Compliance Questions & Answers

Compliance touches every corner of community banking, from operations to customer interactions. Discover key areas like internal controls, policy development, and training programs that keep your bank aligned and accountable.

The bank may provide all the error resolution notices together, however they should be easily discernable regarding the requirements under Regulation E. (e.g., government benefit accounts, remittance of transfers, etc.).

Reference: Regulation E 12 CFR 1005.4; 1005.7

Red flags that may indicate elder abuse include:

Older consumers confused by or unaware of account changes.
New third party speaking for an older adult
Address changes followed by account changes
Older consumer appears newly distressed, unkempt
Sudden increase in monthly cash withdrawals
Uncharacteristic non-sufficient funds activity
Atypical ATM withdrawals
New spending patterns followed by the addition of an authorized user.

Reference: FFIEC BSA AML Examination Manual (Appendix F).

ANSWER:

The key to the effective and successful use of a third party in any capacity is for the institution’s management to appropriately assess, measure, monitor, and control the risks associated with the relationship and weave that process into its compliance management system (CMS).

While engaging another entity may aid management and the board in achieving strategic goals, such an arrangement reduces management’s direct control. Therefore, the use of a third party increases the need for robust oversight of the process from start to finish.

There are four main elements of an effective third-party risk compliance management process:

Risk Assessment – The process of assessing risks and options for controlling third-party arrangements.
Due Diligence in Selecting a Third Party – The process of selecting a qualified entity to implement the activity or program.
Contract Structuring and Review – The process of ensuring that the specific expectations and obligations of both the institution and the third party are outlined in a written contract prior to entering into the arrangement—a contract should act as a map to the relationship and define its structure.
Oversight – The process of reviewing the operational and financial performance of third-party activities over those products and services performed through third-party arrangements on an ongoing basis, to ensure that the third party meets and can continue to meet the terms of the contractual arrangement.

Reference: FDIC Compliance Examination Manual - March 2017, VII-4.4.

ANSWER:

In general, a fee can be charged for an extension. However, there are several other issues that need to be considered, including but not limited to:

Has the existing loan already matured?
Is it a modification where there is only a short maturity extension?
Will the extension be done before maturity?
Is it a refinancing under 1026.20(a)?
Is there new money?
Does the fee change the APR? New disclosures would need to be provided, as required under Regulation Z.

Review 1026.37(m)(8) and the accompanying staff interpretation comments. These comments address construction loans and the need for redisclosure – citing that redisclosure may be done if a statement is included addressing redisclosure, (from the staff interpretation):

“You may receive a revised Loan Estimate at any time prior to 60 days before consummation” under the master heading “Additional Information About This Loan” and the heading “Other Considerations” pursuant to § 1026.37(m)(8) satisfies the requirements set forth in § 1026.19(e)(3)(iv)(F) that the statement be made clearly and conspicuously on the disclosure.

Reference: Regulation Z: 12 CFR 1026.20(a). See also: Official Staff Interpretation 1026.20

ANSWER:

Yes. Although the texts aren’t personal, i.e., the texts don’t include any account information, cybersecurity is always a concern. For example, if a hacking incident occurs, does the bank have in place procedures to respond; to ensure that those affected are notified; to ensure that those who regularly receive the texts know that it is not the bank but a hacker requesting information.

In addition, the bank needs to be aware of compliance regulations that may pertain to social media messages e.g., in the context of student loans – Regulation Z and any advertising requirements that may apply; FCRA; Reg B and fair lending to guard against discrimination; privacy laws; and information security, consumer complaint response, etc. In addition, a consumer complaint process should be established.

Reference: Regulation Z: 12 CFR 1026.24; 1026 Subpart G Fair lending and Regulation B: 12 CFR 1002 Regulation P (privacy): 12 CFR 1016 Information Security Guidelines Fair Credit Reporting Act. See also: FFIEC: Social Media; Consumer Compliance Risk Management Guidance, 2013. FFIEC IT information Security, 2016

ANSWER:

An institution should establish qualification criteria for persons who are eligible to review appraisals and evaluations.

Persons who review appraisals and evaluations should be independent of the transaction and have no direct or indirect interest, financial or otherwise, in the property or transaction, and be independent of and insulated from any influence by loan production staff. Reviewers also should possess the requisite education, expertise, and competence to perform the review commensurate with the complexity of the transaction, type of real property, and market.

Further, reviewers should be capable of assessing whether the appraisal or evaluation contains sufficient information and analysis to support the institution’s decision to engage in the transaction. When an institution identifies an appraisal or evaluation that is inconsistent with the Agencies’ appraisal regulations and the deficiencies cannot be resolved with the appraiser or person who performed the evaluation, the institution must obtain an appraisal or evaluation that meets the regulatory requirements prior to making a credit decision.

Though a reviewer cannot change the value conclusion in the original appraisal, an appraisal review performed by an appropriately qualified and competent state certified or licensed appraiser in accordance with USPAP may result in a second opinion of market value. An institution may rely on the second opinion of market value obtained through an acceptable USPAP-compliant appraisal review to support its credit decision.

Reference: Interagency Appraisal Guidelines, December 2010, page 15 and 16.

Showing 1 to 6 of 28

Bank Secrecy Act and Enforcement

Credit Union Tax Exemption

Fraud and Scams

Community Banker Representation

Online Training Center

All Training & Resources

Operational Risk

Solutions Directory

Chat with ICBA Community

Contact Us

Solutions Directory

Bank Locator

About Us

About Community Banking

Compliance Questions & Answers

Compliance Questions & Answers

For an error resolution notice on a deposit account, is the bank permitted to group together all the notices required under Regulation E and provide them in one document?

When it comes to financial elder abuse, a bank needs to be proactive. What are some red flags that will help staff be able to spot potential elder abuse?

How can a bank mitigate third party risk?

If the bank has a construction loan that requires TRID, and the loan needs to be extended, is the bank able to charge a fee to extend the loan?

If the bank is using social media or texts to communicate with students about loans, does the bank need to be concerned about cybersecurity if the messages aren’t personal?

Who should perform an appraisal review?