Compliance Questions & Answers

Compliance touches every corner of community banking, from operations to customer interactions. Discover key areas like internal controls, policy development, and training programs that keep your bank aligned and accountable.

Potentially. Regulation B states that “A creditor shall not make any oral or written statement, in advertising or otherwise, to applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application.”

If, for example, the wording in the advertisement could be construed to discourage a potential applicant, it could be a Regulation B and a UDAAP concern.

Similarly, if for some reason, the bank didn’t list on some of the advertisements the branches or offices in certain areas; or encouraged people to go to mortgage offices only in certain areas that aren’t in minority communities, it could be viewed as discriminatory.

Whenever the bank advertises, it must ensure that all aspects of the marketing and follow up that accompanies the advertising compliments the marketing strategy including intent of the message, listing all offices, targets all of the service area; that marketing scripts for follow up calls are in compliance and support the message, and that personnel are trained accordingly.

Fair lending is always a consideration for advertisements with regard to potential redlining, steering, and disparate treatment issues.

Reference: FED Consumer Compliance Handbook, UDAAP, December 2016 page 4. Regulation B 12 CFR 1002.4 Fair lending examination procedures.

Yes, banks must send a notice of servicemembers' rights to borrowers within 45 days of the date a missed payment was due on a mortgage secured by the borrower's principal residence, unless the borrower pays the past-due amount before the expiration of the 45-day period.

The contents of the notice are prescribed in HUD's (Servicemembers Civil Relief Act Notice Disclosure).

While the Right to Financial Privacy does state that a government agency is not to access customer records without proper authorization – including a subpoena, for a SAR it is different. F

inCEN has issued guidance stating that while it is important for banks to have procedures to ensure that the requesting person/agency is verified, disclosure of SARs to appropriate law enforcement and supervisory agencies is protected by the safe harbor provisions applicable to both voluntary and mandatory suspicious activity reporting by financial institutions.

Reference: Right to Financial Privacy 12 USC 3402 FIN-2007-G003, Suspicious Activity Report Supporting Documentation, June 13, 2007

The bank may provide all the error resolution notices together, however they should be easily discernable regarding the requirements under Regulation E. (e.g., government benefit accounts, remittance of transfers, etc.).

Reference: Regulation E 12 CFR 1005.4; 1005.7

Red flags that may indicate elder abuse include:

Older consumers confused by or unaware of account changes.
New third party speaking for an older adult
Address changes followed by account changes
Older consumer appears newly distressed, unkempt
Sudden increase in monthly cash withdrawals
Uncharacteristic non-sufficient funds activity
Atypical ATM withdrawals
New spending patterns followed by the addition of an authorized user.

Reference: FFIEC BSA AML Examination Manual (Appendix F).

ANSWER:

The key to the effective and successful use of a third party in any capacity is for the institution’s management to appropriately assess, measure, monitor, and control the risks associated with the relationship and weave that process into its compliance management system (CMS).

While engaging another entity may aid management and the board in achieving strategic goals, such an arrangement reduces management’s direct control. Therefore, the use of a third party increases the need for robust oversight of the process from start to finish.

There are four main elements of an effective third-party risk compliance management process:

Risk Assessment – The process of assessing risks and options for controlling third-party arrangements.
Due Diligence in Selecting a Third Party – The process of selecting a qualified entity to implement the activity or program.
Contract Structuring and Review – The process of ensuring that the specific expectations and obligations of both the institution and the third party are outlined in a written contract prior to entering into the arrangement—a contract should act as a map to the relationship and define its structure.
Oversight – The process of reviewing the operational and financial performance of third-party activities over those products and services performed through third-party arrangements on an ongoing basis, to ensure that the third party meets and can continue to meet the terms of the contractual arrangement.

Reference: FDIC Compliance Examination Manual - March 2017, VII-4.4.

Showing 1 to 6 of 31

Bank Secrecy Act and Enforcement

Credit Union Tax Exemption

Fraud and Scams

Community Banker Representation

Online Training Center

All Training & Resources

Operational Risk

Solutions Directory

Chat with ICBA Community

Contact Us

Solutions Directory

Bank Locator

About Us

About Community Banking

Compliance Questions & Answers

Compliance Questions & Answers

Is there a notice banks need to send to a servicemembers when they miss their mortgage payments?

The bank recently filed a SAR, FinCEN has requested supporting documentation, doesn’t the Right to financial privacy act say that any record needs a subpoena to get the records?

For an error resolution notice on a deposit account, is the bank permitted to group together all the notices required under Regulation E and provide them in one document?

When it comes to financial elder abuse, a bank needs to be proactive. What are some red flags that will help staff be able to spot potential elder abuse?

How can a bank mitigate third party risk?