trends in regulatory compliance - acuia.org session 11... · elements of an effective bsa/aml ......

Trends in Regulatory Compliance Debbi Burrows, Senior Manager

The material appearing in this presentation is for informational purposes

only and should not be construed as advice of any kind, including, without

limitation, legal, accounting, or investment advice. This information is not

intended to create, and receipt does not constitute, a legal relationship,

including, but not limited to, an accountant-client relationship. Although

this information may have been prepared by professionals, it should not be

used as a substitute for professional services. If legal, accounting,

investment, or other professional advice is required, the services of a

professional should be sought.

WHAT ARE WE SEEING AND HEARING?

DÉJÀ VU? 2016 Compliance Priorities - NCUA • Cybersecurity Assessment

• June 2015 – FFIEC – Cybersecurity Assessment Tool • “NCUA encourages all credit unions to use the FFIEC tool to manage

cybersecurity risks. NCUA also plans to begin incorporating the Cybersecurity Assessment Tool into our examination process in the second half of 2016.”

• Response Programs for Unauthorized Access to Member Information • “NCUA field staff will be reviewing credit unions’ incident response

programs. Appendix B to Part 748, Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice, outlines the minimum components of an incident response program that federally insured credit unions need to develop and implement.”

Source: NCUA Letter to Credit Unions – 16-CU-01

4

DÉJÀ VU? 2016 Compliance Priorities - NCUA • Bank Secrecy Act

• NCUA required to review CU’s compliance with BSA and complete related examination questionnaires at every examination. In 2016, NCUA will focus on CU relationships with MSB.

• TILA-RESPA Integrated Disclosure Rule • Loan Estimate Disclosure and Closing Disclosure

• Record retention, restriction on fee impositions, verifying information, servicing components

5

Elements of an Effective BSA/AML Audit Program

• Risk based and appropriate for the risk profile of the institution

• All applicable regulations and guidance are addressed

• Effective scoping and planning

• Transactional testing with sufficient sample size

• Following up on prior issues and audit program contains all applicable areas

Elements of an Effective Audit Program

• Proper Documentation of fieldwork and program

• Well-organized and constructed work papers

• Conclusions are properly supported

• Effective communication on any identified issue

Elements of an Effective Audit Program • Violations are identified and risks explained and

recommendations provided for corrective action

• Detailed tracking of Findings and Resolutions

• Timely communication to affected process owners/stakeholders – Senior Management, Supervisory Committee, and/or Board of Directors

As members of Executive and Senior Management, what are you doing to ensure that the Credit Union is receiving an effective BSA/AML audit?

BSA SYSTEM VALIDATION

• AML System Model Validation – OCC/FRB Guidance – OCC 2011-12

• What are you doing at your Credit Union to ensure compliance?

• Data Validation

• System Validation

• Reasonableness

• “Above the Line”/ “Below the Line”

Three Core Elements

• An effective validation framework should include three core elements: • Evaluation of conceptual soundness, including

developmental evidence

• Ongoing monitoring, including process verification and benchmarking

• Outcomes analysis, including back-testing

Is your Credit Union using an automated third party AML monitoring system?

CDD/MDD Final Rule

• Three core requirements: • (1) identifying and verifying the identity of the beneficial

owners of companies opening accounts; • (2) understanding the nature and purpose of member

relationships to develop member risk profiles; and • (3) conducting ongoing monitoring to identify and report

suspicious transactions and, on a risk basis, to maintain and update member information.

• With respect to the new requirement to obtain beneficial ownership information, financial institutions will have to identify and verify the identity of any individual who owns 25 percent or more of a legal entity, and an individual who controls the legal entity

THINGS TO CONSIDER

• Individual Liability of the BSA Officer?

• Third Party Risks

• Insufficient Independent Testing

• Marijuana (medical/recreational)

• CDD/MDD Final Rule/Beneficial Ownership (2 year period – May 11, 2018)

NCUA -

• Bank Secrecy Act (BSA) – Inadequate CIP/MIP

• BSA – CTRs not filed within 15 days of transaction; not completed accurately based on form instructions or does not include all required information

• Structured activity not being monitored

• SARs not filed in a timely manner; not completed accurate based on form instructions or does not include all required information

NCUA –

• BSA – Copies of SARs/supporting documents not maintained for appropriate period

• BSA – Failure to notify board of SAR filings

• BSA – Risk Assessment not completed or inadequate

• BSA – Independent testing not completed or inadequate

• BSA –Inadequate BSA Training for credit union staff or board members

NCUA –

• BSA – Failure to complete records searched within required timeframes

• BSA – Failure to update 314(a) point(s) of contact

• BSA – Money Services Businesses – inadequate controls and due diligence

ABA - 2016 TRID Survey

• 548 banker participants – Feb 1 to 17, 2016 • Many banks have been forced to eliminate certain

products, such as construction loans, ARMs, home equity loans, etc., as the rule does not provide adequate compliance direction

• Over three/fourths claim that TRID has caused loan closing delays anywhere from one to 20 days

• Approximately one quarter of respondents have increased the total cost to the consumer to obtain a loan

• About 50 percent of participants claim they have or will have to hire additional staff to comply with the TRID rule

ABA - 2016 TRID Survey, cont’d

• LOS systems are still being updated and changed as 78 percent of bankers report they are still waiting for system updates and 83 percent claim they are forced to use manual workarounds

• An overwhelming 93 percent claim uploading and loan processing times have increased as a result of TRID implementation

• A resounding 94 percent of bankers believe the TRID “good faith” grace period should be extended

KNOW BEFORE YOU OWE MORTGAGE DISCLOSURE RULES • TILA-RESPA Integrated Disclosure Rule – TRID • October 3, 2015

• Challenges?

• Investor Requirements?

• Construction Loans?

• Different payment streams in year 1? • Delayed funding/closings?

• Many unanswered questions remain

What have you heard from your Credit Union team?

Any current audit results or regulatory examinations?

HMDA – October 28, 2015 – Final rule

Expands the scope of information relating to mortgage applications and loans that must be compiled, maintained, and reported under HMDA: • Ages of loan applicants

• Points and fees payable at origination

• Difference between the annual percentage rate associated with the loan and benchmark rates for all loans

• Term of any prepayment penalty

• Value of the property to be pledged as collateral

• Term of the loan and of any introductory interest rate for the loan

• Contract terms allowing non-amortizing payments

• Application channel

• Credit scores of applicants and mortgagors.

• Identifiers for loans, parcels, and loan originators

19

Effective January 1, 2018

Summary of Reportable HMDA Data – Regulatory Reference Charta

This chart is intended to be used as a reference tool for data points required to be collected, recorded, and reported under Regulation C, as

amended by the HMDA Rule issued on October 15, 2015. The relevant regulation and commentary sections are provided for ease of reference. This

chart does not provide data fields or enumerations used in preparing the HMDA loan/application register (LAR). For more information on

preparing the HMDA LAR, please see http://www.consumerfinance.gov/hmda.

Data Point Statusb Description Regulation C References

(1) Legal Entity Identifier

(LEI) Modified

Identifier issued to the financial institution (FI) by a utility

endorsed by the Global LEI Foundation or LEI

Regulatory Oversight Committee

§ 1003.4(a)(1)(i)(A)

(2) Universal Loan Identifier

(ULI) Modified

Identifier assigned to identify and retrieve a loan or

application that contains the FI’s LEI, an internally

generated sequence of characters, and a check digit

§ 1003.4(a)(1)(i),

Comments 4(a)(1)(i)-1 through -5,

and appendix C

(3) Application Date Existing Date the application was received or the date on the

application form

§ 1003.4(a)(1)(ii),

Comments 4(a)(1)(ii)-1 through -3

(4) Loan Type Existing

Whether the loan or application is insured by the Federal

Housing Administration, guaranteed by the Veterans

Administration, Rural Housing Service, or Farm Service

Agency

§ 1003.4(a)(2),

Comment 4(a)(2)-1

(5) Loan Purpose Modified

Whether the transaction is for home purchase, home

improvement, refinancing, cash-out refinancing, or

another purpose

§ 1003.4(a)(3),

Comments 4(a)(3)-1 through -5

http://www.consumerfinance.gov/hmda





Data Point Status Description Regulation C References

(6) Preapproval Modified Whether the transaction involved a preapproval request

for a home purchase loan under a preapproval program

§ 1003.4(a)(4),

Comments 4(a)(4)-1 and -2

(7) Construction Method Modified Whether the dwelling is site-built or a manufactured

home

§ 1003.4(a)(5),


(8) Occupancy Type Modified Whether the property will be used as a principal

residence, second residence, or investment property

§ 1003.4(a)(6),


(9) Loan Amount Modified Amount of the loan or the amount applied for § 1003.4(a)(7),


(10) Action Taken and (11)

Action Taken Date Existing

Type and date of action the FI took on the loan,

application, or preapproval request

§ 1003.4(a)(8),

Comments 4(a)(8)(i)-1 through -14

and 4(a)(8)(ii)-1 through -6

(12) Property Address New Address of the property securing the loan (or proposed to

secure a loan)

§ 1003.4(a)(9)(i),

Comments 4(a)(9)-1 through -5 and

4(a)(9)(i)-1 through -3

(13), (14), and (15)

Property Location Existing

Location of the property securing the loan (or proposed

to secure a loan) by state, county, and census tract

§ 1003.4(a)(9)(ii),

Comments 4(a)(9)-1 through -5,

4(a)(9)(ii)(B)-1, and 4(a)(9)(ii)(C)-1

(16) Ethnicity, (17) Race,

and (18) Sex Modified

Applicant’s or borrower’s ethnicity, race, and sex, and if

information was collected by visual observation or

surname

§ 1003.4(a)(10)(i),

Comments 4(a)(10)(i)-1 and -2 and

appendix B



(19) Age New Applicant’s or borrower’s age § 1003.4(a)(10)(ii),

Comments 4(a)(10)(ii)-1 through -5

(20) Income Existing

If credit decision is made, gross annual income relied on

in making the credit decision;

Or, if a credit decision was not made, the gross annual

income relied on in processing the application

§ 1003.4(a)(10)(iii),

Comments 4(a)(10)(iii)-1 through -10

(21) Type of Purchaser Modified Type of entity that purchased the loan § 1003.4(a)(11),


(22) Rate Spread Modified Difference between the annual percentage rate and

average prime offer rate for a comparable transaction

§ 1003.4(a)(12),


(23) HOEPA Status Existing Whether the loan is a high-cost mortgage under the

Home Ownership and Equity Protection Act (HOEPA)

§ 1003.4(a)(13),

Comment 4(a)(13)-1

(24) Lien Status Modified Whether the property is a first or subordinate lien § 1003.4(a)(14),

Comments 4(a)(14)-1 and -2

(25) Credit Score New Credit score(s) relied on and the name and version of the

credit scoring model

§ 1003.4(a)(15),


(26) Reason for Denial Modified Reason(s) the application was denied § 1003.4(a)(16),


(27) Total Loan Costs or

Total Points and Fees New Either total loan costs, or total points and fees charged

§ 1003.4(a)(17),

Comments 4(a)(17)(i)-1 through -3




(28) Origination Charges New Total borrower-paid origination charges § 1003.4(a)(18),


(29) Discount Points New Points paid to the creditor to reduce the interest rate § 1003.4(a)(19),


(30) Lender Credits New Amount of lender credits § 1003.4(a)(20),


(31) Interest Rate New Interest rate on the approved application or loan § 1003.4(a)(21),


(32) Prepayment Penalty

Term New Term in months of any prepayment penalty

§ 1003.4(a)(22),


(33) Debt-to-Income Ratio New Ratio of the applicant’s or borrower’s total monthly debt

to total monthly income relied on

§ 1003.4(a)(23),


(34) Combined Loan-to-

Value Ratio New

Ratio of the total amount of debt that is secured by the

property to the value of the property that was relied on

§ 1003.4(a)(24),


(35) Loan Term New Number of months after which the legal obligation will

mature or terminate

§ 1003.4(a)(25),


(36) Introductory Rate

Period New

Number of months until the first date the interest rate

may change

§ 1003.4(a)(26),


(37) Non-Amortizing

Features New

Whether the transaction involves a balloon payment,

interest-only payments, negative amortization, or any

other type of non-amortizing feature

§ 1003.4(a)(27),

Comment 4(a)(27)-1



(38) Property Value New Value of the property relied on that secures the loan § 1003.4(a)(28),


(39) Manufactured Home

Secured Property Type New

Whether the covered loan is secured by a manufactured

home and land or a manufactured home and not land

§ 1003.4(a)(29),


(40) Manufactured Home

Land Property Interest New

Information about the applicant’s or borrower’s ownership

or leasehold interest in the land where the manufactured

home is located

§ 1003.4(a)(30),


(41) Total Units New Number of individual dwelling units related to the

property

§ 1003.4(a)(31),


(42) Multifamily Affordable

Units New

Number of individual dwelling units related to the

property that are income-restricted under federal, state,

or local affordable housing programs

§ 1003.4(a)(32),


(43) Application Channel

(Submission of Application

and Initially Payable to

Your Institution)

New

Indicators of whether the application was submitted

directly to the FI, and whether the obligation was initially

payable to the FI

§ 1003.4(a)(33),

Comments 4(a)(33)-1, 4(a)(33)(i)-1,


(44) Mortgage Loan

Originator NMLSR Identifier New

National Mortgage Licensing System & Registry

(NMLSR) identifier for the mortgage loan originator

§ 1003.4(a)(34),


(45) Automated

Underwriting System New

Name of the automated underwriting system used by the

FI to evaluate the application and the result generated by

that system

§ 1003.4(a)(35),




(46) Reverse Mortgage New Indicator of whether the transaction is for a reverse

mortgage § 1003.4(a)(36)

(47) Open-End Line of

Credit New

Indicator of whether the transaction is for an open-end

line of credit

§ 1003.4(a)(37),

Comment 4(a)(37)-1

(48) Business or

Commercial Purpose New

Indicator of whether the transaction is primarily for a

business or commercial purpose

§ 1003.4(a)(38),

Comment 4(a)(38)-1

a This chart does not contain information about the submission process or procedures, nor does it contain any of the exceptions that are found in the HMDA Rule,

such as when a particular data point is not reportable for a particular loan or application.

b The “Status” column indicates whether the data point required to be collected, recorded, and reported under the HMDA Rule is new or modified as compared to

what was previously collected, recorded, and reported under Regulation C. “New” data refers to data points that were not previously required to be collected,

recorded, or reported under Regulation C.

This chart summarizes requirements under HMDA and Regulation C, and does not itself establish any binding obligations. It is intended only to act as a quick

reference and not as a substitute for the regulation or its official commentary. Always consult the regulation text and official commentary for a complete

understanding of the law.

UDAAP

• Unfair, Deceptive, or Abusive Acts or Practices Act (UDAAP) • May be applied in a multitude of situations

where: • Consumers appear to have been harmed (financial

costs or damage to financial standing, i.e. credit report)

• Disclosures are misleading or omit information about the costs or features of products

• Inaccurate information regarding costs, usage or features of products (statements)

• Only effect must be proved, not intent

Is it or is it not UDAAP?

• How does your institution define and assess for UDAAP?

• When is UDAAP considered at your institution?

What is UDAAP?

• Loan Origination

• Loan Servicing

• Deposit

• Back off support

• Advertising – Marketing

• Overdrafts

• ????

UDAAP – 3rd Party Relationships

• Assess UDAAP risk when selecting Third Parties

• Assess UDAAP risk when monitoring Third Parties

• Monitoring Subcontractor Relationships?

• What are you doing at your institutions?

UDAAP Considerations

• Management Considerations – Strategic planning, development, benefit to the consumer/credit union

• Product Design – to who, needs, profit, fee structures

• Advertising / Marketing – how, when, where, who

• Consumer Interface – sales, application process

• Origination / Consummation – underwriting, qualifications, contract

• Usage – after origination, servicing, maintenance, disputes, resolutions, change in terms, additional fees

• Termination – voluntary or credit union’s decision, process to end relationship

Vendor Management / Third Party Risk Management

• What is your institution doing to manage the vendors and third party service providers?

• OCC 2013-29 – Third Party Relationships – Risk Management Guidance

OCC Bulletin 2013-29 The OCC has identified instances in which bank management has

• failed to properly assess and understand the risks and direct and indirect costs involved in third-party relationships.

• failed to perform adequate due diligence and ongoing monitoring of third-party relationships.

• entered into contracts without assessing the adequacy of a third party’s risk management practices.

• entered into contracts that incentivize a third party to take risks that are detrimental to the bank or its customers, in order to maximize the third party’s revenues.

• engaged in informal third-party relationships without contracts in place.

Effective Third Party Risk Management Process – Continuous Life Cycle

• Planning

• Due Diligence and third party selection

• Contract Negotiation

• Ongoing Monitoring

• Termination

• Oversight and accountability

• Documentation and reporting

• Independent reviews

Risks Associated With Third Party Relationships • Operational Risk

• Compliance Risk

• Reputation Risk

• Strategic Risk

• Credit Risk

Appraisal Management Companies

• Minimum requirements for state registration and supervision of appraisal management companies (AMCs)

• States may elect to register and supervise AMCs

• HOWEVER, in states that have not established the structure 36 months from the effective date, any non-federally regulated AMC is barred from providing appraisal management services for federally related transactions.

Minimum Requirements AMCs:

• (1) Register with and be subject to supervision by the State appraiser certifying and licensing agency;

• (2) Engage only State-certified or State-licensed appraisers for federally related transactions;

• (3) Select appraisers who are independent of the transaction and who have the requisite education, expertise, and experience necessary to competently complete the appraisal assignment for the particular market and property type;

• (4) Direct the appraiser to perform the assignment in accordance with Uniform Standards of Professional Appraisal Practice (USPAP); and

• (5) Establish policies and procedures to ensure compliance with the appraisal independence standards established under Truth in Lending Act.

Military Lending Act

• July 21, 2015 Final Rule issued by Department of Defense

• Effective October 1, 2015 – staggered compliance dates

• To all forms of payday loans, vehicle title loans, refund anticipation loans, deposit advance loans, installment loans, unsecured open-end lines of credit, and credit cards.

• The changes to definitions of credit in the final rule bring any closed or open-end loan within the scope of the regulation, except for loans secured by real estate or a purchase-money loan, including a loan to finance the purchase of a vehicle.

MLA Rule

• 36% APR Cap = Military Annual Percentage Rate or MAPR, covers all interest and fees associated with the loan. INCLUDES charges for most ancillary “add-on” products such as credit default insurance and debt suspension plans

• Prohibits creditors from requiring service members to: submit to mandatory arbitration and onerous legal notice requirements; waive their rights under the Servicemembers’ Civil Relief Act; provide a payroll allotment as a condition of obtaining credit (other than from relief societies); be able to refinance a payday loan; or be able to secure credit using a post-dated check, access to a bank account (other than at an interest rate of less than 36 percent MAPR), or a car title (other than with a bank, savings association or credit union).

Flood Insurance – Final Rule

• July 21, 2015

• Biggert-Waters Flood Insurance Reform Act of 2012

• Homeowner Flood Insurance Affordability Act of 2014

• Escrow – January 2016

Three key provisions

• Escrow of flood insurance premiums and fees

• Detached structures exemption to the mandatory flood insurance purchase requirement

• Forced-placed flood insurance

Deposit Reconciliation Practices Interagency Guidance – May 18, 2016 • Applicable laws – Regulation CC

• Financial Institutions’ policies or practices that do not appropriately reconcile credit discrepancies within the prescribed time frames may raise Regulation CC concerns if such discrepancies leave customers without timely access to the correct amount of funds – subject to civil liabilities and possible action by the appropriate agency

• FTC – Section 5 – unfair or deceptive practices acts or practices – Dodd Frank – prohibit unfair, deceptive or abusive acts or practices. • A FI deposit reconciliation practices for transaction and non-

transaction accounts may, depending on the facts and circumstances, violate the FTC or Dodd Frank when practices result in credit discrepancies.

45

Deposit Reconciliation Practices Supervisory Expectations

• Adopt deposit reconciliation policies and practices that are designed to avoid or reconcile discrepancies, or designed to resolve discrepancies such that customers are not disadvantaged.

• Information provided to customers about the financial institution’s deposit reconciliation practices should be accurate.

• Implement effective CMS that include appropriate policies, procedures, internal controls, training, and oversight and review processes to ensure compliance with applicable laws and regulations, and fair treatment of customers.

46

CFPB – Proposed Payday Loan Rule

• June 2, 2016

• Proposed Rule

• Apply to certain short-term and longer-term credit products that are aimed at financially vulnerable consumers.

• Payday and other short-term credit products

• High-cost installment loans

• Debt Trap Dangers – Repeat short-term borrowing; Default; Auto Seizure; Penalty Fees; Account Closure

47


• Proposed ability to repay protections include a “full-payment” test

• Determine upfront that consumers can afford to repay their loans without re-borrowing.

• “Principal payoff option” – certain short term loans and two less risky longer-term lending options so that borrowers who may not meet the full-payment test can access credit without getting trapped in debt.

• Usage of credit reporting systems to report and obtain information on certain loans covered by the proposal.

• Limit repeated debit attempts that can rack up fees and make it harder for consumers to get out of debt.

48


• Full-Payment Test – upfront determination of a consumer’s ability to repay the loan. • Requirements for determining affordability

• Payday and single payment auto title

• High-cost installment loans

• Requirements to justifying additional loans

49

Now What?

• You heard it.

• You know it.

• Now what?

50

Questions?

Debbi Burrows Moss Adams LLP 480-366-8277 [email protected]

51

trends in regulatory compliance - acuia.org session 11... · elements of an effective bsa/aml ......

Documents