AuditOne Compliance Advisory – Volume 1, Issue 2

AuditOne Advisory

From Bud Genovese, Chairman

AuditOne is proud to announce the new issue of our Compliance Advisory written by our Compliance Practice Director, Celeste Burton. Please take a look at it below, and feel free to forward this email to the appropriate people within your financial institution. And remember, when you need the most thorough risk management expertise for compliance audits, credit reviews, and information security audit services, contact the best in the business… AuditOne.  Our expertise is your edge, thank you. –Bud

Volume 1 / Issue 2

How Prepared Are We When It Comes To UDAAP?

It’s no secret that UDAAP enforcement actions have continued to gain momentum. With the OCC, FDIC and CFPB involved in actions against banks like Citizens and Discover as well as Affinion, a checkup on how the Bank is trending might be worthy of consideration.

Let’s Test Your UDAAP IQ:

  1. Q. If a customer i) signed up for an add-on product or service such as credit protection, life insurance or legal assistance on a Bank’s website, ii) requested automatic payment deductions; and, iii) received disclosures with detailed instructions on how to supply data necessary to complete service activation, how can a potential UDAAP violation be raised?
  2. If instructions on how to complete service activation are on a separate page of the disclosure, this could be (and has been) viewed as deceptive, particularly if automatic payment deductions start regardless of when the customer completes service activation.

While there is no one size fits all approach, there are some baseline questions that you may elect to include in employee training and/or compliance monitoring routines to keep an pulse on compliance and in preparation for your next exam. They are as follows:

  1. Is it clear?
  2. Is it concise?
  3. Does it containhidden” or “difficult to understand” terms or conditions that commit the borrower to products, services, or obligations that they may not otherwise be aware of?


UDAAP does not just apply to marketing and advertising. It applies to any and all products, services, documentation, and relationships that involve the institution’s interactions with the consumer. This includes, but is not limited to, Loans, Deposits, Payments, Credit Cards, Add-On Products/Services, Vendors, Disclosures, Notices, Servicing, Debt Collection, Websites, and most anything else that touches the consumer.

Also worthy of noting is that the FRB’s rulemaking authority on UDAAP was revoked February 19, 2016 (Regulation AA was officially repealed). Dodd-Frank effectively transferred this rulemaking authority to the CFPB.

TRID Update

The effort to clarify and interpret the new TILA RESPA Integrated Disclosure rules continues with several actions since it became effective in October 2015. Below are a few key updates:

  • November 2015 – Several members requested that the CFPB issue additional guidance on what happens when events driven by the new TRID requirements cause loan closing delays. The reasons for delays appear to be due to, in part, actions necessary to comply with new TRID requirements.
  • December 2015 – The Mortgage Bankers Association requested further clarification on several points in the new TRID requirements. CFPB responded to several in a letter dated December 29, 2015.
  • January 2016 – CFPB issued a two page fact sheet on construction loans under the new TRID rules.
  • February 2016 – The CFPB announced that they will be hosting a series of webinars and workshops on TRID. The CFPB also published corrections regarding TRID tolerances.

RESPA Enforcement

Recent actions by the CFPB point to a higher level of anticipated scrutiny when it comes to marketing service agreements. Meeting HUD requirements is reportedly “not as sufficient as it had been in the past”. Perhaps over a cup of tea, take a look at the $109 million fine levied against PHH Corp. Afterwards, you may want to make sure your training and monitoring is up to date when it comes to activities that can be classified as kickbacks.


When it comes to overdrafts, the heat is on. In anticipation of more guidance, a few questions to consider…

  • Is the basis for fees charged clearly disclosed?
  • Are disclosures clear on whether fees are being applied based on available versus actual balances? Is the practice consistent with applicable disclosures?
  • Has the customer actively elected (opted in) to have overdrafts paid when there are nonsufficient funds?

Debt Collection

This is an area that uniquely crosses multiple regulatory requirements – UDAAP, FCRA, FDCPA, etc.…Touted as the single largest source of complaints to the federal government of any industry”, the CFPB has embarked on analyzing the results of a nationwide survey related to consumers’ experiences with debt collection. They are also “engaged in consumer testing initiatives to determine what information would be useful for consumers to have about debt collection and their debts and how that information should be provided to them”. Our expectation is that more consumer protections are forthcoming in this area.

Other Areas To Keep An Eye On…

Mortgage Servicing: In the spirit of consumer impact, this will be a continued area of heightened focus, with numerous recent enforcement actions pertaining to activities such as debt collection, steering, foreclosure scamming, kickbacks and other “deceptive mortgage practices”.

HMDA: The CFPB is seeking industry input on tolerance levels for HMDA errors and related resubmission guidelines. The CFPB had set an acceptable error rate at less than 10% for institutions with fewer than 100,000 HMDA entries. For institutions with more than 100,000 HMDA entries, the acceptable error rate was set at below 4% of a sample of entries overall. Both are very likely to be revisited in 2016.

BSA/AML: The New York State Department of Financial Services (NYSD) issued a proposal that has some bankers uncomfortable because it would “hold the head of an institution’s Bank Secrecy Act and anti-money-laundering program personally liable if it fails to meet expectations, particularly as it pertains to the transaction monitoring and filtering systems”. During a series of investigations, the NYSD apparently uncovered “serious shortcomings in the transaction monitoring and filtering programs of these institutions’…noting that ‘a lack of robust governance, oversight, and accountability at senior levels of these institutions has contributed to these shortcomings.” While any resulting changes to BSA/AML requirements would apply to the state of New York, the NYSD has been known to have tentacles because of its jurisdiction over money-center banks. Stay tuned.

Celeste Burton is Compliance Practice Director at AuditOne and can be reached at Team and Contact page.

Bud Genovese is Chairman of AuditOne LLC, a California-based risk management firm that focuses only on financial institutions. Mr. Genovese pioneered the concept of providing comprehensive internal audit, compliance and credit review services by assembling extraordinary expertise within one firm. AuditOne now serves over 200 clients throughout the Western United States, and nationally. Contact Kevin Watson, Co-CEO at Contact Us or Jeremy Taylor, Co-CEO at Contact Us. Both may also be reached on our Team and Contact page

Bud Genovese, Chairman
AuditOne LLC


Our Expertise, Your Edge™