As a bank compliance officer, do you wonder if you are overlooking issues? You’re not alone. Below is a summary of the national topics on the minds of compliance and other bank officers. Please reach out to the KBA Legal Department with specific questions.
UDAAP and Fair Banking
CFPB released an updated Unfair, Deceptive, or Abusive Acts or Practices (UDAAPs) Examination Manual that expects banks to include measures preventing discrimination in every aspect of UDAAP prevention. Bankers at CFPB-regulated institutions are trying to determine what that looks like, particularly if they need to do comparative file reviews, exception tracking, etc. on the deposit and operations side of the bank. Remember, regardless of the bank’s regulator, banks are prohibited by law from discriminating in any part of their operations.
1071 – Small Business Lending Data Collection
Final regulations amending Regulation B (ECOA) have yet to be published, but the proposed regulation’s almost 1,000
pages have bankers wondering what the impact will be on banks. While you may not have time to look at the entire
proposed regulation, the CFPB’s 35-page Discussion Guide for Small Entity Representatives is helpful. Available at:
https://www.consumerfinance.gov/1071-rule.
CRA Modernization
Although this is in a proposed state, bankers are discussing the potential effect of the joint proposal that modernizes assessment areas and sets new thresholds for small and intermediate banks. The comment period closed on Aug. 5, 2022.
Evaluating Your Overdraft Program
The KBA previously alerted its bankers to the issue of multiple insufficient funds fees being charged on represented items and the possibility that a bank could be cited for a UDAAP violation (with up to five years “lookback” period) even if the bank previously clarified its disclosures and practices. This continues to be an area reviewed by examiners. It is essential banks update their disclosures as soon as possible if they have not already done so.
The regulatory agencies provided banks with guidance on what is expected when entering business arrangements with third-party vendors, including creating policies and procedures outlining initial due diligence standards, continued monitoring, and contractual provisions that clearly delineate each party’s responsibilities.
Revised Interagency Flood Q&As
The May 2022 Revised Interagency Flood Q&As replaced the original Q&As published in 2009 and 2011 and consolidated the 2020 and 2021 proposals. The revised Q&As reflect significant changes to the flood insurance requirements made by federal law in recent years and cover a broad range of technical flood insurance topics. Further, the Q&As were reorganized by topic to make it easier to find and review information.
P2P Mobile Payment App Disputes
With an increase in consumers using payment apps like Zelle and Venmo, banks are taking greater losses with disputed EFT transactions. Some banks have even taken the approach of blocking certain payment apps. While the CFPB issued additional FAQs to provide guidance, having a strong regulatory foundation and understanding of payment systems can avoid unnecessary monetary losses and lower compliance risk. The KBA released an on-demand webinar on EFT disputes that goes in-depth into this topic.
Fair Lending
A new Fair Lending focus is racial and ethnic bias by a property appraiser or evaluator, whether it be an individual bias against the home occupants or against the neighborhood. The Department of Justice stated in an amicus brief that a
bank could be liable for such bias. If a bank detects bias, it should consider obtaining a second appraisal (any additional
fees imposed on the buyer/applicant would be considered unfair). Additionally, the bank should consider removing that
appraiser from its list of approved appraisers and possibly submitting a complaint to the state appraisal board.
Vendor and FinTech Compliance Management
The regulatory agencies provided banks with guidance on what is expected when entering business arrangements with third-party vendors, including creating policies and procedures outlining initial due diligence standards, continued monitoring, and contractual provisions that clearly delineate each party’s responsibilities.
FinTechs fall within the requirements relating to third-party vendors but present a higher risk of causing customer harm
than other types of business relationships. Further, regulators consider any business relationship with a FinTech to be a critical partnership requiring a heightened risk management process. Specific areas of concern include UDAAP risks, reputation risks, and the FinTech’s lack of compliance expertise.
FinTechs generally move quickly with new products and ideas, but a bank must consider regulatory expectations and be
prepared to offer education and support. When considering a relationship with a FinTech, a bank should consider its own
risk appetite. The bank should construct an effective contract to allow the bank to monitor the FinTech for compliance,
provide the bank with access to the FinTech’s records and processes, and require the FinTech to report all investigations,
complaints, or problems to the bank.
Environmental, Social, and Governance (ESG); and Diversity, Equity, and Inclusion (DEI)
The increased focus on climate risk has prompted some banks (and their regulators) to review their environmental exposures, including how rising sea levels and changing weather patterns might affect their existing loan portfolios. Some banks are even reconsidering their support of companies and projects that generate substantial carbon emissions. However, the KBA is actively fighting against ESG mandates since a bank should have the right to choose who it wants to do business with.
Additionally, banks are focusing initiatives on their stated social values, including diversity, equity, and inclusion in hiring and promotion, equitable pay scales, and providing greater access to capital in long-underserved communities.