Avoiding the five most common compliance violations
On a regular basis, the banking regulators publish information about the most commonly cited compliance violations. The purpose of these pronouncements is to note areas in compliance programs that might need resources and attention, and also to announce areas of emphasis for the upcoming year. Compliance staff would be well advised to pay attention as they deploy their resources for 2016.
As regulators develop plans for examinations, they use a risk rating process to highlight areas of the greatest risk. Using this approach, regulators will most certainly look at the areas that have most often been cited in the past for failures as a starting point for their evaluations.
Based on the most recent set of regulatory publications, here are the current top five regulatory concerns:
Home Mortgage Disclosure Act (Regulation C); incorrect data collection and errors in entry. Specific problems noted by the regulators included rate spread calculation, the action taken date, the property location and the applicant’s data. The most-cited root cause of this violation is the common practice of using data collection sheets to prepare the Loan Application Register, which is the document that is submitted to the regulators. Having staff view actual loan files should improve accuracy and help avoid this problem.
Equal Credit Opportunity Act (Regulation B); spousal signatures required in contravention of the regulatory requirements. The general rule is that a bank cannot require the signature of a spouse on an individual application if the applicant is creditworthy on their own. In numerous cases, banks made a practice of requiring spousal signatures on commercial loan applications because of a “blanket” practice of asking for such signatures. Training and regular quality control testing is an effective tool to avoid this problem.
Flood Insurance Rules (Regulation H); failure to obtain adequate flood insurance and failure to force place insurance in a timely manner. The amount of flood insurance purchased is often inadequate due to misunderstandings of structures that should and should not be covered. Confusion also exists about the proper time for notifying a customer that insurance will be force placed and then actually placing that insurance.
Most of these violations will go away under the new flood rules that will take effect in January 2016. The best practice here is to become familiar with the new rules, which also harbor potential violations.
Unfair Deceptive Abusive Acts or Practices Act (UDAAP); failure to fully disclose fees associated with overdrafts, deposit accounts and loan fees. In each case noted by regulators, complete disclosures were not given to the customer, who in turn could not achieve a full understanding of the costs of the product. The best practice is to always disclose the worst case scenario to the customer. The consumer must understand the upper cost limits of the product that they are considering. It also helpful to look for large increases in fees from one product in a reporting period; such increases are a key “red flag” for regulators considering possible UDAAP violations.
Bank Secrecy Act; failure to properly monitor high risk accounts. In particular, accounts for money service businesses were often cited for lack of comprehensive analysis. It is important for institutions to fully document the activities of their customers and understand fully how those customers are making money. Conversely, if your staff cannot fully understand the operations of the customer’s business, banking services should be denied.