ARTICLE
Compliance Update with Amy K by Amy Kleinschmit, Chief Compliance Officer FCU Feedback Needed – If Applicable Alicia K. Schmitz, Associate Director of Advocacy for Projects and Strategy, with the Credit Union National Association (CUNA) has put out a call for feedback. “We would like to put out another call for stories and/or examples of poor member behavior that would benefit from the passage of the Credit Union Governance Modernization Act. This bill would create a process for a credit union to expel a member who engages in egregious, dangerous, or illegal conduct. It is set to be marked-up in the House Financial Services Committee early next week and the committee has asked us for examples to share during the mark-up as they consider this legislation and its importance to credit unions. Please send your examples to Abby Gunderson-Schwarz at AGundersonSchwarz@cuna.coop. Here is an example shared by the Minnesota CUs so you know generally what we are looking for. Example During a period of two years, this member acted inappropriately whenever he came into the credit union. He insisted on seeing specific female employees and when they were busy, he would wait or then call them. The member made very inappropriate comments and discussion to more than one employee. The member would come by employee cubes just to see if they were there and with another member, using the excuse that he needed a drink of water or had to use the restroom. The member was seen going out to his car a few times near days end, removing his shirt and sitting on the open trunk of his car writing down what was thought to be the license plate numbers of certain female employees as they left for the day. Our employees felt uncomfortable with the comments and attention, and then threatened when the member started carrying a knife in his belt whenever he came into the credit union. FREE NCUA Webinar: Consumer Compliance and Fair Lending The National Credit Union Administration (NCUA) will be hosting a free webinar on December 1 regarding consumer compliance and fair lending. The link to register can be found here. Topics covered during this webinar will include: 2022 Consumer Compliance Exam Scope Activities; Fair lending updates; Observations on 2021 Consumer Compliance Exam Scope Activities; and Regulatory updates, including the rule on capitalizing unpaid interest and the 2021 COVID-19 Temporary Mortgage Servicing Rule. NCUA Letter to Credit Unions (21-CU-03) Subordinated Debt The NCUA has issued a letter to credit unions regarding its subordinated debt rule that will become effective January 1, 2022. This letter can be found here. The letter stresses that, “any issuances of secondary capital not completed by January 1, 2022, will be subject to the requirements of the final rule. Any low-income designated credit union that does not complete its secondary capital issuance by the above mentioned date will be required to be approved under the final rule, if such low-income credit union seeks to issue subordinated debt.” The small exception is a proposed rule still under consideration relating to issuances to the United States government or one of its subdivisions. CFPB Advisory Opinion – FCRA The Consumer Financial Protection Bureau (CFPB) recently issued an advisory opinion regarding Fair Credit Reporting – Name Only Matching Procedures, which can be found here. This relates to stemming inaccuracies in consumer reports. The CPFB reports that “Consumer complaints received by the Bureau reflect significant consumer concern about inaccuracies in consumer reports. Complaints about ‘incorrect information on your report’ have represented the largest percentage of consumer complaints received by the Bureau regarding credit or consumer reporting each year for at least the last five years. In 2020 alone, companies provided responses to more than 191,000 such complaints, which represents approximately 68 percent of credit or consumer reporting complaints responded to by companies that year.” The advisory opinion notes that “name-only matching” is particularly likely to lead to inaccuracies in consumer reports. As its name suggests, name-only matching is a process where the consumer reporting agency only uses first and last name to determine whether a particular item of information relates to a particular consumer, without using other personally identifying information such as address, date of birth, or Social Security number. The advisory opinion concludes that “consumer reporting agencies that use name-only matching violate FCRA section 607(b).” Leading to the CFPB to also observe, “in preparing consumer reports, consumer reporting agencies may obtain information from a data broker, database, or other source that does not have or use identifying information other than consumers’ names. It is not a reasonable procedure for the consumer reporting agency to simply include information from such sources in a consumer’s report without taking additional steps to match the information to the consumer who is the subject of the report, such as consulting other databases or sources of information that contain additional identifying information.” FinCEN – Advisory on Ransomware The Financial Crimes Enforcement Network (FinCEN) has issued an updated advisory on ransomware that can be found here. This updated advisory identifies new trends and typologies of ransomware and associated payments, including the growing proliferation of anonymity-enhanced cryptocurrencies (AECs) and decentralized mixers. Credit unions should review this advisory to be aware of red flags that are discussed to be able to detect, prevent and report these suspicious transactions. Processing ransomware payments is typically a multi-step process that involves at least one depository institution and one or more entities directly or indirectly facilitating victim payments, including money services businesses. As stressed in the updated advisory - It is critical that financial institutions identify and immediately report any suspicious transactions associated with ransomware attacks. For purposes of meeting a financial institution’s SAR obligations, FinCEN and law enforcement consider suspicious transactions involving ransomware attacks to constitute “situations involving violations that require immediate attention.” Financial institutions wanting to report suspicious transactions related to recent or ongoing ransomware attacks should contact FinCEN’s Financial Institution Hotline at 1-866-556-3974. Financial institutions must subsequently file a SAR using FinCEN’s BSA E-filing System, providing as much of the relevant details around the activity as available at that time. A good read - Compliance Outlook Newsletter The newest issue of the Compliance Outlook newsletter has been posted by the Federal Reserve and can be found here. These newsletters provide nice summaries and reminders on various compliance topics. Leading this issue is a discussion on mortgage servicer’s obligations under Regulation X to respond to notices of error and requests for information. The article includes a couple nice visuals to help with compliance – one listing all the “covered errors”; another table discussing investigation time frames; and finally a breakdown of completing the investigation. Another good article to review in the newsletter is the discussion of federal consumer privacy and security laws. Obviously, member privacy is a top priority for all credit unions. This is a nice discussion of the layers of different privacy and security regulations that exist so credit unions can make sure they stay compliant. Attorney Conference for the Non-Attorney Thank you to everyone who have tuned in for the first two sessions of the Attorney Conference for the Non-Attorney webinars. The final webinar is scheduled for Tuesday, January 11, 2022 and registration can be found here. Credit unions face many regulatory changes and are burdened with the challenges of maintaining compliance with these changes. This session explores several hot button regulatory issues. Several of the topics include: Cannabis banking; Regulation E – Electronic payment: Who is liable?; Consumer privacy and data; and Cybersecurity. This series is made possible thanks to our sponsor Husch Blackwell and the collaborative efforts of the Minnesota Credit Union Network, Heartland Credit Union Association, Illinois Credit Union League, Iowa Credit Union League, Montana Credit Union League, Dakota Credit Union Association, Nebraska Credit Union League, and Wisconsin Credit Union League. As always, DakCU members may contact Amy Kleinschmit at akleinschmit@dakcu.org with any compliance related questions.
Compliance Update with Amy K
by Amy Kleinschmit, Chief Compliance Officer
FCU Feedback Needed – If Applicable
Alicia K. Schmitz, Associate Director of Advocacy for Projects and Strategy, with the Credit Union National Association (CUNA) has put out a call for feedback.
“We would like to put out another call for stories and/or examples of poor member behavior that would benefit from the passage of the Credit Union Governance Modernization Act. This bill would create a process for a credit union to expel a member who engages in egregious, dangerous, or illegal conduct. It is set to be marked-up in the House Financial Services Committee early next week and the committee has asked us for examples to share during the mark-up as they consider this legislation and its importance to credit unions.
Please send your examples to Abby Gunderson-Schwarz at AGundersonSchwarz@cuna.coop. Here is an example shared by the Minnesota CUs so you know generally what we are looking for.
Example During a period of two years, this member acted inappropriately whenever he came into the credit union. He insisted on seeing specific female employees and when they were busy, he would wait or then call them. The member made very inappropriate comments and discussion to more than one employee. The member would come by employee cubes just to see if they were there and with another member, using the excuse that he needed a drink of water or had to use the restroom.
The member was seen going out to his car a few times near days end, removing his shirt and sitting on the open trunk of his car writing down what was thought to be the license plate numbers of certain female employees as they left for the day.
Our employees felt uncomfortable with the comments and attention, and then threatened when the member started carrying a knife in his belt whenever he came into the credit union.
FREE NCUA Webinar: Consumer Compliance and Fair Lending
The National Credit Union Administration (NCUA) will be hosting a free webinar on December 1 regarding consumer compliance and fair lending. The link to register can be found here.
Topics covered during this webinar will include: 2022 Consumer Compliance Exam Scope Activities; Fair lending updates; Observations on 2021 Consumer Compliance Exam Scope Activities; and Regulatory updates, including the rule on capitalizing unpaid interest and the 2021 COVID-19 Temporary Mortgage Servicing Rule.
NCUA Letter to Credit Unions (21-CU-03) Subordinated Debt
The NCUA has issued a letter to credit unions regarding its subordinated debt rule that will become effective January 1, 2022. This letter can be found here. The letter stresses that, “any issuances of secondary capital not completed by January 1, 2022, will be subject to the requirements of the final rule. Any low-income designated credit union that does not complete its secondary capital issuance by the above mentioned date will be required to be approved under the final rule, if such low-income credit union seeks to issue subordinated debt.” The small exception is a proposed rule still under consideration relating to issuances to the United States government or one of its subdivisions.
CFPB Advisory Opinion – FCRA
The Consumer Financial Protection Bureau (CFPB) recently issued an advisory opinion regarding Fair Credit Reporting – Name Only Matching Procedures, which can be found here.
This relates to stemming inaccuracies in consumer reports. The CPFB reports that “Consumer complaints received by the Bureau reflect significant consumer concern about inaccuracies in consumer reports. Complaints about ‘incorrect information on your report’ have represented the largest percentage of consumer complaints received by the Bureau regarding credit or consumer reporting each year for at least the last five years. In 2020 alone, companies provided responses to more than 191,000 such complaints, which represents approximately 68 percent of credit or consumer reporting complaints responded to by companies that year.”
The advisory opinion notes that “name-only matching” is particularly likely to lead to inaccuracies in consumer reports. As its name suggests, name-only matching is a process where the consumer reporting agency only uses first and last name to determine whether a particular item of information relates to a particular consumer, without using other personally identifying information such as address, date of birth, or Social Security number.
The advisory opinion concludes that “consumer reporting agencies that use name-only matching violate FCRA section 607(b).”
Leading to the CFPB to also observe, “in preparing consumer reports, consumer reporting agencies may obtain information from a data broker, database, or other source that does not have or use identifying information other than consumers’ names. It is not a reasonable procedure for the consumer reporting agency to simply include information from such sources in a consumer’s report without taking additional steps to match the information to the consumer who is the subject of the report, such as consulting other databases or sources of information that contain additional identifying information.”
FinCEN – Advisory on Ransomware
The Financial Crimes Enforcement Network (FinCEN) has issued an updated advisory on ransomware that can be found here. This updated advisory identifies new trends and typologies of ransomware and associated payments, including the growing proliferation of anonymity-enhanced cryptocurrencies (AECs) and decentralized mixers.
Credit unions should review this advisory to be aware of red flags that are discussed to be able to detect, prevent and report these suspicious transactions. Processing ransomware payments is typically a multi-step process that involves at least one depository institution and one or more entities directly or indirectly facilitating victim payments, including money services businesses.
As stressed in the updated advisory - It is critical that financial institutions identify and immediately report any suspicious transactions associated with ransomware attacks. For purposes of meeting a financial institution’s SAR obligations, FinCEN and law enforcement consider suspicious transactions involving ransomware attacks to constitute “situations involving violations that require immediate attention.” Financial institutions wanting to report suspicious transactions related to recent or ongoing ransomware attacks should contact FinCEN’s Financial Institution Hotline at 1-866-556-3974. Financial institutions must subsequently file a SAR using FinCEN’s BSA E-filing System, providing as much of the relevant details around the activity as available at that time.
A good read - Compliance Outlook Newsletter
The newest issue of the Compliance Outlook newsletter has been posted by the Federal Reserve and can be found here.
These newsletters provide nice summaries and reminders on various compliance topics. Leading this issue is a discussion on mortgage servicer’s obligations under Regulation X to respond to notices of error and requests for information. The article includes a couple nice visuals to help with compliance – one listing all the “covered errors”; another table discussing investigation time frames; and finally a breakdown of completing the investigation.
Another good article to review in the newsletter is the discussion of federal consumer privacy and security laws. Obviously, member privacy is a top priority for all credit unions. This is a nice discussion of the layers of different privacy and security regulations that exist so credit unions can make sure they stay compliant.
Attorney Conference for the Non-Attorney
Thank you to everyone who have tuned in for the first two sessions of the Attorney Conference for the Non-Attorney webinars. The final webinar is scheduled for Tuesday, January 11, 2022 and registration can be found here.
Credit unions face many regulatory changes and are burdened with the challenges of maintaining compliance with these changes. This session explores several hot button regulatory issues. Several of the topics include: Cannabis banking; Regulation E – Electronic payment: Who is liable?; Consumer privacy and data; and Cybersecurity.
This series is made possible thanks to our sponsor Husch Blackwell and the collaborative efforts of the Minnesota Credit Union Network, Heartland Credit Union Association, Illinois Credit Union League, Iowa Credit Union League, Montana Credit Union League, Dakota Credit Union Association, Nebraska Credit Union League, and Wisconsin Credit Union League.
As always, DakCU members may contact Amy Kleinschmit at akleinschmit@dakcu.org with any compliance related questions.