AuditOne Compliance Advisory: Q4 2019 / Q1 2020

AuditOne Advisory

From Bud Genovese, Chairman

In this issue, we cover significant changes in the compliance arena, to include the OCC’s rescission of over 200 outdated rules; updated Agency exam manuals; regulatory guidance and FAQs associated with the new retirement-related SECURE Act, TILA/RESPA Integrated Disclosure (TRID) Rule, Community Reinvestment Act (CRA) and Home Mortgage Disclosure Act (HMDA); and the status of efforts to modernize regulations such as Advertising & Signage requirements, the Remittance Transfer Rule, CRA and the Fair Debt Collection Practices Act (FDCPA).  We also offer practical insights on how financial institutions can maintain an effective compliance framework while incorporating recent regulatory incentives to support the flow of credit as a result of the Coronavirus pandemic (COVID-19).  

Note: As a result of the significant increase in regulatory issuances with near to immediate impact as a result of COVID-19, we expanded this 4Q 2019 Compliance Advisory to include key compliance-related updates through March 31, 2020.

This Compliance Advisory has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. We hope you enjoy! – Bud


In recent weeks, regulatory Agencies have published several communications on initiatives to support the flow of credit to households and businesses during the COVID-19 pandemic. Below, we’ve highlighted the Agency incentives most pertinent to the world of Compliance followed by some practical insights on maintaining a sound compliance framework, whether times are stable or, like now, disrupted.


The FDIC, FRB, OCC, NCUA and CFPB issued an Interagency Statement on Loan Modifications and Reporting by Financial Institutions Working with Customers Affected by the COVID-19 to encourage financial institutions to work constructively with borrowers impacted by COVID-19 and provide additional information regarding loan modifications. Highlights:

  • Encourages financial institutions to work constructively with borrowers affected by COVID-19;
  • Will not criticize institutions for prudent loan modifications and will not direct supervised institutions to automatically categorize COVID-19-related loan modifications as troubled debt restructurings (TDRs);
  • Confirmed with the Financial Accounting Standards Board (FASB) that short-term modifications made on a good faith basis in response to COVID-19 to borrowers who were current prior to any relief are not TDRs;
  • Modification efforts described in the interagency statement for one-to-four family residential mortgages where loans are prudently underwritten and not past due or carried in nonaccrual status do not result in loans being considered restructured or modified for the purpose of respective risk-based capital rules; and
  • Views prudent loan modification programs in response to COVID-19 as positive actions that can effectively manage or mitigate adverse impacts on borrowers due to COVID-19, leading to improved loan performance and reduced credit risk.

The Interagency Statement also provides supervisory views on regulatory reporting of past due and nonaccrual status for loan modification programs whereby past due status should be based on the modified due date.  Additionally, it reminds institutions that loans that have been restructured will continue to be eligible as collateral at the FRB’s discount window based on the usual criteria.  This applies to financial institutions with assets under $1 billion.  A link to the statement follows:

The NCUA recently issued a Letter that seeks to encourage credit unions to provide additional financial assistance to borrowers impacted by COVID-19…“The NCUA encourages credit unions to work with affected borrowers”…noting that  examiners “will not criticize a credit union’s efforts to provide prudent relief for members when such efforts are conducted in a reasonable manner with proper controls and management oversight.”  Among the suggested accommodations:

  • Waive overdraft, late and ATM fees;
  • Waive early withdrawal penalties on time deposits;
  • Ease credit terms and restrictions on check cashing;
  • Increase credit card limits;
  • Increase ATM daily cash withdrawal limits;
  • Ease restrictions on cashing out-of-state and non-member checks;
  • Offer payment accommodations, such as allowing borrowers to defer or skip some payments or extend the payment due dates, which would avoid delinquencies and negative credit bureau reporting caused by any COVID-19-related disruptions.

A link follows:

Several announcements were made regarding this initiative:

  • The U.S. Department of Housing and Urban Development (HUD) and the Federal Housing Finance Agency (FHFA) temporarily suspended all foreclosures and evictions “in response to the economic shock renters and homeowners are experiencing due to the outbreak of COVID-19.”
  • The CFPB announced a moratorium on foreclosures and evictions of borrowers with federally backed mortgage loans, noting that it is a “timely and an important step in providing assurance to consumers amid ongoing concerns about the spread of the COVID-19”
  • The FHFA announced it had directed government-sponsored enterprises (GSEs) Fannie Mae and Freddie Mac to suspend foreclosures and evictions for at least 60 days due to the COVID-19 national emergency. The foreclosure and eviction suspension applies to homeowners with a GSE-backed single-family mortgage.
  • President Trump announced a suspension through April of foreclosures and evictions related to mortgages insured by the Federal Housing Administration.  The White House later put out a statement clarifying that the policy will extend at least 60 days.

To support the credit needs of American households and businesses, the FRB announced that it will establish a Primary Dealer Credit Facility (PDCF) that will offer overnight and term funding with maturities up to 90 days (available as of March 20, 2020).  It will be in place for at least six months and may be extended as conditions warrant.  Credit extended to primary dealers under this facility may be collateralized by a broad range of investment grade debt securities, including commercial paper, municipal bonds and a broad range of equity securities.  The interest rate charged will be the primary credit rate, or discount rate, at the Federal Reserve Bank of New York.  An explanatory link follows:

The FRB launched the MMLF to enhance the liquidity and functioning of money markets and to support the economy.  The interim final rule modifies the Agencies’ capital rules so that financial institutions receive credit for the low risk of their MMLF activities, reflecting the fact that institutions would be taking no credit or market risk in association with such activities.  An explanatory link follows:

On March 27, 2020, the FRB, OCC and FDIC announced two actions to support the U.S. economy and allow banking organizations to continue lending to households and businesses:

The FRB announced a technical change and interim final rule that will phase in gradually the automatic restrictions associated with a firm’s “total loss absorbing capacity,” or TLAC, buffer requirements, if TLAC levels decline. TLAC is an additional cushion of capital and long-term debt that could be used to recapitalize a bank if it is in distress.   A link follows:


While regulatory Agencies have consistently provided financial institutions assurance that they will not criticize activities designed to ensure the flow of credit to households  “when they are  conducted in a reasonable manner with proper controls and management oversight”, the expectation that consumers not be harmed remains a regulator concern – as demonstrated by a very recent suit by the CFPB against multiple institutions and individuals over FCRA, UDAAP and TSR (detailed later in this edition).

There is a saying that the Old is Forever New, which also rings true when it comes to the basics of maintaining an effective compliance framework.  So, we wanted to leave you with some basic principles that can be applied to ensure a sound Compliance environment at any time.  We hope you find the following key components of an effective Compliance Management System useful.

  • Fully document “end-to-end” compliance processes in the form of policies and procedures.
  • Update the Compliance Risk Assessment as significant changes to products, services and underlying processes occur.
  • Identify and document exception criteria (e.g., to established credit/income qualifications, fees, rates, terms, etc.).  Ensure exception criteria are consistently applied (e.g., if ATM fees are waived in location A, the same practice is applied in location B).  And if the relative risk warrants that different practices be applied, ensure that the justification is documented and that a supervisor/manager provides documented concurrence.  Where uncertainties exist, documented legal opinion is recommended.
  • Train employees on the documented processes, including any exception criteria.
  • Establish a means to monitor and enforce compliance with documented policies and procedures.  Ensure any exceptions noted are reviewed for the root cause, that consumers are all made whole individually, and that any trends are examined.
  • Identify consequences of non-compliance, including impact on performance evaluations and incentive compensation.
  • Ensure that senior management and the Board are provided periodic Compliance updates.


The Setting Every Community Up for Retirement Enhancement (SECURE) Act, signed into law and effective January 1, 2020, changes certain retirement rules that are worthy of mention.  Key provisions:

  • Eliminates maximum cap for contributions to traditional individual retirement accounts
  • Allows employers to offer annuities as investment options in 401(k) plans
  • Increases required minimum distribution age to 72 (formerly 70.5) and eliminates the maximum age for IRA contributions (formerly capped at 70.5)
  • Provides small business tax incentives to set up automatic enrollment in retirement plans – and opens the door for institutions to work with a broader range of companies to offer employee retirement accounts
  • Eliminates rule that lets account beneficiaries stretch distributions across their lifetime; the entire balance must be distributed by the 10th year



Efforts continue to rewrite rules implementing the Community Reinvestment Act (CRA) with a desire to expand qualifying activities and credit associated with activities that benefit communities outside of bank branch networks.  The comment period on proposed amendments has been extended to April 8, 2020.  A link follows:

ASSET THRESHOLDS:  Effective January 1, 2020, the OCC, FRB and FDIC amended their CRA regulations to adjust the asset-size thresholds.  Up to $326 million is now considered a Small Institution; from $326 million up to $1.305 billion is now Intermediate Small; and greater than $1.305 billion is now Large.

FRB ANALYTICS DATA TABLES:  The FRB recently announced the publication of Analytics Data Tables combining HMDA, CRA small business, small farm loan and manually extracted data from CRA Performance Evaluations.  This is intended to provide insight into the historical relationship between bank lending activity and regulatory assessments.  Bank attributes, deposit data, branching, demographics, and other third-party vendor data supplement the tables – a step forward in helping financial institutions prepare for CRA exams.  Links to the new CRA Analytics Data Tables as well as the User Guide and Data Dictionary follow:


OCC Rescinds 205 Outdated Rules and Makes Technical Amendments to Other Real Estate Owned (OREO)

FDIC Updates Risk Management Exam Module, Issues New Technology Guide

  • “In its continuing effort to encourage technological innovation in the banking sector, the FDIC’s technology lab (FDiTech) released a new guide to help financial technology companies and others partner with banks.  Conducting Business with Banks: A Guide for Third Parties is designed to help third parties understand the environment in which banks operate and navigate the requirements unique to banking. The Guide is an initial effort to address concerns that Chairman McWilliams has heard from banks and technology companies across the country related to challenges associated with on-boarding at institutions. FDiTech is working to develop additional tools and resources to increase opportunities for partnerships and eliminate unnecessary burdens and costs associated with third party risk management. In the meantime, Conducting Business with Banks should serve as a helpful guide to both banks and third parties.”  A link follows:
  • The FDIC Risk Management examination module is now updated with a new appendix focusing on exam processes and tools.  A link follows:

CFPB Publishes Several New Guides and FAQ’s

  • On February 1st, the CFPB announced plans to establish a new category of materials that are similar to previous compliance resources but will now be designated as “Compliance Aids.”  Of particular importance is that the CFPB asserted that – when exercising its enforcement and supervisory discretion – it does not intend to sanction, or ask a court to sanction, entities that reasonably rely on these Compliance Aids.  So, although regulated entities are not required to comply with the Compliance Aids themselves (they are required only to comply with the underlying rules and statutes), the Aids may provide a window into how the CFPB is likely to assess compliance with the requirements referenced within.  A link follows:
  • The CFPB published two Guides that provide guidance and examples for commonly asked questions pertaining to these areas – one on disclosing construction and construction-permanent loans with a separate Loan Estimate and Closing Disclosure for each phase of the transaction, and one on disclosing a combined Loan Estimate and a combined Closing Disclosure for both phases of a construction-permanent transaction.  A link follows:
  • The CFPB updated its 2013 Bulletin on Responsible Business Conduct.  The crux of the guidance focuses on building a culture of compliance internally and with service providers, in order to minimize the likelihood of violations of laws and regulations, for the overarching purpose of preventing harm to consumers.  A link follows:
  • New TRID FAQs  have been issued covering Loan Estimates, Closing Disclosures, Model Forms and Lender Credits, among other areas.  A link follows:
  • The CFPB issued new HMDA FAQs.  Topics covered include Universal Loan Identifier & Legal Entity Identifier; Ethnicity, Race, and Sex; Discount Points; and Construction and Construction/Permanent Transactions.  A link to the most recent version, updated March 6, 2020, follows:
  • The 2020 edition of the “Guide to HMDA Reporting:  Getting It Right!” is now available at  It reflects updates to incorporate content from the HMDA Rule issued by the CFPB in October 2019. 

Comment Period Extended for Modernizing Signage and Advertising Requirements & Fair Debt Collection Practices Act (FDCPA)

The FDIC announced that it is extending to April 20, 2020, the public comment period for its Request for Information (RFI) on potentially modernizing FDIC sign and advertising requirements (12 C.F.R. Part 328) to reflect how banks take deposits through various evolving channels. The RFI was published in the Federal Register on February 26, 2020, with a comment period originally set to close on March 19, 2020.  A link follows:

The CFPB announced that it is extending the comment period for the Supplemental Debt Collection Proposal on Time-Barred Debt, until June 5, 2020.  A link follows:

Civil Money Penalty (CMP) Maximums Increased

Effective January 15, 2010, the CFPB, FDIC, FRB and NCUA CMP maximum penalties increased.  The highest CMP that may be charged by any one agency is just under $2.05 million – up from $2.01 million in 2019.  The increased amounts will apply to penalties applied toward misconduct occurring on or after Nov. 5, 2015.

Truth In Lending Exemption Threshold Change

Effective January 1, 2020, creditors with assets of less than $2.202 billion (including assets of certain affiliates) as of December 31, 2019, are exempt from the requirement to establish escrow accounts for higher priced loans,  if other requirements of Regulation Z are being met.  A link follows:

FinCEN Issues Advisory on the FATF-Identified Jurisdictions with AML/CFT Deficiencies

FinCEN issued an advisory to financial institutions regarding the Financial Action Task Force’s (FATF) updated list of jurisdictions with strategic anti-money laundering and combating the financing of terrorism (AML/CFT) deficiencies.  These changes may affect U.S. financial institutions’ obligations and risk-based approaches regarding relevant jurisdictions.  The advisory also reminds financial institutions of the status and obligations involving these jurisdictions.  A link follows:

FTC Issues Annual Letter on FDCPA Activities

The FTC shares enforcement responsibility for the Fair Debt Collection Practices Act (FDCPA) with the CFPB, which provides an annual report to Congress about debt collection practices.  The FTC prepared and provided to the CFPB the annual report for 2019.  The report concludes that during 2019, the FDIC:

  • Filed or resolved law enforcement actions against 25 defendants and obtained more than $24.7 million in judgments;
  • Banned 23 companies and individuals who engaged in serious and repeated violations of law from ever working in debt collection again;
  • Announced the return of $516,000 to 3,977 consumers who lost money to an unlawful debt collection operation previously stopped by the FTC;
  • Deployed educational materials to inform consumers about their rights and to educate debt collectors about their responsibilities under the FDCPA and FTC Act;
  • Supplied more than 27,500 copies of a fotonovela (graphic novel) on debt collection, developed for Spanish speakers, to raise awareness about scams targeting the Latino community;
  • Organized and cosponsored Common Ground conferences, bringing together law enforcement personnel, consumer advocates and community members to discuss consumer protection issues, including debt collection; and
  • Hosted public forums on small business financing and credit reporting, which raised debt collection policy issues.

A link follows:

Top Frauds of 2019

During 2019, the FTC received over 1.7 million fraud reports and returned slightly over $230 million to consumers.  Imposter, Social Security, and phone scams are the most common fraud types noted.  Informational links follow:;

Grace Periods

Regulatory agencies have extended grace periods for standard reporting, to include Call Reports and the HMDA LAR due March 1st of every year. Check with your local examiner for requirements specific to your jurisdiction.

CFPB Sues over Fair Credit Reporting, UDAAP and Telemarketing Sales Rule

The CFPB recently filed suit against multiple firms and individuals allegedly involved in violations of the Fair Credit Reporting Act. Charges included illegally obtaining consumer reports, unlawful advance fees, and deceptive conduct. A link follows:

Membership of CFPB Task Force on Federal Consumer Financial Law Announced

This Task Force was established to  conduct a thorough examination of our current regulatory framework and report on how we can improve federal consumer financial laws to benefit and protect consumers,” said Director Kathleen L. Kraninger. Taskforce members are:

  • J. Howard Beales, III, former Professor of Strategic Management and Public Policy at the George Washington University and former Director of the Bureau of Consumer Protection at the Federal Trade Commission;
  • Thomas Durkin, Senior Economist (Retired) at the Federal Reserve Board;
  • Jean Noonan, Partner at Hudson Cook, former General Counsel at the Farm Credit Administration, and former Associate Director of the Bureau of Consumer Protection’s Credit Practice at the Federal Trade Commission; and
  • Todd J. Zywicki, Professor of Law at George Mason University (GMU) Antonin Scalia Law School, Senior Fellow of the Cato Institute, and former Executive Director of the GMU Law and Economics Center.

The CFPB announced the designation of Todd Zywicki to serve as the Chair of the Taskforce.

Note:  For additional insights on the COVID-19 pandemic response, please see AuditOne’s Pandemic Advisory issued March 24, 2020.

AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally.  Our sole focus enables us to deliver effective and efficient internal audit and credit review services.  This exclusive focus translates into exceptional benefits to our financial institution clients.  We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/ Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge.  For more information on this article, or to receive a proposal for a Compliance audit, please contact Celeste Burton, Compliance Practice Director, AuditOne LLC, at: Contact Us

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO, at: Contact Us.  Also, for more information about AuditOne LLC and all our audit services see