Follow the link below to view the press release:
https://files.consumerfinance.gov/f/documents/cfpb-joint-statement-on-fair-lending-and-credit-opportunities-for-noncitizen-b_jA2oRDf.pdf
Author: Kyle Tucker
The joint statement issued by the Consumer Protection Finance Bureau (CFPB) and Justice Department has outlined that financial institutions may not use immigration status to illegally discriminate against credit applicants. Some consumers have reported being rejected for loans on the basis of immigration status, even though they are otherwise qualified for the loan. The joint statement reminds financial institutions that the Equal Credit Opportunity Act (ECOA) protects all credit applicants from discrimination on the basis of their national origin, race, and other covered characteristics. Creditors may consider an applicant’s immigration status regarding repayment status but should be aware that unnecessary reliance on immigration status in the credit decision making process could violate antidiscrimination laws.
Follow the link below to view the press release: https://files.consumerfinance.gov/f/documents/cfpb-joint-statement-on-fair-lending-and-credit-opportunities-for-noncitizen-b_jA2oRDf.pdf Author: Kyle Tucker
0 Comments
The Department of Commerce, Department of Treasury, and Department of Justice issued a Tri-Seal Compliance Note on July 26, 2023, outlining their individual policies on voluntary self-disclosure (VSD). The Office of Foreign Assets Control (OFAC) encourages voluntary disclosure of apparent sanctions violations. “OFAC considers VSDs to be a mitigating factor when determining appropriate enforcement action to take in response to a particular case. Additionally, in cases where a civil monetary penalty is warranted, a qualifying VSD can result in a 50 percent reduction in the base amount of a proposed civil penalty. In reviewing the underlying conduct in a VSD, OFAC considers the totality of the circumstances surrounding the apparent violation, including, among other factors, the existence, nature, and adequacy of the subject’s compliance program at the time of the apparent violation and the corrective actions taken in response to an apparent violation.”
Emigrant Bank OFAC Settlement On September 21, 2023, the Department of Treasury’s OFAC published an Enforcement Release between OFAC and Emigrant Bank. The Enforcement Release noted that from 1995 to June 2021, Emigrant Bank opened, maintained, and facilitated monetary transfer to/from a certificate of deposit (CD) account for two Iranian nationals. Between June 2017 and March 2021, Emigrant facilitated 30 wire transfers in the approximate amount of $91,051.13. Emigrant had records verifying that the account holders were indeed Iranian with a permanent address in the country among other supplementary documents. These transfers were able to be successfully completed due to gaps in Emigrant’s sanctions compliance screening processes and an erroneous reliance on outdated guidelines regarding U.S sanctions on Iran. Due to a regulatory examination, Emigrant’s management team was able to identify the sanctioned account, and immediately restrict then close it while screening for similar accounts in the system. OFAC determined Emigrant’s violations to be self-disclosed and non-egregious under the general factors and reached a settlement of $31,867.90; however, the maximum civil monetary penalty applicable to this matter was $9,928,410. There were several factors that played a key role in the decision for a reduced settlement. OFAC determined the following to be mitigating factors: (1) OFAC has not issued a Finding of Violation or Penalty Notice to Emigrant in the five years preceding the earliest date of the transactions giving rise to the Apparent Violations; (2) Once Emigrant discovered the potential violations, it took appropriate remedial steps, including placing restrictions on the account in June 2021 and closing the account in November 2021, updating its customer data system to avoid screening inaccurate countries of residence, searching for other potentially violative accounts, and screening the permanent address of each account; (3) Emigrant voluntarily self-disclosed the Apparent Violations and cooperated with OFAC’s investigation, including by entering into a tolling agreement with OFAC; and (4) All of the transactions within the statute of limitations were sent to the Emigrant account of the accountholder’s son and daughter-in-law, residents of the United States; these payments resulted in negligible harm to U.S. sanctions policy objectives. OFAC also noted that “Emigrant also took remedial action by implementing additional sanctions training and searched for other accounts whose owners reside in comprehensively sanctioned jurisdictions.” Next Steps to Consider From Russia, Palestine, South America, and the Middle East, the US Treasury is announcing new sanctions seemingly daily. Financial institutions should consider their risk related to foreign nationals and foreign addresses and understand how their systems are actively screening customer names and geographies. Financial institutions should understand how core system and AML system parameters are set relative to sanctions and determine if those parameters are adequate based on the FIs OFAC/Sanctions risk. Financial institutions should ensure that the geographies are screened for international transactions such as wire transfers and IAT ACHs as some sanctions programs cover countries in a more broad manner (e.g., Iran, North Korea, Cuba). The FIs OFAC/Sanctions policy and procedures should clearly identify which systems and specifically which reports are used for screening and the area in which the systems/reports are screening (e.g., customer base, wire transfers, IATs). It is not uncommon to find instances where FIs assume a core report covers a certain transaction type or customer base only to later determine during an independent review that those assumptions are incorrect. Several commonly utilized AML software systems have sanctions options for other lists in addition to the SDN lists that can be utilized for sanctions monitoring and AML risk purposes. Review these options, if available, and consider adding lists such as the US Department of State’s Terrorist Exclusion List, the United Nations Security Council Consolidated List, and the US Department of Commerce’s BIS Entity List. For further information regarding VSD and the Emigrant Bank case, see below: OFAC settlement with Emigrant Bank Case Tri-Seal Compliance Note: Voluntary Self-Disclosure of Potential Violations Authors: Jeremy Clifton CRCM CAMS, Nick Milcarek As of September 22, 2023, FinCEN released new guidance regarding beneficial ownership information (BOI) reporting which will take effect January 1, 2024. All covered entities must report BOI directly to FinCEN by January 1, 2025, if the entity was created before January 1, 2024. When it comes to reporting companies created after January 1, 2024, they currently will have 30 days after creation to report BOI to FinCEN. However, FinCEN just released a Notice of Proposed Rulemaking to extend the deadline for entities created after January 1, 2024, from 30 days to 90 days. What Beneficial Ownership Changes Should Financial Institutions Focus On At this point financial institutions and BSA Departments specifically should familiarize themselves with the BOI rules as they apply to entities. Financial institutions should consider how much assistance will be provided to reporting companies with the new BOI reporting process. FinCEN’s website can be utilized as a great reference for entity customers looking for guidance on complying with the BOI rule. However, it’s important to remember that the beneficial ownership rules as they currently apply to financial institutions have not changed and will most likely not change until January 2025. In other words, financial institutions should continue to obtain beneficial ownership information as they have since May 2018 until the new Customer Due Diligence (CDD) rules are effective. There are two additional rules that have to become final before we all know how the rules will fully apply to financial institutions. First, the Access Rule is expected to be final in late September or October 2023 based on FinCEN’s rulemaking agenda. This rule will hopefully spell out who can access FinCEN’s BOI records and how that process works. Second is the CDD Rule which will restructure the requirements for financial institutions relative to beneficial ownership. The CDD Rule is expected to be proposed in November 2023 with an expected final rule effective date of January 2025. The CDD Rule will have to work out the differences between the current beneficial ownership rule for financial institutions and the entity requirements under the new beneficial ownership information (BOI) reporting rule as differences currently exist with the definition of “control” and numerous other areas. For more information about reporting BOI, if a company is exempt or not exempt, how to get the FinCEN identifier, and more information, please visit the links below. News Release: https://www.fincen.gov/news/news-releases/fincen-issues-compliance-guide-help-small-businesses-report-beneficial-ownership Small Entity Compliance Guide: https://www.fincen.gov/sites/default/files/shared/BOI_Small_Compliance_Guide_FINAL_Sept_508C.pdf FAQs: https://www.fincen.gov/boi-faqs FinCEN’s BOI Webpage: https://www.fincen.gov/boi Authors: Jeremy Clifton CRCM CAMS, Nick Milcarek Authors: Jeremy Clifton, CRCM, CAMS and Nick Milcarek
On September 8, 2023, FinCEN issued an alert regarding the fraud scheme known as “pig butchering”. Pig butchering is a form of fraud that involves victims (the pigs) giving money to foreign actors who operate under the guise of a successful money manager involved in crypto currency (virtual currency) trading. Once the perpetrator is satisfied with the amount the victim has given, they drain the entire “account” of funds from that victim (the butchering). Many of these scammers are victims of labor trafficking directed by large crime syndicates in Southeast Asia who reach out to millions of people around the world. These scammers usually reach out to the victims through social media, email, or text to persuade them into buying into this supposed “high return investment”. The fraudster will leverage high pressure sales tactics such as them missing out on a potential lucrative opportunity to further convince them into action. Once the victim begins to trust the supposed “investor”, they are directed to use a fraudulent website most likely controlled by the scammer. Note that this can also include trusted third-party applications. The aggressor may also demand remote access to the victim’s devices to create accounts via virtual asset service providers (VASP). Many victims are also asked to purchase multiple pre-paid cards or make large wire transfers to unknown entities. Unfortunately, victims have been known to take out money from tax advantage accounts, take on a second mortgage, or a home equity line just to put money into the scheme. Recent incidents have shown more successful scammers even inviting whole families and friend groups to join in. After the victim starts to buy in, the perpetrator must maintain legitimacy by fabricating high returns and even allowing the victim to take small amounts out of the “fund”. This builds confidence and reassures the victim that the investment is real. If the fraudster starts to believe that the victim is losing confidence in them and the investment, they become more aggressive by developing reasons to stay in and pressuring them to not miss out on the opportunity. If that does not work, the perpetrator pulls out all the money from the account and eliminates any contact with the victim(s). One more interesting comment that FinCEN noted in this FIN is that financial institutions should “When requested to provide supporting documentation, financial institutions should take special care to verify that a requestor of information is, in fact, a representative of FinCEN or an appropriate law enforcement or supervisory agency. A financial institution should incorporate procedures for such verification into its BSA compliance or AML program. These procedures may include, for example, independent employment verification with the requestor’s field office or face-to-face review of the requestor’s credentials.” If your bank does not already have such a procedure in your written BSA program, it’s a good idea to do so now. There are many red flags that can indicate a possible pig butchering scheme. Financial institutions should analyze multiple factors associated with historical financial activity, transactions in line with business practices, and whether the customer shows signs of multiple red flags. Red flags, and the formal alert by FinCEN can be found here: FinCEN_Alert_Pig_Butchering_FINAL_508c.pdf Authors: Jeremy Clifton, CRCM, CAMS and Nick Milcarek
On March 30, 2023, FinCEN issued an alert regarding a concerning increase in business email compromise (BEC) in the real estate sector and how the Rapid Response Program (RRP) can help combat this issue. Recent analysis of data has shown that homebuyers have been disproportionately affected by fraudsters gaining unauthorized access into supposedly secure networks and stealing important information from home buyers, title agents, attorneys, and/or others involved in the loan closing processes. According to FinCEN, about 88% of the fraudsters initially transfer the stolen money into a domestic U.S account first before it is transferred elsewhere which may involve foreign transfers and/or cryptocurrency. How RRP Works Problems like these highlight the importance of FinCEN’s Rapid Response Program, (RRP) which works in tandem with federal and local law enforcement agencies to help victims identify losses and freeze compromised accounts. Since inception in 2014, the program has aided victims in identifying and freezing over $1.3 billion. To begin the RRP, law enforcement must be contacted immediately. The FBI’s Internet Crime Complaint Center (IC3) or the nearest secret service office are the best avenues for this approach (Secret Service contact information below). It is important to note that while recovery of the stolen amount is not guaranteed, reporting the crime within 72 hours gives FinCEN and law enforcement the greatest chance of financial recovery for the victim. After consent is given to law enforcement for access, FinCEN may freeze all related accounts to stop any other fraudulent transactions. If the fraudster’s account is domestic, FinCEN and law enforcement work quickly to contact the beneficiary’s financial institution and pinpoint the stolen funds. If stolen funds were found to be transferred to an international account, FinCEN reaches out to that jurisdiction to initiate the financial fraud kill chain (FFCK) and assist the foreign government with the status and information gathering regarding the stolen money. There are some identification factors that are crucial for financial institutions to relay when reporting theft via the RRP; however, time is of the essence to recover funds so institutions should not delay in activating the RRP. It is a good idea to establish a relationship with your local FBI office and Secret Service office before you need them in an emergency situation as that may help speed up the process. Also, if your institution ends up filing a SAR after utilizing the RRP, that information would need to be included on your SAR form along with the RRP case number if provided. For more information and guidance on BEC and RRP, see the links below. BEC in Real Estate Financial Trend Analysis from FinCEN: Financial_Trend_Analysis_BEC_FINAL.pdf (fincen.gov) BEC FinCEN alert: FinCEN Analysis of Business Email Compromise in the Real Estate Sector Reveals Threat Patterns and Trends | FinCEN.gov Rapid Response Program FACT SHEET: RRP Fact Sheet Notice FINAL 508.pdf (fincen.gov) Secret Service Offices: http://www.secretservice.gov/field_offices.shtml Author: R. Matthew Waters, CRCM
On August 31, 2023, the FDIC announced an update to the Equal Housing Lender (EHL) poster requirements that were previously addressed in April 2023. This update clarifies the specific name, physical address, and web address that should be used for all FDIC institution’s EHL posters with an effective date of June 23, 2023. The EHL posters should provide the following contact information: National Center for Consumer and Depositor Assistance Federal Deposit Insurance Corporation 1100 Walnut Street, Box #11 Kansas City, MO 64106 https://ask.fdic.gov/fdicinformationandsupportcenter FDIC institutions should review EHL posters at all branches to ensure compliance with this update. As provided in the Financial Institution Letter, “Institutions are expected to make good-faith efforts to update the EHL posters as soon as reasonably practicable.” FDIC institutions may, but are not required to, request compliant EHL posters through https://www.fdicconnect.gov/index.asp. To see the full article, click the following link: https://www.fdic.gov/news/financial-institution-letters/2023/fil23047.html. Author: Jeremy Clifton, CRCM, CAMS
The CFPB has recently highlighted its publications that are available to help inform seniors and others about current fraud scams that may be facing your clients. You can visit cfpb.gov/order to find these publications that include charity scams, romance scams, IRS scams, social security scams, and grandparent scams to name a few. You can use the search function on the CFPB website mentioned above using the word “fraud” to find these handouts. You can order the handouts in bulk or download them from the CFPB website. Convincing the customer that they have been or are being duped by a fraudster is often the hardest part of these types of scams. We think these handouts will be very helpful to convince seniors and others that they are in fact being scammed. Author: Jeremy Clifton, CRCM, CAMS
The FDIC reissued the FIL on multiple re-presentment NSF fees on June 16, 2023. The update was “to clarify its supervisory approach for corrective action when a violation of law is identified.” However, the guidance document has remained unchanged for the most part with one possibly significant change noting that the “on-going and extensive challenges in accurately identifying harmed parties” has led the FDIC to seemingly soften its stance on requiring a lookback review. Noting that “based on this additional data and experience, the FDIC is updating and reissuing its Supervisory Guidance on Multiple Re-Presentment NSF Fees (FIL-40-2022) to reflect our current supervisory approach to not request an institution to conduct a lookback review absent a likelihood of substantial consumer harm.” While a reprieve from the prior guidance is welcomed, this new guidance leaves more questions than answers for banks that have yet to complete a lookback. As the revised guidance still ends with the statement, “If examiners identify violations of law due to re-presentment NSF fee practices that have not been self-identified and fully corrected prior to a consumer compliance examination, the FDIC will evaluate appropriate supervisory or enforcement actions, including civil money penalties and restitution, where appropriate.” If you have questions on this matter, please give us a call. We would love an opportunity to advise our clients on an individual basis to ensure the risks in your individual situation are properly accounted for. Revised FIL-32-2023 Author: Andrew Howard
On April 26, 2023, the FDIC published a new FIL concerning “Supervisory Guidance on Charging Overdraft Fees for Authorize Positive, Settle Negative Transactions” or APSN transactions. As noted in our November blog post, these occur when a transaction authorizes on a positive balance and settles on a negative balance. This new FIL highlights the heighted risks associated with APSN transactions and violations of Section 1036(a)(1)(B) of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 as well as Section 5 of the Federal Trade Commission Act. Both of the aforementioned sections relate to UDAAP findings or unfair, deceptive, or abusive acts or practices. Potential violations of both Dodd-Frank UDAAP and FTC UDAP are present on both the available balance and ledger balance but institutions who use the available balance can see a greater risk in violations. Considering the general statements of the new FIL, banks should continue to review both account agreements and disclosures to ensure practices are communicated correctly, review their third-party agreements to ensure that the agreements are compliant, review any agreements to understand any risks associated with APSN transactions, and look for any enhancements that can be made to reduce those risks. Most core processors now have “good funds” flags on overdraft reports or other “good funds” reporting that allows banks to quickly identify when transactions which were authorized positive on good funds have later settled negative. Also, some core processors have parameter settings which do not allow for overdraft charges on APSN transactions. Implementing such enhancements can greatly reduce UDAAP risk with APSN transactions. Similarly, the OCC also published a bulletin to address “Overdraft Protection Programs: Risk Management Practices” on April 26, 2023. This bulletin primarily discusses practices that may present risk of violating UDAAP guidelines as well as practices that can assist in managing overdraft program risk. Two practices that are specifically mentioned by the OCC are APSN transactions and Representment fees. APSN transactions are considered by the OCC to be unfair for the purposes of Section 5 even when disclosures described the circumstances under which a customer may incur fees. With concerns on representment fees, the OCC has identified that a bank’s assessment of an additional fee on a represented transaction can result in findings of an unfair or deceptive practice. The charging of a representment fee may be considered unfair or deceptive, with regards to Section 5, even if the disclosures clearly state that a single check or ACH can result in multiple fees charged. Alongside APSN transactions and representment fees, the OCC bulletin identifies two other practices that may carry heightened risk with them. Those include high limits or lack of limits on the number of fees charged and sustained overdraft fees. In conjunction with the risks that are highlighted in this bulletin, the OCC also provided some risk-mitigating or management practices for banks to comply with Section 5 of the Federal Trade Commission Act. Considering the nature of the information provided, banks should assess and analyze the risks posed by overdraft program activities, adjust their management practices to decrease risk, incorporate oversight into their overdraft program, and review their overdraft program for Section 5 compliance. Much like the FDIC, the OCC declines to issue clear requirements on these APSN transactions and representment fees. For more information, please visit the following links: FIL-19-2023 OCC Bulletin 2023-12 We are excited to announce two compliance webinar opportunities that will be available in the coming weeks focusing on recent regulatory developments. The first webinar will cover the Regulation B (1071) - Small Business Lending Rule, while the second webinar will focus on current regulatory hot topics. The webinars will be presented by Steve H. Powell and Company President Brad Washburn and are designed for compliance, audit, operations, and lending professionals with responsibilities for completing or reviewing the Bank’s regulatory compliance related processes. In addition to compliance staff the Regulation B (1071) webinar would be a great introduction to the rule for Senior Lenders, commercial loan staff and Senior Management. Already have questions? If you or your management team have questions you can send them in ahead of the presentation with your registration form to be addressed during the webinar. Time permitting, questions received during the webinar will be addressed live. Any questions received before and during the presentation will be addressed in a written Q&A document provided to all registrants. May 31st, 2023: 1:00 – 3:30 pm EDT Regulation B (1071) - Small Business Lending Rule On March 30, 2023, the CFPB issued the final rule for the small business lending rule, which was mandated under Section 1071 of the Dodd Frank Act over a decade ago. This is the most significant fair lending collection effort by the CFPB to date by requiring financial institutions to compile data regarding certain business credit applications and report that data to the CFPB to aid in its fair lending enforcement. In addition, the final rule provides other technical requirements including those requiring safeguarding of data, shielding of data from certain lending personnel, and recordkeeping. Compliance with this new rule is going to take a lot of planning, policy and procedure updates, and staff training within your institution. This session will break down the final rules and provide guidance to help compliance officers to begin preparing their institution for implementation. Topics will include:
June 1st, 2023: 1:00 – 3:30 pm EDT Current Regulatory Compliance Hot Topics Financial institutions continue to face challenges while working to keep up with the changes, demands, and challenges presented by an evolving regulatory landscape. With these challenges continuing to limit staffing and other resources, it is critical for management to be prepared with actionable intelligence, risk perspective, and best practices to successfully navigate regulatory examination and audit processes. This session will present current regulatory compliance hot topics management should consider in preparing for upcoming regulatory examinations or audits, including fair lending, UDAAP, and other timely compliance issues. Topics will include:
Cost Client Pricing for each webinar is $250 per registration or you can register for both webinars for a discounted $400 per registration. Non-Client Pricing for each webinar is $275 per registration or you can register for both webinars for a discounted $500 per registration. To register for the webinars, please click the link below. Please contact Jeremy Clifton at jclifton@shpco.net or 912-682-3097 if you have any questions. We will register the training with the ABA and would expect to receive 2.5 hours of continuing education credits for CRCMs for each webinar. Click here to register. About the Speaker Brad began his career at Steve H. Powell & Company in 2002 specializing in regulatory compliance review, consulting, and training for a wide range of financial institutions. In 2011 Brad was named a director where he was responsible for leading the Company’s Compliance Division, as well as assisting with strategic planning, business development and client relations. In 2022, he became a shareholder and President of the Company. Brad has served as a featured speaker and panel member for numerous banking trade group sponsored seminars and events related to regulatory compliance matters throughout the Southeast. He has served as an instructor for the Georgia Banking Association sponsored Georgia Banking School and Compliance School at the University of Georgia, and he has contributed to banking programs with the Department of Finance at Georgia Southern University. Brad has also been quoted in national publications as a subject matter expert regarding regulatory compliance matters. Brad has a BBA in Finance from Georgia Southern University, Statesboro, Georgia, is a Certified Anti-Money Laundering Specialist (CAMS) and is a Certified Regulatory Compliance Manager (CRCM). Brad is originally from Macon, Georgia and currently resides in Statesboro, Georgia with his wife, son, and daughters. Brad is a member of First Baptist Church Statesboro where he has served on the Finance Committee. During his free time, he enjoys spending time with his family, going to concerts, and keeping up with Georgia Southern University sports. |
Past Articles
All
Archives
March 2024
|