September 2018 Newsletters
by C/A Staff
As we all got ready for the Labor Day weekend last Friday, the CFPB released a new rule to implement and clarify changes made by the Economic Growth, Regulatory Relief, and Consumer Protection Act (the Act) or simply S.2155 as many refer to it.
By way of background, S.2155 was signed into law on May 24, 2018, and among many other changes, amended the existing HMDA reporting requirements in section 104. This section states that banks that make fewer than 500 closed-end loans in each of the two preceding years will not have to report the new data points for closed-end loans. Likewise, banks that make fewer than 500 open-end loans will not have to report the new data points for open-end loans.
While the initial reaction was celebration and relief, bankers quickly realized that the law left much to be desired and explained. How should this be put into action without an implementing regulation? Shouldthis new law be implemented while the current regulation conflicts with it? What about all the time and money we’ve put into updating our systems to comply with the previous changes?
Luckily, the CFPB’s 2018 HMDA Final Rule answers some of these questions. One of our most-asked questions was exactly which data points are covered by the partial exemption. Not only did the CFPB specifically delineate which are covered and which are not covered, but it also created reference tables with direct citations that you can find in Table 1 on page 18 here.
Another question we have gotten on the Hotline quite a bit was which loans “count” for purposes of the partial exemption. The CFPB also addressed this, stating that only those loans that are otherwise reportable under HMDA are counted in the new 500-loan threshold. It’s also important to note that this new exemption will not have an impact on HELOC reporting until 2020, since the CFPB increased the threshold for collecting and reporting data about open-end lines of credit for two years.
Many members had also been wondering whether the new exemption was required or optional, and the Final Rule makes clear that even if your bank qualifies for the partial exemption, the bank can choose to report the exempt data points at its option. This will help those banks who have put so many resources into updating the system that it would be more efficient to continue reporting all data points, or those banks who expect to be over the threshold in the next year or two.
A new requirement that wasn’t in the law, but was added to the Final Rule is the non-universal loan identifier. Basically, if a loan qualifies for the partial exemption and the bank chooses not to voluntarily report a universal loan identifier, the bank still has to report a “non-universal loan identifier” so that the transaction is identifiable in some way. While this identifier does not have to be unique within the whole industry or contain a Legal Entity Identifier (LEI) or check digit, it does have to be unique within the bank.
The Final Rule is effective as soon as it is published in the Federal Register, which hasn’t yet happened as of publishing this article, but is expected soon. C/A has a full HMDA Toolkit that is currently being updated as necessary to abide by these changes, and will be publishing a full summary of the Final Rule shortly.
by C/A Staff
In keeping with its recent trend of issuing guidance at the eleventh hour, FinCEN finally made permanent the beneficial ownership exception for certain renewing accounts last Friday afternoon.
If you weren’t one of the ones anxiously refreshing the FinCEN website in anticipation of this, a bit of background first. This whole issue arose because one of the questions from the April 3, 2018 Frequently Asked Questionsindicated that CD rollovers and certain loan renewals are considered an “establishment of a new account relationship” and so banks are required to obtain beneficial ownership information at the time of renewal. The industry did not agree with this, noting that typical practice is not to treat these as new account openings, because usually they are done automatically and there is no change to account information.
FinCEN listened to these concerns and issued a 90-day exemption, and on the last day of that exemption, a 30-day extension. Even though this was welcome relief, there was still uncertainty as to which accounts wereand were notcovered by the exemption. Luckily, this permanent ruling clarifies the four types of “new accounts” to which the exemption applies, and how these accounts are defined for purposes of the exception:
- A rollover of a certificate of deposit (CD);
- A renewal, modification, or extension of a loan that does not require underwriting review and approval;
- A renewal, modification, or extension of a commercial line of credit or credit card account that does not require underwriting review and approval; and
- A renewal of a safe deposit box.
Certificates of Deposit
For this purpose, a CD is a deposit account having a specific maturity date (it can be a week or several years), but cannot be withdrawn before that date without incurring a penalty, which is different than how a “time deposit” is defined for Reg. D purposes. The customer cannot add additional funds to the CD, and at maturity, the customer is entitled to the amount deposited and any accrued interest. Typically, the account will automatically renew unless the customer has taken some affirmative action to close the account.
Loan Renewals, Modifications, and Extensions
FinCEN states that the industry “has also represented that, as with CDs, some loans are subject to automatic renewal, modification, or extension” without substantively changing the terms or requiring additional underwriting “and require no action from the customer.” It does not give any examples of these, however, and from talking to our C/A members, these seem to be uncommon.
Commercial Lines of Credit and Credit Cards
The focus here is that the loan is revolving and only for specified business purposes, like covering payroll or paying suppliers. The bank can often change certain terms of the line of credit or credit card, like the credit limit, without requiring affirmative assent from the customer, so these would also be exempt.
Safe Deposit Boxes
For purposes of the exemption, FinCEN describes the typical bank-customer relationship as the customer paying the safe deposit box rental fee by electronic deduction from an account at the bank, and otherwise, there is minimal or no communication with the customer, so long as the rental payment is made. Besides this, the ruling doesn’t provide much else in the way of guidance on which types of renewals may not be covered.
The new exception applies to any of these that occur on or after May 11, 2018, when the rule originally went into effect. Just like with the prior temporary extensions, the exception does not apply to the initial opening and just applies to the beneficial ownership requirements. So the bank must still comply with all other applicable AML requirements under the BSA, like maintaining an AML program and SARs.
by C/A Staff
One slight provision that may have been missed in the much-publicized Economic Growth, Regulatory Relief, and Consumer Protection Act from earlier this year, entitles credit applicants to receive a new “summary of rights” in certain situations under the Fair Credit Reporting Act (FCRA). In light of this provision, just last week, the Bureau of Consumer Financial Protection (CFPB) issued an interim final rule amending the Identity Theft and Summary of Consumer Rights disclosures promulgated under the FCRA. Specifically, this interim final rule amends Appendices I and K of Regulation V, which contain the model ‘safe harbor’ disclosure forms for Identity Theft and Summary of Consumer Rights, respectively. (The text of these updated disclosures can be found in the draft of the interim final rule, here:
While in this somewhat relaxed regulatory environment a sudden change to Regulation V and the FCRA looks fairly consequential, upon a closer look, this might be much ado about nothing. As we see it, financial institutions have very little to be concerned about with the change. First off, the alteration the interim final rule proposes for the Identity Theft notice in Appendix I will not affect financial institutions at all, as that disclosure is currently the sole responsibility of consumer reporting agencies (i.e. the credit bureaus) under the FCRA. Secondly, when it comes to the updated Summary of Consumer Rights disclosure in Appendix K, that proposed change could come into play for banks, but only in two isolated scenarios: 1.) when the bank is running a credit report for employment purposes; and 2.) when the bank is planning to use a credit report to perform an “investigative report” into a person’s character (NOT a credit evaluation), whereupon the form must be provided to a to-be-investigated person up front. These are both very limited ‘you know it when you see it’ situations where a financial institution should be more than prepared ahead of time for this minor change being proposed. What’s more, the CFPB has only issued an interim rule at this stage—which still has to go through the notice-and-comment procedure—so we have no idea what actual requirement(s) will be a part of the agency’s final rule.
It’s important to keep in mind this change has nothing to do with offers of credit, risk-based pricing, credit score disclosures, “Notices to Home Loan Applicant,” negative information notices, or anything of the sort. Again, the Identity Theft and Summary of Rights disclosures in Appendices I and K of Regulation V are almost entirely the responsibility of the credit bureaus, not banks. Still, while compliance-related changes have slowed overall for the most part, it’s not a terrible idea to follow the development of this change—especially for any banks out there that regularly use credit reports in making employment decisions—since we don’t know what the exact content of the final rule will be.
Compliance Alliance's FCRA Employment Denial Form is a really important tool for use in this area and will be updated once the Final Rule passes. You can find the current version here at: FCRA Employment Denial Form
by C/A Staff
Although the fall season ushers in beautiful foliage, cooler weather, and pumpkin spice lattes, it is important to keep in mind that hurricane season is still in full swing. Hurricane Florence was a major hurricane that made landfall on the East Coast mid-September this year. It brought heavy flooding and forced the evacuation of millions of people across the impacted area. So, what does that mean for your bank? Can you relax your normal standards to help your customers? How will examiners view a bank if it bends the rules a bit to help its customers? Thankfully, regulators have anticipated at least some of these questions in a letter to financial institutions.
On September 14, 2018, the FDIC published a Financial Institution Letter (FIL-48-2018). This letter was in direct response to Hurricane Florence and the impact it will have and has had on consumers. A theme that may be discerned from the FIL can be summarized as follows: the FDIC is supportive of financial institutions helping affected customers, and even non-customers in the days and months after a natural disaster like Hurricane Florence.
The FIL lists specific relief measures banks may take in response to this disaster. These measures include: waiving ATM fees; waiving overdraft fees; waiving early withdrawal penalties on time deposits (like CDs); waiving late fees on credit card/loan balances; easing credit terms for new transactions; providing customers with the opportunity to skip some payments or defer payments on loans; and increasing ATM daily cash withdrawal limits. Of course, this main theme of support is tempered with the statement that financial institutions should ultimately avoid offending safety and soundness measures in providing assistance. Additionally, the FDIC makes mention that loan modifications should be evaluated on a case-by-case basis, and that financial institutions “should ensure that modifications of existing loans are evaluated individually to determine whether they require financial reporting as troubled debt restructurings.”
Aside from reputational positives, a bank providing assistance to communities devastated by natural disasters like Hurricane Florence may be eligible for CRA credit when extending loans or making investments in these affected communities that are within their assessment areas.
Finally, this FIL recognizes that there may be difficulties with complying with the Customer Identification Program (“CIP”) and verifying the identity of customers. The CIP mandates bank, for new customers: (1) identify a customer and then (2) verify that identity. Many banks have processes that call for documentary methods when verifying the identity. A common documentary method is having the customer provide a non-expired government ID. However, in anticipation of issues related to verification and having an ID on-hand, the FDIC encourages banks to consider using non-documentary methods for verification. Non-documentary methods include gathering identifying information through a credit reporting agency or through a public database.
The FIL may be found here: https://www.fdic.gov/news/news/financial/2018/fil18048.html#continuation
Additionally, a helpful handout for customers by the FDIC may be found here: https://www.fdic.gov/news/news/financial/2018/fil18048a.pdf