Bank compliance officers prefer certainty, because it allows them the ability to better prepare for the rules with which their institution must contend.
Unfortunately, with 2016 in the rearview mirror, certainty is at a minimum. The nation’s 45th president, Donald Trump, has taken his seat in the oval office, and has promised to change the regulatory environment that emerged over the past eight years. How much of his plans will come to fruition? We’ll have to wait and see.
But while financial institutions should keep an eye on potential legislation changes, there are several rules on which they must also maintain focus. Here are the six most significant themes that will occupy banks’ compliance staff this year.
- First 100 Days of the Donald Trump Presidency
In President Trump’s announced transition plan for his first 100 days in office, he proposed a “one-for-two” deal in terms of regulation: for every one new regulation, two old regulations will be eliminated. One of the regulations up for elimination—or at least significant retooling—is the Dodd-Frank Act. President Trump has stated he believes the act is too complex, with too much overreach, and inhibits economic growth.
Actions already are in motion to make immediate changes to the act: U.S. Rep. Blaine Luetkemeyer, R-MO, proposed a bill to weaken Dodd-Frank, which successfully passed the House in December. These early efforts could lay the foundation for the new administration’s further revision efforts.
- HMDA Final Rule Effective Date
Unless the new administration changes this rule, the uniform volume thresholds set by the Consumer Financial Protection Bureau (CFPB) Home Mortgage Disclosure Act (HMDA) Final Rule go into effect Jan. 1, 2018. Institutions that meet all other criteria (i.e., asset size, Metropolitan Statistical Area, etc.) and originated at least 100 open-end lines of credit or 25 closed-end mortgage loans in each of the two preceding years will be responsible for collecting new HMDA data points on those types of transactions.
In addition to the expanded umbrella of coverage, all reporting banks must account for 25 new and 14 modified HMDA data fields by the start of 2018. They will also need to fine-tune their compliance systems to adjust to the rule’s extended integration timeline:
2017 Data: Collect and report per current rule and submit to the Fed in 2018.
2018 Data: Collect and report per new rule and submit per current rule to the CFPB in 2019.
2019 Data: Collect and report under new rule and submit it under new rule to the CFPB.
Banks’ processes and procedures for HMDA must be updated, and staff fully trained, to meet the new requirements before 2017’s end.
- FinCEN Enhanced CDD Rule: Is Your Bank Ready?
Financial institutions must expand their Bank Secrecy Act (BSA) policies, procedures and practices by May 11, 2018, to comply with new Customer Due Diligence (CDD) rules. These new regulations identify and verify beneficial owners of covered legal entities and allow for a better understanding of customer relationships—what the rule calls the “Fifth Pillar” of anti-money laundering (AML) programs. This complex task is not one that can be put off until 2018.
While preparing, community banks should take the following steps:
- Identify and verify beneficial ownership for any new account opened, even if that account is for an existing customer.
- Educate staff that beneficial owner covers the ownership prong (anyone with 25 percent ownership) and the control prong (someone with significant responsibility).
- Understand that use of FinCEN’s Certification Form is optional, but the identifying information it captures is not, i.e., name, date of birth, address and social security number.
- Incorporate the Fifth Pillar, meaning banks are now required to understand the purpose and nature of all customer relationships by creating a personalized customer risk profile that supports ongoing reporting and monitoring of suspicious activity.
- Navigating TRID’s Expansion into Construction Loans
Many community banks and other financial institutions are struggling to understand the correlation between construction loans and the TILA-RESPA Integrated Disclosure (TRID) rule. If not handled with care, institutions will be hit with significant and costly consequences, particularly when it comes to TRID tolerance levels regarding the difference between the amount disclosed on the Loan Estimate and the actual amount paid by the customer.
The rule identifies three tolerance categories:
Zero Tolerance: No disparity is allowed for required services that cannot be shopped and are paid to either the institution or an unaffiliated third party.
10 Percent Tolerance: The cumulative amount of all recording fees and unaffiliated third-party fees that can be shopped must not exceed 10 percent of the quoted total.
Unlimited Tolerance: No tolerance limit is placed on required services over which institutions have minimal control, e.g., required services that can be shopped. Prepaid interest, property insurance premiums and escrow items round out this category.
- Risky Business in Vendor Management
For the third year in a row, a regulatory agency issued and updated guidance on vendor management. Last October, the CFPB followed the path of the Office of Comptroller of the Currency (OCC) and the Federal Financial Institutions Examination Council (FFIEC) in restating the importance of a strong vendor management initiative, signaling a sharp regulatory focus on the same.
The CFPB’s “Compliance Bulletin and Policy Guidance; 2016-02, Service Providers” clarifies, “that the depth and formality of the risk management program for service providers may vary depending upon the service being performed–its size, scope, complexity, importance and potential for consumer harm–and the performance of the service provider in carrying out its activities in compliance with Federal consumer financial laws and regulations.” This guidance will prompt a re-evaluation of banks’ vendor management programs in 2017.
- Winning the Cybersecurity War
Throughout Trump’s campaign, national security was a high-priority subject, which specifically included cybersecurity. In 2017, protecting our vital infrastructure and information from cyberattacks will remain a hot topic. Community banks must be prepared to do their part to protect our financial system.
One way banks can bulk up their defenses for the cybersecurity fight is by comparing their cybersecurity processes and policies to the FFIEC’s recent Information Security Booklet update to ensure they are elevated to the level both expected by regulators and needed for protecting against cyberattacks.
In order to maintain a robust compliance program this year, community banks should keep a close eye on the issues discussed here, while maintaining awareness of new proposals and rulings that could come later in the year. Compliance is always changing, and one of financial institutions’ best defenses is to cope with its inherent unpredictability.