AuditOne Year End Compliance Advisory 2020

AuditOne Advisory

From Bud Genovese, Chairman

The latter half of 2020 ushered in notably fewer new or changing regulations – a welcome pace after a surge in new loan originations following the unprecedented demand for Payment Protection Program (PPP) loans. In this Advisory, we discuss the Agency rule that provided financial institutions temporary relief from compliance and reporting obligations following the recent pandemic. We provide updates on various of the “alphabet soup regulations”, insights on current enforcement trends to assist with 2021 compliance planning, and other noteworthy compliance news and developments, including modifications to how Community Reinvestment Act performance will now be evaluated.

This Compliance Advisory was prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC. I hope you find this information useful – please share with your colleagues having responsibilities related to the areas covered in this Advisory. Thank you, — Bud


Regulatory compliance obligations generally differ based on an institution’s size and complexity of operations. Many financial institutions have experienced unusually high growth due to recent stimulus program offerings such as PPP loans.

Effective December 2, 2020, the FDIC, OCC and FRB issued an interim final rule to temporarily suspend compliance and reporting obligations for community banking organizations that reach increased size thresholds resulting from growth. Impacted institutions will have until January 1, 2022 to either reduce their size or prepare for their new regulatory and reporting standards. The relief applies to national banks, savings associations, state banks, bank holding companies, savings and loan holding companies, and U.S. branches and agencies of foreign banking organizations with under $10 billion in total assets as of December 31, 2019 (collectively, “community banking organizations”) with less than $10 billion in total assets as of December 31, 2019. Consult the threshold matrix in the link to the rule that follows to determine your institutions applicability:
Although the NAFCU was not a part of the original rule, there is a possibility that they may join or issue related guidance in the coming weeks. Consult the following link for the most recent list of NAFCU actions associated with regulatory relief.


Regulation C (HMDA)

  • The CFPB issued additional HMDA FAQs covering reporting requirements for various data points, including denials for multiple reasons (which includes credit scores).
  • The CFPB published a reference tool for HMDA data required to be collected and recorded in 2021 and reported in 2022.
  • Reminder: Effective July 1, 2020, institutions originating fewer than 100 closed-end mortgage loans in either of the two preceding calendar years will not have to report such data. In addition, the threshold for reporting data about open-end lines of credit will be set at 200 upon the expiration of the current temporary threshold of 500 open-end lines of credit.

All HMDA updates can be found here:

Regulation E (Electronic Funds Transfer Act)

CFPB increased a safe harbor threshold in the regulation related to whether a person makes remittance transfers during the normal course of business. A link follows:

h ttps://

Regulation F (Fair Debt Collection Practices Act)

The CFPB issued a final rule to restate and clarify prohibitions on harassment and abuse, false or misleading representations, and unfair practices by debt collectors when collecting consumer debt. Key provisions follow:

  • Clarifies that the FDCPA’s general prohibition on harassing, oppressive, or abusive conduct applies to telephone calls and other communication media, such as email and text messages, and provides examples demonstrating how the prohibition restricts emails and text messages.
  • Clarifies how the protections of the FDCPA, which was passed in 1977, apply to newer communication technologies, such as email and text messages.
  • Provides that consumers may, if the debt collector communicates through a medium of electronic communications, use that medium to place a cease-communication request or notify the debt collector that they refuse to pay the debt.
  • Requires debt collectors who communicate electronically to offer the consumer a reasonable and simple method to opt out of such communications at a specific email address or telephone number.
  • Clarifies how consumers may set limits on debt collection communications to reflect their preferences and the limits on communicating with third parties about a consumer’s debt.
  • Restates the FDCPA’s prohibitions regarding false, deceptive, or misleading representations and unfair or unconscionable means.
  • Notes that the CFPB is not finalizing the proposed safe harbor for debt collectors against claims that an attorney falsely represented the attorney’s involvement in preparing a litigation submission.

A link follows: rule_2020-10.pdf

Regulation X (RESPA)

The CFPB recently issued FAQs on Marketing Services Agreements, Gifts and Promotional Activity. The allowances and limitations of RESPA Section 8 have garnered ongoing discussion in the regulatory community for decades. These FAQs move us one step closer to how the provisions are best applied, inclusive of what is and is not prohibited. A link follows:

Regulation Z (Truth in Lending) / TRID

  • In addition to annual threshold changes, agencies issued revised Interagency Examination procedures.   Key revisions include:
    • Updates to Regulation Z that relate to the TILA-RESPA Integrated Disclosure (TRID) Rule 3
    • Updates to TILA relating to the Economic Growth, Regulatory Relief, and Consumer Protection (EGRRCP) Act, including:
    • Provisions relating to high-cost loans, appraisals, and student lending
    • An additional type of qualified mortgage and escrow exemption for insured depository institutions with less than $10 billion in assets

    A link to the updated publication follows:

  • The CFPB published an assessment of the TRID rule.   After reviewing 50,000 mortgages, they came out with some very interesting conclusions that may assist with compliance and resource planning:
    • 90 percent of mortgage loans involved at least one revision
    • 62 percent received at least one revised Loan Estimate
    • 49 percent received at least one corrected Closing Disclosure
    • 40 percent received at least one APR change
    • 25 percent had loan to value ratio changes
    • 8 percent had at least one interest rate change

The TRID Rule Assessment Report is available at:

Regulation BB (Community Reinvestment Act)

  • The OCC has issued a final rule to clarify and expand the activities that may qualify for CRA credit, has modified its approach towards evaluating CRA performance, and has enhanced CRA data collection recordkeeping and reporting with the goal of creating greater transparency.   Effective dates are October 1, 2020, January 1, 2023 and January 1, 2024, as applicable.   A link to the final rule follows:
  • 2020 CRA Data Entry Software Release 2 is now available .   It includes the 2020 census update and an enhancement of the “Submission via Web” data export option.   A link follows:



The CFPB recently issued a Compliance Aid of FAQs related to the Small Dollar Lending Rule (i.e., Payday Loans).   The FAQs focus on the following key areas:

  • Defining covered, excluded and exempt loans
  • Cost determination and calculation
  • Leveraged payments
  • High-cost and small-dollar loan applicability
  • Compliance requirements when an open-end loan becomes a covered longer-term loan due to an increase in the cost of credit during the loan’s term

A link follows:


The FDIC recently implemented a new website tool ( BankFind Suite) that is designed to serve as a single point of access to available agency information on banks, including purchases, mergers, acquisitions, assumptions, and structural and governance information.   A link follows:


The Federal Trade Commission has launched a new website,, where consumers can report to the FTC about scams, fraud, bad business practices and all other consumer issues.   The web address is


The scuttlebutt over real-time payments recently got a bit louder with the FRB’s launch of a new service designed to support instant payments in the United States.   The implementation will occur in phases, with the formal launch anticipated in 2023 or 2024.   FedNow was initially launched a ye ar ago, when core features and functionality based on input from numerous stakeholders were formally approved.   The recent announcement:

“The rapid expenditure of COVID emergency relief payments highlighted the critical importance of having a resilient instant payments infrastructure with nationwide reach, especially for households and small businesses with cash flow constraints,” said Federal Reserve Board Governor Lael Brainard. “Since we initiated FedNow one year ago, we have been hitting our project milestones, and today I am pleased to announce the Federal Reserve Board has approved the core features and functionality based on extensive input from stakeholders.”

A link follows:


Section 19 of the Federal Deposit Insurance Act (FDI Act), prohibits, except with the prior written consent of the FDIC, any person who has been convicted of any criminal offense involving dishonesty, breach of trust, or money laundering, or who has entered into a pretrial diversion or similar program in connection with such an offense, from becoming or continuing as an institution-affiliated party with respect to any insured depository institution; from owning or controlling, directly or indirectly, any insured depository institution; or from otherwise participating, directly or indirectly, in the conduct of the affairs of any insured depository institution.   Primary changes follow:

  • Individuals whose covered offenses have been expunged will be exempt from the requirement to submit an application under Section 19.
  • Expands the scope of the de minimis exception for certain qualifying offenses involving the use or possession of false or fake identification, as well as for small-dollar, simple theft offenses.
  • Allows a person with two, rather than one, de minimis crimes to qualify for the exception and decreases the waiting period for individuals with two such offenses to three years (or 18 months for those who were 21 years or younger at the time of their misconduct).
  • Eliminates the waiting periods for applicants who have had only one qualifying covered offense.

The FDIC estimates that this new rule will reduce applications required under Section 19 by 30 percent.   A link to the issuance follows:


HUD’s amended issuance is intended to provide greater clarity on the law for individuals, litigants, regulators, and industry professionals.   The rule amends HUD’s 2013 disparate impact standard regulation to more closely align with the Supreme Court’s 2015 ruling in the Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc.   The rule revises the test for determining whether a practice has a discriminatory effect and adds to illustrations of discriminatory housing practices found in HUD’s Fair Housing Act regulations.   A link follows:


The Federal Emergency Management Agency’s (FEMA’s) authority to issue flood insurance policies was due to lapse at midnight on September 30, 2020.   Congress reauthorized the NFIP through September 30, 2021.   A link follows:


The FFIEC’s 2020 Geocoding System has been updated with the 2020 Census demographic data based on the 2011 – 2015 five-year estimated American Community Survey (ACS).   A link follows:


In recent months, there has been a notable increase in the number of Agency proposals and changes to the composition of Agency Boards and Advisory Committees.    If history is any indicator, there will be varying iterations of pending proposals.   As the ink dries, we’ll continue to provide insights on those proposals that are most relevant to your organization’s strategic planning, budgeting and risk assessment process.


As you wind down the year and pencil in compliance monitoring focus areas in 2021, we encourage consideration of some key recent enforcement actions, as summarized below, to inform your risk ratings, risk direction and planned spot checks next year. We have observed a heightened focus on consumer protection regulations involving deceptive or misleading practices during account opening and at the time of servicing, and on the customer complaints that tend to follow.


Penalty/ Settlement

Regulation/ Legislation

Violations/Focus Areas


$97 million
Regulation E
(Electronic Funds Transfer Act (EFTA)) Overdraft Practices

Consumer Financial Protection Act (CFPA) *

Regulation V (Fair Credit Reporting Act (FCRA))

Violated the EFTA and Regulation E by charging consumers O/D fees for ATM and one-time debit card transactions without obtaining affirmative consent.

Deceptively claimed that an offering was a “free” service or benefit or that it was a “feature” or “package” that “comes with” new consumer-checking accounts when the FI charged customers $35 for each overdraft transaction.

Required new customers to sign its overdraft notice with the “enrolled” option pre-checked
; enrolled new customers in service without requesting the customer’s oral enrollment decision;
deliberately obscured, or attempted to obscure, the overdraft notice.

Failed to establish and implement reasonable written policies and procedures concerning the accuracy and integrity of consumer account information it supplied to credit bureaus.

Failed to conduct timely investigations of indirect consumer disputes concerning some of that same information. These practices ring all the bells for bad overdraft programs.


$85 million
Compliance Management System (Program)

Servicemembers’ Civil Relief Act (SCRA)

Military Lending Act (MLA)

Failed to implement an effective Compliance Management Program, resulting in violations of SCRA and MLA.


$15 million
Fair Debt Collection Practices Act (FDCPA)

Consumer Financial Protection Act (CFPA)

Violated the CFPA, and the FDCPA by:

  1. suing consumers to collect debts even though the statutes of limitations had run on those debts
  2. suing consumerswithout possessing required documentation, using law firms and an internal legal department to engage in collection efforts without providing required disclosures, and failing to provide consumers with required loan documentation
    after consumers requested it.
  3. failing to disclose possible international transaction fees


$9.3 million
Unfair, Deceptive or Abusive Acts or Practices (UDAAP)


Misleading small businesses to think they are affiliated with the Small Business Administration

Illegally targeted small businesses directly through telephone calls, e-mails and the website, claiming to be representing the SBA; soliciting loan applications on behalf of the businesses’ banks; making statements on the website like “We are a Direct Lender for the PPP Program” and “We are currently offering stimulus relief spending under the Economic Security Act (CARES Act).”


$2 million
Regulation E (EFTA) Violated the EFTA and the Remittance Transfer Rule by failing to adhere to error resolution requirements and to properly respond to cancellation requests, failing to provide the refunds the Remittance Transfer Rule requires, failing to maintain required policies and procedures,
and failing to provide required disclosures.


$16 million
Regulation E (EFTA) O/D Practices Illegally charged a second NSF fee on the same returned item the second time it was presented, which impacted 700,000 credit union members


Consumer Financial Protection Act Settled with six mortgage companies regarding the use of deceptive mailers to advertise VA-guaranteed mortgages.


Home Mortgage Disclosure Act (HMDA) Reported inaccurate HMDA data about mortgage transactions over a 2 -year period. Errors were noted in several different required fields, and were determined to be caused by a lack of appropriate staff, training and quality control.

* This Act established the CFPB.   Allows suits for unfair, deceptive, or abusive practices, including illegal charging of overdraft fees to consumers.

If the ink is not yet dry on your 2021 Compliance Monitoring Plan, we encourage consideration of these recent enforcement action trends.


Stay tuned for our next BSA Advisory for a discussion of recent updates in the world of anti-money laundering.   Also, for additional insights on the steps we have taken to assist our clients in operating in this challenging COVID-19 pandemic environment, please see our website:

AuditOne LLC – Company Overview

AuditOne LLC is a leading provider of risk management services to financial institutions in the Western US and nationally. Our sole focus enables us to deliver effective and efficient internal audit and credit review services. This exclusive focus translates into exceptional benefits to our financial institution clients. We have experience with all regulatory authorities and offer a full selection of audit services comprising BSA/Anti-Money Laundering Program, Automated AML System Validation, Asset/Liability Management (ALM) and IRR Audits, ADA Website Compliance Reviews, IT/Information Security/Cybersecurity, Network Penetration Tests, Credit Review/ALLL, ACH Rules Compliance, Operations, Trust Audits, SOX/FDICIA Testing, and many specialty areas within each of these.

Our deep expertise is your edge. For more information on this article, or to request a proposal for a Compliance audit, please contact Celeste Burton, Compliance Practice Director, AuditOne LLC, at:

Contact Us

For information on how our services can help reduce risk at your institution, contact Jeremy Taylor, CEO. Also, for more information about AuditOne LLC and all our audit services see