ARTICLE
Compliance Update with Amy K by Amy Kleinschmit, Chief Compliance Officer Regulatory “Hike-the-Hill” Going Virtual Once again, we have had to pivot our annual Regulatory and Legislative Hike the Hill event in response to the direction the pandemic is trending. We made the difficult decision to cancel the September 14 and 15 in-person event and switch to a virtual platform for our meetings with the NCUA and CFPB. We wanted to ensure we are being good stewards of our resources and respectful of our attendees’ time and resources for those who were planning to make the trip to Washington, DC. There is a silver lining to all this. If you were unable to attend the in-person event you can now attend these regulatory meeting virtually, hear from our regulators, and submit topics and questions you would like addressed. This is a great opportunity to let the NCUA and CFPB know about any concerns or questions you may have – especially as we have new leadership at both agencies. We hope you will be able to join us for this very important virtual event. It is vital that Dakota credit unions continue to have a voice with our regulators. Sharing the stories of how the decisions made in Washington impact your members is needed for a strong advocacy front. Watch for the registration link to be launched very soon to save your spot for these meetings. Debt Collection Rules Last week the Consumer Financial Protection Bureau (CFPB) confirmed that its Fair Debt Collection Practices Act rules will take effect November 30, 2021, as originally planned. As you may recall, earlier this year the CFPB proposed an extension of its two final rules relating to debt collection, but now has determined the extension is not necessary. CU Policy Pro Updates The regulatory environment continues to change pretty rapidly and to keep CU PolicyPro content up-to-date, CU Policy Pro has added a Content Update (August 2021) outside of the regular quarterly cycle. This content update includes 3 policy updates: Policy 2150 – Signing Authority Policy 3165 – Loan Workouts and Nonaccrual Standards Policy 7362 – Temporary Policy for Loan Modifications and Reporting due to COVID-19. There were changes made by the CFPB related to the Real Estate Settlement Procedures Act (RESPA) which provides for temporary procedural safeguards to help borrowers with an opportunity to be reviewed for loss mitigation before the servicer can make the first notice or filing required for foreclosure on certain mortgages. The rule also permits mortgage servicers to offer certain loan modifications made available to borrowers experiencing COVID-19 related hardships based on the evaluation of an incomplete application. The Federal Housing Administration (FHA) also made some announcements impacting COVID-19 Recovery Options. In addition, the NCUA provided some relief related to the Prompt Corrective Action (PCA) regulations. Additionally, effective on July 30, 2021, the NCUA amended regulations to remove the prohibition on the capitalization of interest in connection with loan workouts and modifications. Please note this revision only impacts Federal Credit Unions as the North Dakota Administration rules still has this prohibition. Finally, policy 2150 – signing authority, was revised to update terminology to be more inclusive for different credit union’s forms/processes. Important note: All documentation related to this update can be found in the Resources area of CU PolicyPro (under Content Update Archives – August 2021). Consumer Compliance Outlook – New Issue Published The Federal Reserve has released the second issue of the Consumer Compliance Outlook for 2021. The first article is a greater refresher on Reg E and Z error resolution. Page 6 of the newsletter has a nice table that illustrates the Reg E error resolution coverage and notice requirements for EFTs. The article discusses examiner insights and common violations and gives suggestions for enhancing compliance management related to EFT errors – in other words, review what others are doing wrong and make sure your credit union doesn’t have the same issues going on. Common violations discussed in the article include: failing to apply the limitations on liability properly; failure to promptly initiation an investigation; issues with provisional credit; not conducting a reasonable investigation; issues when denying claims; issues when correcting alleged errors; and issues with making investigations final. The article also discusses Reg Z error resolution and includes more lovely tables on page 10 and 11 illustrating these requirements. In addition, the article discusses examiner concerns relating to Reg Z requirements and includes issues with late notices and receiving notices. Another article to draw your attention to is “Error Resolution and Liability Limits for Prepaid Accounts and Foreign Remittance Transfers.” As you may recall, the CFPB issued rules in 2016 and 2018 relating to prepaid accounts. The prepaid account rule applies a modified version of Regulation E’s limits on the consumer’s liability for unauthorized transactions (§1005.6) and error resolution procedures (§1005.11) to certain prepaid accounts. COPPA FAQs The Federal Trade Commission (FTC) recently updated and streamlined the “Complying with COPPA: Frequently Asked Questions” which can be found here. The FTC has a number of other compliance resources on the topic which can be found here. As a reminder, the regulation provides that “It shall be unlawful for any operator of a Web site or online service directed to children, or any operator that has actual knowledge that it is collecting or maintaining personal information from a child, to collect personal information from a child in a manner that violates the regulations prescribed under this part.” 16 CFR 312.3 In general, this rule requires that notice be provided on the Web site or online service of what information is collected from children, how it uses such information, and its disclosure practices for such information (§312.4(b)). Further, COPPA requires that verifiable parental consent is obtained prior to any collection, use, and/or disclosure of personal information from children (§312.5). A reasonable means must be provided for a parent to review the personal information collected from a child and to refuse to permit its further use or maintenance (§312.6). COPPA provides that a website cannot condition a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity (§312.7). Finally, COPPA requires website operators to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children (§312.8). The revised FAQs incorporate guidance reflecting technologies like connected toys and the Internet of Things, the FTC’s Enforcement Policy Statement on COPPA and audio recordings, the YouTube case, the inMobi case, and new methods of verifiable parental consent approved by the FTC. FAQs also answered some questions FTC heard about age gates. Violating COPPA can have significant consequences – a court can hold operators who violate the Rule liable for civil penalties of up to $43,792 per violation. The amount of civil penalties the FTC seeks or a court assesses may turn on a number of factors, including the egregiousness of the violations, whether the operator has previously violated the Rule, the number of children involved, the amount and type of personal information collected, how the information was used, whether it was shared with third parties, and the size of the company. Therefore, take the opportunity to review these revised FAQs and other compliance material to make sure your website and other online services are being offered in line with COPPA requirements. As always, DakCU members may contact Amy Kleinschmit at akleinschmit@dakcu.org with any compliance related questions.
Compliance Update with Amy K
by Amy Kleinschmit, Chief Compliance Officer
Regulatory “Hike-the-Hill” Going Virtual
Once again, we have had to pivot our annual Regulatory and Legislative Hike the Hill event in response to the direction the pandemic is trending. We made the difficult decision to cancel the September 14 and 15 in-person event and switch to a virtual platform for our meetings with the NCUA and CFPB. We wanted to ensure we are being good stewards of our resources and respectful of our attendees’ time and resources for those who were planning to make the trip to Washington, DC.
There is a silver lining to all this. If you were unable to attend the in-person event you can now attend these regulatory meeting virtually, hear from our regulators, and submit topics and questions you would like addressed. This is a great opportunity to let the NCUA and CFPB know about any concerns or questions you may have – especially as we have new leadership at both agencies.
We hope you will be able to join us for this very important virtual event. It is vital that Dakota credit unions continue to have a voice with our regulators. Sharing the stories of how the decisions made in Washington impact your members is needed for a strong advocacy front.
Watch for the registration link to be launched very soon to save your spot for these meetings.
Debt Collection Rules
Last week the Consumer Financial Protection Bureau (CFPB) confirmed that its Fair Debt Collection Practices Act rules will take effect November 30, 2021, as originally planned. As you may recall, earlier this year the CFPB proposed an extension of its two final rules relating to debt collection, but now has determined the extension is not necessary.
CU Policy Pro Updates
The regulatory environment continues to change pretty rapidly and to keep CU PolicyPro content up-to-date, CU Policy Pro has added a Content Update (August 2021) outside of the regular quarterly cycle. This content update includes 3 policy updates:
Policy 2150 – Signing Authority
Policy 3165 – Loan Workouts and Nonaccrual Standards
Policy 7362 – Temporary Policy for Loan Modifications and Reporting due to COVID-19.
There were changes made by the CFPB related to the Real Estate Settlement Procedures Act (RESPA) which provides for temporary procedural safeguards to help borrowers with an opportunity to be reviewed for loss mitigation before the servicer can make the first notice or filing required for foreclosure on certain mortgages. The rule also permits mortgage servicers to offer certain loan modifications made available to borrowers experiencing COVID-19 related hardships based on the evaluation of an incomplete application. The Federal Housing Administration (FHA) also made some announcements impacting COVID-19 Recovery Options. In addition, the NCUA provided some relief related to the Prompt Corrective Action (PCA) regulations.
Additionally, effective on July 30, 2021, the NCUA amended regulations to remove the prohibition on the capitalization of interest in connection with loan workouts and modifications. Please note this revision only impacts Federal Credit Unions as the North Dakota Administration rules still has this prohibition.
Finally, policy 2150 – signing authority, was revised to update terminology to be more inclusive for different credit union’s forms/processes.
Important note: All documentation related to this update can be found in the Resources area of CU PolicyPro (under Content Update Archives – August 2021).
Consumer Compliance Outlook – New Issue Published
The Federal Reserve has released the second issue of the Consumer Compliance Outlook for 2021. The first article is a greater refresher on Reg E and Z error resolution. Page 6 of the newsletter has a nice table that illustrates the Reg E error resolution coverage and notice requirements for EFTs.
The article discusses examiner insights and common violations and gives suggestions for enhancing compliance management related to EFT errors – in other words, review what others are doing wrong and make sure your credit union doesn’t have the same issues going on. Common violations discussed in the article include: failing to apply the limitations on liability properly; failure to promptly initiation an investigation; issues with provisional credit; not conducting a reasonable investigation; issues when denying claims; issues when correcting alleged errors; and issues with making investigations final.
The article also discusses Reg Z error resolution and includes more lovely tables on page 10 and 11 illustrating these requirements. In addition, the article discusses examiner concerns relating to Reg Z requirements and includes issues with late notices and receiving notices.
Another article to draw your attention to is “Error Resolution and Liability Limits for Prepaid Accounts and Foreign Remittance Transfers.” As you may recall, the CFPB issued rules in 2016 and 2018 relating to prepaid accounts. The prepaid account rule applies a modified version of Regulation E’s limits on the consumer’s liability for unauthorized transactions (§1005.6) and error resolution procedures (§1005.11) to certain prepaid accounts.
COPPA FAQs
The Federal Trade Commission (FTC) recently updated and streamlined the “Complying with COPPA: Frequently Asked Questions” which can be found here. The FTC has a number of other compliance resources on the topic which can be found here.
As a reminder, the regulation provides that “It shall be unlawful for any operator of a Web site or online service directed to children, or any operator that has actual knowledge that it is collecting or maintaining personal information from a child, to collect personal information from a child in a manner that violates the regulations prescribed under this part.” 16 CFR 312.3
In general, this rule requires that notice be provided on the Web site or online service of what information is collected from children, how it uses such information, and its disclosure practices for such information (§312.4(b)). Further, COPPA requires that verifiable parental consent is obtained prior to any collection, use, and/or disclosure of personal information from children (§312.5). A reasonable means must be provided for a parent to review the personal information collected from a child and to refuse to permit its further use or maintenance (§312.6). COPPA provides that a website cannot condition a child's participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to participate in such activity (§312.7). Finally, COPPA requires website operators to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children (§312.8).
The revised FAQs incorporate guidance reflecting technologies like connected toys and the Internet of Things, the FTC’s Enforcement Policy Statement on COPPA and audio recordings, the YouTube case, the inMobi case, and new methods of verifiable parental consent approved by the FTC. FAQs also answered some questions FTC heard about age gates.
Violating COPPA can have significant consequences – a court can hold operators who violate the Rule liable for civil penalties of up to $43,792 per violation. The amount of civil penalties the FTC seeks or a court assesses may turn on a number of factors, including the egregiousness of the violations, whether the operator has previously violated the Rule, the number of children involved, the amount and type of personal information collected, how the information was used, whether it was shared with third parties, and the size of the company.
Therefore, take the opportunity to review these revised FAQs and other compliance material to make sure your website and other online services are being offered in line with COPPA requirements.
As always, DakCU members may contact Amy Kleinschmit at akleinschmit@dakcu.org with any compliance related questions.