Compliance Question of the Week

In today’s banking environment as soon as one big new regulation is implemented another pops up. Our compliance resources help your community bank stay one step ahead of the regulators.

Regulations and Guidance

Question: Is redlining applicable to commercial lending?

ANSWER: 

Redlining may focus on the institution’s decisions about how much access to credit a certain geographic area has, and this does include commercial lending.

The bank’s CRA assessment area can provide insight into the bank’s practices regarding lending regarding products that are of racial or national origin. For example, if the bank’s assessment area excludes an area where the majority of minority businesses are located, does this reflect a higher than usual denial of commercial lending to minority business owners?

Reference: FFIEC Interagency Fair Lending Examination Procedures, August 2009.

Q&A Archives

ANSWER:

An appraisal is not required if the real property or interest in real property is located in a rural area, as defined by Regulation Z and provided by the Bureau, so long as the following criteria are met:

  • the bank has contacted not fewer than 3 state certified appraisers or state licensed appraisers,
  • the bank has documented that no state certified appraiser or state licensed appraiser was available within 5 business days beyond customary and reasonable fee and timeliness standards for comparable assignments, 
  • the transaction is less than $400,000, and
  • the transaction is not a high-cost mortgage transaction as defined by Regulation Z.
If all of these criteria are met, an evaluation of the property must be completed in compliance with USPAP.

If all of these criteria are not met, an appraisal must be completed by a state certified or state licensed appraiser.

Reference: S.2155 Economic Growth, Regulatory Relief, and Consumer Protection Act Section 103.

ANSWER:

An MLO who failed to renew registration during the annual two-month renewal period, may renew any time and does not have to wait until the next renewal period. However, the person may not act as an MLO until the registration requirements are met.

Reference: CFPB, SAFE Examination manual, “renewal” 2012, page 5. SAFE Act, 12 CFR 1007.103(b)

ANSWER:

CAN-SPAM does not require an opt in for the initiators of commercial email messages. That means if the bank purchased the list, it may not know if anyone on the list asked to OPT out.

However, bear in mind that there could be a violation if someone on the list has in fact opted out.

Consider: Reviewing the requirements and the guidance from the FTC to help determine the risk of purchasing a list.

Reference: https://www.ftc.gov/news-events/blogs/business-blog/2015/08/candid-answers-can-spam-questions

ANSWER:

Lawmakers established an alternative test if banks do not want to wait the two months to exempt an entity or payroll customer under Phase II.

Financial institutions must perform a risk-based analysis of the customer and document a reasonable belief that the customer has a legitimate business need for conducting frequent, large, cash transactions.

An example where the alternative test may apply is a returning customer who was previously exempt.

Reference: 31 CFR 1020.315(c)(2)(i) and (ii).

ANSWER:

An institution must provide to a consumer who does not affirmatively consent to the institution's overdraft service for ATM and one time debit card transactions the same account terms, conditions, and features that it provides to a consumer who affirmatively consents, except for the overdraft service for ATM and one time debit card transactions.

However, the bank may offer deposit accounts with limited features, provided that a consumer is not required to open such an account because the consumer did not opt in.

Reference: 1005.17(b)(3), Official Staff Interpretation 1005.17(b)(3), comment 2.

ANSWER:

When working with a third party, in this case indirect lending, the bank needs to work to minimize compliance risk.

Implementing controls and procedures helps manage the expectations for compliance of the third party. For example:

  • Training the third party on fair lending laws, taking applications and other laws/regulations, as applicable including bank secrecy, privacy, and FCRA;
  • Establishing policies to ensure understanding of bank’s underwriting expectations (e.g., what is acceptable and unacceptable based on bank’s compliance procedures;
  • Monitoring the third party for pricing, markup, discrimination, etc. Monitoring for compliance; reviews, audits, as required;
  • Implementing clearly established requirements for responsibilities of bank and third party.
Reference: https://www.minneapolisfed.org/publications/banking-in-the-ninth/indirect-lending. See also: FDIC, Examination Guidance for Third party lending, July 2016, page 5.

ANSWER:

In general, to obtain access to, copies of, or information contained in a customer’s financial records, a federal government authority, generally, must first obtain one of the following:

  • An authorization, signed and dated by the customer, that identifies the records, the reasons the records are being requested, and the customer’s rights under the act (section 3404)
  • An administrative subpoena or summons (section 3405)
  • A search warrant (section 3406)
  • A judicial subpoena (section 3407)
  • A formal written request by a government agency (to be used only if no administrative summons or subpoena authority is available) (section 3408) Details for each, may be found in annotated sections of Right to Financial Privacy Act.
Reference: Right to Financial Privacy: 12 USC chapter 35 3401

ANSWER:

The bank is permitted to share information with affiliates that is controlled by or is under the common control with the bank.

In general, the bank’s privacy policy must describe the bank’s policies and practices with respect to collecting and disclosing nonpublic personal information about a consumer to affiliated parties.

Also, the notice must provide a consumer a reasonable opportunity to direct the institution generally not to share nonpublic personal information about the consumer (that is, to “opt out”) with nonaffiliated third parties other than as permitted by exceptions under the regulation (for example, sharing for everyday business purposes, such as processing transactions and maintaining customers’ accounts, and in response to properly executed governmental requests). The privacy notice must also provide, where applicable under the Fair Credit Reporting Act (FCRA), a notice and an opportunity for a consumer to opt out of certain information sharing among affiliates. The bank provides a clear and conspicuous notice to customers that accurately reflects the bank’s privacy policies and practices not less than annually during the continuation of the customer relationship.

Reference: Regulation P examination procedures, October 2016, page 2. Fair Credit Reporting Act

Ask an Expert

We want to hear your pressing questions about compliance at your bank. Please fill in the form below. Not all questions will be featured. Your questions will be kept anonymous.