Compliance Insights - September 2016

Compliance Insights - September 2016

Recent CFPB and DOJ Fair Lending Enforcement Action Raises Eyebrows

In June 2016, the Consumer Financial Protection Bureau (CFPB) and the Department of Justice (DOJ) announced a joint action against a midsize bank for having allegedly discriminated against certain customers on prohibited bases throughout the lending process. The consent order would require the bank to pay $10.6 million to address its discriminatory lending practices, inclusive of a $3 million penalty, a $4 million loan subsidy program for qualified applicants in minority neighborhoods in Memphis and $2.78 million in restitution to African-American consumers harmed by the bank’s practices, as well as requirements to increase the bank’s physical presence in Memphis, implement fair lending-related policies and procedures, and extend credit offers to African-American customers previously denied mortgages.

The complaint alleges that the bank engaged in numerous discriminatory practices in violation of the Equal Credit Opportunity Act (ECOA) and the Fair Housing Act (FHA), including:

  • Illegally engaging in practices to avoid lending in minority communities in Memphis, a practice known as “redlining,” as evidenced by its marketing efforts and the locations of its branches;
  • Discriminating in underwriting by allowing employees discretion in making credit decisions, which led to African- American applicants being denied certain mortgage loans more often than similarly-situated white applicants;
  • Discriminating against African-American borrowers who did receive mortgage loans by offering them products at much higher annual percentage rates than similarly-situated white borrowers; and
  • Explicitly discriminating against African-American borrowers by policy on the basis of race, as evidenced by the CFPB through audio recordings the bank provided – excerpts of which are included in the complaint itself – of bank employees discussing this policy and practices, and expressing generally negative perceptions of African-American customers.

This action demonstrates the CFPB’s continued focus on fair lending-related issues, particularly its recent emphasis on redlining. Further, the action is notable because, in the CFPB’s own statement, this represents one of the first investigations in which it employed mystery-shopping testers to support allegations it received from customers about the bank’s discriminatory practices. And if for no other reason, the enforcement action stands out because of the examples of overt discrimination by bank employees, as noted in audio recordings. Bank and non-bank lenders should study the enforcement action and consider taking steps to:

  • Evaluate the strength of their own fair lending compliance programs, including an assessment of lending policies and procedures as well as employee awareness training to prevent such behaviors;
  • Redouble efforts around their redlining-related statistical monitoring; and
  • Evaluate the feasibility of enhanced fair lending monitoring techniques, including internal mystery-shopping programs.

Sleepy Screening Practices Result in Kingpin Violation

In July 2016, the Office of Foreign Assets Control (OFAC) issued a Finding of Violation to a U.S. bank for maintaining accounts for approximately one year on behalf of two individuals on OFAC’s List of Specially Designated Nationals and Blocked Persons (the SDN List). OFAC’s citation was, in part, due to the bank’s size as a commercially-sophisticated financial institution pursuant to the general factors under its Economic Sanctions Enforcement Guidelines and having knowledge of the conduct that led to the violations.

The bank’s sanction-screening deficiencies resulted in violations of OFAC’s Foreign Narcotics Kingpin Sanctions regulations, which implement the Foreign Narcotics Kingpin Designation Act (the Kingpin Act). The Kingpin Act, signed into law in 1999, provides the authority to apply economic sanctions to drug traffickers and their global organizations.

The bank maintained separate, albeit inactive/dormant, accounts for and on behalf of two individuals when OFAC determined them to be SDNs in June 2013. Due to a misconfiguration in the bank’s sanction screening software that purportedly precluded the bank, for nearly four years, from reviewing inactive/dormant accounts, the bank failed to identify and block either account. Additionally, in May 2014, nearly one year after OFAC’s SDN designation of these two individuals, a member of the bank’s staff identified through a negative news search that one of the individuals was indeed a customer. As a result of the negative news search, bank personnel filed a report with a U.S. government agency, yet the bank failed to take further required action. Although the bank did not process any transactions for or on behalf of either of the two designated individuals, OFAC contends that the bank violated sanctions regulations by failing to block/freeze the accounts and to report them to the U.S. Department of the Treasury.

Inactive/dormant accounts represent an increased risk of misappropriation; they may, depending on the risk-based approach of each financial institution, receive minimal periodic review, and unauthorized transactions can easily avoid internal detection if proper controls are not in place. To avoid sanction screening oversights, financial institutions should consider:

  • Establishing frameworks to govern the operations of inactive/dormant accounts and specifically include definitions of inactive/dormant accounts and conditions under which accounts may be reactivated;
  • Defining and implementing comprehensive sanction screening controls commensurate with their sanctions risk appetites to ensure that customers, employees, vendors, transactions and associated parties are reviewed for sanctions on a risk-based approach; and
  • Performing periodic testing of the system configuration and tuning of sanction screening rules to determine the level of coverage provided by these systems and to demonstrate to regulators that their processes and configurations are in line with regulatory expectations.

CCAR-Related Attestations

Federal Reserve requirements for Forms FR Y-14A, FR Y-14Q and FR Y-14M (annual, quarterly and monthly financial reports, respectively), published in January 2016, require bank holding companies that are overseen by the Federal Reserve’s Large Institution Supervision Coordinating Committee (the LISCC Firms) to include an attestation from their chief financial officers (CFOs), beginning December 31, 2016, for the annual FR Y-14 reporting and in 2017 for the quarterly FR Y14-Q and monthly FR Y-14M reporting.

Under the new requirements, the CFO’s attestation must address the following:

  • That the actual and projected data reported on the FR Y-14 reporting was prepared in good faith using reasonable efforts to conform to the applicable Federal Reserve instructions; this was added to the requirements based on industry feedback, as some believed that a bank should not be penalized for incorrect reporting where the bank has made a good-faith effort to comply;
  • That reported data is materially correct to the best of the CFO’s knowledge;
  • That actual data reported is subject to internal controls over financial reporting that are effective and include those practices necessary to provide reasonable assurance as to the accuracy of such data; the attestation must explicitly acknowledge that the internal controls are the responsibility of management, not just the CFO (this attestation initially will be required only for the annual [FR Y-14A] reporting, and will also be required in the quarterly [FR Y-14Q] and monthly [FR Y-14M] reporting beginning December 31, 2017);
  • An attestation that internal controls are audited at least annually by internal audit or compliance and are assessed regularly by management of the bank holding company; the CFO must provide this attestation only for the annual FR Y-14A reporting beginning on December 31, 2016; and
  • An agreement to report promptly any material weaknesses in internal controls related to financial reporting, subject to the FR Y-14 requirements, and any material errors or omissions in submitted data; this attestation will be required for all reports on the FR Y-14 reporting.

The Federal Reserve has also required other technical changes to these reports (e.g., further clarity has been provided for the information required to be reported regarding disposed loans).
The CFO attestation requirements represent a significant change to the financial reporting requirements. The Federal Reserve raises the standard for accountability, and the affected banks will need to digest the nuances of the new guidance and ensure seamless implementation. Banks might consider establishing separate attestation processes to address these requirements or add new language and procedures to existing certification processes.

It is important to note that this newsletter is provided for general information purposes only and is not intended to serve as legal analysis or advice. Companies should seek the advice of legal counsel or other appropriate advisers on specific questions and practices as they relate to their unique circumstances.

 

Click here to access all series

Ready to work with us?