Compliance Question of the Week

In today’s banking environment as soon as one big new regulation is implemented another pops up. Our compliance resources help your community bank stay one step ahead of the regulators.

Regulations and Guidance

Compliance Question of the Week

Question: Can a lender review current loans in its portfolio as flood insurance policies renew and determine that it would no longer require flood insurance on a detached structure in a flood zone if the structure does not provide contributory value?


A lender or its servicer could initiate such a review; however, the agencies’ regulations do not permit the exemption of structures from the mandatory flood insurance purchase requirement based solely on their contributory value. Flood insurance is not required, in the case of any residential property, on any structure that is a part of such property but is detached from the primary residential structure and does not serve as a residence. In addition, other exemptions could apply, such as the exemption for state-owned property covered under a policy of self-insurance satisfactory to the administrator of the Federal Emergency Management Agency, the exemption for property securing any loan with an original principal balance of $5,000 or less, or the exemption for a loan with a repayment term of one year or less. 

Reference: Interagency Flood Insurance Regulation Update Webinar: Q&As, 2015, Q18. 


Q&A Archives


A bank may issue an unsolicited access device (for example a combination debit card and PIN) if the bank's ATM system has been programmed not to accept the device until after the consumer requests and the bank validates the device. Merely instructing a consumer not to use an unsolicited debit card and PIN until after the bank verifies the consumer's identity does not comply with the regulation.

Further, a bank may use any reasonable means, to verify the consumer's identity, however, even if a reasonable means was used, if the bank fails to verify correctly the consumer's identity and an imposter succeeds in having the device validated, the consumer is not liable for any unauthorized transfers from the account.

Reference: Official Staff Interpretation 1005.5, comments 1 and 4


National security letters (NSLs) are written investigative demands that may be issued by the local FBI or federal government authorities during counter intelligence and  counter terrorism investigations. NSLs are highly confidential and should not share them with external examiners or internal auditors. If your bank files a SAR after receiving a NSL, the narrative should NOT contain any reference to receipt or existence of said NSL. Financial institution should not automatically file a SAR in response to an NSL. Rather, the decision to file a SAR should be in response to its own investigation. 

Reference: 31 CFR 1020.320.


A construction loan secured or to be secured by a building in the course of construction that is located or to be located in an SFHA, in which a flood insurance is available, is a designated loan and a determination must be made.

Reference: 12 CFR 339.3(a); Interagency Flood Q&A 2009, Q20


Age may be taken in to consideration in an empirically derived, demonstrably and statistically sound credit scoring system, a creditor may use an applicant's age as a predictive variable - provided that the age of an elderly applicant is not assigned a negative value.

The official staff interpretation explains that age may be taken directly into account in a credit scoring system that is demonstrably and statistically sound; as defined in 1002.2(p) with one limitation - applicants age 62 or older must be treated at least as favorably as applicants who are under age 62.

If age is scored by assigning points to an applicant's age category, elderly applicant must receive the same or a greater number of points as the most favored class of non-elderly applicants.

Reference: 1002.6(b)(2); Official Staff Interpretation 1002.6, paragraph 6(b)(2).


No member bank may pay an overdraft of an executive officer or director of the bank or executive officer or director of its affiliates* on an account at the bank, unless the payment of funds is made in accordance with:

(i) A written, preauthorized, interest-bearing extension of credit plan that specifies a method of repayment; or 

(ii) A written, preauthorized transfer of funds from another account of the account holder at the bank.   

The prohibition of this section does not apply to payment of inadvertent overdrafts on an account in an aggregate amount of $1,000 or less, provided:

(i) The account is not overdrawn for more than 5 business days; and

(ii) The member bank charges the executive officer or director the same fee charged any other customer of the bank in similar circumstances. 

* This prohibition does not apply to the payment by a member bank of an overdraft of a principal shareholder of the member bank, unless the principal shareholder is also an executive officer or director. This prohibition also does not apply to the payment by a member bank of an overdraft of a related interest of an executive officer, director, or principal shareholder of the member bank or executive officer, director, or principal shareholder of its affiliates. 

Reference: 12 CFR 215.4(e).


A bank may not impose liability on a consumer for unauthorized transfers involving an unsolicited access device until the device becomes an "accepted access device" under the regulation. A card and PIN combination may be treated as an accepted access device once the consumer has used it to make a transfer.

Reference: Official Staff Interpretation 1005.5(b), comment 2.


The FCRA requires a consumer to have the option of "opt out" in order to be excluded from a prescreened list. When a bank obtains and uses a prescreened list, the bank must provide consumers with a prescreened opt out notice with the offer or credit or insurance. The notice alerts consumers that they are receiving the offer because they meet certain creditworthiness criteria.

The notice must also provide the toll free telephone number operated by the nationwide consumer reporting agencies for consumers to call to opt out of prescreened lists.

Sections 642 and 698 contains specific requirements concerning the content and appears of the short notice and the long notice for the prescreened opt out information to be given with each written solicitation made to consumers using prescreened consumer reports.

Reference: FCRA, Section 615(d); 16 CFR 642 and 698.


A bank offering terms that will automatically change upon the occurrence of a stated event need not send an advance notice of the change provided the institution fully describes the conditions of the change in the account opening disclosures (and sends any change-in-term notices regardless of whether the changed term affects that consumer's account at that time).

Reference: Official Staff Interpretation 1030.5(a). Q&A provided by Chaotic Solutions, 11/15/2016.


Yes. Such flyers would be considered promotional and educational during the normal course of business. The only violation would be in the rate sheets contained a specific property as this results in the bank paying the agents advertising expenses, which is a thing of value in Section 1024.14(d). The value is realized by offsetting the agents' marketing expenses they would otherwise incur.

Reference: 12 CFR 1024.15(b)(1); Appendix D to Part 1024.


As a rule of thumb, there are five factors to distinguish between a personal and business purpose loan. 1. Relationship - The more closely related a borrower's primary occupation is to the acquisition, the more likely this is a business loan. 2. Acquisition Management - The more personal involvement, the more likely this is a business loan. 3. Ratio - The higher the ratio of income from the acquisition to the borrower's total income, the more likely this is a business loan. 4. Size - The larger the transaction, the more likely this is a business loan. 5. Loan Purpose - as stated on the loan application.

Note: You can also refer to the appendix in Section 1026 for "Coverage Considerations" flowchart.

Reference: 12 CFR 1026.3(a)(3) and Appendix.


In situations like this, if the bank is acting as the lender, and the dealer is acting as the bank's agent for CIP purposes, it is prudent to furnish the dealer with a worksheet to collect the necessary information and copies of the USA Patriot Act notice for the dealer to display at the dealership. Regardless, it is the bank's ultimate responsibility to ensure the CIP notice is actually provided.

Reference: 31 CFR 1020.200(a)(2)(ii)(D)(6).



Section 3937 of the SCRA, which establishes the maximum interest rate, addresses any “obligation or liability” of an eligible service member, or the service member and the service member’s spouse jointly, as long as the loan was made before the service member entered active duty.

When a service member provides a written request and a copy of the military orders to a lender, the lender should apply the 6 percent rate reduction to all loans with the lender made before the service member entered active duty. Loans for commercial purposes are not excluded from SCRA protections.

Reference: Fed. Consumer Compliance Outlook, 1st Quarter 2013, as updated in Dec. 2015.


The regulation provides six exceptions that allow a bank to exceed the maximum hold periods in the availability schedules. The exceptions are:

  • New accounts
  • Deposits in excess of $5,525 on any one day
  • Checks that have been returned unpaid and are being redeposited
  • Deposits to account that have been repeatedly overdrawn
  • Cases in which the bank has a reasonable cause to believe the check being deposited is uncollectable
  • Emergency conditions

Reference: 12 CFR 229.13. 


A lender must examine the status of a detached structure upon a qualifying triggering event (i.e., making, increasing, extending, or renewing a loan). However, consistent with existing obligations under the regulations, if a lender determines at any time that a property has become subject to the mandatory flood insurance purchase requirement and, as a result, the collateral is uninsured or underinsured, the lender has a duty to inform the borrower of the obligation to obtain or increase insurance coverage.

The agencies agree that lenders do not have a duty to monitor the status of a detached structure following the lenders initial determination because of the minimal post closing communications with borrowers or lack of systematic inspections of the property. However, as discussed in Question No. 7 of the agencies July 2009 Interagency Questions and Answers Regarding Flood Insurance, regardless of the lack of such requirement in the agencies regulations, sound risk management practices may lead a lender to conduct scheduled periodic reviews that track the need for flood insurance on a loan portfolio.

Reference: Interagency Flood Insurance Regulation Update Webinar: Q&As, 2015, Q17


In general, a fee can be charged for an extension. However, there are several other issues that need to be considered, including but not limited to:

  • Has the existing loan already matured?
  • Is it a modification where there is only a short maturity extension?
  • Will the extension be done before maturity?
  • Is it a refinancing under 1026.20(a)? 
  • Is there new money?
  • Does the fee change the APR?

New disclosures would need to be provided, as required under Regulation Z. Review 1026.37(m)(8) and the accompanying staff interpretation comments. These comments address construction loans and the need for redisclosure – citing that redisclosure may be done if a statement is included addressing redisclosure, (from the staff interpretation): “You may receive a revised Loan Estimate at any time prior to 60 days before consummation” under the master heading “Additional Information About This Loan” and the heading “Other Considerations” pursuant to § 1026.37(m)(8) satisfies the requirements set forth in § 1026.19(e)(3)(iv)(F) that the statement be made clearly and conspicuously on the disclosure.

Reference: Regulation Z: 12 CFR 1026.20(a). See also: Official Staff Interpretation 1026.20


No. The rule states that the notice must be provided upon sale, transfer or assignment of mortgage loan servicing rights. Certain scenarios are not considered transfers if the payment information does not changes as a result of the following:

  • transfers between affiliates.
  • transfers resulting from mergers or acquisitions or servicers or subservicers.
  • transfers between master servicers where the subservicer remains the same.

Reference: 12 CFR 1024.33(b)(2)(A)


Regulation Z states that credit extended to trusts established for tax or estate planning purposes or to certain land trusts is considered credit extended to a consumer and is covered by the TILA-RESPA rule.

A trust and its trustees are considered to be the same person for purposes of Regulation Z. Credit extended to trusts established for tax or estate planning purposes or to land trusts, as described in comment 3(a)-10, is considered to be extended to a natural person for purposes of the definition of consumer.

Right of rescission applies to a consumer. For the purposes of credit extended to trusts established for tax or estate planning purposes or to land trusts, as described in comment 3(a)-10, is considered to be extended to a natural person for purposes of the definition of consumer.

A LE and CD may be provided to the trustee on behalf of the trust. However, for a rescindable transaction, the CD must be given separately to each consumer with the right to rescind. Under the right to rescind Note: state law should be consulted in the event rescission laws are stricter.

Reference: Regulation Z Official Staff Interpretation 12 CFR 1026.2(a)(11) comment 3; 1026.2(a)(22) comment 3; 1026.3(a) comment 10 See also: Regulation Z 12 CFR 1026.15; and 1026.23


Under Regulation GG, actual knowledge with respect to a transaction or commercial customer means when a particular fact with respect to that transaction or commercial customer is known or brought to the attention of:

  • an individual in the organization responsible for the organization’s compliance function with respect to that transaction or commercial customer; or
  • an officer of the organization.

Reference:  Regulation GG: 12 CFR 233.2(a)


Yes, but you will not be eligible for the Safe Harbor.  To be eligible for the Safe Harbor under the MLA, you have to identify covered borrowers using one of the methods listed in the Rule.  Those methods include:

  • verifying the status using information obtained directly or indirectly from the DoD's database; or
  • verifying the status of a consumer by using a consumer report obtained from a consumer reporting agency that compiles and maintains files on consumers on a nationwide basis or a reseller of such consumer reports (as those terms are defined in the FCRA and any implementing regulations.

You must also follow the timing and recordkeeping requirements. 

Reference: 32 CFR 232.5(a) & (b). 



The regulation now states that the mortgagor and the mortgagee both must be included on a private policy (with exceptions for condominium association, cooperative, homeowner’s association, or other applicable group). 

The requirements for private policies include:

  • Adequate coverage in amount required by flood insurance purchase requirements
  • Issued by a licensed, otherwise approved insurance business
  • Cover both mortgagor and mortgagee
  • Provide sufficient protection of the designate loan consistent with safety and soundness principles.

When determining whether the “one policy is sufficient for all the loans, consider those criteria and ensure the criteria are met.

Reference: Loans in Areas Having Special Flood Hazard: OCC:12 CFR 22.2; 22.3; FED:12 CFR 208.25(b) and (c); FDIC:12 CFR 339.2; 339.3



CAN SPAM does not require an opt in for the initiators of commercial email messages. That means if the bank purchased the list, it may not know if anyone on the list asked to OPT out. However, bear in mind that there could be a violation if someone on the list has in fact opted out.

Consider: Reviewing the requirements and the guidance from the FTC to help determine the risk of purchasing a list.




You have two options if a property is not located in an MSA or it is located outside the MSA in which you have a home office or branch: You may enter codes for the state, county, and census tract number but 'NA' in the metropolitan area column, OR You may enter 'NA' in all four fields for state, county, census tract number, and metropolitan area.

Reference: Official interpretation to Section 1003.4(a)(9).



A representation, omission, or practice that actually misleads a consumer may be deceptive, but deception is not limited to situations in which a consumer has already been misled. Instead, an act or practice may be deceptive if it is likely to mislead consumers. A representation may be an express or implied claim or promise and may be written or oral. It may be deceptive to omit information if the omitted information is necessary to prevent a consumer from being misled. 

An example of this was presented in a case brought by the OCC: 

The OCC brought an action against a credit card issuer for advertising that its secured credit card product did not require submission of funds for a savings deposit in order to receive a card with a usable amount of available credit. However, the issuer failed to disclose that the deposit requirement and various fees would be charged to the card, so that the vast majority of applicants received little or no available credit. 

Reference:  CFPB Exam Manual V.2 October 2012.


Ask an Expert

We want to hear your pressing questions about compliance at your bank. Please fill in the form below. Not all questions will be featured. Your questions will be kept anonymous.