Compliance Question of the Week

In today’s banking environment as soon as one big new regulation is implemented another pops up. Our compliance resources help your community bank stay one step ahead of the regulators.

Regulations and Guidance

Compliance Question of the Week

Question: What is the difference between CDD and EDD under the Bank Secrecy Act?


Customer Due Diligence (CDD) is performed on all customers, whereas Enhanced Due Diligence (EDD) is typically performed on select customers depending on the outcome of the initial CDD.

If the bank determines from the EDD that the customer poses a high money laundering or terrorist financing risk, the customer is further risk rated for ongoing monitoring efforts.

Reference: 31 CFR 1020.210.

Q&A Archives


Offering or negotiating terms of a loan does not include solely or in combination:

(i) Providing general explanations or descriptions in response to consumer queries regarding qualification for a specific loan product, such as explaining loan terminology (e.g., debt-to-income ratio); lending policies (e.g., the loan-to-value ratio policy of the covered financial institution); or product-related services;

(ii) In response to a consumer's request, informing a consumer of the loan rates that are publicly available, such as on the covered financial institution's Web site, for specific types of loan products without communicating to the consumer whether qualifications are met for that loan product;

(iii) Collecting information about a consumer in order to provide the consumer with information on loan products for which the consumer generally may qualify, without presenting a specific loan offer to the consumer for acceptance, either verbally or in writing;

(iv) Arranging the loan closing or other aspects of the loan process, including communicating with a consumer about those arrangements, provided that communication with the consumer only verifies loan terms already offered or negotiated;

(v) Providing a consumer with information unrelated to loan terms, such as the best days of the month for scheduling loan closings at the covered financial institution;

(vi) Making an underwriting decision about whether the consumer qualifies for a loan;

(vii) Explaining or describing the steps or process that a consumer would need to take in order to obtain a loan offer, including qualifications or criteria that would need to be met without providing guidance specific to that consumer's circumstances; or

(viii) Communicating on behalf of a mortgage loan originator that a written offer, including disclosures provided pursuant to the Truth in Lending Act, has been sent to a consumer without providing any details of that offer.

Reference: 12 CFR 1007, Appendix A.


Under ECOA and Regulation B, lenders are prohibited from using credit scoring systems that take into account any prohibited basis, except for age.

Lenders are not permitted to use a credit scoring system that considers race, color, religion, national origin, or sex to evaluate an applicant's creditworthiness.

However, ECOA and Regulation B allow lenders to consider age as a predictive factor in an empirically derived, demonstrably and statistically sound, credit scoring system (validated system). Age may be taken directly into account in a credit scoring system that is “demonstrably and statistically sound,” as defined in section 1002.2(p), with one limitation: applicants age 62 years or older must be treated at least as favorably as applicants who are under age 62.

If age is scored by assigning points to an applicant's age category, elderly applicants must receive the same or a greater number of points as the most favored class of nonelderly applicants.

Age-split scorecards. Some credit systems segment the population and use different scorecards based on the age of an applicant. In such a system, one card may cover a narrow age range (for example, applicants in their twenties or younger) who are evaluated under attributes predictive for that age group. A second card may cover all other applicants, who are evaluated under the attributes predictive for that broader class. When a system uses a card covering a wide age range that encompasses elderly applicants, the credit scoring system is not deemed to score age. Thus, the system does not raise the issue of assigning a negative factor or value to the age of elderly applicants. But if a system segments the population by age into multiple scorecards, and includes elderly applicants in a narrower age range, the credit scoring system does score age.

To comply with the Act and regulation in such a case, the creditor must ensure that the system does not assign a negative factor or value to the age of elderly applicants as a class.

Reference: Official Staff Interpretation 12 CFR 1002.6(b)(2) and 1002.2(p).


If the bank has charged off a mortgage loan a periodic statement is not required if the two following conditions apply:

  • The loan is charged off according to the bank’s loan loss provisions and will not charge any additional fees or interest on the account;

  • Within 30 days of the charge off or the most recent periodic statement*, the bank provides a periodic statement clearly and conspicuously labeled “suspension of Statements & Notice of Charge Off – Retain this copy for our records”.

*Note: the periodic statement must also contain specific information, see Regulation Z for details.

Reference: Real Estate Settlement Procedures Act (Regulation X) and Truth in Lending Act (Regulation Z Mortgage Servicing Rules, Small Entity Compliance Guide, April 19, 2018, page 67. See also: Regulation Z 1026.41(e)(6)



No, a lender need not reconcile or otherwise be concerned with a flood zone discrepancy. For NFIP policies issued under FEMA’s Risk Rating 2.0 - Equity in Action (Risk Rating 2.0), premium rates are no longer determined by the flood zone in which the property is located. Moreover, the flood zone is no longer included on the declarations page for NFIP policies issued under Risk Rating 2.0. 

Flood insurance policies issued by a private insurer may still include the flood zone on the declarations page. Further, NFIP policies that have not been issued or renewed under Risk may resolve flood zone discrepancies differently. Rating 2.0 will include the flood zone on the declarations page. In these cases, lenders also need not reconcile any discrepancy. 

The flood zone determination is still necessary to determine if a property is located in an SFHA. If the SFHDF indicates that the building securing the loan is in an SFHA, the lender must require the appropriate amount of insurance coverage in accordance with the Act and Regulation. For disputes regarding whether a property is located in an SFHA, see Q&A Zone 3. 

Reference: Interagency Flood Q&A Zone 1.


For the purposes of Regulation P, some agreement considerations should include whether the contract adequately prohibits the third party from disclosing or using the information other than to carry out the purposes for which the information was disclosed as stated under 1016.13.

For example, the contract should state specifically what can be shared, disclosed, reused; who is able to use it, and whether the bank should be consulted and have approval before any marketing is performed on behalf of the bank.

For additional information on agreements and contracts, consider reviewing agency guidance on third party vendors.

Reference: Regulation P: 12 CFR 1016.13 See also: 12 CF R 1016.11


Generally, an act or practice is not considered unfair if consumers may reasonably avoid injury. Consumers cannot reasonably avoid injury if the act or practice interferes with their ability to effectively make decisions or take action to avoid the injury. For example, consumers cannot avoid injury if a transaction occurs without their knowledge or consent.

Reference: CFPB Consumer Laws and Regulations Exam Manual V.2 (October 2012), UDAAP.



Regulation DD requires any fees that are required to be disclosed under 1030.4(b) to be included on the periodic statement.

Fees that were debited during the statement period are required to be disclosed. The fees must be itemized by type and dollar amounts.

Regulation DD does make an exception for fees under 1030.11(a)(1), when fees of the same type are imposed more than once in a statement period, the bank may itemize each fee separately or group the fees together and disclose a total dollar amount for all fees of that type. When fees of the same type are grouped together the description must make it clear that the dollar figure represents more than a single fee, e.g., “total fees for checks written this period”.

Reference: 1030.6; Official Staff Interpretation 1030.6(a)(3) Itemizing fees by type. 



A Web site or online service that is directed to children under the criteria set forth in paragraph (1) of this definition, but that does not target children as its primary audience, shall not be deemed directed to children if it:

(i) Does not collect personal information from any visitor prior to collecting age information; and

(ii) Prevents the collection, use, or disclosure of personal information from visitors who identify themselves as under age 13 without first complying with the notice and parental consent provisions of this part.

Reference: 16 CFR 312.2 Definitions

Ask an Expert

We want to hear your pressing questions about compliance at your bank. Please fill in the form below. Not all questions will be featured. Your questions will be kept anonymous.