May 2018 Newsletters
by Victoria E. Stephen, CRCM, Associate General Counsel
On the Friday morning of April 20, 2018, Wells Fargo Bank was hit with a $1 billion penalty for what essentially amounts to a critical breakdown in its compliance managements systems. In a coordinated enforcement action between the CFPB and the OCC, the Bank was charged with two main abuses: unfairly failing to follow the rate-lock process it disclosed to prospective borrowers, and unfairly enforcing its force-placed auto insurance program.
Wells Fargo’s policy, like many other institutions’, was to only charge borrowers a rate-lock extension fee if the delay were attributable to the borrower, and not to the Bank. Although the policy itself was fine and well, it was Wells’s failure to effectively implement the policy that created a problem. The Bank itself admitted that its internal training for loan officers was inadequate. From 2013 to 2017, the rate-lock policy ended up being applied to borrowers inconsistently and, thus, unfairly, and the poor implementation resulted in many borrowers being charged fees that truly should have been absorbed by the Bank.
Force-Placed Insurance Program
As is also common, Wells Fargo required auto loan borrowers to maintain insurance, and if they did not, the Bank was allowed to force place coverage and charge the borrower for the premium. Again, though, the policy itself is not what is at issue here. When the Bank’s vendor that it used for monitoring could not verify whether proper coverage was in place, it would force place insurance without adequate due diligence. This often resulted in unnecessary and duplicative policies—typically just over $1,000 each—for hundreds of thousands of consumers. And to add insult to injury, this process ended in delinquency, default, and even repossession in some cases.
The CFPB itself assessed a $1 billion penalty for these transgressions—it’s second largest fine ever—and the OCC assessed its own $500 million penalty for them. The CFPB, however, agreed to “credit” $500 million of what it collects toward the satisfaction of the OCC fine, bringing the Bank’s grand total back down to $1 billion. That’s not all, though—Wells Fargo also agreed to “remediate harmed consumers” and “undertake certain activities related to its risk management and compliance management,” which in addition to the penalties, could amount to upwards of $10 million.
This isn’t the first time this has happened by the way. If you’ll recall back in 2016, the Bank was called out for opening fake deposit and credit card accounts for current customers in order to boost its sales targets and compensation incentives. According to the Bank’s own estimate, its employees opened more than two million accounts that may not have been authorized by its customers.
The total fine from that enforcement action came out to a mere $100 million, though—pocket change compared to this new $1 billion penalty. Will this ten-fold increase in fines make Wells Fargo finally clean up its act? Either way, it doesn’t look like the CFPB will be backing down anytime soon like many once thought.
by Sarah E. Sauceda, Associate General Counsel
If 2018 were a celebrity, I think it would make a great Oprah —“You get a change! And you get a change! And YOU get a change!” No, but seriously 2018 is the year for changes —HMDA, Reg. CC, Beneficial Ownership, and others; among them, is an update to the Suspicious Activity Report (SAR) form.
On February 2 of this year, the Financial Crimes Enforcement Network (FinCEN) issued an updated form for banks through a proposed rule. The rule is aimed at revising numerous items in the electronic data elements that currently support the SARs. Basically, the SAR reporting form is getting a facelift to help her keep up with the times. Though the proposed rule does not alter the reporting requirements nor create new obligations for banks. Rather, it expands and varies certain data points.
Before we dive into the changes, themselves: a little background on SARs. SAR forms are a major facet in the Bank Secrecy Act (BSA) reporting system. Under the federal regulations, a bank is generally required to file an SAR with respect to: (A) criminal violations involving insider abuse, aggregating $5,000 or more when a suspect can be identified, and aggregating $25,000 or more when one cannot; and (B) transactions, aggregating $5,000 or more, conducted or attempted at a bank when the bank suspects illegal activity is involved, evasion of BSA regulations is attempted, or has no apparent lawful purpose. All in all, the SAR forms help the government track suspicious activities.
Now that you have a quick refresher, let’s get into the proposed changes! There is a new text field to alert FinCEN that the SAR is in response to a geographic targeting order, advisory, or other activity. There are new text fields to accompany the IP Address field in order to record the date and /or timestamp of the first instance of the reported IP address. Additionally, there are new cyber event indicators. This is a new category of fields that is designed to record up to 99 cyber events associated with a suspicious activity. FinCEN has added a few new product types to the SAR form as well – deposit accounts and microcap securities. With this change, a new subtype associated with the type of securities and futures institution in Part III and Part IV has been added. Finally, new and modified types, and subtypes of suspicious activities have been added under the proposed rule. Most notably, there is a “Cyber Event” suspicious activity type category.
One other note is that the new form requires batch filers to submit the updated data in an XML-based file, as opposed to the current ASCII-based, fixed-length delimited file.
The new form will be available on the BSA E-Filing System in June of 2018.
For more information on these changes, the proposed rule can be found here: https://www.federalregister.gov/documents/2017/02/02/2017-02235/proposed-collection-comment-request-update-and-revision-of-the-fincen-suspicious-activity-reports
By Darlia Fogarty, Director of Compliance and COO
Congress passed Economic Growth, Regulatory Relief and Consumer Protection Act (S. 2155) on May 22, 2018. This legislation is being touted as the most significant piece of legislation for financial institutions since the passage of the Dodd-Frank Act in 2010. The Act contains nearly 200 pages of provisions, and although it is generally effective when the president signs it, many of the provisions require further action by the regulatory agencies for implementation.
A few of the significant areas for financial institutions to be aware of, once signed into law by President Trump, S. 2155 will:
- Establish a safe harbor from certain requirements for a loan to be considered a Qualified Mortgage;
- Rescind the additional data points required under the Home Mortgage Disclosure Act for financial institutions that originate fewer than 500 closed-end and/or 500 open-end lines of credit;
- Reclassify one-to-four unit, non-owner occupied residential loans as real estate loans;
- Clarify that the same consumer protections in place with respect to mortgage lending are nonexistent for Property Assessed Clean Energy loans;
- Remove the three-day wait period required for the combined TRID mortgage disclosure if a creditor extends to a consumer a second offer of credit with a lower annual percentage rate;
- Provide a safe harbor for properly trained financial employees who report alleged elder financial abuse; and
- Require the U.S. Department of Treasury to conduct a study on the risks that cyber threats may pose to financial institutions.
Moving forward, we will be reviewing the five titles of the Act with a section-by-section analysis to determine exactly how our members will be impacted.
By Compliance Alliance staff
Technology is evolving and becoming more integrated into our daily lives. Fintech is one area in which extreme growth and evolution has begun, and the financial industry is addressing the adaptations needed to prevent being left behind. Many in the industry believe that innovation must continue as a broader understanding and transparency of products and services is delivered to a wider range of potential customers. The industry is experiencing an uptick in new startups and large financial institutions are taking a proactive stance on understanding how these technologies can change the landscape of the financial industry as we know it. Increasingly, banks are investing in these companies to drive the process. As a result the financial industry has seen partnerships being formed from banks and startup companies to bring state-of-the-art services younger customers desire.
As with all new innovative changes, there is a need to ensure benefits will be achieved. In order for Fintech benefits to be achieved, the technology must be provided sensibly and in a way that truly benefits consumers. In order to ensure the technology brings benefit, it is imperative that laws and regulations are developed to instill a framework around these technological advances. The regulatory agencies in the United States have been making progress in this regard; however steps must continue to be taken to guarantee the financial industry does not get left behind. While federal regulations surrounding Fintech are not a new idea, the direct federal supervision of this sector would be. Today Fintech firms are subject to certain federal regulations, but are not under direct supervision of any of the regulatory bodies of the United States.
Fintech is known for its rapid innovation and growth making it a hard sector to regulate. Fintech firms often times will attempt to disrupt the financial industry and services which are traditionally heavily regulated. Many times, reducing the high capital costs imposed by regulation is a driver for innovation. This is why it is so important for regulatory oversight of Fintech to be put into place; however the oversight should not be overbearing and should prevent stifling of the innovation.
A proactive approach is necessary to ensure the regulatory agencies are considering a constructive methodology to the innovation of Fintech and the potential benefits to consumers. The regulatory agencies must truly be knowledgeable of the technologies being developed; how they can be implemented, allow for quick integration, and ensure security is a primary focus. Knowledge of the technology is paramount to guarantee laws and regulations will be developed to facilitate the use of these technologies in the appropriate manner. If the regulatory agencies do not truly understand the technologies available, it will be near impossible to develop laws and regulations that will be appropriate for the industry. Knowledge of the technologies available will also give the regulators the ability to determine proper implementation steps regarding the technology being considered and/or utilized. In conjunction with being knowledgeable of the technology available, the regulatory agencies must allow for financial institutions to implement the desired technology quickly to ensure the best possible customer experience. While it is important to allow for timely implementation, consumer privacy must be at the top of mind. The CFPB has expressed that Fintech companies must ensure consumer data and privacy are protected by utilizing robust security measures, and strong controls. In addition to having the protective measures in place, these measures would require continual and thorough testing to validate they are operating as intended.