Compliance Question of the Week
QUESTION: If the bank issued an unsolicited access device and the device is used for unauthorized transfers, is the consumer responsible?
A bank may not impose liability on a consumer for unauthorized transfers involving an unsolicited access device until the device becomes an "accepted access device" under the regulation. A card and PIN combination may be treated as an accepted access device once the consumer has used it to make a transfer.
Reference: Official Staff Interpretation 1005.5(b), comment 2.
Large volume lenders are relieved from new quarterly reporting; however, all entities should continue collecting and recording HMDA data in anticipation of making annual submissions in March 2021. On March 26, The Consumer Financial Protection Bureau (Bureau) issued a statement that it will not expect quarterly information reporting by certain mortgage lenders as required under the HMDA and Regulation C (generally financial institutions that report for the preceding calendar year at least 60,000 covered loans and applications (excluding purchased loans) must report their HMDA data quarterly (except for the fourth quarter) in addition to annually).
PPP loan application is not considered a “completed application” under Regulation B until a creditor receives a loan number from the SBA or a response about the availability of funds. Therefore, the 30-day clock for Regulation B’s notification requirement does not begin to run until the creditor has received confirmation from the SBA that the loan is guaranteed. Like all other loans, Regulation B requires creditors to act with “reasonable diligence” to collect the information required to complete PPP loan applications in a timely manner.
No. The changes to the regulation are optional. A bank may continue to restrict "convenient" withdrawals to six if that bank so chooses.
Under section 4021 of the CARES Act, if a bank makes a late-payment accommodation for one or more payment obligations on a debt, then the bank may not report a negative change in status to a reporting agency. So for example, if a borrower does not make a payment because a payment deferral accommodation was made, the bank cannot report the delinquency to the credit reporting agency. However, if a bank charges-off the obligation, then the bank may furnish that information to a credit reporting agency.
Under children online protection act (COPPA), personal information means:
individually identifiable information about an individual collected online, including:
(A) a first and last name;
(B) a home or other physical address including street name and name of a city or town;
(C) an e-mail address;
(D) a telephone number;
(E) a Social Security number;
(F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or
(G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.
If any of this information is going to be gathered disclosures and parental consent may be required. Before developing the games and website, be sure to review the entire act, privacy regulations, and other laws that pertain to websites and games that pertain to children.
Reference: 15 USC 6501: Definitions (chapter 91). FTC 16 CFR 312.2; 312.5.
There is potential for abuse of the policy if the lender is permitted too much discretion and the policy doesn’t provide clear objective criteria. A lender may use the discretion as a reason to charge higher interest rates based on age, gender or race all of which are protected under Regulation B and fair lending. Using a risk based pricing that doesn’t use objective criteria presents potential for disparate treatment in pricing.
In addition, there is potential for predatory lending which includes the practice of charging more via a higher interest rate for extending credit to borrowers identified by the lender as posing a greater credit risk, which could also mean higher fees and points than normally charged. Predatory lending often preys on those who are at higher risk for default. The risk based pricing policy, as with any policy related to credit, should have objective criteria and parameters so that it is applied evenly. In the event of an exception, the decision should be made based on exception criteria, and preferably by a lending committee rather than the lender involved in the transaction.
Reference: Regulation B 12 CFR 1002.4, Interagency Fair Lending Examination Procedures, page 9.
A lender or its servicer could initiate such a review. However, the agencies’ regulations do not permit the exemption of structures from the mandatory flood insurance purchase requirement based solely on their contributory value. Flood insurance is not required, in the case of any residential property, on any structure that is a part of such property but is detached from the primary residential structure and does not serve as a residence.
In addition, other exemptions could apply, such as the exemption for state-owned property covered under a policy of self-insurance satisfactory to the administrator of the Federal Emergency Management Agency (FEMA), the exemption for property securing any loan with an original principal balance of $5,000 or less, or the exemption for a loan with a repayment term of one year or less.
Special measures rulemakings can be found on FinCEN website at https://www.fincen.gov/resources/statutes-and-regulations/311-special-measures.
Ask an Expert
We want to hear your pressing questions about compliance at your bank. Please fill in the form below. Not all questions will be featured. Your questions will be kept anonymous.