Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CFPB and Federal Reserve update HMDA examination procedures; CFPB updates ECOA baseline review procedures
On April 1, the CFPB and the Federal Reserve Board (Federal Reserve) issued revisions to the HMDA examination procedures covering data collected since January 1, 2018, under the HMDA amendments issued by the Bureau in October 2015 and August 2017, as well as section 104(a) of the Economic Growth, Regulatory Relief, and Consumer Protection Act (implemented and clarified by the 2018 HMDA Rule, which was covered by InfoBytes in August 2018 here.) According to the Federal Reserve’s CA 19-5, the HMDA examination updates include, (i) Narrative, Examination Objectives, and Examination Procedure sections that were developed by the Task Force on Consumer Compliance of the FFIEC; (ii) Review of Compliance Management System, Examination Conclusions and Wrap-Up, and Examination Checklist sections that were developed in consultation with the FDIC and the OCC; and (iii) sampling, verification, and resubmission procedures. With regard to HMDA data collected prior to January 1, 2018, institutions will continue to be examined according to the interagency HMDA examination procedures “transmitted with CA 09-10 and the HMDA sampling and resubmission procedures transmitted with CA 04-4.”
Additionally, in April, the CFPB also released updated ECOA baseline review procedures. The procedures consist of five modules: (i) Fair Lending Supervisory History; (ii) Fair Lending Compliance Management System (CMS); (iii) Fair Lending Risks Related to Origination; (iv) Fair Lending Risks Related to Servicing; and (v) Fair Lending Risks Related to Models. According to the Bureau, all exams will cover the Fair Lending CMS module and additional modules will be assigned depending on the scope of examination.
On March 29, the CFPB announced that the HMDA Modified Loan Application Registers (LARs) data is available for 2018. Specifically, the Modified LARs contain loan level information for 2018 on HMDA filers, covering approximately 5,400 financial institutions. This is the first release in which the additional data required by the 2015 HMDA rule is available. Later this year, additional information will be published, including a complete loan level dataset.
On March 26, the OCC released Bulletin 2019-16, which announces that the FFIEC Task Force on Consumer Compliance developed new interagency examination procedures to reflect the amendments to Regulations Z and E under the CFPB’s Prepaid Accounts Rule (covered by InfoBytes here), which go into effect on April 1. Specifically, the examination procedures reflect (i) Regulation E requirements covering disclosures, limited liability and error resolution, periodic statement, and posting of account agreements; and (ii) Regulation Z requirements covering overdraft credit features with prepaid accounts.
On March 25, the CFPB announced that the Federal Financial Institutions Examinations Council (FFIEC) issued the 2019 edition of the “Guide to HMDA Reporting: Getting It Right!,” which reflects the amendments made to HMDA by the May 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act and the August 2018 interpretive and procedural rule issued by the CFPB. (Covered by InfoBytes here.) The guide includes (i) a summary of responsibilities and requirements; (ii) directions for assembling the necessary tools; and (iii) instructions for reporting HMDA data.
On March 6, the Federal Financial Institutions Examinations Council (FFIEC) announced it adopted a Policy Statement on the Report of Examination, which documents the findings and conclusions of an examination conducted by a FFIEC member agency. The Policy Statement is a principles-based approach for completing the report of examination (ROE) in order to promote consistency among the FFIEC members while allowing flexibility for individual supervisors to document exam assessments of financial institutions of different sizes, risk profiles, and other conditions. The policy provides a short outline that instructs all ROEs to, among other things: (i) include identifying information; (ii) convey that the ROEs contain confidential supervisory information; (iii) present conclusions and issues in order of importance; and (iv) document the institution’s risk profile and discuss the institution’s risk management practices. The new policy statement rescinds an interagency policy statement from 1993.
On December 7, the Federal Reserve Board, the FDIC, and the OCC issued guidance regarding the HMDA key data fields that Federal Reserve examiners use to evaluate the accuracy of HMDA data collected since January 1 pursuant to the CFPB’s October 2015 and August 2017 amendments and the May 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (the Act) exemptions (all of which have been previously covered by InfoBytes here, here, and here).
The guidance cites to the October 2017 list of 37 key data fields identified by the agencies and notes that “[o]nce examiners have selected a random sample of entries from an institution’s HMDA Loan Application Register (HMDA LAR) and have received the corresponding loan files, they would verify the accuracy of the applicable HMDA key data fields in the entries in the HMDA LAR sample(s) against information in the loan files.” Additionally, for institutions eligible for the partial exemption granted by the Act, and covered by the Bureau’s August interpretive and procedural rule (InfoBytes coverage here), the guidance notes that these institutions are responsible for collecting, recording, and reporting only 21 of the 37 designated HMDA key data fields, as the exemption covers the other 16 fields.
The Federal Financial Institutions Examination Council members are currently developing a set of revised interagency HMDA examination procedures regarding HMDA requirements relating to data collected from January 1, 2018 onward.
On November 27, the Federal Financial Institutions Examination Council (FFIEC) issued the second update on the status of its Examination Modernization Project. The project’s objective is to identify and assess measures to improve the community bank safety and soundness examination process, pursuant to the Economic Growth and Regulatory Paperwork Reduction Act’s review of regulations. As previously covered by InfoBytes, in March, the FFIEC released the first update, which identified four areas with potential for the most “meaningful supervisory burden reduction.” The second update focuses on tailoring examination plans and procedures based on risk in order to reduce burden. Specifically, after a review of risk-based procedures and processes, the Federal Reserve Board, the FDIC, the NCUA, the OCC, and the State Liaison Committee have committed to issue reinforcing and clarifying examiner guidance to their examination staffs on risk-focused examination principles for community financial institutions, if necessary. The guidance covers, among other things, the following practices (i) consideration of the unique risk profile, complexity, and business model of the institution when developing the exam plan; (ii) tailoring of the document request list based on the financial institution’s business model, complexity, risk profile and planned scope of review; and (iii) applying examination procedures in a way that reduces the level of review of low risk institutions or low risk areas.
The FFIEC noted it may take further action to improve the examination process as the project progresses.
On November 5, the Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement alerting financial institutions to the potential impact that the U.S. Treasury Department’s Office of Foreign Assets Control’s (OFAC) recent actions under its Cyber-Related Sanctions Program may have on financial institutions’ risk management programs. OFAC implemented the Cyber-Related Sanctions Program in response to Executive Order 13694 to address individuals and entities that threaten national security, foreign policy, and the economy of the U.S. by malicious cyber-enabled activities. FFIEC’s press release announcing the joint statement references OFAC’s June action against five Russian entities and three Russian individuals who, through “malign and destabilizing cyber activities,” provided material and technological support to Russia’s Federal Security Service (previously covered by InfoBytes here), noting that these entities may offer services to financial institutions operating in the U.S.
The joint statement reminds financial institutions to ensure that their compliance and risk management processes address possible interactions with an OFAC sanctioned entity. The statement notes that continued use of products or services from a sanctioned entity may cause the financial institution to violate the OFAC sanctions. Additionally, use of software or technical services from a sanctioned entity may increase a financial institution’s cybersecurity risk. The statement encourages financial institutions to take appropriate corrective action, as well as to ensure their third-party service providers comply with OFAC’s requirements.
The OCC also released Bulletin 2018-40, which corresponds with the FFIEC’s joint statement.
On October 25, the FDIC published a proposed rule in the Federal Register to rescind the annual disclosure requirement applicable to all state nonmember banks and insured state-licensed branches of foreign banks (collectively, “banks”). Specifically, the FDIC is proposing to eliminate 12 CFR Part 350, which, in general, required banks to prepare annual disclosure statements consisting of (i) required financial data comparable to specified schedules in the Call Reports filed for the previous two years; (ii) information that the FDIC may request, such as enforcement actions; and (iii) other information the bank chooses to disclose. According to the proposal, the FDIC has determined that the regulation is “outdated and no longer necessary,” because, with widespread access to the internet, information about the financial condition and performance of individual banks is now “reliably and directly offered to the public through the FDIC’s and the Federal Financial Institutions Examination Council’s (FFIEC) websites” in the form of Call Reports and Uniform Bank Performance Reports. This eliminates the need for the annual disclosure statement requirements. Similar disclosure requirements have already been rescinded in recent years by the Federal Reserve Board and OCC. Comments on the proposed rule must be received by November 26.
On October 18, the Federal Financial Institutions Examination Council (FFIEC) released a newly updated Bank Secrecy Act/Anti-Money Laundering (BSA/AML) InfoBase website, which provides examiners and financial institutions access to BSA/AML examination procedures and resources, including the BSA/AML Examination Manual. According to the FFIEC, the InfoBase will “provide just-in-time training for new regulations and for other topics of specific concern to examiners within the FFIEC's member agencies.”
- Buckley Webcast: Maintaining privilege in cross-border internal investigations
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program
- Douglas F. Gansler to discuss "Role of state AGs in consumer protection" at a George Mason University Law & Economics Center symposium