Insight. Oversight. Foresight. ®Florida Michigan North Carolina Texas

Regulatory Compliance Strategy for 2019

John ZasadaCompliance Consulting Director

Somewhere in the Middle

•1, 2, 3 Directors•Pro consumer, then pro FI•Now what?•Implications for CUs•Know where to focus

2

3

Bio

• 25 years of financial institution compliance experience• Created first nationwide credit union compliance

consulting practice• Assisted hundreds of financial institutions improve their

regulatory compliance performance• Trained NCUA and State examiners on consumer

compliance • Helps lead DoerenMayhew’s national compliance practice• Performs ongoing compliance reviews of financial

institution websites, social media and advertising

John Zasada, Director of Compliance ServicesJD, CAMS

Agenda

4

• What’s new with the CFPB

• Penalties• Exams• BSA • OFAC• Elder financial abuse• Hemp and marijuana• Complaint management

• Fair lending• Reporting to the BOD• UDAAP

CFPB Directors

Mixed Signals

• MLA• Pro consumer

• Payday Lending• Pro industry

CFPB Still Enforcing

• USAA Federal Savings Bank• Regulation E violations

• Not stopping preauthorized transfers

• Inadequate EFT investigations

Political Changes

• Democrat heads HFSC• No new laws but can slow down

deregulation

Reversing Decisions by Former Director?

• HR 1500• Reverse several Mulvaney

decisions• Dead in the water

Rolling Back the Regulations

• Did this ever really happen?• If so, to what extent?• 2018 federal register decline• Private sector not inclined

Upcoming Regulatory Changes

• FinCEN• Nothing major, but…

• CFPB• HMDA proposal• Regulation CC final rule• Payday lending• Debt Collection Practices rule proposal

Debt Collection Proposal

• Issued in May• Does not govern first-party collectors,

but…• You may use 3rd parties• UDAAP

• Controversial• Allows up to 7 calls per week• Both sides not loving it

NCUA Supervisory Priorities

• Compliance 2 of the top 3• BSA

• CDD and beneficial owners• Regulatory Compliance

• MLA• Regulation B adverse action notices• HMDA

• Monitor/Test in 2019• Find the issues first

Agency Guidance

• More and more being issued• Helps plug holes in your compliance

program but…• Something else to follow• Can appear to require more than the

regulation itself• Provides examples of safe and sound

conduct• Current and fresh

And not just Guidance

• FAQs• Outlook articles

BSA

• Programs still deficient• Not just mega banks being

held accountable for BSA violations

BSA Compliance Innovation

• FinCEN encouragement• Innovation Hours Program

• Present to FinCEN your BSA products and services

• FinCEN will not bless them• Be wary if someone claims that is

the case

AML Model Validation

• Appropriate filtering criteria and thresholds

• System capturing necessary information

• How often?

SARs in the News

• Treasury official shared SARs with a journalist

• SARs involved Russian spy, Rick Gates and Paul Manafort

Elder Financial Abuse

• Hot button issue• Small % reported• Train staff on it• File SARs

• EFE SAR filings quadrupled from 2013 to 2017

• CFPB webinar• New joint law enforcement effort

Elder Abuse Updated Advisory

• CFPB updated 2016 Advisory• 6 best practices• Report to authorities• File SARs• Pay attention to Reg E exceptions

Elder Abuse and Privacy

• Privacy concerns are overblown• You can report it without violating

privacy laws as long as you provide training

• Safe harbor provided in the 2018 Economic Growth Act

Opioids and BSA

• FinCEN advisory• Be aware of the illicit schemes• Monitor for the red flags• Pay attention to FinCEN

advisories

Phishing Attacks

• BSA officers received e-mail seemingly related to ongoing suspicious activity investigation

• Phishing attempt• What if someone else received it?• Route everything through BSA

Officer

OFAC Violations

• Chase Bank paid $5.2 million settlement

• Voluntarily disclosed violations but still had to settle

• New screening software and more training

OFAC Commitments

• Management commitment• Risk assessment• Policies and procedures• Audit• Train

OFAC and 3rd Parties

• OFAC applies to your vendors• FFIEC issued a statement on

OFAC’s cyber related sanctions program

• Run checks on third party vendors

Hemp

• Cultivation of hemp legal but still need regulations

• Regulations expected before 2020 growing season

• NCUA risk alert approves services to hemp businesses

• SARs not required

Marijuana

• SAFE Banking Act• House hearing

• First step?• Using personal accounts instead

of business account

What is a Marijuana-Related Business?

• How far do you go in making the determination?

• Tiers?

Serving Cannabis-Related Businesses

• Start with the risk assessment• Present it to the BOD• Look at federal/state law, insurance,

financial audit, vendors• Lending issues

More Cannabis Concerns

• Cash• Back-office operations• Due diligence• Multiple accounts

Final Cannabis Steps

• Regulator• NCUA not penalizing CUs

• 3-6 months• Marketing • Exit strategy

Complaint Snapshot

• CFPB released it for 2015 - 2018• Top complaints:

• Debt collection• Credit reporting• Mortgages• Credit cards

Complaint Management

• More than keeping a list• Root cause analysis• Identify compliance risk• Report to the BOD and business

lines• Part of your CMS

Diagnosing Compliance Complaints

• Someone manually decides what is a complaint and whether it has UDAAP implications

• Have you tested that function?• Are these being filtered correctly?

Non Complaints Important

• Do not ignore it simply because it does not meet complaint definition

• Internal reporting of issues• Look for early indications and

trends

Banks, CUs and Complaints

• CUs score higher than banks on consumer satisfaction

• One recent study banks score higher than credit unions at solving customer complaints and problems

• Lower expectations for banks?

Fair Lending Enforcement Actions

Reporting year Total enforcement matters

2012 1

2013 26

2014 2

2015 5

2016 3

2017 1

2018 0

Fair Lending Referrals to DOJ

Year Number of referrals2012 122013 242014 182015 162016 202017 112018 1

Below is a year-to-year overview of ECOA referrals to DOJ:

Lending Fairly to Millennials

• Rent padding• Some credit unions made it

policy• Fair lending implications• Case by case basis better

Compliance Reporting to the BOD

• Regulatory changes• Enforcement actions and lawsuits• Compliance hot topics• New or changed compliance policies• Compliance testing/monitoring• New products and services• Complaints• Training• Risk assessment• BSA

UDAAP

• CFPB approach changed• Broader sense of harm• Soft skills necessary in addition

to technical expertise

Where to Look for UDAAP Issues

• Product development• Marketing• Sales• Complaints• Servicing• Collections• Third parties

UDAAP Issues

• Late fees• Collections• Language• Member feedback

MLA and SCRA

• There is confusion as to how they are different• MLA while in active duty• SCRA before active duty• MLA caps rate at 36% MAPR• SCRA caps rate at 6%

SCRA CU Example

• 2018 credit union settled with DOJ in relation to vehicle repossessions

• SCRA limits CUs actions against active duty service members

• Members can request an interest rate reduction• High reputation risk

Nissan Motors Settlement

• 10th SCRA DOJ Settlement with auto finance company

• Repossessions• Look to settlements for best practices

• Defense Manpower Data Center database

SCRA Foreclosure Example

• PHH foreclosed on 6 servicemembers homes without the required court orders

• SCRA does not generally permit foreclosure against servicemembers without a court order

• Lessons from settlements

Most Common SCRA Violations

• 6% interest rate cap• Repossessions• Foreclosures

HMDA in the News

• A few bad actors cause additional HMDA scrutiny by regulators

• Large mortgage company caught falsifying HMDA information

• Selected “non-Hispanic white” when not provided information

• $1.75m fine

HMDA Data Readily Available

• Old rules – 3rd parties had to make a request to see your modified LAR

• New rules – Standard format available online with no request necessary

• Know your data

Online Marketing

• Digital redlining• Over target• Interest rate on Linkedin?

ESIGN

• ESIGN requires demonstrable consent

• Do in-branch tablets demonstrate consent?

• Probably not

Focus

• CFPB is politically dividing• Warren on the offensive• Control what you can• Continue to watch for signs• BSA, elder abuse, OFAC, hemp/cannabis,

debt collection, complaints, fair lending

Insight. Oversight. Foresight. ®Florida Michigan North Carolina Texas

Thank You!

Presenter NameTitle, Group Name (if desired)Phone: 248.244.xxxxxxx@doeren.com))

56