Compliance Question of the Week

In today’s banking environment as soon as one big new regulation is implemented another pops up. Our compliance resources help your community bank stay one step ahead of the regulators.

Regulations and Guidance

Question: Is the notice of availability of federal disaster relief required to be provided if the lender makes a subsequent loan to the same borrower and the loan is secured by the same property?


Section 12 CFR 339.9 does not state that the lender may waive the notice in the event that the same lender makes a subsequent transaction with respect to the same property.

Under Interagency Q&A, the Regulation does not waive the requirements to provide the Special Flood Hazards Notice to the borrower. Although, subsequent transactions by the same lender with respect to the same property are the functional equivalent of a renewal and do not require a new determination, the lender must still provde a new Notice of Special Flood Hazards to the borrower.

 Reference: 12 CFR 339.9; Interagency Flood Q&A, 2022, IX Notice of Special Flood Hazards and Availability of Federal Disaster Relief; Notice 6.




Q&A Archives


In general, bank employees must have a federal registration which is not specific to a single state. A state license is required when a mortgage originator works for a state licensed company. See the nationwide license system FAQ for additional information.





If the consumer's delay in notifying the bank was due to extenuating circumstances, the bank must extend the times specified above to a reasonable period. An example would be a hospital stay or extended travel.

Reference: 1005.6(b)(4)




Yes. Although the texts aren’t personal, i.e., the texts don’t include any account information, cybersecurity is always a concern. For example, if a hacking incident occurs, does the bank have in place procedures to respond; to ensure that those affected are notified; to ensure that those who regularly receive the texts know that it is not the bank but a hacker requesting information.

In addition, the bank needs to be aware of compliance regulations that may pertain to social media messages e.g., in the context of student loans – Regulation Z and any advertising requirements that may apply; FCRA; Reg B and fair lending to guard against discrimination; privacy laws; and information security, consumer complaint response, etc. In addition, a consumer complaint process should be established.

Reference: Regulation Z: 12 CFR 1026.24; 1026 Subpart G Fair lending and Regulation B: 12 CFR 1002 Regulation P (privacy): 12 CFR 1016 Information Security Guidelines Fair Credit Reporting Act. See also: FFIEC: Social Media; Consumer Compliance Risk Management Guidance, 2013. FFIEC IT information Security, 2016




A bank that is found in violation of ADA may be subject to an investigation by the Justice department.

Reference: See sections: Subpart E of ADA; 36.501-508



Consumer must be informed clearly and conspicuously about the following:

  • any right or option of the consumer to have the record provided or made available on paper or in nonelectronic form, and

  • the right of the consumer to withdraw the consent to have the record provided or made available in an electronic form and of any conditions, consequences (which may include termination of the parties’ relationship), or fees in the event of such withdrawal

  • whether the consent applies:

    • only to the particular transaction which gave rise to the obligation to provide the record, or
    • to identified categories of records that may be provided or made available during the course of the parties’ relationship


  • the procedures the consumer must use to withdraw consent and to update information needed to contact the consumer electronically; and

  • how, after the consent, the consumer may, upon request, obtain a paper copy of an electronic record, and whether any fee will be charged for such copy.

Reference: 15 U.S.C. 7001(c).


A short year statement must be provided within for the following scenarios:

  • Servicing transfer - must be provided by the former servicer within 60 days of transfer.
  • Loan payoff - must be provided within 60 days of receiving funds.
  • Change computation year - must be provided within 60 days from the end of the short year.

Reference: 12 CFR 1024.17(i)(4). 



No. The regulation allows that if the application is accessed in an electronic form, the “shopping disclosures” may be provided to the consumer in an electronic form on or with the application.

Reference: 12 CFR 1026.19(c).





The following is not a definitive list, each bank should develop its risk assessment based on its own set of circumstances and the complexity of its electronic banking system.

That said, per the BSA examination manual: Accounts that are opened without face-to-face contact may be a higher risk for money laundering and terrorist financing for the following reasons:

  • More difficult to positively verify the individual’s identity.
  • Customer may be out of the bank’s targeted geographic area or country.
  • Customer may perceive the transactions as less transparent.
  • Transactions are instantaneous.
  • May be used by a “front” company or unknown third party.

Based on the assessment, the bank should develop a comprehensive program that establishes BSA/AML monitoring, identification, and reporting for unusual and suspicious activities occurring through e-banking systems.

Reference: FFIEC BSA/AML Examination Manual 2/27/2015.V2





Ask an Expert

We want to hear your pressing questions about compliance at your bank. Please fill in the form below. Not all questions will be featured. Your questions will be kept anonymous.