Compliance Question of the Week

In today’s banking environment as soon as one big new regulation is implemented another pops up. Our compliance resources help your community bank stay one step ahead of the regulators.

Regulations and Guidance

Question: What is an example of a disclosure delivery that does not comply with the E-SIGN Act requirements?

ANSWER: 

All initial disclosures are provided via mail or in-person. However, the Closing Disclosure is emailed to ensure timely delivery three days prior to closing. The Closing Disclosure is emailed without E-SIGN Act disclosures. The bank relies on acknowledgment of receipt to show demonstrable consent.

Explanation: The Closing Disclosure delivery in this example does NOT comply with the E-SIGN Act requirements for several reasons:

1. The consumer did not receive the disclosures required under the E-SIGN Act.

2. The consumer did not actually agree to receiving the Closing Disclosure electronically prior to receiving it.

3. Proof that the borrower received the Closing Disclosure does not, by itself, show demonstrable consent as required by the E-SIGN Act.

Reference: E-SIGN Act.

Q&A Archives

ANSWER:

CAN-SPAM does not require an opt in for the initiators of commercial email messages. That means if the bank purchased the list, it may not know if anyone on the list asked to OPT out.

However, bear in mind that there could be a violation if someone on the list has in fact opted out.

Consider: Reviewing the requirements and the guidance from the FTC to help determine the risk of purchasing a list.

Reference: https://www.ftc.gov/news-events/blogs/business-blog/2015/08/candid-answers-can-spam-questions

ANSWER:

Lawmakers established an alternative test if banks do not want to wait the two months to exempt an entity or payroll customer under Phase II.

Financial institutions must perform a risk-based analysis of the customer and document a reasonable belief that the customer has a legitimate business need for conducting frequent, large, cash transactions.

An example where the alternative test may apply is a returning customer who was previously exempt.

Reference: 31 CFR 1020.315(c)(2)(i) and (ii).

ANSWER:

An institution must provide to a consumer who does not affirmatively consent to the institution's overdraft service for ATM and one time debit card transactions the same account terms, conditions, and features that it provides to a consumer who affirmatively consents, except for the overdraft service for ATM and one time debit card transactions.

However, the bank may offer deposit accounts with limited features, provided that a consumer is not required to open such an account because the consumer did not opt in.

Reference: 1005.17(b)(3), Official Staff Interpretation 1005.17(b)(3), comment 2.

ANSWER:

When working with a third party, in this case indirect lending, the bank needs to work to minimize compliance risk.

Implementing controls and procedures helps manage the expectations for compliance of the third party. For example:

  • Training the third party on fair lending laws, taking applications and other laws/regulations, as applicable including bank secrecy, privacy, and FCRA;
  • Establishing policies to ensure understanding of bank’s underwriting expectations (e.g., what is acceptable and unacceptable based on bank’s compliance procedures;
  • Monitoring the third party for pricing, markup, discrimination, etc. Monitoring for compliance; reviews, audits, as required;
  • Implementing clearly established requirements for responsibilities of bank and third party.
Reference: https://www.minneapolisfed.org/publications/banking-in-the-ninth/indirect-lending. See also: FDIC, Examination Guidance for Third party lending, July 2016, page 5.

ANSWER:

In general, to obtain access to, copies of, or information contained in a customer’s financial records, a federal government authority, generally, must first obtain one of the following:

  • An authorization, signed and dated by the customer, that identifies the records, the reasons the records are being requested, and the customer’s rights under the act (section 3404)
  • An administrative subpoena or summons (section 3405)
  • A search warrant (section 3406)
  • A judicial subpoena (section 3407)
  • A formal written request by a government agency (to be used only if no administrative summons or subpoena authority is available) (section 3408) Details for each, may be found in annotated sections of Right to Financial Privacy Act.
Reference: Right to Financial Privacy: 12 USC chapter 35 3401

ANSWER:

The bank is permitted to share information with affiliates that is controlled by or is under the common control with the bank.

In general, the bank’s privacy policy must describe the bank’s policies and practices with respect to collecting and disclosing nonpublic personal information about a consumer to affiliated parties.

Also, the notice must provide a consumer a reasonable opportunity to direct the institution generally not to share nonpublic personal information about the consumer (that is, to “opt out”) with nonaffiliated third parties other than as permitted by exceptions under the regulation (for example, sharing for everyday business purposes, such as processing transactions and maintaining customers’ accounts, and in response to properly executed governmental requests). The privacy notice must also provide, where applicable under the Fair Credit Reporting Act (FCRA), a notice and an opportunity for a consumer to opt out of certain information sharing among affiliates. The bank provides a clear and conspicuous notice to customers that accurately reflects the bank’s privacy policies and practices not less than annually during the continuation of the customer relationship.

Reference: Regulation P examination procedures, October 2016, page 2. Fair Credit Reporting Act

ANSWER:

Redlining may focus on the institution’s decisions about how much access to credit a certain geographic area has, and this does include commercial lending.

The bank’s CRA assessment area can provide insight into the bank’s practices regarding lending regarding products that are of racial or national origin. For example, if the bank’s assessment area excludes an area where the majority of minority businesses are located, does this reflect a higher than usual denial of commercial lending to minority business owners?

Reference: FFIEC Interagency Fair Lending Examination Procedures, August 2009.

ANSWER:

Yes. This is the only bona fide fee a bank can collect before providing the early disclosures and intent to proceed.

Section 1026.19(e)(2) allows for this exception but prohibits all other fees until the applicant receives the early disclosures and indicates their intent to proceed.

Reference: 12 CFR 1026.19(e)(2)(i).

Ask an Expert

We want to hear your pressing questions about compliance at your bank. Please fill in the form below. Not all questions will be featured. Your questions will be kept anonymous.