Compliance Insights - January 2020

Compliance Insights - January 2020

Prediction: Key Compliance Risks for 2020 (and Beyond)

It is a new year, and some would say a new decade. But while a decade changes with the stroke of the clock, social and technological changes are typically years in the making, marching slowly forward as if preordained. Changes in business practices follow closely behind, as the least adaptable ones fade from sight and the entrepreneurial ones emerge or redefine themselves. The legislative and regulatory communities endeavor to keep pace, fueled or restrained by the current political climate, but always trying to ensure consumer protection and financial stability without stifling growth or the next major innovation.

As we look forward to 2020, and the rest of the decade, we expect to see a continuation of the pattern of the legislative and regulatory communities playing catch-up in an increasingly complex social and business landscape. Following is a snapshot of some of what we expect to see in 2020 and thereafter.

  • Operational resilience – Regulators across the globe have identified operational resilience – the ability of an organization to withstand adverse changes in its operating environment and continue the delivery of business services and economic functions – as a key area of focus over the next several years. Their growing interest in this topic is expected to usher in a new era of enhanced resilience supervision. Most recently, in a series of coordinated consultation papers, the Bank of England (BOE), the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) proposed formal rules around the topic of operational resilience, bringing the policy intentions first discussed in a July 2018 discussion paper closer to implementation.

    The consultation papers spell out the U.K. supervisory authorities’ expectations for regulated institutions, which include taking ownership of their operational resilience, prioritizing plans and investment choices based on their impacts on the public interest, and communicating clearly to customers when disruptions occur. In addition, the latest proposals provide greater clarity around defining “important business services” and “setting and testing impact tolerance,” key concepts essential to building operational resilience. Firms have until April 3, 2020, to submit responses to the proposals in the consultation papers. Sometime in mid-2020, we expect the U.K. supervisory authorities to issue formal regulations on operational resilience. While U.K. regulators are leading on the topic of operational resilience, U.S. regulators, including the Federal Reserve, are weighing different approaches to operational resilience supervision.
  • Banking cannabis-related businesses – The initial legalization of recreational marijuana by Colorado and Washington state in 2012 has led to a watershed of state legislative actions easing restrictions on various cannabis-based substances for various purposes. Yet the progressive views of certain states remain at odds with federal law, leaving many legitimate cannabis-based businesses operating with less efficient and secure banking services, as most regulated financial institutions maintain fidelity to federal drug statutes.

    As discussed later in this edition of Compliance Insights, the federal banking agencies have recently issued guidance to financial institutions on banking hemp-related businesses now that hemp has been removed from the list of Schedule 1 controlled substances. We expect to see further legislative and regulatory efforts in this area to reconcile the federal and state law void and to provide reliable guidance to financial institutions and legitimate businesses.
  • Artificial intelligence, machine learning and alternative data in underwriting – Advances in technology over recent years have created a stunning evolution in both lifestyle and business practices. Most recently, perhaps no concepts have been more closely associated with technological advancement than artificial intelligence (AI) and machine learning (ML). As these technologies have developed, fintech entrepreneurs have leveraged their efficiencies to enter the financial services market in innovative ways and more traditional financial institutions have used these advancements to drive efficiencies and expand market share.

    A key ingredient in this process is the availability and use of alternative data, information that pertains to a consumer’s or business’s non-traditional financial history. The use of alternative data is allowing financial institutions and fintech companies to cost-effectively reach deeper segments of the market while maintaining credit risk within acceptable ranges. As discussed later in this edition of Compliance Insights, the federal banking agencies have recently issued an Interagency Statement on the use of alternative data in credit underwriting, discussing the benefits and risks of this technology. We expect to hear more about the compliance risks associated with innovative technologies throughout 2020 and beyond.
  • Increased state oversight of consumer compliance – The elevation of consumer compliance topics to board-level priority largely occurred after the 2008 financial upheaval, passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act and creation of the Consumer Financial Protection Bureau (CFPB). However, since the election of President Trump, the CFPB has relaxed its level of oversight considerably. To fill the void, there has been a significant increase in state law oversight of consumer compliance. We expect this trend to continue in 2020 and beyond as state governments and regulators gain additional experience and confidence in consumer protection. In next month’s edition of Compliance Insights, we will explore recent changes in this area.​
  • LIBOR replacement – The London Interbank Offer Rate (LIBOR) is a benchmark index commonly used for setting the interest rate on financial contracts and consumer financial products. Due to past scandals and questions of sustainability, it is expected that the LIBOR benchmark will terminate sometime after 2021, if not sooner. Although the financial impact has been widely discussed, consumer-compliance concerns will also need to be addressed. LIBOR and the Constant Maturity Treasury (CMT) Index are the most common interest rate benchmarks used for the repricing of adjustable rate mortgage loans. If LIBOR is discontinued, current adjustable rate mortgage loans will have to be modified to establish a replacement index.

    While the industry generally seems to have targeted a replacement index in the Secured Overnight Financing Rate (SOFR), much work and risk remain in executing the change. At this point, no formal guidance on the consumer compliance risks of LIBOR replacement have been issued by the federal banking agencies. Given the apparent inevitability of this change, we would expect to see this issue more directly addressed in the coming months. Look for a more detailed discussion of the consumer compliance impact of LIBOR replacement in next month’s edition of Compliance Insights.

The aforementioned topics represent some of the activity we expect to see in the coming year. Beyond 2020, the outlook remains uncertain due to the potential change in Congress and presidential administrations. As the year progresses, we will continue to monitor the regulatory environment, as well as the social, technological and political changes by which it is impacted.

For more information, please contact Sean Kulczycki.

Regulators Issue Interagency Statement on Use of Alternative Data in Credit Underwriting

In December 2019, the CFPB, along with the Federal Reserve Board, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the National Credit Union Administration (NCUA) issued an Interagency Statement on the Use of Alternative Data in Credit Underwriting. The use of alternative data is a topic of increasing interest and one that has been on the agencies’ radar for several years. The benefits and risks of using alternative data were previously raised by the CFPB in a February 2017 Request for Information (RFI) Regarding the Use of Alternative Data and Modeling Techniques in the Credit Process. The Federal Reserve Bank of Philadelphia also addressed the topic in a white paper published in January 2019 on the roles of alternative data and machine learning in fintech lending. Even more recently, the use of alternative data in the underwriting process was identified as a potential fair lending risk in the OCC’s Spring 2019 Semiannual Risk Perspective.

The recent Interagency Statement does not identify new areas of concern or provide new or definitive guidance to financial institutions. It does, however, acknowledge that creditors are increasingly using automated underwriting technologies and that incorporation of alternative data may provide benefits to consumers without posing greater risks than traditional data. The Interagency Statement references the example of creditors using a consumer’s income and expenses as a key underwriting component and indicated that some firms have automated cash flow analysis over time to evaluate repayment capacity. A cash flow analysis may be particularly beneficial for consumers who demonstrate reliable and consistent income from a variety of sources rather than a single employer. In this instance, the use of alternative data could provide a benefit to consumers without increasing consumer protection risk.

While the use of alternative data may not necessarily pose greater compliance risk, the Interagency Statement does recommend that financial institutions analyze the relevant consumer protection laws and regulations and the risks they present before using alternative data. The Interagency Statement also suggests that institutions may need to enhance their compliance management program depending on the aforementioned risk analysis.

Regulators continue to increase their familiarity with the use of alternative data and are likely to provide further information on this topic as its use evolves. In the meantime, creditors using or planning to use alternative data in credit underwriting should follow the recent guidance and closely evaluate the compliance risks such use presents. As suggested within the Interagency Statement, these creditors also may want to consider consulting with the appropriate regulator(s) to help ensure consistency with expectations.

For more information, please contact Lance Brown.

Agencies Clarify Requirements for Providing Financial Services to Hemp-Related Businesses

In December 2019, the OCC, along with the FDIC, the Board of Governors of the Federal Reserve System and the Financial Crimes Enforcement Network (FinCEN), in consultation with the Conference of State Bank Supervisors, issued an Interagency Statement on Providing Financial Services to Customers Engaged in Hemp-Related Businesses. The purpose of the Interagency Statement is to explain the impact to financial institutions of the October 31, 2019, interim final rule on hemp production issued by the United States Department of Agriculture (USDA).

The Interagency Statement explains that the Agriculture Improvement Act of 2018 removed hemp as a Schedule I substance under the Controlled Substance Act and directed the USDA, in consultation with the U.S. attorney general’s office, to regulate hemp growth and production. The USDA’s Interim Final Rule, promulgated to satisfy this statutory obligation, establishes a regulatory oversight program to facilitate the legal growth and production of hemp. The program requires states and tribal governments to submit plans for monitoring and regulating hemp production to the USDA for approval, or to comply with a federal licensing plan established by the USDA. Under the Interim Final Rule, hemp may be legally grown only under a USDA-approved state or tribal plan or with a valid USDA-issued license. It should also be mentioned that a state or tribal government retains the ability to prohibit the production of hemp, even though it is legal under federal law.

In addition to summarizing the USDA’s regulatory process, the Interagency Statement addresses the associated BSA implications. Specifically, the Interagency Statement clarifies that since hemp is no longer a Schedule 1 controlled substance, banks are not required to file Suspicious Activity Reports (SARs) on customers solely because they engage in the growth or cultivation of hemp, provided that the activities are in accordance with applicable laws and regulations. Although not specifically stated, the guidance implies that the growth and production of hemp outside the parameters of the USDA’s regulatory framework still requires a SAR to be filed.

This new guidance does not give banks permission to relax their BSA/AML standards pertaining to cannabis-or hemp-related businesses. Indeed, the Interagency Guidance specifically states that marijuana is still a controlled substance under federal law. Rather, banks must continue to exercise appropriate due diligence with respect to hemp industry customers and continue to file SARs if such entities are not operating in compliance with applicable laws and regulations or are otherwise engaged in suspicious activity. If a bank decides to open accounts for hemp-related business, written policies and procedures should be implemented that outline the bank’s protocols for reviewing and approving the onboarding of these customers and validating compliance with applicable USDA, state or tribal plans.

Finally, the joint guidance notes that FinCEN will issue additional guidance on providing financial services to the hemp industry after it further evaluates the USDA Interim Final Rule. As a result, banks should continue to monitor developments in federal, state and local laws and be cognizant that some governments or tribal territories may still prohibit the growth and cultivation of hemp even though it is lawful under the new guidance.

For more information, please contact Dan Merrell.

The OCC and FDIC Issue Community Reinvestment Act Advanced Notice of Proposed Rulemaking

On December 12, 2019, the OCC and the FDIC jointly issued an Advanced Notice of Proposed Rulemaking (ANPR) in an effort to make substantive changes to the Community Reinvestment Act (CRA) regulations for the first time since 1995. Considerable work has been conducted by the OCC, the FDIC and the Federal Reserve Board leading up to the issuance of this ANPR. Initial attention to revising CRA regulations originated from a 2014 OCC initiative to identify and address outdated, unnecessary or unduly burdensome regulations. In August 2018, the OCC issued an initial ANPR seeking ideas to transform and modernize the CRA regulatory framework. Although issued only by the OCC, the initial ANPR reflected feedback and input from both the FDIC and the Federal Reserve Board.

With the issuance of the December 2019 ANPR, the OCC and the FDIC seek to better align the CRA with developments in the banking industry by making broad changes to four primary areas. Specifically, the ANPR seeks to clarify and expand the lending and community development (CD) activities that qualify for CRA credit, extend eligibility for CRA credit to activities occurring outside of an institution’s assessment areas, provide greater objectivity in measuring CRA performance, and revise data collection, record-keeping and reporting requirements. Additional detail on how the ANPR seeks to accomplish these objectives is provided below.

  • Clarifying and expanding activities that qualify for CRA credit. As indicated in the ANPR, a common criticism of the current CRA regulation is its subjectivity in determining whether a community development activity or loan qualifies for CRA credit. The proposal attempts to clarify the types of activities that qualify for CRA credit by establishing “qualifying activities criteria.” The ANPR also establishes a process for banks to seek agency confirmation that an activity qualifies for CRA credit. In addition, the agencies will also be required to periodically publish a non-exhaustive illustrative list of qualifying CRA activities.
  • Expanding where CRA activity counts. Under the current rule, banks can generally receive CRA credit only for activities that occur within their designated assessment areas. Currently, a bank’s assessment areas are required to consist of the geographies in which its branch facilities or non-brand deposit-taking facilities (e.g., ATMs) are located and the surrounding geographies in which it has originated or purchased a substantial portion of its loans. The proposal retains this facility-based assessment area and creates an additional requirement for banks to delineate additional, nonoverlapping deposit-based assessment areas where they have a significant concentration of retail deposits. Under the ANPR, banks would receive CRA credit for qualifying activities conducted both in their facility-based assessment areas and their deposit-based assessment areas.
  • Providing greater objectivity in measuring performance. With respect to measuring performance, the proposed rule provides different performance standards for small banks and large banks, while eliminating the intermediate small bank examination. Small banks will now be defined as those with total assets of $500 million or less. Other banks will be evaluated under new general performance standards that will assess two fundamental components referred to collectively as “qualifying activities”: (1) retail loans – home mortgages or consumer loans provided to low or moderate income (LMI) individuals or families, or located in Indian Country; small loans to small businesses or small farms; and small loans to businesses and farms located in LMI census tracts or Indian Country and (2) community development loans, investments, and services. Qualifying activities will be measured against the bank’s retail domestic deposits.

    To establish more objectivity, both components will be compared to specific benchmarks and thresholds established prior to the beginning of a bank’s evaluation period. Under the general performance standards, banks would also be required to meet a minimum CD lending and investment requirement for each assessment area and at the bank level to achieve a satisfactory rating. In addition to the above, the proposal provides for a strategic plan option available to all banks to address the needs of banks with unique business models.
  • Revising data collection, record-keeping and reporting. Under the current CRA regulations, banks other than small banks are required to collect and report data on small business and small farm loans annually. Under the ANPR, banks evaluated under the general performance standards would be required to collect, maintain and report data related to their qualifying activities, certain nonqualifying activities, retail domestic deposits and assessment areas. Small banks remain exempt from data reporting but would be required to collect and maintain data related to their retail domestic deposits.

The ANPR, published in the Federal Register on January 9, 2020, provides a 60-day period for public comment. The agencies have considered comments received since the initial 2014 review of the CRA and encourage financial institution participation in the commentary process. While the rule has not been finalized and the lack of Federal Reserve Board participation leaves unanswered questions, the number and scope of proposed changes suggest that the agencies intend to broadly alter the way the CRA functions and is applied.

For more information, please contact Mary Bailey or Michael Thompson.

CFPB Issues Notice of Proposed Rulemaking to Amend the Remittances Transfer Rule

In December 2019, the CFPB issued a Notice of Proposed Rulemaking to amend the Remittance Transfer Rule, detailed in Subpart B of Regulation E, which was established by the bureau in 2012 pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act. The Remittance Transfer Rule provides protections to consumers sending international electronic money transfers by requiring detailed disclosures, establishing cancellation rights and creating a process for consumers to resolve remittance transfer errors.

As initially promulgated and currently in effect, the Remittance Transfer Rule provides an exception that allows certain information to be disclosed as estimates under certain conditions. The information eligible to be estimated includes the exchange rate, the amount of currency to be transferred, certain third-party fees and the amount the recipient will actually receive. Estimates can be provided for these amounts if the transfer is sent from the sender’s account, the remittance transfer provider is an insured institution and the provider cannot determine the exact amounts for the aforementioned items for reasons out of its control. One additional important aspect of the current rule is that the aforementioned exceptions are temporary and expire on July 21, 2020.

The Proposed Rule, narrow in scope, focuses on making the temporary exceptions for estimated disclosures permanent. However, the proposal also provides for an upward adjustment in the number of annual remittance transfers necessary to trigger application of the Remittance Transfer Rule to a particular remittance transfer provider. Currently, a remittance transfer provider is not subject to the rule if it provided 100 or fewer remittance transfers in the current and previous calendar years. The Proposed Rule increases this threshold to 500 or fewer remittance transfers.

With respect to the temporary exceptions for estimated disclosures, the Proposed Rule establishes the exceptions as permanent if certain additional conditions are met. Under the proposal, if the remittance transfer provider has sent 1,000 or fewer remittance transfers to a particular country to be received in that country’s currency in the prior calendar year, it may provide the exchange rate, and other disclosures impacted by the exchange rate, as estimates. Additionally, if the remittance transfer provider has sent 500 or fewer remittance transfers to a particular recipient institution in the prior calendar year, it may provide as estimates the amount of any covered third-party fees and the total amount that will be received by the recipient. Both of the above exceptions are also contingent on a financial institution meeting the conditions currently required for use of the temporary exceptions.

To help financial institutions understand the proposal, the CFPB has made available an unofficial redline version of the proposed revisions to Regulation E. Prior to issuing a final rule, the CFPB will consider public comments received during the notice and comment period that closed on January 21, 2020, which are posted online for the public to view. It is anticipated that the CFPB will issue a final rule before the expiration of the temporary exceptions on July 21, 2020. If the proposed rule becomes final, entities that provide a limited number of remittance transfers may either be exempt from the rule or able to continue disclosing estimates to consumers as they have in the past. By contrast, institutions with larger volumes of remittance transfers may need to reevaluate their remittance transfer processes to ensure that they are able to disclose actual exchange rates and fees. Since the rule is likely to be finalized soon, we recommend that financial institutions take steps now to evaluate their remittance transfer volumes to particular countries and recipient financial institutions to gain an understanding of how they will likely be impacted.

For more information, please contact Nicole Turner.

Ready to work with us?

Kat Sanchez
Kat Sanchez
+1 310.617.7281