There have been two significant pieces of recent regulatory guidance that will directly impact the overall administration of your institution’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program. While these two regulations may seem, at first glance, to be unrelated, a more comprehensive review will reveal that they are very much tied together.

As technology has changed, so have the goals of many of the criminals that want to launder money. In addition to drug dealers, there are now terrorists and persons engaging in human trafficking, all of whom are developing ways to hide their cash. Such changes in the criminal schemes being employed have generated changes to the BSA/AML laws designed to improve the overall monitoring of cash and cash equivalent transactions.

Today, no self-respecting banker would consider operating without a full BSA/AML compliance program that includes software that helps bank staff aggregate and monitor transactions of all customers. In addition to possessing such monitoring software, all banks, including community banks, are expected to perform a data and model validation on an annual basis.

Increased Expectations

The OCC and the Federal Reserve issued guidance in 2011 called the “Supervisory Guidance on Model Risk Management.” This document was first thought to deal with only the financial models used for projecting interest rate risk or the allocation of the allowance for loan losses. However, a more complete review of the information included in the guidance reveals increased regulatory expectations in the area of BSA/AML.

The model guidance points out that there are several areas of risk associated with the use of models at a financial institution and many of these risks apply to BSA/AML monitoring software. When the areas of risk are simplified, the two main concerns for BSA software are: that the data that is being collected and loaded into the monitoring system is accurate; and, that the data being collected is sufficient to properly mitigate risk.

To address the first of these two risks, all banks should perform a data validation, which is the process of making sure that the information in your monitoring software is being accurately and completely loaded from your core system. Many banks and vendors believe that once a data validation has been accomplished, there is little need to do another one. If everything checks out and all data is being loaded properly, what is the problem? For one thing, the vendor may make changes to the way the software works through upgrades. Perhaps your bank may change transactions codes as new products are developed. The point is that any changes to the monitoring software or to your core system may change the accuracy and effectiveness of the BSA/AML software.

Because change is constant, it is wise to test data validity on a regular basis. Consider this: if you do find a problem, it will be necessary to go back to the last data validation to determine the extent of the problem. The longer you have waited, the bigger the problem!

For BSA/AML monitoring software, the risk framework means that regulators expect banks to know how their software works as well as the “blind spots” for transactions that may not be completely covered by the way the software operates. The expectations are that your bank will use monitoring software as a tool that is constantly being sharpened and improved. The model validation process is the means to ensure that the software is improving.

The regulatory guidance also makes clear that a critical component of model risk management is output analysis. The output from monitoring software should be reported to senior management on a regular basis, along with information about the actions taken in response to the data. Ultimately, model validation comes down to the overall governance being practiced at a bank. Models are only as effective as the structure in which they are used. The guidance notes that there has to be a governance structure surrounding the use of monitoring software.

High Risk Customers

The guidance that was issued by the FDIC in January of 2015 has the potential to create a second significant shift in the world of BSA/AML compliance. The document is very brief, with the innocuous title “providing banking services.” In it, the FDIC notes that the business of banking and providing banking services has attendant risks and that some level of risk is not only acceptable, but necessary. In other words, the regulators have suggested that it is no longer taboo to have money services businesses (MSBs) and other companies that are considered high risk as customers.

So, does this guidance mean that your bank gets one free “get out of jail card” when it has a risky customer that isn’t being properly identified and monitored? Absolutely not! Reading the guidance together with the FFIEC manual, it is clear that each bank must still establish a robust compliance program in the BSA/AML area. The program should have all of the pillars of any compliance program, including: policies and procedures; training; management reporting and information; and independent audit. Once each of these elements has been established, you have earned the right to decide how you deal with high risk customers.

Putting it all together, it appears that the expectation from the regulators is that all banks will develop complex BSA compliance programs that will include data and model validations of BSA software and complete documentation of decisions to bank high risk customers.

Customer Complaints- Manage Them or the Whole World Will Know!   

 

Customer Complaints are a Part of the Dodd Frank Act:

As many of us are well aware, the Dodd Frank Financial Regulation Act (“Dodd Frank” or the “Act”) introduced sweeping changes to bank regulation.  While many provisions of Dodd Frank were implemented immediately and are at this point well known.  However, there are several provisions that have either not yet been enacted or are less well known.  Among the less well known provisions is section 1034 of the Act.  This section directs the Consumer Financial Protection Bureau (“CFPB”) to develop a national complaint system.  The system is designed to track both the complaints of consumers that use financial products and the responses of the institutions that offer the products.  The compliant system first went live in 2011 when only complaints about credit cards were accepted.  Since that time, the CFPB takes complaints about mortgages, bank accounts and services, private student loans, other consumer loans credit reporting, money transfers, debt collection and payday loans.   Did you know that the complaints that are made against you can be made public?   As of July of 2015, not only will the complaint be public, but the narrative of the complaint can also be published at the customer’s request! While many of the lobbying groups for banks have found this last part abhorrent, we believe that this practice creates an opportunity for improvement.   

The complaint process:

The complaint process is described in the Company Portal Manual that was released by the CFPB in 2011.  The basic process is as follows:

1.       Consumer submits a complaint by web, telephone, mail, or fax to the CFPB, or another agency forwards the complaint to the CFPB.

2.       Consumer Response reviews the complaint for completeness and consistency with* our authority and roll out schedule.

3.       Consumer Response forwards the complaint to the company identified by the consumer via the secure company portal (portal). The goal is to route complaints within 24-48 hours of receipt.

4.       **Company reviews the complaint, communicates with consumer as appropriate, and determines its response and any related actions.

5.       Company responds to Consumer Response via the portal.

6.       Consumer Response invites the consumer to review and evaluate the company’s response by logging into the secure consumer portal or calling the CFPB’s toll-free number.

7.       Consumer Response prioritizes for investigation complaints where the company failed to respond within the requested timeframe or the company’s response is disputed by the consumer[1]

For banks and financial institutions, it is very important to respond in a complete and timely manner to complaints.  The CFPB’s system will track complaints and will show response times as past due in the event that a complete response is not received.  Make sure that your institutions complaint response policies and procedures are up to date! 

When a response is a response

The requirements for a proper response are described in the guidance that was published in June 2013.  The guidance notes that is always up to the institution to decide how best to respond to the customer.  However, it is clear that any response is expected to be completely documented.   For example, if a complaint is about a credit card closing, the documentation that is expected includes the following: 

               Account closings:

• Adverse Action notice, including the reasons for the adverse action *

• Date the account was closed

• Date the notice was sent to the customer

• Whether notice sent by postal mail or electronically

• If sent by postal mail, the address to which the statement (or notification, as applicable) was sent[2]

 

It is likely that a response that does not include all of this information will result in additional inquiries from the CFPB.  The more complete the document that is relied upon for the response, the better.  

Your Complaint may become public   

As of July 2015, the CFPB has decided that the narratives from the customer’s complaints can be made public if the customer consents.  Financial institutions can also ask that their responses also be made public.  Many groups, including the American Bankers Association, expressed grave concerns about the potential for reputation harm based upon the publication of complaints.  Nevertheless, the CFPB determined that the public good was better served by allowing consumers the option to publish their complaints.[3]  The possibility that a complaint against your bank may be published means that your procedures for responding are of critical importance.  Documentation of the reasons for the response should be complete and accurate.  Remember, there will be a possibility that the whole world will see!  

Turning a negative into a positive:

The good news in all of this is that one institution’s pain is another’s opportunity for growth!   The results of complaints are published on both an annual and a monthly basis.  This is YOUR opportunity!       Find out what the complaints are and treat each one like an opportunity.   If you note that complaints about debt collection are the most prominent, it will be a good idea to review your banks procedures for debt collection.   Has your bank incorporated the most recent rules and guidance in this area into its practices?  If you are using a vendor, have you completed due diligence of the vendor recently?  

The CFPB has made it clear that they are reviewing complaints, compiling the results and directing resources to the areas that experience the highest level of complaints.  The complaint system will be a good barometer for determining the areas of emphasis for examinations in the near future. 

---

[1] CFPB Company portal manual

*The “our” in this quote refers to the CFPB

**”Company” refers to the financial institution using the portal

[2] CFPB  Response Guidance July 2013 

[3] Note:  Only “verified” complaints can be made public-there has to be a relationship with the person complaining and a valid basis for the complaint. 

Are You Meeting the Credit Needs of Your Community?  

For many, the Community Reinvestment Act, (“CRA”) represents yet another compliance task without merit.  What if instead of being an administrative burden, compliance with the CRA resulted in greater marketing opportunities and greater opportunities for overall profitability? These opportunities exist if you embrace the concept of meeting the needs of your community. 

One of the main tenants of the Community Reinvestment Act is that banks should strive to meet the credit needs of the communities in which they take deposits.   The reason that this is one of the main parts of the regulation and for that matter, the reason that the CRA exists at all is a story for a different time.  Suffice to say that for years, banks engaged in the practice of “redlining” which meant that they directly ignored the credit needs of many communities.   Redlining was the process of drawing a red line around certain neighborhoods on a map and making a deliberate decision that no loans would be granted within the boundaries of the red line. The deposits of communities that had been red-lined, became the source of lending funds for other communities.   Red-lining then, was one of the main practices that the CRA was designed to stop.  

When the CRA was first enacted, it was designed to get financial institutions to take a second look at communities that had been historically overlooked for credit by financial institutions. Though these communities tended to be populated with low to moderate income borrowers, these borrowers represent significant opportunities for good credit. The CRA was a means to an ends to get banks and financial institutions to “meet the credit needs of the communities in which they operate, including low- and moderate-income neighborhoods, consistent with safe and sound banking operations”   [1]

Over the years, even though billions of dollars of investments have been made in communities that were being overlooked[2], the reputation of the CRA has become the regulation that forces banks to make “bad loans”. However, the true emphasis of the regulation has been and always will be to encourage banks to assess the credit needs of the communities they serve. In other words, one of the main goals of the regulations was to get banks to find credit “diamonds in the rough” in areas that had traditionally been written off.

Opportunities Abound

The strategy of serving communities that have been overlooked has been successfully and very profitably employed by none other than hall of fame basketball star Earvin “Magic” Johnson. His Magic Johnson Enterprises has partnered with all manner of fortune 500 companies to invest over $500 million in communities that had been overlooked.  Using the approach of finding the “diamonds in the rough” Johnson’s companies continue to grow and show amazing profits by investing in low to moderate income communities.  So how does he find these opportunities? “Magic Johnson Enterprises is known for successfully staying rooted in communities because they understand those communities’ unique needs and personalities[3]. In other words, he knows the needs of his communities and provides services that meet those needs.

 Women Owned Businesses- A Growing Opportunity 

In its report, entitled “The 2015 State of Women Owned Business Report” American Express’ Open, detailed the tremendous growth of women owned businesses from 1997 through 2015: 

 

 Between 1997 and 2015, when the number of businesses in the United States increased by 51%, the number of women-owned firms increased by 74% – a rate 1-1/2 times the national average. Indeed, the growth in the number (up 74%), employment (up 12%) and revenues (up 79%) of women-owned firms over the past 18 years exceeds the growth rates of all but the largest, publicly-traded firms – topping growth rates among all other privately-held businesses over this period.[4]

 

The report also points out that women owned firms tend to be smaller than average.  Women owned firms are the fastest growing in number and economic clout.  These firms also tend to have specific credit needs.  Is your bank considering these needs and developing products to address them?  If not a huge opportunity is passing you by.  

 

Micro Lending  

Though micro lending has been very popular in several foreign countries, the industry is fairly new in the United States.   Micro businesses are defined as “a business with five or fewer employees that requires no more than $35,000 in start-up capital.”  ^[5]   There is a surprisingly large number of businesses in the United States that meet this definition.   In 2011, there were approximately 26 million micro businesses. ^[6]     Each of these businesses represents a group of people that working towards self-sufficiency, greater wealth and ultimately, the potential to be significant customers at commercial banks.    

In the United States, the Small Business Administration defines a microloan as one at or below $50,000.  Data as of 2012 showed that the average loan for a microenterprise was $14,000. [^7] Currently there are several sources for obtaining microloans, including nonprofit organizations, community development financial institutions and private equity funds  

A formal micro lending program would be the ultimate in innovation.  Such a program would greatly enhance the reputation of a bank within its community.   It is worth nothing that micro lending programs have been very profitable both internationally and in the United States. 

 

The FFIEC’s proposed   Interagency Questions and Answers Regarding Community Reinvestment make it clear that the focus in the future will be on innovation in lending and creativity in delivering banking services.  Credit will be given to lenders for innovation in lending. ^[8] 

 

Embracing Credit Needs  

For banks, embracing the concept of determining and meeting the credit needs of the community can yield very positive results. The list of factors that make up the consideration of credit needs from the Federal Reserve Bank of Atlanta’s publication “Community Reinvestment – Does Your Bank Measure Up?” includes the following;  

• The makeup of the community;
• What the local and regional economic conditions are;
• What kind of opportunities exist for serving the community through lending and investments;
• What your banks business strategy and products are; how is your bank doing financially;
• What your bank sees as the credit needs of the community; and
• What individuals, community and civic organizations, and business-as well as state, local, and tribal government-think about your banks efforts toward meeting the community credit needs.

By placing a heavy emphasis on the determination of the credit needs of the community, banks can not only meet the requirements of the CRA, but also discover profit opportunities in communities that have been overlooked. This process does not have to involve a great deal of expense or effort.  Contacting civic groups, getting out into the community, talking with local businesses is painless and inexpensive.   The credit needs of your community will continue to grow and change.  Make sure you are ready to be a full participant

---

[1] Don't Blame Subprime Mortgage Crisis or Financial Meltdown on CRA  Stable Communities.com 2008

[2] See The Community Reinvestment Act: 30 Years of Wealth   Building and What We Must Do to Finish the Job John Taylor and Josh Silver National Community Reinvestment Coalition

[3] Magic Johnson Enterprises Helps Major Corporations Better Serve the Multicultural Consumer  Business Wire 2008

[4] “The 2015 State of Women Owned Business Report” American Express’ Open  page 1

[5] Elaine L. Edgcomb and Joyce A. Klein, “Opening Opportunities, Building Ownership: Fulfilling the Promise of Microenterprises in the United States,” FIELD, February 2005, http://www.fieldus.org/ publications/FulfillingthePromise.pdf.

[6] Microenterprise Development: A Primer,” FDIC Quarterly 5, No. 1 (2011):

[8]   Community Reinvestment Act; Interagency Questions and Answers Regarding Community Reinvestment; Notice  September 3, 2014