Regulatory Bulletin September 2016


Diversity Self Assessment reporting date is almost upon us, are you ready?

Diversity Self Assessment reporting date is almost upon us, are you ready? Recently the agencies released information advising financial institutions on how to comply with Section 242(b)(2)(C) of the Dodd-Frank Act. Compliance it is explained, is voluntary, but is recommended. In addition, institutions with 100 employees or less will not be held the same high standard, but… “Smaller regulated entities are also encouraged to use the Standards in a manner appropriate to their unique characteristics.” So, these Self assessments for 2015 are due by the end of 2016 and both the OCC and FDIC as well as the NCUA have published standard templates that can be used as a guide. Guidance has confirmed that the templates run eight pages and refer to diversity for both minorities and women. (A sample of the OCC version may be found at: ) But the language goes on to clarify that in conducting its self -assessment, an entity can expand this definition to include other groups if an it is believes it appropriate to define diversity more broadly. While all of this is considered voluntary, institutions are asked to consider whether they have taken “proactive steps to promote a diverse pool of candidates, including women and minorities, in its hiring, recruiting, retention, and promotion, as well as in its selection of board members, senior management, and other senior leadership positions.” Furthermore, institutions are asked to consider whether they are making an effort to include minority and women owned businesses when contracting for goods and services. When the time comes, we may each have different interpretations, but one will not want to respond to this query with a big no. Organizational Commitment to Diversity and Inclusion are looked at just as we would examine risk, and that leads us to conclude that the categories listed below will eventually be seen as areas of high, moderate or low risk and institutions will be expected to consider mitigation. Consider these categories: Workforce Profile and Employment Practices Procurement and Business Practices – Supplier Diversity Practices to Promote Transparency of Bank’s Diversity and Inclusion Banks’ Self-Assessment Diversity Data Have you identified a bank officer to manage this project? Will that individual bring the right mix of energy, corporate knowledge and internal weight to get the job done? Is your Board aware of this new requirement? A review of the OCC Bulletin 2015-30 ( in conjunction with Joint Release NR 2016-91 addressing Section 342 of the Dodd-Frank Wall Street Reform and Consumer Protection Act ( as well as the attached FAQs ( leads us to conclude that, with some accommodation for size, there is a minimum standard of self examination that will be expected. Sooner or later it will.

Our associate, Richard Friedman provides this commentary: Regulated Institutions to Submit Self-Assessments of Diversity Policies and Practices On August 2, 2016, the federal banking agencies provided information on how the financial institutions they regulate may begin to submit self-assessments of their diversity policies and practices as of year-end 2015. As background, Section 242(b)(2)(C) of the Dodd-Frank Act required the federal financial agencies to develop standards to assess the diversity policies and practices of the entities they regulate. This resulted in a Policy Statement issued on June 10, 2015 which established standards that reflect lending policies and practices and will enable regulated entities to assess their diversity policies and practices in the areas of organizational commitment to diversity and inclusion; workforce profile and employment practices; procurement and business practices (supplier diversity); and practices to promote transparency of organizational diversity and inclusion. While the self-assessments are voluntary at this time, FRC suggests that our clients seriously consider completing such self-assessments. Not only will this process enable financial institutions to identify any deficiencies or gaps and address them, but such efforts may act to minimize regulatory criticisms in the event there is a charge that some action violated a diversity standard, such as relating to a fair lending charge. FRC is in the process of developing a suggested format for such self-assessments which may be customized for our individual clients. FRC can also assist clients in completing their self-assessments. If you need assistance in preparation for this first submission, contact Kevin Kane at FRC, 212.849.6828 or 203.521.2345.

FinCEN Proposes Customer Identification Programs, Anti-Money Laundering Programs, and Beneficial Ownership Requirements for Banks Lacking a Federal Functional Regulator

This proposal to bring consistency to the industry does not directly affect many of our clients, but it may be important if one of our clients has customers who will fall under the new rules. Do you know what business your customer is in? “To ensure consistent Bank Secrecy Act (BSA) coverage across the banking industry, the Financial Crimes Enforcement Network (FinCEN) is proposing to require banks lacking a Federal functional regulator to establish and implement Anti-Money Laundering Programs. FinCEN also is proposing to extend Customer Identification Programs (CIP) requirements and beneficial ownership requirements consistent with the recently implemented Customer Due Diligence amendments to those banks not already subject to these requirements.” Additional detail can be found at:

It’s not just Cyber Crime…

Plain old con men are still at work. Acting US Attorney Tom Beall announced from Kansas City, Kansas the sentencing of a man who plead guilty to conspiracy to commit bank fraud. Two additional swindlers in the case await sentencing. A local bank was induced to transfer funds. Everyone ended up with egg on their faces. A restitution of $14.2 million has been ordered. It comes down to “know your customer” and performing due diligence.

Consumer Financial Protection Bureau Expands Foreclosure Protections

The Updated Servicing Rule Provides Surviving Family Members and Other Homeowners with Same Protections as Original Borrowers On August 4, 2016 the Consumer Financial Protection Bureau (CFPB) finalized new measures to protect homeowners and borrowers. This updated rule: requires servicers to provide certain borrowers with additional foreclosure protections clarifies borrower protections when the servicing of a loan is transferred provides important loan information to borrowers in bankruptcy The changes will certainly help surviving family members and others who inherit or receive property , but will create more hurdles for the mortgage servicer. “The Consumer Bureau is committed to ensuring that homeowners and struggling borrowers are treated fairly by mortgage servicers and that no one is wrongly foreclosed upon,” said CFPB Director Richard Cordray. “These updates to the rule will give greater protections to mortgage borrowers, particularly surviving family members and other successors in interest, who often are especially vulnerable.” The rule establishes new protections for consumers, including: • Requiring servicers to provide certain borrowers with foreclosure protections more than once over the life of the loan: The final rule will require that servicers give those same protections again for borrowers who have brought their loans current at any time since submitting the prior complete loss mitigation application. • Expanding consumer protections to surviving family members and other homeowners: The final rule ensures that those confirmed as successors in interest will generally receive the same protections under the CFPB’s mortgage servicing rules as the original borrower. • Providing more information to borrowers in bankruptcy: The final rule generally requires that servicers provide those borrowers periodic statements with specific information tailored for bankruptcy, as well as additional written notices and loss mitigation options. • Requiring servicers to notify borrowers when loss mitigation applications are complete: The final rule requires servicers to notify borrowers promptly, in writing when the application is complete. • Protecting struggling borrowers during servicing transfers: The final rule clarifies obligations of the new servicer relative to loss mitigation as a further protection to borrowers. • Clarifying servicers’ obligations to avoid dual-tracking and prevent wrongful foreclosures: “The CFPB’s new rule clarifies that, if a servicer has already made the first foreclosure notice or filing and receives a timely complete application, servicers and their foreclosure counsel must not move for a foreclosure judgment or order of sale, or conduct a foreclosure sale, even if a third party conducts the sale proceedings, unless the borrower’s loss mitigation application is properly denied, withdrawn, or the borrower fails to perform on a loss mitigation agreement.” • Clarifying when a borrower becomes delinquent: This “final rule clarifies that delinquency, for purposes of the servicing rules, begins on the date a borrower’s periodic payment becomes due and unpaid. When a borrower misses a periodic payment but later makes it up, if the servicer applies that payment to the oldest outstanding periodic payment, the date the borrower’s delinquency began advances. The final rule also allows servicers the discretion, under certain circumstances, to consider a borrower as having made a timely payment even if the borrower’s payment falls short of a full periodic payment.” There are additional changes which include greater flexibility when complying with force-placed insurance and periodic statement disclosure requirements. There are also changes regarding early intervention, loss mitigation, information requests, and prompt crediting of payments, provision of periodic statements under certain circumstances. Most of the provisions of the final rule will take effect 12 months after publication in the Federal Register. The provisions relating to successors in interest and the provisions relating to periodic statements for borrowers in bankruptcy will take effect 18 months after publication in the Federal Register. Make sure your practices are in compliance and that these changes are inserted into institutional loan servicing policies. At the same time they must be thoroughly inculcated into servicer personnel training in order to avoid further losses, reversal of payments, penalties and further actions by regulatory bodies.

View final rule:

View interpretive final rule:

Deposit Insurance Coverage Seminars – Free Nationwide Seminars for Bank Officers and Employees

The FDIC is conducting live seminars on FDIC deposit insurance coverage for bank employees and bank officers this year. It’s not too late to get your people some free training, October 4 and December 5. The objective of the self-study seminars is to provide bank employees with the knowledge of FDIC’s deposit insurance rules needed to assist depositors in correctly determining their deposit insurance coverage. The three self-study seminars are available on the FDIC’s YouTube channel: • “Fundamentals of Deposit Insurance Coverage” provides an overview of the rules for determining coverage for the nine most common account ownership categories. This video lasts 62 minutes. • “Deposit Insurance Coverage for Revocable Trust Accounts” focuses on the rules for informal and formal revocable trust accounts. This video lasts 47 minutes. • “Advanced Topics in Deposit Insurance Coverage” focuses on government accounts, mortgage servicing accounts, bank mergers, pass-through deposit insurance coverage as well as other deposit insurance topics. This video lasts 28 minutes. Detailed information is available at:


The following was excerpted from the report of The Inspector General, Report No. AUD-16-006 of August 2016: “The statute requires the Inspector General of each federal agency that operates a national security system or a computer system that provides access to personally identifiable information (PII)—collectively referred to herein as “covered systems”—to submit a report to the appropriate committees of jurisdiction in the United States Senate and the House of Representatives. In general, the report is to contain information collected from the agency on various computer security-related topics pertaining to covered systems.” As of May 2016, the FDIC had 269 information systems that met the definition of a covered system. Consistent with the Cybersecurity Act of 2015, C&C’s report describes the FDIC’s information security policies, procedures, practices, and capabilities for these systems. With respect to logical access to covered systems, the report notes that the policies C&C reviewed generally reflected appropriate standards, such as government-wide policy and guidance issued by the Office of Management and Budget, recommended security controls and practices contained in the National Institute of Standards and Technology’s Special Publications, and requirements contained in federal statutes, such as the Privacy Act of 1974 and the Federal Information Security Modernization Act of 2014. The report also notes, however, that recent audits of the FDIC’s information security controls and practices, some of which pertain to covered systems, found that although the FDIC generally had system access controls in place, appropriate standards had not always been followed as evidenced by the findings and recommended control improvements identified during the audits. Consistent with the audit’s objective, C&C’s report does not contain recommendations.”

OCC Seeks Members for Its Mutual Savings Association Advisory Committee

It’s that time of year again. The Office of the Comptroller of the Currency (OCC) is seeking nominations for members of its Mutual Savings Association Advisory Committee (MSAAC). This is your chance to have your voice heard at the OCC. The MSAAC will provide the OCC with advice and recommendations regarding the current and future circumstances and needs of mutual savings associations. The OCC is seeking nominations of officers or directors of OCC-regulated mutual savings associations, or officers or directors of federal stock savings associations that are part of a mutual holding company, to be considered for selection as MSAAC members. Nominations must be received on or before October 7, 2016. For further information see:

FinCEN Expands Reach of Real Estate “Geographic Targeting Orders” Beyond Manhattan and Miami

Pleased with the results of the initial program put into place in January of this year, FinCEN has announced Geographic Targeting Orders (GTO) that will temporarily require U.S. title insurance companies to identify the natural persons behind shell companies used to pay “all cash” for high-end residential real estate in six major metropolitan areas. The initial GTOs help identify possible illicit activity In particular, a significant portion of covered transactions have indicated possible criminal activity associated with the individuals reported to be the beneficial owners behind shell company purchasers. “The information we have obtained from our initial GTOs suggests that we are on the right track,” said FinCEN Acting Director Jamal El-Hindi. “By expanding the GTOs to other major cities, we will learn even more about the money laundering risks in the national real estate markets, helping us determine our future regulatory course.” Expanding the program, the GTOs announced today include the following major U.S. geographic areas: (1) all boroughs of New York City (2) Miami-Dade County and the two counties immediately north (Broward and Palm Beach) (3) Los Angeles County, California (4) three counties comprising part of the San Francisco area (San Francisco, San Mateo, and Santa Clara counties) (5) San Diego County, California (6) the county that includes San Antonio, Texas (Bexar County). There are monetary thresholds for each geographic area. The new GTO, which became effective for 180 days beginning on August 28, 2016, is available: While this order is specific to Title Insurance Companies, all institutions that finance or provide banking services to Title Insurance Companies, Title Agencies or closing attorneys that service the specified areas should be aware of the program and take steps to assure that their clients/customers are in compliance. FinCEN is covering title insurance companies as they play a central role and are the common feature in the vast majority of real estate transactions.


As your third grade teacher told you, “a word to the wise is sufficient.” In recent remarks, OCC Senior Deputy Comptroller Grovetta Gardineer stressed the Office’s continuing interest in ensuring that all military service members and their families receive the full consumer protections they are entitled to under the Servicemembers Civil Relief Act (SCRA). While noting that compliance issues under the SCRA has improved, there are still issues surrounding loan servicing/collections. We should also remember that third party vendors who partner with or deliver products or services for institutions create situations where institutions can and have been held responsible. While there has been a significant reduction in SCRA compliance issues since the agency made it a point of regulatory focus, she indicated there are still remaining challenges in certain areas, such as collections. Gardineer went on to say. “At the end of the day, banks are responsible and will be held accountable for failures and abuse in the products and services they offer – even those delivered by third-party vendors,” We should all be aware of the continuing expansion of protections that will fall under the scope of the Military Lending Act in the coming months. It is time to review your policies and procedures in this area and make sure you are up to date.

Wells Fargo signs consent order for $4 Million with CFBP; Concedes Payment for UDAP violations in Student Lending and Fine

While Wells Fargo is considered the second largest student lender in the country, this consent order is by no means the largest. Last year in a complaint against Discover, $16 million was the customer refund and the penalty was $2.5 million as a result of questionable student loan practices. The consent order makes it clear that the CFPB expects lenders to make every effort to assist borrowers in applying their loan payments most effectively as well as disclosing the process that is being adhered to. If your institution has student loans or consumer loans, especially if government guarantees are involved, now is a good time to review your processes and complaint files. It is a lot less costly to identify issues and return overpayments to borrowers than it is to fight the agency, pay the refunds and then pay a penalty. Make sure that the process you follow is the one in your policies and procedures. Make sure that what is in your policies and procedures matches the regulations. See text of consent order:–_Consent_Order.pdf

DID YOU MISS THIS FROM THE END OF LAST MONTH? The FDIC issued a reminder on Examination Findings

FIL-13-2011 is updated by FIL-51-2016 re-emphasizing the importance of “open communications regarding supervisory findings.” We are reminded that bank management is encouraged to provide feedback on supervisory activities and engage with FDIC personnel to ensure that findings and recommendations are fully understood. That is a proper forum to bring up disagreements and concerns. The four page letter specifically highlights: 1. That ongoing communication between examination staff and bank management is critical to effective bank supervision. 2. That banks are encouraged to provide feedback on supervisory programs and to seek clarity on findings and recommendations as part of the ongoing process. 3. That institutions with concerns about examination findings have options a. Discuss with the examiner-in-charge b. Contact field office or regional office c. File a request for review under the formal appeals process d. Contact FDIC Office of the Ombudsman to obtain confidential, neutral and independent information and assistance 4. That FDIC policy prohibits any retaliation, abuse or retribution against an institution. In the event an institution feels the necessity, complaints may be filed with the FDIC Office of the Ombudsman or the FDIC Office of Inspector General The letter may be accessed at:

DID YOU MISS THIS FROM THE END OF LAST MONTH? On July 15, 2016 the Board of Governors of the Federal Reserve System released final revisions to Interagency Questions and Answers Regarding Community Reinvestment

Jointly issued by Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency In response to questions raised by stakeholders in regard to CRA regulations this new and revised guidance is provided. The scope of the Q&A covers: • Availability and effectiveness of retail banking services. • Innovative or flexible lending practices. • Community development-related issues, including: (i) economic development; (ii) community development loans and activities that revitalize or stabilize underserved nonmetropolitan middle-income geographies; and (iii) community development services. • Responsiveness and innovativeness of an institution’s loans, qualified investments, and community development services. The full text, running 52 pages may be accessed at: or If you have questions or concerns about the appropriateness or adequacy of your institution’s policies or practices in these areas, contact Kevin Kane at FRC for professional guidance 212.849.6828

DID YOU MISS THIS FROM THE END OF LAST MONTH? FDIC Seeking Comment on Proposed Guidance for Third-Party Lending – Comment period extended to October 27, 2016

We cannot emphasize too strongly the first three paragraphs of this 15 page Guidance: Third-party lending arrangements may provide institutions with the ability to supplement, enhance, or expedite lending services for their customers. Engaging in third-party lending arrangements may also enable institutions to lower costs of delivering credit products and to achieve strategic or profitability goals. However, these arrangements also present a number of risks that require effective management. This guidance provides information on third-party lending activities and supplements the FDIC’s Guidance for Managing Third-Party Risk (“Third-Party Guidance”). The Third-Party Guidance applies to any of an institution’s third-party arrangements, including lending. This guidance expands upon the principles in that guidance by setting forth safety and soundness and consumer compliance measures FDIC-supervised institutions should follow when lending through a business relationship with a third party. An institution’s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships, including lending relationships, and for identifying and controlling the risks arising from such relationships as if the activity were handled within the institution. The FDIC will evaluate lending activities conducted through third-party relationships as though the activities were performed by the institution itself. The institution, its board, and senior managers retain the ultimate responsibility to conduct lending activities in a safe and sound manner, in accordance with existing supervisory guidance, and in compliance with applicable laws and regulations. Repeat, “An institution’s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships, including lending relationships, and for identifying and controlling the risks arising from such relationships as if the activity were handled within the institution.” To paraphrase the biblical scholars- “All the rest is commentary.” Well, that may be a bit dramatic, but it points to the important issue. The use of third parties to create efficiencies is often a good fiscal decision, but before you enter into the arrangement it is necessary to determine the practices of the third party, the reliability of the third party, the quality of the third party’s underwriting process, their quality control process and your own institution’s ability to actively monitor and control the relationship. It is also essential to remember that our institution must be in compliance with technology expectations as set out in the FFIEC Information Technology Handbook, “outsourcing Technology Services. It must also be taken into account that reliance on third party loan production arrangements will likely increase frequency and intensity of examinations. If you are currently utilizing third-party arrangements to supplement, enhance or expedite lending you should be reading this new Guidance to ensure that you are in conformity with the guidelines. Do not wait for an auditor or examiner to catch your mistake or weakness. Depending on the size of your institution there should be a leader or team that is well versed in the process and ready to defend your policies in a mock exam. If you are considering entering new arrangements, you should thoroughly examine the partner you are considering and if you do not have the staff or experience in house, engage a qualified professional to review that partner and their process before you commit to the arrangement. And if you are currently utilizing third-party lending services, read this proposed guidance and speak up during the comment period if you believe that it will negatively affect your existing production, relationship or risk profile. Guidance on Third Party Lending If you have questions about how to comply with guidance, now or in the future, contact Kevin Kane at FRC, 212.849.6828.

Contact us

Financial Regulatory Consulting, Inc.
100 Park Avenue, Suite 1600
New York, NY 10017
Phone: 212.849.6828
Fax: 212.880.6499

For more information visit

© Copyright Financial Regulatory Consulting, Inc. 2006 – 2010.

Boston, MA | Chicago, IL | Louisville, KY | Manhattan, NY | Philadelphia, PA | Scottsdale, AZ


This entry was posted on Tuesday, October 4th, 2016 at 7:38 am and is filed under Regulatory Bulletins, Regulatory Insights. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

  • « Older Entries
  • Newer Entries »