terrorist organization,” and submit a report to Congress.April 12, 2017
Reporting Sanctions on Foreign PersonsPresidential memo demonstrating intent to comply with section 1264 of the Global Magnitsky Human Rights Accountability Act (Subtitle F, Public Law 114-328) (the “Act”) by providing a report on its implementation.  The current administration provided the required report, compiled by the Departments of State, the Treasury, and other relevant executive departments and agencies (agencies), outlining support for the legislation and its enforcement. April 20, 2017


According to data obtained from the American Presidency Project the use of executive orders peaked in the era of the New Deal, with Franklin D. Roosevelt setting the record at slightly over 290. Although the numbers have declined overall since the early 1900s, there has been a notable shift in purpose, from largely routine/ administrative matters pertaining to internal affairs to increasingly legislative, having a more direct impact on the rights and duties of private parties and governmental officials.

Because Executive Orders do not require Congressional approval, they enable Presidents to bypass Congressional debate while having the “full force and effect of law”. Considering President Trump’s comment that “we’re going to be doing a big number on Dodd-Frank”, financial institutions should be prepared for continued efforts to roll back Dodd-Frank.  The timing and nature of the impact on financial institutions will vary, dependent in part on how quickly regulatory agencies are able to review the body of impacted laws and regulations to determine what needs to be revised, removed or left unchanged.

As of month end April 2017, the President issued 90 Executive Orders.  Below are some that more directly impact banking:*




#13771: Reducing Regulation and Controlling Regulatory Costs Requires that each proposed new regulation include a proposal to repeal two existing regulations; and, that the costs (or savings via repeal) of the two regulations to be eliminated should equal or exceed the costs of the proposed new regulation.


“For fiscal year 2017, the cost of each new proposed regulation must be matched by the cost of the two proposed for repeal. Starting with fiscal year 2018, agencies remain bound by the regulatory plans that they are already required to publish each year. However, the plans must now include cost estimates for any proposal that would increase costs as well as estimates of the offsetting savings from the repeal of the two regulations that the agency proposes to link to it. From this information, the OMB would develop a regulatory budget, with each agency given by OMB a regulatory cost limit that it would not be allowed to exceed. That limit from OMB may allow a net increase for the year or may even prescribe a net overall reduction”.

January 30, 2017
#13772: The Core Principles of Financial Regulation Sets out seven core principles for regulating the financial system. Although nothing within this order mandates burden reduction or less regulation, it does lay out the process for reviewing regulatory burdens and creating the factual basis for specific regulatory reforms.February 3, 2017
#13773: Combatting Criminal Organizations


#13776: Reducing Crime

Intended to “thwart” criminal organizations, including “criminal gangs, cartels, racketeering organizations, and other groups engaged in illicit activities.”  Directs law enforcement to apprehend and prosecute citizens, and deport non-citizens involved in criminal activities including “the illegal smuggling and trafficking of humans, drugs or other substances, wildlife, and weapons,” “corruption, cybercrime, fraud, financial crimes, and intellectual-property theft,” and money laundering. A second order was signed on this day to reduce violent crime in the US, and “comprehensively address illegal immigration, drug trafficking, and violent crime.” The action directs Attorney General Jeff Sessions to assemble a task force in order to identify new strategies and laws to reduce crime, and to evaluate how well crime data is being collected and leveraged across the country.February 9, 2017
#13768: Enhancing Public Safety in the
Interior of the United States
The EU-U.S. Umbrella Agreement on Data Protection – aka the Privacy Shield – allows for a legal way to gather Europeans’ personally identifiable information and transfer it to servers in the United States without violating EU data protection and privacy laws.   Negotiations during President Obama’s tenure resulted in the United States promising that the protections afforded by the Privacy Act would also be applied to Europeans.  This order mandates that protections of the Privacy Act will now only apply to U.S. citizens and lawful residents of the United States; Europeans are henceforth exempted.   (The Privacy Act was passed in 1974 and establishes a code of fair information practices that governs the collection, maintenance, use and dissemination of information about individuals that is maintained in systems of records by federal agencies, according to the U.S. Department of Justice.) European politicians have demanded that the EU clarify what the impact of the executive order will be warning that results could be bad for American business, pointing to section 14 of the order that says that it will apply “to the extent consistent with applicable law” to prove that the order does not actually deny Privacy Act protections to Europeans.  There is a still a great deal of uncertainty about the impact of this order, particularly given the January 17th designation of 26 countries and the European Union as a whole.  Stay tuned.February 20, 2017
#13777: Enforcing the Regulatory Reform AgendaGives 60 days to the head of each agency to designate an agency official as its “regulatory reform officer.” This officer is to oversee the implementation of several other regulation focused executive orders, while also chairing a newly created Regulatory Reform Task Force in each of the respective agencies. These task forces will evaluate their agencies’ existing regulations and make recommendations regarding their repeal, replacement, or modification.It is currently unclear whether the White House intends this executive order to apply to independent agencies like the banking regulators.February 24, 2017
#13789: Identify and Reducing Tax Regulatory Burdens;
Supplement to Order 13771 (Dodd Frank Roll Back)
Goal is to take action necessary to “reduce the burden existing tax regulations impose on American taxpayers and thereby to provide tax relief and useful, simplified tax guidance”. Also orders a 180-day review of two parts of the Dodd-Frank Act — the Orderly Liquidation Authority (OLA) and the construct and function of the Financial Stability Oversight Council — as part of overall effort to roll back certain aspects of Dodd-Frank.April 21, 2017

*Please note that list is not meant to be all-inclusive; rather, its focus is on key regulatory & legislative actions pertaining to Banking.  Other Executive Orders issued through April 2017 focus on environmental laws, immigration & travel, oil pipelines/energy, trade, climate change, ISIS, reorganizing the National Security Council, Wall Street regulations, the deficit, rural prosperity, law enforcement, protecting national lands and tax regulations. For a complete list of Executive Orders,
go to





Cyber Risk ManagementOn October 26, 2016, the FRB, OCC and FDIC published in the Federal Register an advance notice of proposed rulemaking regarding enhanced cyber risk management standards for large and interconnected
entities under their supervision and those entities’ service providers. The ANPR addresses five categories of cyber standards: Cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness.
Issued October 26, 2016.  Comment Deadline extended from January
17, 2017 to February 17, 2017
Loan in Special Flood Hazard AreasThe OCC, FRB, FDIC, Farm Credit Administration (FCA), and National Credit Union Administration (NCUA) are issuing a new proposal to amend their regulations regarding loans in areas having special flood hazards
to implement the private flood insurance provisions of the Biggert-Waters Flood Insurance Reform Act of 2012. The proposed rule would require regulated lending institutions to accept policies that meet the statutory
definition of private flood insurance in the Biggert-Waters Act and permit regulated lending institutions to accept flood insurance provided by private insurers that does not meet the statutory definition of ‘‘private flood insurance’’ on a discretionary basis, subject to certain restrictions.
Comments were due January 6, 2017
Mortgage Servicing RulesThe CFPB is working in advance of its five-year deadline in starting the process to get industry feedback on the Real Estate Settlement Procedures Act (RESPA) mortgage servicing rule (MSR). This rule essentially gave borrowers new consumer protections related to mortgage loan servicing, many of which were aimed at helping consumers who were having trouble making their mortgage payments. Relatedly, the CFPB recently finished the MSR slated to go into effect on October 19, 2017. The final rule clarified and revised the 2013 RESPA Servicing Final Rule and the 2013 TILA Servicing Final Rule, which does not fall under Dodd Frank. The final report of the CFPB’s assessment results will not be issued until January 2019. of Plan to Obtain Industry Feedback on MSR: May 4,

*Please note that list is not inclusive; its focus is on key regulatory & legislative actions pertaining to Banking
that are worthy of note. 


The CFPB and FFIEC recently published a list of resources designed to assist financial
institutions with revised HMDA requirements as follows:

  • Frequently Asked Questions (FAQ): The FAQ includes answers to many questions about how to submit and file 2017 HMDA data, particularly how to use the 2017 LAR Formatting Tool;
  • Technology Preview: A webpage to provide an initial view into the way HMDA filers will interact with the new online, designed to help streamline the HMDA submission process;
  • Filing Instruction Guides: Separate Filing Instructions Guides (FIG) are already available for HMDA data to be collected in both 2017 and 2018; and
  • 2017 LAR Formatting Tool: The Loan/Application Register (LAR) Formatting Tool is intended to help financial institutions, typically those with small volumes of covered loans and applications, to create an electronic file that can be submitted to the HMDA Platform.

For a complete description of available tools and resources go to:


  • OCC Exam supplemental examination procedures for Third Party Relationships:  On January 24, 2017, the OCC issued examination procedures to supplement OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” issued October 30, 2013.  The focus is primarily on providing more in depth examination guidance around risk management- related processes.
  • CFPB Bulletin on Incentive Compensation Expectations: The CFPB recently issued a Bulletin (the Bulletin) highlighting the risks that production based incentives may pose to consumers, noting that they can lead to practices that result in unintended consumer harm if not properly managed. Examples of those practices include steering consumers into products that are not to their benefit, unauthorized account openings, and unauthorized opt-ins to overdraft services. The Bulletin also includes steps that institutions can take to “detect, prevent, and correct” unexpected outcomes; and, details control areas that should be considered including policies and procedures, training, monitoring/reviews, complaint management, and periodic independent audits.


  • FinCEN and the OCC announced the assessment of civil money penalties totaling $7 million on Merchants Bank of California, Carson, CA, for significant willful violations of the Bank Secrecy Act (April 2017).
  • The CFPB took action against four online lenders–Golden Valley Lending, Inc., Silver Cloud Financial, Inc., Mountain Summit Financial, Inc., and Majestic Lake Financial, Inc.–for deceiving consumers by collecting debt they were not legally owed (April 2017).
  • The CFPB sued Owen, one of the largest non-bank mortgage servicers for violations at several stages of the mortgage servicing process (April 2017).
  • The CFPB issued a $3 million to Experian and its subsidiaries regarding deceptive representation of how credit scores sold to consumer are used (March 2017)
  • The CFPB assessed penalties against Nationstar Mortgage LLC for Home Mortgage Disclosure Act (HMDA) reporting issues (February 2017).
  • The CFPB fined Prospect Mortgage LLC $3.5 million in penalties for an illegal kickback scheme associated with mortgage business referrals in violation of the Real Estate Settlement Procedures Act (RESPA) (January 2017)