Top-of-Mind Compliance Issues for 2021
No 2020 “year in review” for us. We’re glad 2020 is over. We’re looking ahead to the issues that will likely shape the compliance agenda for financial services companies in 2021. While we admit, as you will note in the commentary below, that we can’t completely forget about 2020, it’s time to move on and prepare for the challenges ahead.
We’ve identified 12 issues, in no particular order, that we think should be top of mind for management and compliance professionals this year. In this issue of Compliance Insights, we offer brief commentary on each of these topics, which we will address in more detail in subsequent issues. Bear in mind that the issues we selected do not apply equally to all types of financial institutions and that limiting the list to 12 issues wasn’t easy. Consistent with advice we would give our clients, expect us to modify the list as regulatory concerns and industry priorities evolve. Finally, while we think many of these issues are relevant outside of the borders of the United States, this list is focused primarily on issues facing U.S. financial services providers.
Financial crime compliance will remain front and center for the industry and regulators. With the passage of the Anti-Money Laundering Act of 2020, the first major anti-money laundering (AML) legislation in nearly 20 years, the U.S. financial services industry will be closely monitoring the required implementing regulations with the hope that they will provide the opportunity for improved efficiency and effectiveness. Financial institutions should monitor the rulemaking and studies required by the legislation, as well as evolving regulations and guidance on cryptocurrency services, to determine the impact on their AML compliance programs.
Meanwhile, there is no reason to believe that the Biden administration, Congress or regulators will ease up on AML compliance. In fact, the nexus between money laundering and other administration concerns, such as immigration policy and human trafficking, may well increase expectations of the role of the financial services industry in preventing and identifying these crimes. Similarly, while we can expect to see some changes to existing sanctions programs, we also expect that the new administration will not shy away from using sanctions as a public policy tool.
Consumer compliance, including access and equity in the provision of financial services, will be a top priority for the Biden administration. With the nomination of Rohit Chopra, who worked with Elizabeth Warren to stand up the Consumer Financial Protection Bureau (CFPB) when it was first authorized, as the new director of the Consumer Financial Protection Bureau (CFPB), we expect to see a reversal of the strategy of the current CFPB leadership, which has been viewed by some as more benign.
We expect the CFPB to focus on compliance enforcement, particularly on larger banking organizations, and to look to rewrite certain rules such as the payday lending rule issued by the CFPB in 2020 that stripped out the “ability to pay” provision, which many believe significantly weakened consumer protection. The likelihood of more progressive CFPB leadership is further increased by the recent Democratic sweep of the Georgia recount races, reducing the ability of Republicans in the Senate to block the president-elect’s preferred nominees.
Consumer protection around loan servicing (payment relief, forbearance, default management, loss mitigation, third-party debt collection) will remain a priority as the effects of COVID-19 continue to challenge the capacity of consumers to meet their financial obligations.
New CFPB leadership is also expected to home in on the affordable housing crisis in the United States and regulations impacting low- and moderate-income and minority consumers, like fair housing and fair lending. This would be consistent with the focus on racial equity that had been identified, along with COVID-19, economic recovery and climate change, as one of the four key areas of focus by the Biden transition team.
One proposal made during the Biden campaign that has received a lot of attention is the creation of a public credit reporting agency. This agency would compete against the likes of Equifax, Experian and TransUnion and aim to "minimize racial disparities" in credit reporting after some studies found that the current system disadvantages and excludes minorities.
Community Reinvestment Act
With competing proposals for reforming the Community Reinvestment Act of 1977 issued by the bank regulators, widespread calls for change by customer and community groups, and industry agreement that it is time to revamp this outdated requirement, there is strong impetus for completing regulators’ efforts to reform this outdated requirement, but it won’t be easy. Achieving the consistent regulatory approach desired by the industry and satisfying the demands of other interested parties will require consensus-building that we have not witnessed in recent years.
With face-to-face banking options severely limited by COVID-19, customer service functions were forced to pivot to 100% remote operations that came with some surprises along the way, including the inability of some offshore customer service providers to operate remotely. We’ve also seen an exponential increase in customer service calls associated with government-funded programs such as Paycheck Protection Program (PPP) and unemployment benefits, a surge in consumer payment disputes and fraud claims, and individual borrower efforts to obtain loan forbearance or modify mortgages and other consumer loans. In some cases, these conditions have led to an increase in customer complaints, negative social media and press coverage, and escalating regulatory concerns with how customers are being treated. With the stabilization in the market that we hope to see in 2021, financial institutions should examine what lessons were learned during the height of COVID-19 and consider longer-term effects on their customer service models to improve their resilience in the face of future market disruptions.
While very much a financial crimes issue, the current environment has brought added attention to the occurrence of fraud. With a new tranche of PPP funds about to be made available and seemingly endless media coverage of the endemic fraud that has occurred with PPP lending to date, the spotlight will remain on preventing and detecting fraudulent use of these government funds.
The lessons learned in the earlier distribution of PPP funds should be applied to the new round of funding — and indeed, recently issued guidance from the Small Business Administration suggests that PPP 2.0 funding will proceed a bit more slowly than 1.0 to allow for additional fraud and compliance checks. While the industry has greatly assisted law enforcement in uncovering PPP- and unemployment-related fraud, we expect many more cases to come to light as financial institutions work through the forgiveness process.
We also expect to see further issuances by the Financial Crimes Enforcement Network and other regulatory bodies alerting the industry to other COVID-related fraud schemes, including investment scams, imposter scams, insider trading, product scams and — most recently — criminal activity related to COVID-19 vaccines. These circumstances have required heightened transaction monitoring and trade surveillance diligence, including the adoption of new rules and scenarios to detect potential wrongdoing.
When U.K. regulators first launched the discussion on operational resilience in late 2019, they may have been prescient. The four foundational pillars of operational resilience — business resilience, cyber resilience, third-party resilience and technology resilience — were all top of mind in 2020.
We anticipate that with both regulators and the industry actively mining the lessons learned during COVID-19 (some of which are discussed in a report issued by Protiviti and SIFMA titled COVID-19: Initial Lessons Learned and Considerations for Managing a Pandemic), operational resilience will remain near the top of the agenda for 2021, as regulators’ expectations become clearer and the focus we have seen by U.K., EU and U.S. regulators extends into other jurisdictions.
The London Interbank Offered Rate (LIBOR), viewed by some as the most important number in the financial markets, was originally set to be phased out by the end of 2021. Accommodating this change was never going to be an easy task for the financial services industry — and then, there was COVID-19. Many financial institutions appeared to table, or at least slow, transition efforts as they dealt with the impact of COVID-19 and other priorities, notwithstanding persistent reminders from regulators that the deadline was firm.
Then, as aptly described in a blog post by Dechert LLP, regulators blinked in early December 2020. The ICE Benchmark Administration (IBA) said that it would enter a “consultation” in which it would consider delaying the end of the U.S. dollar LIBOR until June 30, 2023. At the same time, the Federal Reserve published a statement welcoming the IBA proposal, and even the U.K.’s Financial Conduct Authority, the agency that matters most because it controls the LIBOR process, chimed in with similar enthusiasm.
While we can certainly question why regulators didn’t pause the transition process earlier when it was apparent that the industry was struggling to keep pace, and we can wonder whether or not they will blink again, the extension, assuming it is confirmed through the consultation, will provide needed relief for the industry and contribute to a more orderly transition with better outcomes. We resisted our own urge to blink by removing this from the 2021 priority list, but we believe there is still much work to be done that can’t wait until 2022, and so it remains on the list, at least for now.
Environmental, Social and Governance Issues
Environmental, social and governance (ESG) issues are becoming increasingly important for financial services companies. They address a number of key risks, ranging from doing business with, investing in and lending to sustainable companies to diversity and treatment of employees.
In the current environment, the resolve of financial firms and their investors to enhance the industry’s ESG performance has been strengthened and is likely to gain support from the Biden administration, given its focuses on climate change and racial equity. ESG disclosure is likely to be revisited by a Biden-selected chair of the Securities and Exchange Commission (SEC), making way for the United States to begin catching up with Europe and other jurisdictions that have already adopted more prescriptive disclosure requirements.
There has been a groundswell of industry-focused attention on ESG, such as the December 2020 Climate Finance Markets and the Real Economy report issued by several capital markets trade associations, as well as the letter issued by the New York Department of Financial Services (NYDFS) on October 29, 2020, explaining what NYDFS sees as the principal financial risks stemming from climate change and its expectations for managing these risks.
Regulatory initiatives to counter ESG concerns, such as the Department of Labor’s June 2020 rule that casts doubt on the value of ESG ratings and requires that a fiduciary must compare an investment opportunity with the opportunity for gain associated with reasonably available investment alternatives with similar risks, and the Office of the Comptroller of the Currency’s proposed Fair Access Rule that would prohibit large banks from denying credit to “politically controversial, but lawful businesses,” are likely to continue to receive significant market pushback. However, we do think that the Biden administration and the accompanying nomination of more progressive leaders of many of the relevant agencies are likely to lead to the latter two “counter-ESG” proposals being pulled back.
With a Biden administration and privacy concerns that have intensified in the COVID-19 environment, some believe that we could see a universal federal privacy law in the foreseeable future. Both President Biden, from his days in the Obama administration, and Vice President Harris, who was California Attorney General when the California Online Privacy Act was passed, have experience dealing with privacy concerns.
For the financial services industry, health care and other businesses that currently face meaningful state requirements, dealing with the existing patchwork of state laws is unwieldy, so private-sector support for a federal law is likely to be strong. Consumers too would be expected to welcome a more uniform approach to managing privacy and addressing breaches. The time seems right for progress.
Compliance Program Transformation
COVID-19 accelerated the digital agenda for many financial institutions, but the work is not done. Decisions made under the pressure of adapting to the COVID-19 environment will need to be revisited to determine:
- If they are optimal and sustainable
- If there is alignment between technologies that have been deployed and the institution’s target operating model
- If technology partners are delivering the expected results and are being adequately monitored
- If the existing compliance workforce understands and can explain the technologies being deployed
- What the impact has been on the customer journey
- If the changes made are delivering the strategic cost reductions that financial institutions hoped would accompany their digital transformation programs
Both management and regulators will likely be looking more closely at the choices that were made and how the benefits of those choices can be optimized, and the risks mitigated.
Changing Regulatory Posture
Congress makes laws, and regulators enforce them. History has proven time and time again that changing regulator views on supervision and enforcement can have a profound effect on the financial services industry.
Early signs portend a more challenging environment for the financial services industry. President Biden tapped former Commodity Futures Trading Commission head Gary Gensler, who has a reputation for being tough on Wall Street, to work on a transition plan for financial industry oversight and has since named him his choice for chairman of the SEC. For CFPB director, President Biden, as previously noted, has nominated Rohit Chopra. Many of our identified priorities are sure to be included on the agendas for these and other Biden appointees.
You may be asking why other issues did not make our list — third-party risk management, cybersecurity, conduct risk, compliance risks associated with new and emerging products such as cryptocurrency, and the leveling of the playing field between traditional financial institutions and newer market entrants, to name but a few. Rest assured, we considered all of these and more. Some are embedded in the topics addressed above, and all are contenders for their own spot on the list as we update it throughout the year. If you have other ideas, we welcome your input.