Regulatory Compliance Digest | May 2023

calendar iconMay 24, 2023

The May issue of the Regulatory Compliance Digest features a summary of the latest on the FDIC’s Consumer Compliance Supervisory Highlights, OCC Overdraft Protection Programs updates and several guidance updates from the CFPB. In addition, the Digest summarizes the latest compliance updates that may impact your institution.

The Regulatory Compliance Digest is intended to keep you informed of regulatory changes in advance of their effective date so your institution can evaluate changes or updates to necessary policies, procedures and processes in place to be compliant at the time of enactment. Information and links contained in this Digest are not intended to provide specific advice or guidance. You should consult your professional services provider in connection with matters affecting your institutions interests.

Industry Trends & Insights

“How To” Guide for Remediating Recent Examination Observations

On April 5, 2023, the FDIC issued its Consumer Compliance Supervisory Highlights publication, highlighting hot topics observed in the industry and through recent examinations. Compliance is dynamic, making it a challenge for compliance officers and banking executives to manage. It is important to periodically review and update your compliance program to ensure it targets high-risk areas and hot topics that could impact your financial institution. It is never too early to prepare for your next examination.

Let’s discuss the findings and how you can take action:

  • TRID: TRID disclosures continue to present a challenge to financial institutions. Recent examinations have found that the closing disclosure is not being completed accurately as required by TILA/Regulation Z: 15 U.S.C § 1604 of TILA and section 1026.38(f).
    • Action Plan: Ensure that your current Loan Originations System/Software (LOS) is properly mapped. Oftentimes we see issues with fees and information that is not hard coded and requires human input. The process and output should also be reviewed and validated any time there is a software upgrade to ensure continued compliance. Implement a second review or quality control process for review of the closing disclosure before it is provided to the consumer. This will aid in the detection of isolated issues, as well as systemic issues resulting from changes to technology, staffing and process.
  • UDAAP and Representment Fees: Recent examinations have identified that when financial institutions charged multiple non-sufficient funds (NSF) fees for the representment of the same transaction, disclosures did not fully or clearly describe the financial institution’s representment practice, including an explanation that the same unpaid transaction might result in multiple NSF fees if an item was presented more than once.
    • Action Plan: Take the opportunity to review your current policy and practice regarding representments and NSF fees. This is a good time to make changes or update your program.  Ensure that the disclosure is updated to reflect your current practice. Also update the fee schedule. Ensure that your system is charging fees as disclosed. Remember, notify your customer if they will be adversely impacted and, if not adversely impacted by the change, consider notice as a customer service measure. Lastly, train applicable staff on any changes made with the program, disclosure or fees so that they can communicate accurate and meaningful information to the consumer.
  • Flood Insurance: The FDPA requires adequate flood insurance be in place at the time a covered loan is made, increased, extended or renewed.
    • Action Plan: Review your flood policy and procedures to ensure they clearly indicate flood coverage requirements for all types (consumer and commercial) of real estate secured loans. In addition, if you are taking real estate collateral as an abundance of caution, flood insurance is still required. If securing with a UCC on contents, flood is required on the items named in the UCC.  Also, the private insurance requirements under the Biggert-Waters amendment should be addressed in your policy and a process should be in place to evaluate private flood insurance.  Provide training to staff regularly to ensure compliance. Remember that flood coverage is not just applicable to origination, but also must be in place during the life of the loan. The institution has an obligation to force place, should coverage lapse for any reason during the life of the loan.
  • Regulation E Error Resolution: We see weaknesses in this process quite frequently form logging and documentation, investigation timelines and remediation. The EFTA/Regulation E requires that a financial institution to investigate allegations of electronic fund transfer errors, determine whether an error occurred, report the results to the consumer and correct the error within certain timeframes.
    • Action Plan: The secrets to compliance in this area are robust procedures and detailed documentation. Policies and procedures should clearly define a Regulation E error and include specific detail of timelines from error notice through investigation, remediation and final communication to the customer. Recordkeeping and documentation should be sufficiently detailed to ensure that compliance timelines are met and should be retained to demonstrate compliance. Third parties used to facilitate error resolution and investigation must have adequate oversight. Ultimately, the financial institution is responsible for third party claim processing.  Consider implementing a second review or quality control process. Training is a must for staff with responsibilities for this process. Also, consider how error claims are being received from customers (through the branches, through online banking, through your website or social media) and ensure that these avenues are incorporate into the process.
  • Deposit Account Disclosures: TISA/Regulation DD sets forth timing and content requirements for deposit account disclosures. Disclosures must be provided at account opening and should clearly reflect the account features including balance requirements, annual percentage yield computation, interest rates, fees, limitations, term and other restrictions applicable to that particular account type.
    • Action Plan: Review your account disclosures by product type for accuracy. Does the disclosure match how the product is set up in your core? Be particularly alert to calculations used for APY, interest calculation methods (daily balance versus average daily balance) and fee assessment. Often, changes are made to a product that may or may not be reflected in either the disclosure or the core. Also consider how you are opening new accounts (in person, online) and ensure that disclosures are provided timely and accurately. Training staff who will be opening accounts or discussing account features with consumer in detail, including branch and call center staff.  Consider implementing a “secret shopper” program to monitor branches and call centers for compliance. For disclosures provided electronically, remember E-SIGN requirements.  Remember, any product changes negatively impacting the consumer require notice prior to the change. Finally, ensure that products featured in advertisements and on the financial institution’s website accurately disclose account parameters and include applicable annual percentage rates for all tiers.

To view the recent issue of this publication, read the FDIC’s Consumer Compliance Supervisory Highlights.

Overdraft Protection Programs: Risk Management Practices

On April 26, 2023, the OCC issued a bulletin for banks to address the risks associated with overdraft protection programs. Overdraft protection programs can present a variety of risks, including compliance, operational, reputation and credit risks. Specifically, this bulletin discusses certain practices that may present heightened risk of violating prohibitions against unfair or deceptive acts or practices.

The bulletin also describes practices that may assist banks with managing overdraft protection program risks. When supported by appropriate risk management practices, overdraft protection programs may assist some consumers in meeting short-term liquidity and cash-flow needs. The OCC recognizes that some banks have announced changes to their overdraft protection programs that may be consistent with appropriate risk management practices.

This bulletin’s focus is consistent with the OCC’s mission to ensure that banks operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations. This bulletin also furthers the OCC’s support for innovation by banks to meet the evolving needs of consumers, businesses and communities. This bulletin:

  • Provides background information on overdraft protection programs.
  • Addresses certain practices that may result in heightened risk exposure, including the risk of violating Section 5 of the Federal Trade Commission (FTC) Act (Section 5), which prohibits unfair or deceptive acts or practices, and Section 1036 of the Consumer Financial Protection Act of 2010, which prohibits unfair, deceptive or abusive acts or practices. These practices include:
    • Assessing overdraft fees on debit card transactions that are authorized when a consumer’s available account balance is positive, but later post to the account when the available balance is negative, also referred to as “authorize positive, settle negative” (APSN).
    • Assessing an additional fee each time a third party resubmits the same transaction for payment after a bank returns the transaction for non-sufficient funds (NSF) (referred to as representment fees).
  • Describes certain practices that may help manage risks associated with overdraft protection programs, including:
    • Assisting consumers in avoiding unduly high costs in relation to the face value of the item being presented, the amount of their regular deposits and their average account balances.
    • Implementing fees and practices that bear a reasonable relationship to the risks and costs of providing overdraft protection program services.

Compliance Updates

Supervisory Guidance on Charging Overdraft Fees for Authorize Positive, Settle Negative Transactions

On April 26, 2023, the FDIC is issued supervisory guidance to its supervised institutions to ensure that they are aware of the consumer compliance risks associated with assessing overdraft fees on transactions that were authorized against a positive balance, but settled against a negative balance (APSN). Highlights include:

  • The guidance expands on an FDIC 2019 Supervisory Highlights article titled “Overdraft Programs: Debit Card Holds and Transaction Processing” by discussing the FDIC’s concerns with both the available and ledger balance methods used by institutions when assessing overdraft fees.
  • FDIC-supervised institutions should be aware of heightened risks of violations of Section 1036(a)(1)(B) of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 and Section 5 of the Federal Trade Commission (FTC) Act when assessing overdraft-related fees on APSN transactions.
  • Unanticipated and unavoidable overdraft fees can cause substantial injury to consumers. Due to the complicated nature of overdraft processing systems and payment system complexities outside the consumer’s control, consumers may be unable to avoid injury.
  • Institutions are encouraged to review their practices regarding the charging of overdraft fees on APSN transactions to ensure customers are not charged overdraft fees for transactions consumers may not anticipate or avoid.
  • Institutions should ensure overdraft programs provided by third parties are compliant with all applicable laws and regulations.

CFPB Issues Guidance To Address Abusive Conduct in Consumer Financial Markets

The Consumer Financial Protection Bureau (CFPB) issued a policy statement that explains the legal prohibition on abusive conduct in consumer financial markets and summarizes over a decade of precedent. The CFPB leads enforcement and supervision efforts to identify and end abusive conduct against consumers. In 2010, in response to the financial crisis, Congress passed the Consumer Financial Protection Act (the Act) and created the prohibition on abusive conduct. The Act tasks the CFPB, federal banking regulators and states with the responsibility to enforce the prohibition, and puts the CFPB in charge of administering it. The policy statement will assist consumer financial protection enforcers in identifying wrongdoing and will help firms avoid committing abusive acts or practices.

In this policy statement, the CFPB sets forth how abusive conduct generally includes: (1) obscuring important features of a product or service, or (2) leveraging certain circumstances—including gaps in understanding, unequal bargaining power or consumer reliance—to take unreasonable advantage. In particular, the statement describes how the use of dark patterns, set-up-to-fail business models like those observed before the mortgage crisis, profiteering off captive customers, and kickbacks and self-dealing can be abusive.

CFPB Issues Guidance To Protect Homeowners From Illegal Collection Tactics on Zombie Mortgages

On April 25, 2023, the CFPB issued guidance on debt collectors, covered by the Fair Debt Collection Practices Act, threatening to foreclose on homes with mortgages past the statute of limitations. The advisory opinion clarifies that a covered debt collector who brings or threatens to bring a state court foreclosure action to collect a time-barred mortgage debt may violate the Fair Debt Collection Practices Act and its implementing regulation. A time-barred debt is one whose statute of limitations has expired. The CFPB has issued its advisory opinion in light of a series of actions by debt collectors attempting to foreclose on silent second mortgages, also known as zombie mortgages, that consumers thought were satisfied long ago and that may be unenforceable in court.

CFPB and Federal Partners Confirm Automated Systems and Advanced Technology Not an Excuse for Lawbreaking Behavior

Four federal agencies jointly pledged to uphold America’s commitment to the core principles of fairness, equality and justice as emerging automated systems, including those sometimes marketed as “artificial intelligence” or “AI,” have become increasingly common in our daily lives – impacting civil rights, fair competition, consumer protection and equal opportunity.

The Civil Rights Division of the United States Department of Justice, the Consumer Financial Protection Bureau, the Federal Trade Commission and the U.S. Equal Employment Opportunity Commission released a joint statement outlining a commitment to enforce their respective laws and regulations.

All four agencies have previously expressed concerns about potentially harmful uses of automated systems and resolved to vigorously enforce their collective authorities and to monitor the development and use of automated systems.

The joint statement follows a series of CFPB actions to ensure advanced technologies do not violate the rights of consumers. Specifically, the CFPB has taken steps to protect consumers from:

  • Black Box Algorithms: In a May 2022, circular the CFPB advised that when the technology used to make credit decisions is too complex, opaque or new to explain adverse credit decisions, companies cannot claim that same complexity or opaqueness as a defense against violations of the Equal Credit Opportunity Act.
  • Algorithmic Marketing and Advertising: In August 2022, the CFPB issued an interpretive rule stating when digital marketers are involved in the identification or selection of prospective customers or the selection or placement of content to affect consumer behavior, they are typically service providers under the Consumer Financial Protection Act. When their actions, such as using an algorithm to determine who to market products and services to, violate federal consumer financial protection law, they can be held accountable.
  • Abusive Use of AI Technology: Earlier this month, the CFPB issued a policy statement to explain abusive conduct. The statement is about unlawful conduct in consumer financial markets generally, but the prohibition would cover abusive uses of AI technologies to, for instance, obscure important features of a product or service or leverage gaps in consumer understanding.
  • Digital Redlining: The CFPB has prioritized digital redlining, including bias in algorithms and technologies marketed as AI. As part of this effort, the CFPB is working with federal partners to protect homebuyers and homeowners from algorithmic bias within home valuations and appraisals through rulemaking.
  • Repeat Offenders’ Use of AI Technology: The CFPB proposed a registry to detect repeat offenders. The registry would require covered nonbanks to report certain agency and court orders connected to consumer financial products and services. The registry would allow the CFPB to track companies whose repeat offenses involved the use of automated systems.

Home Mortgage Disclosure Act: FFIEC’s 2023 ‘A Guide To HMDA Reporting: Getting It Right!’

On April 13, 2023, The Office of the Comptroller of the Currency (OCC) is announcing the issuance of the Federal Financial Institutions Examination Council’s (FFIEC) revised “A Guide to HMDA Reporting: Getting It Right!” (2023 guide). The 2023 guide provides resources to help banks comply with the Home Mortgage Disclosure Act (HMDA) and Regulation C, its implementing regulation (12 CFR 1003).

The 2023 guide reflects a technical amendment to the 2020 HMDA rule to adjust the loan volume thresholds effective January 1, 2023, for reporting HMDA data on closed-end mortgage loans.

Have Questions?

If you would like to discuss any compliance matters for your institution, please contact your Cherry Bekaert Advisor or reach out to the Firm’s Risk Advisory regulatory compliance team today.

Have Questions? Contact Us


External links to other websites outside of are being provided as a convenience and for informational purposes only. The links do not constitute an endorsement or an approval by Cherry Bekaert of any of the information, products, services or opinions of the organization or individual. Cherry Bekaert bears no responsibility for the accuracy, legality or content of the external websites or for that of subsequent links. Contact the external website for answers to questions regarding its content.