Compliance Corner - October 9, 2013
Compiled by John Atkinson, Steven Stachowicz, Nina Miller, and Kyle Cieszkiewicz, members of Protiviti’s global financial services and regulatory risk consulting practices. FSA Times’ Compliance Corner is a resource for financial services auditors to keep up to date on changing regulations and requirements affecting internal audit.
Responsible Business Conduct Guidelines
Many financial institutions grapple with concerns about what to do when compliance issues are identified internally, how to correct deficiencies and remediate affected customers, and when — if ever — to notify their regulators of the situation. While feeling that they are doing the right thing by addressing the issue, many institutions worry about additional penalties and actions from their regulators once notified.
On June 25, 2013, the Consumer Financial Protection Bureau (CFPB) issued guidance encouraging its supervised financial institutions to engage meaningfully in activities that could mitigate the severity of potential CFPB enforcement, including:
- Regular, robust self-policing, such as thorough internal auditing, to detect early potential violations of consumer financial laws.
- Prompt and complete self-reporting of internally-identified issues to the CFPB.
- Full remediation of consumers affected by the issue and actions to correct the underlying deficiencies that gave rise to the remediation.
- Cooperation with the CFPB as it conducts its own discovery efforts through its examination and enforcement processes.
Such activities are meant to benefit consumers and contribute to the success of the CFPB’s mission to protect consumers. While the CFPB cautions that such conduct may not eliminate further enforcement activities, it may warrant favorable consideration depending on the specific facts and circumstances.
Internal auditors should be aware of their unique role in assisting their organizations in engaging in responsible business conduct. They should review their institution’s processes and standards for self monitoring; issue identification and tracking, corrective action, and remediation processes for completeness and consistency; and test periodically to validate reasonable adherence to such standards.
CFPB Guidance on Indirect Auto Lending
On March 21, 2013, the CFPB issued guidance regarding compliance with the Equal Credit Opportunity Act (ECOA) and indirect auto lending. Indirect auto lending refers to situations in which customers apply for credit through an auto dealer, who “shops” the application to prospective indirect auto lenders for purchase. Lenders that agree to purchase the retail installment contract will establish, among other things, a buy rate that sets the minimum interest rate to be charged to the consumer. The rate can be increased (or marked up) by the dealer, increasing the cost to the consumer and the dealer’s compensation.
The CFPB clarified that indirect auto lenders are considered to be creditors under ECOA and as such are subject to fair lending requirements and liable for potential discrimination, including any pricing disparities caused by mark-up and compensation policies. To mitigate fair lending risks, the CFPB recommends that financial institutions impose controls and revise dealer mark up and compensation policies to prevent and enhance internal monitoring programs to detect and address pricing disparities that occur on a prohibited basis (e.g., race, gender, ethnicity). Alternatively, the CFPB suggests that financial institutions eliminate discretionary pricing and adopt other pricing mechanisms, such as flat-fee pricing, to prevent potential discrimination.
In all cases, the CFPB recommends that lenders develop robust fair lending compliance management programs that address indirect auto lending arrangements. Internal auditors should review their institution’s oversight of fair lending requirements to validate that appropriate controls exist to mitigate fair lending risks associated with indirect auto lending relationships.
Foreign Tax Compliance and FATCA
The Foreign Account Tax Compliance Act (FATCA), enacted in 2010, is designed to combat tax evasion by U.S. taxpayers hiding money in offshore accounts. FATCA takes a two-prong approach to fighting tax evasion by imposing new requirements on two primary groups: 1) U.S. taxpayers holding financial assets outside of the United States and 2) foreign financial institutions (FFIs) that maintain accounts for U.S. taxpayers. U.S. financial institutions also have obligations under FATCA, albeit not as onerous as those imposed on FFIs.
FFIs have a requirement to register with the U.S. Internal Revenue Service and agree to comply with FATCA’s requirements or face a withholding penalty of 30 percent on U.S. sourced income. All financial institutions have requirements under FATCA for customer due diligence and identification of U.S. taxpayers, recordkeeping, reporting, and withholding.
Financial institution auditors should assess FATCA’s applicability to their organizations and develop a multi-year audit plan accordingly, as FATCA’s effective dates are staggered over several years (several provisions of which have already become effective). These audit plans will need to address, at a minimum, governance to assess oversight and assignment of responsibilities; IT support to evaluate recordkeeping and reporting capabilities; customer due diligence processes to verify adherence to identification requirements; and required reporting to test for accuracy and timeliness.
Fair Lending and the Repeal of DOMA
On June 26, 2013, the U.S. Supreme Court declared unconstitutional section 3 of the Defense of Marriage Act of 1996 (DOMA), which defined marriage as a contract between a man and a woman and blocked federal recognition of same-sex marriages and provision of federal benefits and certain legal protections to same-sex couples married legally and residing in certain states. Among the numerous impacts of this ruling is the effect on fair lending requirements associated with the provision of consumer financial products and services.
Existing fair lending statutes, such as the Fair Housing Act (FHA) and the ECOA, do not prohibit discrimination based on sexual orientation or gender identity. In 2012, the Department of Housing and Urban Development implemented rules to expand coverage of, and provide equal access to, its core program and requirements to lesbian, gay, bisexual, and transgender individuals, making it illegal, for example, for an FHA-insured lender to deny an application based on the actual or perceived sexual orientation or marital status of the applicants. Given that the FHA and ECOA do prohibit discrimination based on marital status, the Supreme Court ruling has the effect of requiring individuals in same-sex marriages in certain states to be recognized as married and partners referred to as “spouses” for lending purposes. Institutions should be prepared to address issues related to underwriting, property titling, applicant information collection, and self-evaluation of lending practices.
Internal auditors should be aware of the implications of this ruling, and evaluate how their institutions have addressed these changes. For instance, updates may be required to internal policies and procedures and training provided to lending personnel to complete paperwork appropriately, underwrite applications consistently, and recognize which marriages in which jurisdictions such protections apply. Additionally, compliance self-assessment and monitoring programs may require adjustment to ensure adherence to these requirements.