Compliance Corner - October 17, 2012

FSA Times’ Compliance Corner is a resource for financial services auditors to keep up to date on changing regulations and requirements affecting them, as compiled by Steven Stachowicz, a member of Protiviti’s global financial services and regulatory risk consulting practice.


The CFPB’s First Enforcement Action


On July 18, 2012, the Consumer Financial Protection Bureau (CFPB) announced an enforcement action and assessed penalties against a national bank alleging deceptive marketing practices of ancillary products and services offered to customers opening new credit card accounts. The CFPB found that the consumers were misled regarding the benefits of these products (and their eligibility to receive such benefits), misinformed about the cost, and, in some cases, enrolled without their consent.  


Because the CFPB has identified these ancillary credit products as an area of focus, institutions and their service providers should be aware of the CFPB’s expectations, including:


  • Marketing materials should reflect actual product terms and conditions in a non-misleading manner.

  • Employees (and vendors) should be compensated in a way that avoids incentives to provide inaccurate information about ancillary products or services.

  • Call scripts and manuals should be developed that must be followed by personnel (and vendors) without exception, and accurately state the terms, conditions, and material limitations of, and eligibility for, the benefits of the ancillary product or service offered.

  • Affirmative consent from a customer must be obtained before enrolling that customer into an ancillary product or service.

  • The offer of credit should not be contingent upon the purchase of an ancillary product or service. 


The CFPB also expects that institutions will implement appropriate compliance policies and internal controls, including independent internal audits, to govern such ancillary programs and prevent potential instances of unfair, deceptive, or abusive acts or practices. 


Proposed Mortgage Servicing Requirements


On Aug. 10, 2012, the CFPB proposed rules related to mortgage servicing. Certain rules were mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act and require that servicers:


  • Provide clear billing statements monthly to mortgage customers. 

  • Provide new disclosures to consumers in advance of the first rate adjustment on their loan, as well notices of subsequent rate adjustments earlier than existing timeframes under the Truth in Lending Act.

  • Provide notice to consumers in advance of forcibly placing hazard insurance on a borrower for whom the servicer has a reasonable basis to believe that the existing coverage has lapsed.

  • Promptly credit payments received from borrowers, generally on the day of receipt. 

  • Respond timely and completely to borrower information requests or complaints of errors, whether received verbally or in writing.


In addition, the CFPB proposed additional rules not mandated by Dodd-Frank, in response to perceived mortgage loan servicing-related abuses, requiring servicers to:


  • Establish reasonable policies and procedures to 1) facilitate providing timely and accurate information to borrowers, the courts, and internal personnel regarding loss mitigation activities, and 2) ensure that loss mitigation applications (including customer appeals of any denials) are reasonably evaluated and customers notified timely before proceeding with a foreclosure sale.

  • Make good faith efforts to notify delinquent borrowers of loss mitigation options.

  • Provide delinquent borrowers with access to dedicated contact personnel for loss mitigation proceedings.


The comment period for these proposed rules ends Oct. 9, 2012. The rules are likely to be finalized by the CFPB by January 2013 with compliance mandatory sometime in 2013. Institutions and their internal auditors should evaluate their current mortgage loan servicing practices and evaluate the impact that these proposed rules would likely have on their operations and their overall readiness to implement such requirements when the time comes. 


Readying for the New International Remittance Transfers Rule


Effective Feb. 7, 2013, U.S. consumers who send electronic transfers of funds to recipients internationally (whether through a bank or a non-bank provider) must be provided certain new disclosures and other protections under an amendment by the CFPB to its Regulation E, including:


  • New Disclosures. Consumers must be provided with new disclosures before paying for a remittance transfer and then provided a receipt when the transaction is completed. The prepayment disclosure must include the transfer amount, any fees and taxes (whether imposed by the provider or any other person), the exchange rate, and the amount that the recipient will receive. The receipt disclosure also must include the date that the funds will be available to the recipient and the consumer’s right to cancel the transaction or assert any errors. 

  • Cancellation. Consumers may request to cancel their remittance transfers within 30 minutes after paying for the transfer. A full refund must be made by the provider to the consumer within three business days of the request. 

  • Error Resolution. Within a 180-day period after the funds are made available to the recipient, consumers may provide notice of any error to the provider of the remittance transfer. The regulation establishes specific error resolution procedures for the provider to follow. In general, providers must investigate whether any errors occurred within 90 days of receiving notice. 


The CFPB provides a “safe harbor” exemption to the above requirements for institutions that provide less than 100 remittance transfers in the current and previous year, and a phase-in timeframe for institutions that begin offering such services more frequently. Internal auditors should evaluate their institution’s strategy and readiness to either implement these new requirements or monitor such activity to stay within the applicable exemptions. 


Expectations for Monitoring Correspondent Accounts


As recent events have shown, correspondent accounts established by U.S. banks for foreign financial institutions may pose significant money laundering and sanctions risks. Although much of the attention has been focused on correspondent clearing activities (i.e., the use of an institution’s correspondent services to clear transactions on the behalf of a customer’s own client base), the USA PATRIOT Act defines such accounts more broadly. Important considerations for U.S. banks offering such accounts include: 


  • Customer Acceptance. The extent of due diligence required should be based upon consideration of the risk of the product being offered, the jurisdictions (and relative strength of anti-money laundering (AML) laws/regulations) in which the customer operates, the customer’s own record of AML compliance, and even the correspondent customer’s own customers.  
  • Account Monitoring. The bank’s procedures should address how specific correspondent banking activities will be monitored and how correspondent relationships will be evaluated, especially upon detection of suspicious activity. 
  • Ongoing Due Diligence. Customer risk profiles should be updated on a risk-based schedule, especially when information from the correspondent customer is not forthcoming or significant operational and managerial changes for the customer are detected.  
  • Internal Roles and Responsibilities. The bank’s compliance function should have sufficient authority to mandate adherence to AML and escalate appropriately sanctions standards and conflicts with business line personnel. 

As part of an independent evaluation of its institution’s AML program, internal auditors should evaluate the correspondent banking activities for compliance with applicable legal and regulatory requirements as well as internal policies and procedures. 



Previous Compliance Corner topics can be viewed here.