June 2017 Newsletters

The Five Pillars of BSA:  A Review and Overview

If You Wait Until It Floods, It'll Be Too Late!

Are Businesses the Next Fair Lending Priority?

Regulatory Amendment to Regulation CC and Comment Period

The Five Pillars of BSA:  A Review and Overview

by Silvia Garcia Maggio, CRCM, Associate General Counsel

Every BSA/AML compliance program today is required to be built around four requirements that we call pillars. With the addition on the Beneficial Ownership rule effective May 11, 2018, we will have a fifth BSA pillar requiring risk-based customer due diligence procedures. The preparation time ahead of this new rule is a great opportunity to review all the pillars and how they impact the bank.

The first pillar of the BSA rules is a system of internal controls to ensure ongoing compliance. Internal controls include policies and procedures, risk assessments, board reporting, dual controls and segregation of duties. This pillar includes how the bank locates and assesses variances in customer habits that could be considered suspicious activities. This also includes the need to supervise and assist employees in determining what triggers BSA requirements and how to collect needed information for money instrument logs, CTRs and SARs.

The second pillar requires independent testing of the full BSA program to ensure compliance.  Independence means the audit is done by someone not involved with the BSA/AML program and who reports directly to the board of directors or a board committee. The third pillar requires the designation of a BSA compliance officer. While plenty of banks have a variety of different officers, BSA/AML is one of the few places where it’s required versus a best practice. The fourth pillar requires BSA/AML training for all affected personnel. That means a consideration of everyone, from the board of directors on down, to determine who should be trained on BSA. That consideration is going to include the vast majority of bank employees and related personnel.

The beneficial owner rule adds the fifth pillar of customer due diligence which will require that banks identify and verify the beneficial owners of your business customers who are legal entities. Thus, the bank will have to collect information on up to four individuals who own 25 percent or more of a legal entity. In addition, one person who has the ability to control or manage the business – for example, CEOs, CFOs or COOs – will need to have their identity verified, as well. Therefore, the bank could be collecting information on up to five individuals to comply with this rule. If there isn’t someone who owns at least 25 percent of the entity, the bank will just collect information on a single controlling or managing owner.

What will be collected on each individual is really similar to CIP information: name and title of the individual, name and address of the business, date of birth and Social Security numbers for U.S. citizens and passport numbers for non-citizens. One big difference is, unlike CIP, the bank accepts copies of those documents instead of the actual documents. There is a model certification form which can be used to get the required information directly from the customer. The form has space to identify those beneficial owner individuals. It’s basically going to allow the customer to just list their up-to-four beneficial owners and the single individual who is listed as controlling the company. There’s no requirement to use the model form, so the bank can choose to modify the form or take that information via some other procedure.

There is a full BSA/AML compliance toolkit on the Compliance Alliance website to assist with BSA/AML needs. There is also a full summary of the Beneficial Owner Rule available in that toolkit. If you have any other questions, please make sure to contact the hotline!

If You Wait Until It Floods, It’ll Be Too Late!”

by Elizabeth K. Madlem, Associate General Counsel

As British naturalist Gilbert White stated, “Floods are ‘acts of God,’ but flood losses are largely acts of man.” Fast forward almost 200 years and welcome the National Flood Insurance Program (NFIP). Flood insurance remains a crucial requirement within lending compliance. “Failure to comply” fines are steep: $2,000 per violation with no annual cap of the amount of penalties that can be assessed against the bank. A history or continual failure to escrow, provide notice and enact force-placement insurance triggers mandatory civil money penalties. Reaffirming the basics will help keep a bank compliant with its safety and soundness requirements on its collateral. But don’t forget hazard insurance! Defined under RESPA, hazard insurance is for insurance on the property securing a mortgage loan that protects the property against loss caused by wind, fire, flood, earthquake, theft, falling objects, freezing and other similar hazards in which insurance is required. 

Flood insurance is required on any loan secured by a building or mobile home located in a Special Flood Hazard Area. Any building, regardless of being a commercial or consumer transaction, is subject to flood, unless it is: 1. state owned property; 2. property values at under $5,000; or 3. is an extension of credit expected to be repaid within one year or less.  Commercial or consumer, any building, is subject to flood requirements.[JT1]  Flood insurance is required before a lender makes, increases, extends or renews a loan secured by improved real estate or a mobile home. At any point the bank becomes aware insurance is inadequate or does not exist, a lender is required to force-place flood insurance immediately. Luckily, there is guidance. All force-placement procedures for flood insurance start with a 45-day notification letter requirement. This is the only regulatory requirement, but many banks will send a second letter. This 45-day letter has no regulatory template but, at a minimum, the bank should include the customer name, address requiring insurance, loan number, flood determination, date of loss of insurance, the flood insurance minimum required and notice that within 45 days, the bank will provide insurance chargeable to the customer. The bank must notify the borrower that they need to obtain insurance, at the borrower’s expense, in an amount equal to the amount required, for the remaining term of the loan. Otherwise, the bank will obtain insurance that may be higher in price and not cover as much as what the borrower previously held. The bank has to implement gap insurance during this 45-day time period. Remember, the loan cannot be without insurance! But on the 46th day, the bank may charge days 1-46 and onward to the borrower. Keep in mind that if this is an MPPP policy, there are additional notice requirements to be met — a 45-30-15-day standard.

Hazard insurance applies to all loans covered under RESPA, except HELOCs. Unlike flood, hazard has a regulatory template and multiple notice requirements. Hazard insurance follows many of flood’s standards: upon notice of inadequate or loss of coverage, the bank must force-place insurance as the loan cannot be without. Upon proper compliance, the bank may, on day 46, transfer the charge to the borrower for days 1-46 and onward. Luckily MS-3(A)-(C) (Appendix to Part 1024) provides the exact format a bank should use in sending all notices.  

As always, please refer to Compliance Alliance’s website for helpful training, templates and tips regarding any flood or hazard insurance needs!

Are Businesses the Next Fair Lending Priority?
By Victoria E. Stephen, Associate General Counsel

On May 10, 2017, the Consumer Financial Protection Bureau (CFPB) took its first step toward expanding the fair lending landscape by revealing plans to issue regulations on business lending. Although Section 1071 of the Dodd-Frank Act required financial institutions to track and report applications made by women-owned, minority-owned and small businesses, not much has developed in this arena since it was signed into law in 2010.
"Small businesses fuel America’s economic engine, create jobs and nurture communities. Yet little is known about how well the lending market serves their financing needs," said Director Richard Cordray in the CFPB’s press release. To this end, the Bureau has issued a Request for Information (RFI) asking for feedback to help develop implementing regulations for the estimated $1.4 trillion small business lending market.
The questions the CFPB explores in its RFI can be divided into five general categories:

Small Business Definition: The Bureau wants to know how the industry defines “small business.” Under Section 1071, the definition is generally based on industry-specific size standards as set out by NAICS codes. The CFPB, however, is considering developing an alternate “practical definition” that considers common practices and doesn’t just rely on NAICS codes.
Data Points: Section 1071 requires a whole host of data points, including but not limited to:

Loan type and purpose;
Loan amount applied for and approved;
Type of action taken;
Applicant’s gross annual revenue; and
Information about the race, sex and ethnicity of the business owners.

In addition, it gives the CFPB authority to require “any additional data that [it] determines would aid in fulfilling the purposes of [Section 1071].” The RFI requests more information on whether more or fewer data points should be required and, if so, what those should be.

Institutions Engaged in Business Lending: Although depository institutions in general would undoubtedly be covered new regulations, the CFPB may exempt certain institutions based on size, volume, or type, and it seeks more information on what those exemptions should be.
Access to Credit and Financial Products: While the CFPB understands that term loans, lines of credit, and credit cards are the main all-purpose products used by small businesses, it wants to know what other products are important sources of financing. In addition, the Bureau asks how an “application” is defined for business purposes and how credit reviews in this area typically operate.
Privacy: As with the recent HMDA amendments, privacy is a forefront concern. Just from the required data points, it’s clear that at least some of the data could involve sensitive, private or confidential information, and the CFPB is seeking input on how to balance these considerations with Section 1071 requirements. 

The RFI was just recently published in the Federal Register, so those who wish to submit comments have until July 14, 2017. In addition to the RFI, the Bureau also published a white paper titled, “Key dimensions of the small business lending landscape” that details the preliminary research it has done in the area. Banks that lend to potentially-covered businesses should consider reviewing the research and submitting comments, especially given the unchartered frontier of the small business lending market.

Regulatory Amendment to Regulation CC and Comment Period

by Chance Williams, Compliance Specialist

Regulation CC Expedited Funds Availability Act of 1987 is designed to ensure consumers receive prompt availability of funds for deposit accounts, and to promote improvements in check collections as well as the return process.  As we in the industry have become accustomed to changes to regulations Regulation CC is no different. The Federal Reserve Board has proposed an amendment to clarify the UCC provision regarding Altered and Forged Checks that addresses disputes that involve the possibility of forgeries and/or altered checks for dispute purposes.

The question of whether a check is to be presumed to be altered and/or forged is currently not addressed in Regulation CC. Over the years as the check collection system has become much more electronic therefore requiring a clarification. The time of having the original check item available for inspection has become less feasible and has placed a larger burden on the banks to receive the original item. This amendment will attempt to clarify the process of disputing checks that have potentially been altered and/or forged when the original item is not physically able to be examined.

The rule would adopt a presumption for disputes concerning alternations and/or forgeries concerning whether the dollar amount or the payee of the substitute check or electronic check has potentially been altered or whether those same checks are derived from an original check that had been altered or forged. The intent of the amendment is to provide clarity as to the burden of proof required in these situations.   Members of the industry have requested clarification and the Federal Reserve Board has requested comments on whether banks should be allowed to adopt an evidentiary presumption. If the answer is “yes” should banks then be allowed to presume a check has been altered and/or forged in cases of doubt?

Comments have been received and due to those comments the proposed rule has been drafted. The proposed rule would allow for the presumption of the alteration to be overcome by a preponderance of evidence that the substitute item accurately reflect the information contained on the original item.

This proposed amendment will affect banks of all sizes. The presumption of alteration would shift the burden to the bank that warrants that an item has not been altered; this could be either the depository bank or the collecting bank.  A bank would be burdened by having to provide evidence that the item is accurately reflected in the substitute form or that the substitute item is derived from an original that had been altered and/or forged.  The rule would also state that the presumption of alteration shall cease if the original item is made available for inspection by the parties involved. Additionally, the proposal would clarify that presumptions do not limit the ability for a bank to make a claim against another bank for losses allegedly incurred form an item alleged to be altered.

Stay tuned for more on the proposal and final rule.

To read the summary of the proposal visit:

https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20170531a1.pdf    - Full proposal

https://www.federalreserve.gov/newsevents/pressreleases/files/bcreg20170531a2.pdf    - Summary

Submit comments for Docket Number R-01564 by any of these following methods:

Agency Web site:


Follow the instructions for submitting comments at http://www.federalreserve.gov/apps/foia/proposedregs.aspx.

• Email:


Include the docket number in the subject line of the message.

• FAX: (202) 452–3819 or (202) 452– 3102.

• Mail: Ann E. Misback, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue N.W., Washington, DC 20551.