Compliance Question of the Week

In today’s banking environment as soon as one big new regulation is implemented another pops up. Our compliance resources help your community bank stay one step ahead of the regulators.

Regulations and Guidance

Question: What acts did the CFPB find unfair and abusive with regards to incentive programs?

ANSWER: 

The CFPB found the following acts to be unfair and abusive:

  • opening deposit accounts and transferring funds without the prior authorization of the consumers in whose names the accounts were opened; and 
  • applying for credit card accounts in the name of consumers without their prior authorization.

Q&A Archives

ANSWER:

When working with a third party, in this case indirect lending, the bank needs to work to minimize compliance risk.

Implementing controls and procedures helps manage the expectations for compliance of the third party. For example:

  • Training the third party on fair lending laws, taking applications and other laws/regulations, as applicable including bank secrecy, privacy, and FCRA;
  • Establishing policies to ensure understanding of bank’s underwriting expectations (e.g., what is acceptable and unacceptable based on bank’s compliance procedures;
  • Monitoring the third party for pricing, markup, discrimination, etc. Monitoring for compliance; reviews, audits, as required;
  • Implementing clearly established requirements for responsibilities of bank and third party.
Reference: https://www.minneapolisfed.org/publications/banking-in-the-ninth/indirect-lending. See also: FDIC, Examination Guidance for Third party lending, July 2016, page 5.

ANSWER:

In general, to obtain access to, copies of, or information contained in a customer’s financial records, a federal government authority, generally, must first obtain one of the following:

  • An authorization, signed and dated by the customer, that identifies the records, the reasons the records are being requested, and the customer’s rights under the act (section 3404)
  • An administrative subpoena or summons (section 3405)
  • A search warrant (section 3406)
  • A judicial subpoena (section 3407)
  • A formal written request by a government agency (to be used only if no administrative summons or subpoena authority is available) (section 3408) Details for each, may be found in annotated sections of Right to Financial Privacy Act.
Reference: Right to Financial Privacy: 12 USC chapter 35 3401

ANSWER:

The bank is permitted to share information with affiliates that is controlled by or is under the common control with the bank.

In general, the bank’s privacy policy must describe the bank’s policies and practices with respect to collecting and disclosing nonpublic personal information about a consumer to affiliated parties.

Also, the notice must provide a consumer a reasonable opportunity to direct the institution generally not to share nonpublic personal information about the consumer (that is, to “opt out”) with nonaffiliated third parties other than as permitted by exceptions under the regulation (for example, sharing for everyday business purposes, such as processing transactions and maintaining customers’ accounts, and in response to properly executed governmental requests). The privacy notice must also provide, where applicable under the Fair Credit Reporting Act (FCRA), a notice and an opportunity for a consumer to opt out of certain information sharing among affiliates. The bank provides a clear and conspicuous notice to customers that accurately reflects the bank’s privacy policies and practices not less than annually during the continuation of the customer relationship.

Reference: Regulation P examination procedures, October 2016, page 2. Fair Credit Reporting Act

ANSWER:

Redlining may focus on the institution’s decisions about how much access to credit a certain geographic area has, and this does include commercial lending.

The bank’s CRA assessment area can provide insight into the bank’s practices regarding lending regarding products that are of racial or national origin. For example, if the bank’s assessment area excludes an area where the majority of minority businesses are located, does this reflect a higher than usual denial of commercial lending to minority business owners?

Reference: FFIEC Interagency Fair Lending Examination Procedures, August 2009.

ANSWER:

Yes. This is the only bona fide fee a bank can collect before providing the early disclosures and intent to proceed.

Section 1026.19(e)(2) allows for this exception but prohibits all other fees until the applicant receives the early disclosures and indicates their intent to proceed.

Reference: 12 CFR 1026.19(e)(2)(i).

ANSWER:

All initial disclosures are provided via mail or in-person. However, the Closing Disclosure is emailed to ensure timely delivery three days prior to closing. The Closing Disclosure is emailed without E-SIGN Act disclosures. The bank relies on acknowledgment of receipt to show demonstrable consent.

Explanation: The Closing Disclosure delivery in this example does NOT comply with the E-SIGN Act requirements for several reasons:

1. The consumer did not receive the disclosures required under the E-SIGN Act.

2. The consumer did not actually agree to receiving the Closing Disclosure electronically prior to receiving it.

3. Proof that the borrower received the Closing Disclosure does not, by itself, show demonstrable consent as required by the E-SIGN Act.

Reference: E-SIGN Act.

ANSWER:

The regulation does not require a statement of the MAPR to be included in advertisements.

Reference: 32 CFR 232.6(b)(2)

ANSWER:

Regulation P provides an exception under section 13 for providing disclosure. The opt out notice requirements of 1016.6 and 1016.10 do not apply when nonpublic personal information is provided to a nonaffiliated third party to perform services on the bank’s behalf, if the bank:

  • Provides the initial notice
  • Enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information, including use under an exception in 1016.14 or 1016.15 in the ordinary course of business to carry out those purposes.
When determining whether the notice requirements apply, be sure to review the examples included in these sections.

Reference: Regulation P: 12 CFR 1016.13(a) and (b) See also: 1016.14 and 1016.15

Ask an Expert

We want to hear your pressing questions about compliance at your bank. Please fill in the form below. Not all questions will be featured. Your questions will be kept anonymous.