Compliance Questions & Answers

Compliance touches every corner of community banking, from operations to customer interactions. Discover key areas like internal controls, policy development, and training programs that keep your bank aligned and accountable.

The early withdrawal penalty is what differentiates a time account from other types of accounts.

The earliest withdrawal penalty must be at least seven days’ simple interest on amounts withdrawn within the first six days after deposit (or within six days after the most recent partial withdrawal).

If funds are withdrawn more than six days after the date of deposit or more than six days after the most recent partial withdrawal, no interest penalty is required under Regulation D.

These penalties are the minimum federal penalties required by Regulation D and the Federal Reserve Act. A bank may impose a greater penalty. If the bank fails to impose the early withdrawal penalty when required, the account may not be classified as a time deposit. The early withdrawal penalty language must be part of the account agreement with the depositor.

See 204.2(c)(1) footnote for information on when a time deposit may be paid during the early withdrawal penalty without a penalty being imposed.

Reference: 12 CFR 204.2(c)(1)

Yes, banks must send a notice of servicemembers' rights to borrowers within 45 days of the date a missed payment was due on a mortgage secured by the borrower's principal residence, unless the borrower pays the past-due amount before the expiration of the 45-day period.

The contents of the notice are prescribed in HUD's (Servicemembers Civil Relief Act Notice Disclosure).

While the Right to Financial Privacy does state that a government agency is not to access customer records without proper authorization – including a subpoena, for a SAR it is different. F

inCEN has issued guidance stating that while it is important for banks to have procedures to ensure that the requesting person/agency is verified, disclosure of SARs to appropriate law enforcement and supervisory agencies is protected by the safe harbor provisions applicable to both voluntary and mandatory suspicious activity reporting by financial institutions.

Reference: Right to Financial Privacy 12 USC 3402 FIN-2007-G003, Suspicious Activity Report Supporting Documentation, June 13, 2007

The bank may provide all the error resolution notices together, however they should be easily discernable regarding the requirements under Regulation E. (e.g., government benefit accounts, remittance of transfers, etc.).

Reference: Regulation E 12 CFR 1005.4; 1005.7

Red flags that may indicate elder abuse include:

Older consumers confused by or unaware of account changes.
New third party speaking for an older adult
Address changes followed by account changes
Older consumer appears newly distressed, unkempt
Sudden increase in monthly cash withdrawals
Uncharacteristic non-sufficient funds activity
Atypical ATM withdrawals
New spending patterns followed by the addition of an authorized user.

Reference: FFIEC BSA AML Examination Manual (Appendix F).

ANSWER:

The key to the effective and successful use of a third party in any capacity is for the institution’s management to appropriately assess, measure, monitor, and control the risks associated with the relationship and weave that process into its compliance management system (CMS).

While engaging another entity may aid management and the board in achieving strategic goals, such an arrangement reduces management’s direct control. Therefore, the use of a third party increases the need for robust oversight of the process from start to finish.

There are four main elements of an effective third-party risk compliance management process:

Risk Assessment – The process of assessing risks and options for controlling third-party arrangements.
Due Diligence in Selecting a Third Party – The process of selecting a qualified entity to implement the activity or program.
Contract Structuring and Review – The process of ensuring that the specific expectations and obligations of both the institution and the third party are outlined in a written contract prior to entering into the arrangement—a contract should act as a map to the relationship and define its structure.
Oversight – The process of reviewing the operational and financial performance of third-party activities over those products and services performed through third-party arrangements on an ongoing basis, to ensure that the third party meets and can continue to meet the terms of the contractual arrangement.

Reference: FDIC Compliance Examination Manual - March 2017, VII-4.4.

Showing 1 to 6 of 31

Bank Secrecy Act and Enforcement

Credit Union Tax Exemption

Fraud and Scams

Community Banker Representation

Online Training Center

All Training & Resources

Operational Risk

Solutions Directory

Chat with ICBA Community

Contact Us

Solutions Directory

Bank Locator

About Us

About Community Banking

Compliance Questions & Answers

Compliance Questions & Answers

Does a bank need to impose an early withdrawal penalty for a time deposit?

Is there a notice banks need to send to a servicemembers when they miss their mortgage payments?

The bank recently filed a SAR, FinCEN has requested supporting documentation, doesn’t the Right to financial privacy act say that any record needs a subpoena to get the records?

For an error resolution notice on a deposit account, is the bank permitted to group together all the notices required under Regulation E and provide them in one document?

When it comes to financial elder abuse, a bank needs to be proactive. What are some red flags that will help staff be able to spot potential elder abuse?

How can a bank mitigate third party risk?