Compliance Questions & Answers
Compliance touches every corner of community banking, from operations to customer interactions. Discover key areas like internal controls, policy development, and training programs that keep your bank aligned and accountable.
The general aggregate limit specified in paragraph (d)(1) of this section does not apply to the following:
- Extensions of credit secured by a perfected security interest in bonds, notes, certificates of indebtedness, or Treasury bills of the United States or in other such obligations fully guaranteed as to principal and interest by the United States;
- Extensions of credit to or secured by unconditional takeout commitments or guarantees of any department, agency, bureau, board, commission or establishment of the United States or any corporation wholly owned directly or indirectly by the United States;
- Extensions of credit secured by a perfected security interest in a segregated deposit account in the lending bank; or
- Extensions of credit arising from the discount of negotiable or nonnegotiable installment consumer paper that is acquired from an insider and carries a full or partial recourse endorsement or guarantee by the insider, provided that:
- The financial condition of each maker of such consumer paper is reasonably documented in the bank's files or known to its officers;
- An officer of the bank designated for that purpose by the board of directors of the bank certifies in writing that the bank is relying primarily upon the responsibility of each maker for payment of the obligation and not upon any endorsement or guarantee by the insider; and
- The maker of the instrument is not an insider.
The exceptions in paragraphs (d)(3)(i)(A) through (d)(3)(i)(C) of this section apply only to the amounts of such extensions of credit that are secured in the manner described therein.
Reference: 12 CFR 215.4(d)(3). Q&A provided by Chaotic Solutions, 11/23/2016.
No, a financial institution complies by reporting that the requirement is not applicable for a covered loan to, or an application from, its employee to protect the employee's privacy, even though the institution relied on the employee's income in making the credit decision.
Note: This data field is required for all HMDA reporting institutions.
Reference: 12 CFR 1003.4(a)(10)(iii); Comments 4(a)(10)(iii)-3. A Guide to HMDA Reporting Getting it Right, 2020 edition.
The bank must start collecting the data points required by the rule on January 1, 2028.
Reference: 1002.114
The Agencies’ appraisal regulations permit an institution to obtain an appropriate evaluation of real property collateral in lieu of an appraisal for transactions that qualify for certain exemptions. These exemptions include a transaction that:
- Has a transaction value less than $400,000 for residential real estate or less than $500,000 for commercial real estate
- Is a business loan with a transaction value equal to or less than the business loan threshold of $1 million, and is not dependent on the sale of, or rental income derived from, real estate as the primary source of repayment
- Involves an existing extension of credit at the lending institution, provided that:
- There has been no obvious and material change in market conditions or physical aspects of the property that threaten the adequacy of the institution’s real estate collateral protection after the transaction, even with the advancement of new monies; or
- There is no advancement of new monies other than funds necessary to cover reasonable closing costs.
Special exemption for rural areas: An appraisal is not required, but an evaluation is, if the real property or interest in real property is located in a rural area, as defined by Regulation Z and provided by the Bureau, so long as the following criteria are met:
- The bank has contacted not fewer than 3 state certified appraisers or state licensed appraisers,
- The bank has documented that no state certified appraiser or state licensed appraiser was available within 5 business days beyond customary
- And reasonable fee and timeliness standards for comparable assignments,
- The transaction is less than $400,000, and
- The transaction is not a high-cost mortgage transactionas defined by Regulation Z
Reference: Interagency Appraisal Guidelines, December 2010, page 11 of 45
The opt-out requirements listed in 12 CFR 1016.7 and 12 CFR 1016.10 do not apply to nonpublic personal information provided to a nonaffiliated third party to perform services for or behalf of a bank, if the bank:
- Provides the initial notice as required under 12 CFR 1016.4; and
- Enters into a contractual agreement with the third party prohibiting the disclosure of information other than to perform the contracted services.
Reference: 12 CFR 1016.13.
A consumer must report an unauthorized electronic fund transfer that appears on a periodic statement within 60 days of the financial institution's transmittal of the statement to avoid liability for subsequent transfers.
If the consumer fails to do so, the consumer's liability shall not exceed the amount of the unauthorized transfers that occur after the close of the 60 days and before notice to the institution, and that the institution establishes would not have occurred had the consumer notified the institution within the 60-day period.
When an access device is involved in the unauthorized transfer, the consumer may be liable for other amounts set forth in paragraphs (b)(1) or (b)(2) of this section, as The standard of unlimited liability applies if unauthorized transfers appear on a periodic statement, and may apply in conjunction with the first two tiers of liability.
If a periodic statement shows an unauthorized transfer made with a lost or stolen debit card, the consumer must notify the financial institution within 60 calendar days after the periodic statement was sent; otherwise, the consumer faces unlimited liability for all unauthorized transfers made after the 60-day period.
The consumer's liability for unauthorized transfers before the statement is sent, and up to 60 days following, is determined based on the first two tiers of liability:
- Up to $50 if the consumer notifies the financial institution within two business days of learning of the loss or theft of the card; and
- Up to $500 if the consumer notifies the institution after two business days of learning of the loss or theft.
The first two tiers of liability do not apply to unauthorized transfers from a consumer's account made without an access device. If, however, the consumer fails to report such unauthorized transfers within 60 calendar days of the financial institution's transmittal of the periodic statement, the consumer may be liable for any transfers occurring after the close of the 60 days and before notice is given to the institution.
For example, a consumer's account is electronically debited for $200 without the consumer's authorization and by means other than the consumer's access device. If the consumer notifies the institution within 60 days of the transmittal of the periodic statement that shows the unauthorized transfer, the consumer has no liability.
However, if in addition to the $200, the consumer's account is debited for a $400 unauthorized transfer on the 61st day and the consumer fails to notify the institution of the first unauthorized transfer until the 62nd day, the consumer may be liable for the full $400.
Reference: 1005.6(b)(3); Official Staff Interpretation 1005.6(b)(3), comments 1 and 2.