A Mid-Year Regulatory Compliance Review
In January, CSI published a list of top compliance rules and issues expected to be proposed, finalized, implemented or addressed in 2015. As planned, the Basel III capital rules for smaller institutions went into effect that same month, and the FDIC has since published a centralized toolkit to help community banks understand how to comply with them. In addition, the effective date for the TRID Final Rule is less than three months away, and the CFPB recently weighed in on the rule’s so-called pre-approval loophole.
But, what about the other compliance issues predicted to have an impact in 2015? Some continue to surge forward, while others appear to be in a holding pattern, having been superseded by other regulatory priorities. This mid-point of the year is a good time to review the current and upcoming regulatory horizon in order to calibrate your compliance office’s priorities and determine the expectations of federal regulators.
TRID Final Rule is the Most Pressing Issue
With the Oct. 1 deadline looming, it’s time for a final check of your mortgage systems and processes to ensure their compliance with the TRID Final Rule. On that date, the Loan Estimate form begins replacing the Good Faith Estimate and Initial Truth-in-Lending Disclosure, and must be provided to consumers no later than the third business day after they submit a loan application. In addition, a Closing Disclosure, replacing the HUD-1 and Final Truth-in-Lending Disclosure, must be provided to consumers at least three days prior to their loan consummation to support the Know Before You Owe concept behind the rule.
Interestingly enough, the CFPB recently weighed in on the rule’s impact (or lack thereof) on loan pre-approvals and pre-qualification cost estimates. Pedro De Oliveira, CFPB counsel, stated during a May webinar that, “the bureau does not believe that the definition of application will restrict creditors’ ability to provide pre-qualification cost estimates or grant pre-approvals because creditors could provide prequalification estimates and grant pre-approvals without obtaining all of the six elements of information that make up the definition of an application.” It appears that the CFPB is saying that a Loan Estimate is not triggered until all six items have been obtained. As a reminder, the six elements that constitute a complete application are: the consumer’s name, income and social security number, as well as the property address, property value estimate and mortgage loan amount desired.
The Financial Regulatory Improvement Act—Could it Spell Relief for Smaller Banks?
Senator Richard Shelby, R-Ala and chairman of the Senate Banking Committee, finally got what he and many banks wanted on May 21—committee passage of his bill, the Financial Regulatory Improvement Act. While it remains to be seen whether the bill can win enough votes to be enacted into law, either as is or pared down, there is no doubt that it constitutes a sweeping reform for our industry. In an article for JDSupra, the law firm King & Spalding advised that, “the draft legislation represents the most ambitious attempt to revamp the financial regulatory regime since passage of Dodd-Frank, while seeking to avoid the most deeply divisive issues surrounding the law.”
There are 25 different measures in the legislation that would provide regulatory relief for smaller banks, including additional safe harbor for qualified mortgages and longer intervals between regulatory exams. CSI’s May 15 blog post, Changes for Community Banks in Shelby’s Regulatory Relief Bill, provides more details on how this bill may positively affect your institution.
CFPB Suggests it Will Finalize Several Rules Before Year’s End
In its semi-annual rulemaking agenda published on May 22, the CFPB indicated that, before the end of the year, financial institutions can expect final rules on the following proposals:
- HMDA Proposed Rule: Originally anticipated to be finalized earlier this year, the CFPB now expects to issue the final HMDA rule later this summer. This means the effective date for compliance can be no earlier than January 2017. As proposed, the rule institutes changes in three main areas of HMDA: institutional and transactional coverage, reportable data requirements and disclosure and reporting requirements.
- Proposed Rule on Access to Credit in Rural and Underserved Markets: In January, the CFPB proposed changes to its mortgage rules, “to facilitate responsible lending by small creditors, particularly in rural and underserved areas.” Among other things, this proposal expands the definitions of “small creditor” and “rural,” and institutes a one-year (versus three) qualifying period to obtain rural or underserved creditor status. The CFPB indicates a final rule will come out this fall.
Cybersecurity Remains a Key Regulatory Priority
The recent hack of the U.S. government is just the latest reminder that our systems are constantly under threat of a cyberattack. While financial institutions are typically ahead of the game in information security, they remain one of the biggest targets for cyber criminals, due in large part to the significant cache awaiting the successful hack of a bank’s systems and its customers’ accounts. The FFIEC continues to serve as the lead regulatory voice on this threat, although the OCC is a close second, identifying cybersecurity as one of its priority objectives for 2015 in its recent mid-cycle report.
As for the FFIEC, it has identified seven cybersecurity priorities for 2015 as a result of its Cybersecurity Examination Pilot conducted last summer. Potentially the most important of these priorities is the agency’s intention to create a cybersecurity self-assessment tool to help institutions gauge and mitigate their risk of attack. In addition, just two weeks after publishing those priorities, the FFIEC released statements on two of the most prevalent hacking methods: compromising user credentials and destructive malware. The FFIEC’s statements provide additional advice and guidance for banks on identifying and preventing attacks using these methodologies.
But Don’t Forget the Big Picture
All of the items above (and below) entail specific, tactical issues, but federal regulators have made it clear that they want institutions to remember the big picture. The FFIEC’s new Appendix J of the Business Continuity Planning Booklet encourages an enterprisewide look at disaster preparedness and vendor management, and the OCC’s mid-cycle status report indicates that its examiners will be paying particular attention to the following big picture items:
- Strategic Planning: Is it realistic and are appropriate risk management processes in place?
- Corporate Governance: Is it commensurate with the bank’s size and complexity?
- Operational Risk: Are all phases of risk management in place and working to identify operational risk?
- Interest Rate Risk: Does the bank have an accurate picture of its vulnerability to market volatility?
- Compliance: Is the bank effectively complying with all laws and regulations and accounting for compliance in all new products and services?
Coming in Early 2016 From the CFPB
While most in the industry had anticipated that a final rule on Prepaid Products would come out this year, the CFPB now suggests that it will be early 2016 before that proposal is finalized. The delay is most likely due to the vast number of responses submitted to the CFPB during the comment period. The American Bankers Association comment alone was 46 pages long, and like many, it requested more clarity on what constitutes a prepaid account under the rule.
Also on deck for spring 2016 according to the CFPB’s latest rulemaking agenda is the final rule on amendments to mortgage servicing requirements. This proposal “would require servicers to provide certain borrowers with foreclosure protections more than once over the life of the loan, to put in place additional servicing transfer protections, and to take steps to protect borrowers from a wrongful foreclosure sale.”
Anticipated Proposals in a Holding Pattern
Finally, there are three proposals that appear to be on hold. However, banks should keep an eye on them:
- CFPB Debt Collection Rule: In its Fourth Annual Fair Debt Collection Practices Act Report, the CFPB gave no firm timetable for its completion. So on the one hand, banks can breathe a sigh of relief since the CFPB indicated it might convene a small business panel to examine the issue, which would seem to stall any rule publication. On the other hand, in its most recent Supervisory Highlights, the CFPB expressed serious concern about debt collection practices, stating, “the Bureau’s recent examinations have identified a risk of deceptive practice, violations of the FCRA and Regulation V, and violations of the Fair Debt Collection Practices Act.”
- CFPB Overdraft Rule: In its rulemaking agenda, the CFPB stated it was “assessing whether rulemaking is warranted.” In the meantime, however, the CFPB issued an enforcement action and $7.5 million civil money penalty against a bank for charging overdraft fees to consumers who had not opted-in for the service. This suggests that overdraft is still a hot topic for the CFPB.
- FinCEN Customer Due Diligence Rule: There has been no recent news or movement from the FFIEC on this anticipated proposal, but that certainly does not mean it’s dead.
Focus on the Knowns and Keep an Eye on the Unknowns
My advice is to focus significant efforts on the known priorities, while continuing to monitor emerging issues as well as those that appear on hold. For our part, CSI will continue to pay close attention to the agendas and priorities of all federal regulatory agencies and keep you apprised of the same via our blog and through our Facebook, LinkedIn and Twitter feeds. You also can take advantage of our dedicated monitoring efforts through CSI’s SmartRisk NOW®, a free service accessed via Facebook that broadcasts the latest compliance news, notifies you of new guidance, and even provides a compliance calendar.
Amber Goodrich, Compliance Strategist for CSI Regulatory Compliance, has more than 10 years of financial industry experience. She is a Certified Regulatory Compliance Manager (CRCM) and Certified Bank Secrecy Act (BSA) Professional (CBAP).