Compliance Insights July 2019

Compliance Insights July 2019

SEC Adopts Regulation Best Interest to Enhance Protections for Retail Investors

On June 5, 2019, the Securities and Exchange Commission (SEC) adopted rules designed to enhance the quality and transparency of retail investors’ relationships with investment advisors and broker-dealers. Of specific consequence is Regulation Best Interest or Reg BI, which establishes a standard of conduct for broker-dealers and associated persons when making a recommendation of any securities transaction or investment strategy involving securities. Although there is considerable overlap between the SEC’s Reg BI and the Financial Industry Regulatory Authority’s (FINRA) suitability rule, Reg BI codifies, enhances and adds additional elements previously not part of the suitability rule.

Specifically, Reg BI requires broker-dealers to act in the best interest of their customers without placing their own financial or other interests ahead of the retail customer’s interest. The rule imposes four component obligations on broker-dealers or associated persons, including the following:

  • Disclosure: Disclose, in writing, all material facts relating to the scope and terms of the relationship with the retail customer, including material conflicts of interest associated with its recommendation.
  • Care: Exercise reasonable diligence, care, and skill to understand the risks, rewards and costs associated with a recommendation.
  • Conflict of interest: Establish, maintain, and enforce written policies and procedures reasonably designed to identify and, at a minimum disclose or eliminate, all material conflicts of interest that are associated with a recommendation.
  • Compliance: Establish, maintain and enforce written policies and procedures reasonably designed to achieve compliance with Reg BI.

According to Robert Cook, FINRA’s president and CEO, FINRA will coordinate with the SEC to enforce the new rules, particularly those pertaining to suitability under Reg BI’s care obligation. The care obligation requires that broker-dealers consider, among other things, a customer’s investment profile in order to make recommendations that are in the customer’s best interest. This obligation also applies to a series of recommended transactions, currently referred to as quantitative suitability, irrespective of whether a broker-dealer exercises actual or de facto control over a customer’s account, according to SEC Chairman Jay Clayton. The enhancement in suitability requirements would allow regulators to bring enforcement actions against broker-dealers for alleged misconduct, Clayton said.

In a statement following the SEC’s adoption of Reg BI, the Securities Industry and Financial Markets Association’s (SIFMA) president and CEO, Kenneth E. Bentsen, Jr., said it is undeniable that the new rules will directly enhance investor protection and contribute to increased professionalism among financial service providers. However, Bentsen admitted that compliance will not be easy for the industry and that firms will need to make substantial changes.

Reg BI presents unique challenges to covered entities and individuals. While practical and rational, compliance will be burdensome. The requirements around suitability and supervision in particular, will require firms to have a thorough understanding of their customers and validate the compliance of their organization through a transaction lifecycle. Compared to regulatory requirements which mandate a specific disclosure, like a customer statement or reconciliation, for which compliance can easily be demonstrated, Reg BI allows for significantly broader interpretation by regulators.

Firms need to understand exactly how Reg BI will affect their organization and employ the proper processes and procedures to both assure and demonstrate compliance to regulatory bodies. Monitoring and reporting of client interactions, rationale for execution of trades, existing or possible conflicts of interest and other relevant data will all have to blend together under a validated monitoring framework capable of managing and reporting such extensive data.

Recent OFAC Amendments Include New Obligations

In a move that received the attention of a number of law firms, but limited coverage otherwise, the Office of Foreign Assets Control (OFAC) published, on June 20, 2019, an Interim Final Rule that amends its Reporting, Procedures and Penalties regulation (31 CFR 501). The amendments revise licensing procedures, provide additional instructions regarding applications for the release of blocked funds, clarify what information provided to OFAC may be made available under federal law, including under the Freedom of Information Act (FOIA), and include new requirements for parties filing reports on blocked property, unblocked property, and rejected transactions. The Interim Final Rule was effective on June 21, 2019, and OFAC accepted public comments on the amendments until July 22, 2019.

The most noteworthy changes reflected in the Interim Final Rule relate to transactions that need to be rejected and who is obligated to reject them. Depending on the circumstances, OFAC regulations require blocking or rejecting. If an OFAC Specially Designated National (SDN) has an interest in the transaction, then the funds must be blocked. If it is only the underlying transaction which is prohibited and no blocked parties have an interest, then the transaction must be rejected. In its FAQs, OFAC illustrates these two concepts with the following examples:

  • A U.S. bank interdicts a commercial payment destined for the account of XYZ Import-Export Co. at the Bank of XYZ in Sudan. The Bank of XYZ is wholly owned by the Government of Sudan and, accordingly, is a Specially Designated National of Sudan. This payment must be blocked.
  • A U.S. bank interdicts a commercial payment destined for the account of ABC Import-Export at Sudanese French Bank, Khartoum, Sudan. Unlike the Bank of XYZ, Sudanese French Bank, Khartoum is a private sector entity so there is no blockable interest in this payment. However, processing the payment would mean facilitating trade with Sudan and providing a service in support of a commercial transaction in Sudan, therefore the U.S. bank must reject the payment.

The relevant language in the prior version of the regulation said:

Any financial institution that rejects a funds transfer where the funds are not blocked under the provisions of this chapter, but where processing the transfer would nonetheless violate, or facilitate an underlying transaction that is prohibited under, other provisions contained in this chapter, must report.

The amended language says:

Any U.S. person (or person subject to U.S. jurisdiction), including a financial institution, that rejects a transaction that is not blocked under the provisions of this chapter, but where processing or engaging in the transaction would nonetheless violate a provision contained in this chapter, shall submit a report . . .

The amended regulation goes on to define rejected transactions as those related to wire transfers, trade finance, securities, checks, foreign exchange, and goods or services. The preamble to the Interim Final Rule indicates that this expanded definition is intended to make clear that rejected transactions include more than funds transfers.

In other words, all U.S. persons must now report rejected transactions of all types. The starkest impact of these changes will be on non-financial institutions that must now not only report rejected transactions, but also grapple with what a rejected transaction is, given the broad and rather vague language in the regulation. For financial institutions, review of existing procedures may be warranted to verify that they require reporting of all rejected transactions and not just funds transfers.

All U.S. persons should also confirm that reporting of rejected transactions include all of the data points required by the amended regulation, specifically: (1) The name and address of the person that rejected the transaction and a contact from whom additional information may be obtained; (2) a description of the rejected transaction, including certain required identifying information; (3) if applicable, the associated sanctions target(s) whose involvement in the transaction has resulted in the transaction being rejected and its location, if known; (4) the date the transaction was rejected; (5) the actual, or if unknown, estimated value of the property in U.S. Dollars; (6) the legal authority or authorities under which the transaction was rejected; and (7) a copy of any related payment or transfer instructions or other relevant documentation. These requirements have been specified, according to the preamble of the Interim Final Rule, to lessen the burden on submitters and avoid the need for OFAC to follow up on incomplete reports.

Increased reporting of rejected transactions will provide OFAC more information on parties that are attempting to process transactions which are at odds with current U.S. sanctions, and offers yet another reminder of the importance the United States currently places on its sanction programs.

FDIC Releases Supervisory Highlights Outlining Consumer Compliance Issues

On June 14, 2019, the Federal Deposit Insurance Corporation (FDIC) published its Consumer Compliance Supervisory Highlights to provide supervised institutions with information and observations related to the FDIC’s consumer compliance supervision activities in 2018. The publication provides a high-level overview of certain compliance issues identified by the FDIC during its examination of state non-member banks as well as suggestions for mitigating such issues. A summary of each of the issues addressed in the publication is provided below:

  • Assessing Overdrafts Based on the Available Balance Method: Potentially unfair or deceptive practices were identified at institutions using an “available balance” method to assess overdraft fees. The FDIC found that, under certain circumstances, assessing overdraft charges based on available balance, rather than the ledger balance, led to improper overdraft charges. It also determined that institutions did not adequately disclose this assessment method and the potential impact. The FDIC suggested that such risks could be mitigated by clear disclosure of the balance method and its impact, as well as policies that prevent the assessment of overdraft charges on any transaction authorized against a positive available balance.
  • Real Estate Settlement Procedures Act (RESPA) Section 8 Violations: The FDIC identified RESPA violations related to the payment of illegal kickbacks disguised as payments to realtors and home builders for leased offices or desk space. While lenders may enter into bona fide office rental arrangements, the payments for such space must be based on market value and cannot be used as a method to compensate the lessor for the referral of mortgage business. The FDIC suggests mitigating the risk of such RESPA violations by providing training to mortgage personnel, performing due diligence on new third-party relationships, and staying informed on current regulatory requirements and guidance related to this issue.
  • Regulation E Error Resolution Procedures: The FDIC identified four types of errors committed by financial institutions when resolving electronic funds transfer (EFT) disputes under Regulation E. The agency reported that certain institutions misapplied the regulation’s timing requirements for determining consumer liability for unauthorized EFTs. The regulation provides that consumers may be held liable, under certain circumstances, for unauthorized EFTs that occur more than 60 days after a financial institution sends the first periodic statement on which the error is reflected. However, certain institutions began the 60-day time period when they received notification from the consumer. When this resulted in understated reimbursements to consumers, the institutions were required to refund the difference. The FDIC also determined that certain institutions were discouraging the filing of error resolution requests by establishing onerous requirements for initiating investigations. Such practices included requiring consumers to visit a branch office to initiate an investigation, requiring a notarized affidavit or police report, or requiring consumers to agree to assist law enforcement with investigations. Other concerns identified by the FDIC included institutions not beginning the investigation process upon receipt of an oral notification of error and failure to provide adequate notice to consumers upon completion of an investigation. The FDIC suggested training and the use of error resolution tracking logs to mitigate the risks.
  • Skip-A-Payment Loan Programs: Issues were identified regarding Skip-A-Payment programs which created violations of Section 5 of the Federal Trade Commission Act. Specifically, institutions failed to disclose that the program would lead to paying additional interest over the life of the loan as well as a larger final payment and that escrow payments would still be required. The FDIC also identified institutions that assessed late fees for the month a customer skipped payment. The FDIC suggested that institutions provide consumers with clear and adequate disclosures, train staff, and establish monitoring protocols to ensure adherence to policies regarding such programs.
  • Lines of Credit – Finance Charge Calculation and Disclosure. The FDIC identified instances in which institutions did not accurately calculate or properly disclose finance charges or annual percentage rates (APRs) on periodic statements. These errors were caused by the use of incorrect balances to calculate the finance charge and failure to include start-up fees in the finance charge disclosures. The FDIC did not provide suggestions on mitigating the aforementioned risks; however, including periodic statement testing in an institution’s compliance monitoring program should help to prevent such issues going undetected.

The Supervisory Highlights publication provides insights into the type of compliance issues identified by the FDIC at its supervised institutions. It is also a good indication of the types of issues that the FDIC and other regulatory agencies will continue to look for. Financial institutions should use this information and take proactive steps to mitigate these risks. Compliance officers should address the issues identified above in policies and procedures, as well as in compliance training and monitoring programs.

CFPB Releases Spring 2019 Rulemaking Agenda

On May 22, 2019, the Consumer Financial Protection Agency (CFPB or Bureau) published its Spring 2019 rulemaking agenda. The CFPB voluntarily participates in this effort twice yearly as part of the Unified Agenda of Federal Regulatory and Deregulatory Actions, as coordinated by the Office of Management and Budget. The agenda details those matters the Bureau reasonably expects to consider in its rulemaking activities over the next year (May 2019-April 2020). In its preamble, the CFPB described its priorities and classified them as either implementing statutory directives, continuing current rulemakings, or new projects and further planning. The details of these priorities are set forth below:

  • Implementing Statutory Directives: The Bureau indicated it is engaged in numerous efforts to implement provisions of the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA), which was signed into law on May 24, 2018. These efforts include continuing its rulemakings on Property Assessed Clean Energy (PACE) financing under the Truth in Lending Act, for which an Advance Notice of Proposed Rulemaking (ANPR) was issued in March 2019, as well as amendments to Home Mortgage Disclosure Act (HMDA) requirements related to reporting exemptions. Additional activities related to EGRRCPA include updating small entity compliance guides, issuing written guidance to assist with compliance with the TILA-RESPA Integrated Disclosure Rule (TRID or TRID Rule), and conducting preliminary analysis of the impact of EGRRCPA to be released later this summer. In addition to implementing the directives of EGRRCPA, the Bureau indicated it intends to recommence rulemaking activities under section 1071 of the Dodd-Frank Act, which requires financial institutions to collect and report information on women-owned, minority-owned and small businesses under the Equal Credit Opportunity Act (ECOA).
  • Continuation of Other Rulemakings: The Bureau noted it is also continuing efforts to finalize other rulemakings. For example, in February 2019, it proposed to rescind certain mandatory underwriting provisions of the November 2017 final rule governing payday, vehicle title, and certain high-cost installment loans. Concurrently, it proposed to delay the effective date of those underwriting provisions for 15 months while they were being considered for removal. The proposal to delay the effective date was finalized in June 2019. The Bureau also referenced its May 2019 Notice of Proposed Rule Making on the Fair Debt Collection Practices Act (FDCPA) as part of its current rulemaking efforts.
  • New Projects and Further Planning: The Bureau noted that it will consider rulemaking based on comments to an April 2019 request for information (RFI) related to its Foreign Remittance Transfer Rule issued under Regulation E. The RFI was issued to gather information related to the expiration of a statutorily established exception that permits insured banks and credit unions to provide estimates in certain required disclosures and to request information on other potential remittance transfer issues. The Bureau also indicated it will focus attention on a regulatory provision within Regulation Z, which requires mortgage lenders to determine consumers’ ability to repay and defines certain “qualified mortgages” that are assumed to comply with the ability to repay requirements. Specifically, a temporary provision of the regulation extends qualified mortgage status to loans that are eligible to be purchased or guaranteed by Fannie Mae or Freddie Mac. However, this provision expires in January 2021 and the Bureau will determine whether rulemaking or other follow up activity is necessary as a result.

The Spring 2019 rulemaking agenda is the first issued under Director Kathleen Kraninger and appears to reflect a continuation of the “hands-off” approach that has been the theme under the Trump administration. While new regulations are in the works, they are limited in their impact and, in certain cases (e.g., the FDCPA rulemaking), likely to be welcomed by the industry. The one exception is the forthcoming rulemaking on data collection for business loans to women-owned, minority-owned and small businesses under the ECOA; however, such rulemaking is mandated by the Dodd Frank Act. It is also noteworthy that previous initiatives, such as potential rulemakings regarding overdraft programs, established under the leadership of former director Richard Cordray but reclassified as “inactive” by temporary director Mick Mulvaney, were not mentioned in the current agenda. While the current regulatory agenda suggests a continued respite with respect to new federal regulations, financial institutions are urged to stay vigilant about the evolving regulatory landscape and alternate sources of compliance risk.

About Protiviti

Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independently owned Member Firms provide consulting solutions in finance, technology, operations, data, analytics, governance, risk and internal audit to our clients through our network of more than 70 offices in over 20 countries.

We have served more than 60 percent of Fortune 1000® and 35 percent of Fortune Global 500® companies. We also work with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index.

Ready to work with us?

Kat Sanchez
Kat Sanchez
+1 310.617.7281