Compliance Question of the Week

In today’s banking environment as soon as one big new regulation is implemented another pops up. Our compliance resources help your community bank stay one step ahead of the regulators.

Regulations and Guidance

Compliance Question of the Week

QUESTION: May age be considered in a credit scoring system?


Age may be taken in to consideration in an empirically derived, demonstrably and statistically sound credit scoring system, a creditor may use an applicant's age as a predictive variable - provided that the age of an elderly applicant is not assigned a negative value.

The official staff interpretation explains that age may be taken directly into account in a credit scoring system that is demonstrably and statistically sound; as defined in 1002.2(p) with one limitation - applicants age 62 or older must be treated at least as favorably as applicants who are under age 62.

If age is scored by assigning points to an applicant's age category, elderly applicant must receive the same or a greater number of points as the most favored class of non-elderly applicants.

Reference: 1002.6(b)(2); Official Staff Interpretation 1002.6, paragraph 6(b)(2).

Q&A Archives


Yes. Keep in mind that although a text message may be going to a specific person, because of the platform used (e.g., computer, phone) it may not be secured, which in turn allows the message to be viewed by someone who is not the intended recipient.

At this time, there are no exceptions from compliance requirements with regard to social media. Section 805 of the Fair Debt Collection Practices act states the requirements for communicating about debt collection.

Reference: Fair Debt Collection Practices Act §§ 1692-1692p


Regulation CC does not require banks to have a restrictive indorsement for remote deposit capture (RDC). In general, the final rule states that a bank should determine whether the risks involved in use of remote deposit capture are in line with the bank’s risk management. The bank may want to consider requiring customers to indorse the check with words such as “for mobile deposit only” before capturing the check or take other steps to protect against a deposit of the original check. The Board believes that the indemnities provided in the final rule will provide basic protections for banks handling electronically-created items and help prevent multiple deposits of the same item.

As part of the bank’s risk management program, the bank must measure and consider the risks presented by remote deposit capture for deposits and operations, consider the following:

  • What policies and procedures are necessary to minimize the risk presented;
  • Who is responsible for addressing an issue that may arise as a result of RDC and the presentment of a paper check;
  • What types of internal controls are necessary to ensure operations has a method of identifying such issues;
  • Working with the bank’s provider for remote deposit capture to ensure that the deposit has a restrictive indorsement e.g., for mobile deposit only to ABC bank.

Reference: Federal Register, Thursday June 15, 2017, page 27578 See also: Effective July 1, 2018 Regulation CC 12 CFR 229.2(hhh); 229.34(f) Official Staff Interpretation 229.34 and 229.34(f); Federal Register, Thursday June 15, 2017, page 27578


Regulation U defined customer: A customer excludes an exempted borrower and includes any person or persons acting joints to or for whom a lender extends or maintains credit.

Regulation U section 221.6 exempts credit to a customer other than a broker or dealer to temporarily finance the purchase or sale of securities for prompt delivery, if the credit is to be repaid in the ordinary course of business upon completion of the transaction and is not extended to enable the customer to pay for securities purchased in an account subject to part 220* of this chapter.

* refers to Regulation T (12 CFR 220)

Reference: Regulation U: 12 CFR 221.6 See also: 12 CFR 221.2


Section 311 of the USA PATRIOT Act added 31 USC 5318A to the Bank Secrecy Act.  It authorizes the Secretary of the Treasury to require domestic financial institutions to take certain special measures against foreign jurisdictions, foreign financial institutions, classes of international transactions, or types of accounts of primary money laundering concern.

Five special measures can be imposed, either individually, jointly, or in any combination:

  1. Recordkeeping & reporting of certain financial transactions;
  2. Information relating to beneficial ownership;
  3. Information relating to certain payable through accounts;
  4. Iinformation relating to certain correspondent accounts; and
  5. Prohibitions or conditions on opening or maintaining certain correspondent or payable through accounts.

Reference: 31 USC 5318A & 2014 BSA/AML Examination Manual.


No. This loan is not exempt from HMDA. Funds used to improve a business located inside a dwelling (unless multifamily), is not exempt from HMDA.

Reference: Commentary 1003.3(c)(10)-3


A bank may issue an unsolicited access device (for example a combination debit card and PIN) if the bank's ATM system has been programmed not to accept the device until after the consumer requests and the bank validates the device. Merely instructing a consumer not to use an unsolicited debit card and PIN until after the bank verifies the consumer's identity does not comply with the regulation.

Further, a bank may use any reasonable means, to verify the consumer's identity, however, even if a reasonable means was used, if the bank fails to verify correctly the consumer's identity and an imposter succeeds in having the device validated, the consumer is not liable for any unauthorized transfers from the account.

Reference: Official Staff Interpretation 1005.5, comments 1 and 4


National security letters (NSLs) are written investigative demands that may be issued by the local FBI or federal government authorities during counter intelligence and  counter terrorism investigations. NSLs are highly confidential and should not share them with external examiners or internal auditors. If your bank files a SAR after receiving a NSL, the narrative should NOT contain any reference to receipt or existence of said NSL. Financial institution should not automatically file a SAR in response to an NSL. Rather, the decision to file a SAR should be in response to its own investigation. 

Reference: 31 CFR 1020.320.


A construction loan secured or to be secured by a building in the course of construction that is located or to be located in an SFHA, in which a flood insurance is available, is a designated loan and a determination must be made.

Reference: 12 CFR 339.3(a); Interagency Flood Q&A 2009, Q20

Ask an Expert

We want to hear your pressing questions about compliance at your bank. Please fill in the form below. Not all questions will be featured. Your questions will be kept anonymous.