AuditOne General Compliance Advisory: 2019 Q2

AuditOne Advisory

From Bud Genovese, Chairman

Within this issuance, we discuss further regulatory changes resulting from the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), as well as the Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCPA).  We go on to explore Federal Reserve Board (FRB) plans to implement real-time payment and settlement by 2024; a Consumer Financial Protection Bureau (CFPB) initiative to develop a “joint data intake system” to streamline data review and exams across regulatory agencies; a Department of Housing of Urban Development (HUD) plan to raise the legal bar for plaintiffs alleging discrimination under the Fair Housing Act; followed by Agency revisions to flood, privacy, community reinvestment, and appraisal requirements.  We conclude with several compliance developments and enforcement actions, including a cautionary decision by the Office of the Comptroller of the Currency (OCC) to permanently ban a bank’s General Counsel from the industry for making false statements and concealing documents related to compliance with the Bank Secrecy Act. 

This Quarterly General Compliance edition has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC.  We hope you enjoy! – Bud


  • Regulation CC, which implements the Expedited Funds Availability Act of 1987 (EFA Act), has been formally amended in accordance with Dodd-Frank requirements that require EFA Act dollar amounts to be adjusted for inflation every five years, as well as to implement various changes as a result of the EGRRCPA.  Key amendments include:
    • increasing (from $200 to $225) required next-day availability of the aggregate deposit of local or nonlocal checks; and,
    • extending coverage to American Samoa, the Commonwealth of the Northern Mariana Islands and Guam, along with other technical amendments. 

The effective date is August 24, 2019 for certain amendments (§§ 12 CFR 229.2(c), (ff), and (jj), 229.12(e), 229.43, and 12 CFR Part 1030) and July 1, 2020 for all others.   A link follows:

  • On July 9, 2019, regulators announced the adoption of a final rule that excludes community banks with $10 billion or less in total consolidated assets and total trading assets and liabilities of 5 percent or less of total consolidated assets from the Volcker Rule.  The Volcker Rule generally restricts banking entities from engaging in proprietary trading and from owning, sponsoring, or having certain relationships with hedge funds or private equity funds.  The final rule also permits a hedge fund or private equity fund, under certain circumstances, to share the same name or a variation of the same name with an investment adviser as long as the adviser is not an insured depository institution, a company that controls an insured depository institution, or a bank holding company.  Ii is important to note that regulators will hold off for two years on enforcing Volcker Rule restrictions on some foreign funds.  A link follows:
  • Regulators issued a final rule to simplify and clarify several requirements pertaining to Regulatory Capital Rules.  The final rule only applies to banking organizations that do not use the “advanced approaches” capital framework, which are generally firms with less than $250 billion in total consolidated assets and less than $10 billion in total foreign exposure.  The rule effectively accomplishes the following:
    • Simplifies the capital treatment for mortgage servicing assets, certain deferred tax assets, investments in the capital instruments of unconsolidated financial institutions, and minority interest.
    • Allows bank holding companies and savings and loan holding companies to redeem common stock without prior approval unless otherwise required.

The rule is effective as of April 1, 2020 (for the amendments to simplify capital rules) and as of October 1, 2019 (for revisions to the pre-approval requirements for the redemption of common stock and other technical amendments).  A link follows:

  • On June 1, 2019, the CFPB issued a final rule amending the official interpretations for Regulation Z, which implements the Truth in Lending Act (TILA). “The Bureau is required to calculate annually the dollar amounts for several provisions in Regulation Z; this final rule revises, as applicable, the dollar amounts for provisions implementing TILA and amendments to TILA, including under the Credit Card Accountability Responsibility and Disclosure Act of 2009 (CARD Act), the Home Ownership and Equity Protection Act of 1994 (HOEPA), and the Dodd-Frank Act. The CFPB is adjusting these amounts, where appropriate, based on the annual percentage change reflected in the Consumer Price Index (CPI) in effect on June 1, 2019”.  A link follows:
  • On June 5, 2019, regulatory agencies adopted as a final rule, the August 31, 2018, interim final rule, which amended the agencies’ liquidity coverage ratio (LCR) rule to treat liquid and readily-marketable, investment-grade municipal obligations as high-quality liquid assets. This treatment was mandated by section 403 of the EGRRCPA.  A The LCR rule generally applies to a bank holding company, savings and loan holding company, or depository institution if: (1) It has total consolidated assets equal to $250 billion or more; (2) it has total consolidated on- balance sheet foreign exposure equal to $10 billion or more; or (3) it is a depository institution with total consolidated assets equal to $10 billion or more and is a consolidated subsidiary of a firm that is subject to the LCR rule (each, a covered company).  A link follows:
  • The CFPB recently announced a Symposia Series of conferences exploring consumer protections in financial services.  “The series will include topics ranging from abusive acts or practices, behavioral law and economics, small business loan data collection, disparate impact and the Equal Credit Opportunity Act, cost-benefit analysis, and consumer authorized financial data sharing. First to focus on clarifying the meaning of abusive acts or practices under Section 1031 of the Dodd-Frank Act”.  A link follows:


The FRB announced that Federal Reserve Banks will develop a new round-the-clock real-time payment and settlement service, called the FedNow℠ Service, to support faster payments in the US. The expectation is that faster payment services, targeted for availability by 2024, will enable the near-instantaneous transfer of funds day and night, weekend and weekdays.
The possibility of real time payments has been a hot button discussion item for several years, in part because of the huge potential impact on the bottom line of financial institutions that may derive a notable source of income from overdraft fees. A link to the Federal Register Notice and FAQs follows:


CFPB Director Kathleen Kraninger recently announced at an ABA conference in New Orleans that her agency is working with other federal agencies through the Federal Financial Institutions’ Examination Council (FFIEC) on a joint data intake system as the agency looks for ways to streamline its rulemaking systems. Ms. Kraninger also indicated that the bureau is coordinating with other prudential regulators in its examinations, particularly by relying on data gathered by other regulators – to include looking at whether there is an opportunity for the CFPB to do a much more narrow exam looking at similar data at a similar point in time. It is too soon to tell whether these changes will ultimately reduce inconsistencies in exam approach and expectations across regulatory agencies, but that it is being explored is a positive first step. A link follows:


HUD announced plans to amend its “disparate impact” standard to raise the legal bar for plaintiffs alleging discrimination under the Fair Housing Act. Under a proposal that has circulated but has not officially been unveiled, a consumer would have to follow a more rigorous five-step framework to demonstrate that discrimination occurred. This new framework is very likely to have a spillover impact on Fair Lending exam focus areas:


Effective July 1, 2019, credit unions are required to accept private flood insurance policies that meet the definition of private flood insurance as included under the Biggert-Waters Act.  Under certain conditions, credit unions may accept private flood insurance policies that do not meet the definition of private flood insurance, as well as NCUA-approved private flood insurance plans provided by mutual aid societies.  A link follows:


The California Consumer Privacy Act (CCPA) of 2018 is expected to significantly change how businesses handle and protect data in California.  The impact will be heavily felt by companies that store large amounts of personal information, especially social media giants like Google and Facebook.  Amongst other changes, companies will not only be required to disclose the types of data they collect, but also allow consumers to opt out of having their data sold.  Under the Act, California residents are protected with respect to any information that relates to them in their roles as consumers, employees, patients, tenants, students, parents, children, etc. 
Important to note is that the CCPA only applies to any business that meets one of the following criteria:

  • A business that earns $25,000,000 a year in revenue.
  • A business that “annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.” In other words, if the combined number of records of personal information from consumers, households, and/or devices exceeds 50,000, the law applies to them.
  • A business that derives 50% or more of its annual revenue by selling personal information, even if fewer than 50,000 separate and distinct entities (consumers, households, and/or devices).

The CCPA was signed into law by California Governor Jerry Brown on June 28, 2018, and will become effective on January 1, 2020, leaving companies a relatively small window still to become compliant.


The Board of the NCUA is amending its rule requiring real estate appraisals for certain transactions. The final rule accomplishes two key objectives:

  • Increases the threshold below which appraisals are not required for commercial real estate transactions from $250,000 to $1,000,000
  • Exempts from the rule certain federally related transactions involving real estate in rural areas

The rule becomes effective 90 days after publishing in the Federal Register, or October 10, 2019. 
A link follows:


FinCEN Renews Orders Targeting Natural Persons Behind Shell Companies
FinCEN announced the renewal of its Geographic Targeting Orders that require U.S. title insurance companies to identify the natural persons behind shell companies used in all-cash purchases of residential real estate. The purchase amount threshold remains $300,000 for each covered metropolitan area.  Guidance and FAQs below:

News Release:   



NCUA Chair Makes Bold Statement Regarding Cannabis Sanction Enforcement  
During an August interview with the Credit Union Times, NCUA Board Chairman Rodney E. Hood stated that “if credit unions providing services to cannabis-related businesses comply with rules by Treasury’s Financial Crimes Enforcement Network (FinCEN), file suspicious activity reports (SARs) and follow other rules, then they will not be cited for doing business with cannabis firms”.  The statement has since created a great deal of buzz around the need to formally clarify what NCUA’s stance is because of what some view as an inconsistent stance on the topic over the last several years.

CFPB Publishes Mortgage Closing Scams Guidance
The CFPB published new resources to educate consumers about recent mortgage closing scams targeting homebuyers just before they close, through the use of email phishing.  These scams have reportedly cost some homebuyers their down payment and closing costs:]

Community Reinvestment Act Perspectives
The FRB published “Perspectives from Main Street: Stakeholder Feedback on Modernizing the Community Reinvestment Act,” a summary of feedback received from bankers and community groups (during a series of 29 roundtable discussions involving more than 400 participants) on the current state of, and potential revisions to, the CRA.  The information was gathered between October 2018 and January 2019.  A link follows:

OCC Publishes Guidelines for CRA Strategic Plan Option
Banks may elect to have their CRA performance evaluated on the basis of a pre-approved strategic plan that addresses their CRA responsibilities.  Important to note that the required contents of a strategic plan and the OCC’s criteria for evaluating a strategic plan are already specified in existing CRA regulations.  The guidelines referenced below are not new requirements but instead a summary of the OCC’s process for addressing bank requests for approval or amendment of a CRA strategic plan, including:

  • Information that a bank should provide to substantiate its request
  • The email address for banks to submit requests
  • The OCC’s review and approval processes

This appears to be a proactive effort to encourage more banks to use strategic plans for CRA purposes.  A link follows:

New TRID Frequently Asked Questions (FAQ)

The CFPB issued a 12 page Frequently Asked Questions (FAQ) document about TRID.  Although a review of the document in its entirety is encouraged, there are a couple of points worth highlighting here, and perhaps as part of your institution’s training program:

  • A creditor’s use of a model form provides a safe harbor if the model form does not reflect the TRID Rule change finalized in 2017.
  • Creditors may not require consumers to provide any additional information (other than the six pieces of information that constitute an application under the TRID rule) in order to receive a Loan Estimate.  This includes requesting additional verifying information.  Further, if it is represented to the consumer that additional information is required to receive a Loan Estimate, the CFPB reminds us that they may then consider potential UDAAP implications.

A link follows:

CFPB Elder Abuse Advisory Updated

The CFPB updated a 2016 Advisory on Elder Abuse by recommending that financial institutions file suspicious activity reports on elder fraud to law enforcement agencies.  The CFPB reiterated that elder fraud is “widespread and damaging,” with an average loss of $41,800 among victims over the age of 70.



Freedom Mortgage Corporation HMDA Enforcement
The recent action against Freedom Mortgage Corporation is worth a read to garner the types of focus areas in recent HMDA enforcement.  It may also complement HMDA training material for loan officers:

Citibank Restitution – Consumer Compliance
The OCC assessed a $25 million CMP against Citibank, N.A., of Sioux Falls, SD, for inadequate oversight of a bank program known as Relationship Loan Pricing (RLP), meant to provide mortgage borrowers with a credit to closing costs or an interest rate reduction.  For various reasons, certain Bank borrowers did not receive the RLP benefit for which they were eligible and were adversely affected on the basis of their race, color, national origin, and/or sex.  Citibank has executed a plan to reimburse all customers who did not receive the appropriate RLP benefit, estimated to be about 24,000 customers in the amount of approximately $24 million.  A link follows:

Former California Bank General Counsel Prohibited From Working in the Industry
A former general counsel of a California bank faces a $50,000 civil money penalty and a prohibition from working in the banking industry.  The individual was reportedly terminated by the bank in 2015 after having served as general counsel since 2009. According to the OCC, he allegedly made false statements and concealed bank documents related to the Bank’s compliance with Bank Secrecy Act/Anti-Money Laundering (BSA/AML) requirements.  A link to the action follows:

AuditOne LLC – Company Overview

AuditOne LLC’s is a leading provider of risk management services to financial institutions in the Western US and nationally. Our sole focus enables us to deliver effective and efficient internal audit and credit review services. This exclusive focus translates into exceptional benefits to our clients, including regional and community banks, credit unions and other financial institutions. We have experience with all regulatory authorities and offer a full selection of audit services comprising Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, BSA/Compliance, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge. For more information on this article, or to receive a proposal for a Compliance Audit, please contact Jeremy Taylor, CEO, AuditOne LLC, at Contact Us. In addition, contact Jeremy for information on how our other services can help reduce risk at your institution. Also, for more information about AuditOne LLC and all our audit services see