Sunday, February 2, 2014


Do you Know what Section 1071 of the Dodd Frank Act Is?   

As 2014 began, there were a large number of new regulations to consider.  The qualified mortgage rules, mortgage servicing rules and appraisal valuations have all garnered a great deal of attention and focus.  Of course, due to the potential impact of these rules, this attention is well deserved!   However, as the dust settles from getting compliance programs in place, we suggest that some attention should be given to future regulatory requirements.  

One of the most significant of the future regulations is section 1071 of the Dodd Frank Act.  This section amends the equal credit opportunity Act (AKA as Reg. B) to require banks to gather information about applicants for commercial loans.   The information that will be gathered is very similar to information that is currently required by the Home mortgage Disclosure Act (HMDA).   We believe that the time is now to start putting the infrastructure in place to gather and report this information, 

Specifics

It is important to note that for the time being this section of the Dodd Frank Act has been put on hold until the implementing regulations have been written.  Despite the delay, that there is absolutely no indication that this section of the law will be repealed or diluted.  In the very near future, the regulations will be implemented and the reporting requirements will be implemented. 

What is the type of information that is required?  So far, the list of information that is required is as follows: 

‘‘(1) IN GENERAL.—Each financial institution shall compile and maintain, in accordance with regulations of the Bureau, a record of the information provided by any loan applicant pursuant to a request under subsection (b).

‘‘(2) ITEMIZATION.—Information compiled and maintained under paragraph (1) shall be itemized in order to clearly and conspicuously disclose—

‘‘(A) the number of the application and the date on which the application was received;

‘‘(B) the type and purpose of the loan or other credit being applied for;

‘‘(C) the amount of the credit or credit limit applied for, and the amount of the credit transaction or the credit limit approved for such applicant;

‘‘(D) the type of action taken with respect to such application, and the date of such action;

‘‘(E) the census tract in which is located the principal place of business of the women-owned, minority-owned, or small business loan applicant;

‘‘(F) the gross annual revenue of the business in the last fiscal year of the women-owned, minority-owned, or small business loan applicant preceding the date of the application;

‘‘(G) the race, sex, and ethnicity of the principal owners of the business; and

‘‘(H) any additional data that the Bureau determines would aid in fulfilling the purposes of this section.

‘‘(3) NO PERSONALLY IDENTIFIABLE INFORMATION.—In compiling and maintaining any record of information under this section, a financial institution may not include in such record the name, specific address (other than the census tract required under paragraph (1)(E)), telephone number, electronic mail address, or any other personally identifiable information concerning any individual who is, or is connected with, the women owned, minority-owned, or small business loan applicant.


So when the time comes, what will be required?  Why are the regulators doing this to us?   In reverse order, the reason given for this change to the ECOA is as follows:

“The purpose of this section is to facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority owned, and small businesses” [1]

Put another way, the purpose of the collection of this information will be to allow the banks,  economists and regulators to more completely and accurately determine the types of loans that are being requested by minority and women owned business.  Presumably, the collected data will be used to provide regulators with tools to craft legislation  that will expand fair lending laws and rules to the commercial lending area.  The merits of whether or not these regulations should be expanded to the commercial lending area are a discussion for another day and another blog!

There are some unique features to the requirements of this law.  In particular, the lending staff member who is doing the underwriting is NOT ALLOWED to ask the questions required by the law;

Where feasible, no loan underwriter or other officer or employee of a financial institution, or any affiliate of a financial institution, involved in making any determination concerning an application for credit shall have access to any information provided by the applicant pursuant to a request under subsection (b) in connection with such application.[2]


The idea here is that this information must not be part of any credit decision, and the bank is under an obligation to present evidence that this information has been segregated from the credit decision.  Therefore even in cases where there are too few staff members to totally segregate the collection of the information from the loan staff, a protective wall still must be created. 

If a financial institution determines that a loan underwriter or other officer or employee of a financial institution, or any affiliate of a financial institution, involved in making any determination concerning an application for credit should have access to any information provided by the applicant pursuant to a request under subsection (b), the financial institution shall provide notice to the applicant of the access of the underwriter to such information, along with notice that the financial institution may not discriminate on the basis of such information[3]

The time is coming when this information must be collected and the Bank must make sure that once it is collected, that the information has no impact on the credit decision. 

Implications for the Future

What does this regulation mean for the future?  It is of course, difficult to predict the future with any real accuracy.    However, it is clear that the trend for regulations is that the scope and influence of fair lending and equal credit opportunity laws will increase in influence over the next decade.   It will be increasingly important for banks to determine with detail the credit needs of the communities they serve.  Moreover, there will be increased emphasis on banks’ ability to show how the credit products being offered meet the credit  needs of that same community. 

Why not start now?

The obvious question to ask is with all of the regulations that are coming into effect at this point  and the resulting requirements, why start dealing with a regulation that has not come into existence?  Why not cross that bridge when we come to it? 

We suggest that delay will result in higher costs and increase the risk of noncompliance.   Whether or not Section 1071 is implemented within the next year or the next few years, it will be implemented.  Information about the borrowers you serve and the products that you offer to serve them should be part of your strategic plan, fair lending plan and CRA plan.  This information will be a critical component of showing your regulators that you are  a vital part of the local economy and community.  The infrastructure that will be necessary to meet the requirements of the regulation will be complex.  Policies, procedures forms and training will be necessary to prepare staff.  The time is now to start!


[1] Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act
[2] Ibid
[3] Ibid
Posted by at No comments:

Tuesday, January 28, 2014


KYC- Knowing Your Customers is the Heart of a Sound BSA Program

When evaluating the strength and effectiveness of a given bank’s BSA program, one of the key areas of focus will be the system used by the bank to get to know who their customer are and what it is that the do.   The process of obtaining proper identification, background information and making an assessment of the overall BSA/AML risk presented by a customer can collectively be called the Know Your Customer (‘KYC”) process.   We have found that this process is just as much art as it is science.  In addition, we note that the stronger the KYC portion of a program is, the more likely it is that the overall program will pass regulatory muster. 

 

KYC and CIP a Potent One-Two Punch

The basis for the requirements of KYC is the USA Patriot Act.  The Patriot Act requires a bank to develop a program for properly identifying its customers. 

The CIP is intended to enable the bank to form a reasonable belief that it knows the true identity of each customer. The CIP must include account opening procedures that specify the identifying information that will be obtained from each customer[1]

The Patriot Act is very specific about the types of identification that must be presented and received by a Bank when opening an account.  Customers must be able to fully identify who they are using official documentation.  However, as the examination manual (and many an examiner) points out, simply getting the proper identification of the customer is not enough.  The real key is to be able to develop a “backstory” on the customer.  The ability to be able to put a customer’s activity in the proper context is a real key to determining the level or existence of suspicious activity.  For example, a business account that shows cash deposits of $6, 000 every other day might at first blush appear to be an example of structuring.  However, if you knew that the customer was a coin operated laundry and that the owner emptied the machines every other day, would that change your mind?  In context, the activity of a particular customer comes into clear focus.  By the same measure when activity is viewed that does not fit in with the back ground of the client, then you have true suspicious activity. 

The ability to truly know and understand the nature of your clients is the very best way to protect against terrorist financing and money laundering.  

 

KYC-Compliance and Marketing

The fact is that the more information that you have about a customer the better.  This is true in the compliance area, but it is also true in the area of marketing.  Information about a customers needs is a direct pipeline into the various products that your bank may offer.  Getting information about what a new business operator plans can provide a wealth of marketing opportunities.  “You say that you want to open a new restaurant? Perhaps we can interest you in a line of credit, a mobile banking app, or electronic bill pay!  The more information the merrier!  This same information can be used to develop a risk profile for BSA/AML purposes.  

We strongly suggest that a marriage or cross selling and BSA can be a happy and prosperous one!  One of our more innovative has used this approach.  The compliance group has joined forces with marketing to develop account opening forms that are mutually beneficial.  Questions such as:

·         How did you happen to find out about our bank?

·         How do you envision getting your customers to pay you?

·         Have you considered ACH rather than wires?

The answers to these questions are used both to create a strong KYC file and a marketing profile. 

 

KYC is only as Strong as the Documentation you maintain

One of the complaints we often hear from our clients goes something like this- “we know our clients well, but the regulators did not give us credit for know them.  The fact of the matter is that without documented evidence of your knowledge, you will not receive credit for knowing your customer.  There must be a clear record of the information that you have developed about a customer and the analysis that goes with the information.  It is not enough to merely maintain a file filled with statistics about the number of wire received and sent, the fact that these wires represent a growth in the business is the analysis that indicates a strong knowledge of the customer.  [2]  It is critical that a KYC contain facts, statistic and analysis.  It is the analysis that outs the context the transactions that are being viewed.  

Bringing KYC to Life

A fact of life for BSA staff trying to monitor customer activity is the staff that opens accounts is the eyes and ears of BSA.   They are the people that are looking directly into the eyes of the new customer and have the best opportunity to get all of the relevant information directly from the client.   It is also a sad fact of life that often times, the people who open accounts and start relationship with customers receive only a cursory training on BSA.  Many banks do the annual online training for this area.  And while there is no argument that this training meets the regulatory requirement, we recommend an additional step.  It has been our experience that when people understand the purpose and the goal of a regulation, compliance is able to get much stronger “buy-in”.  Therefore, we recommend that the BSA take the additional step of extensive KYC training for the people who are starting relationship with customers.  Make sure that the lending and customer service staff understands the goal of KYC and the consequences of noncompliance.  
By developing a strong narrative for a customer, a bank can clearly define what is and is not suspicious activity


[1] FFIEC Bank Secrecy Act Anti-Money laundering Examination manual
[2] Again, we note that information about a business growing presents a marketing opportunity! 
Posted by at No comments:

Sunday, January 19, 2014



Why IS there an Equal Credit Opportunity Act (AKA Reg. B)? 

As anyone in compliance can attest to, there are Myriad consumer compliance regulations.  For bankers, these regulations are regarded as anything from a nuisance, to the very bane of the existence of banks.  However, in point of fact, there are no bank consumer regulations that were not earned by the misbehavior of banks in the past.  Like it or not these regulations exit to prevent bad behavior and/or to encourage certain practices.   We believe that one of the keys to strengthening a compliance program is to get your staff to understand why regulations exist and what it is the regulations are designed to accomplish.  To further this cause, we have determined that we will from time to time through the year; address these questions about various banking regulations.  We call this series “Why is there….” 

A Little History

The consumer credit market as we now know it grew up in the time period from World War II and the 1960’s.  It was during this time that the market for mortgages grew and developed and became the accepted means for acquiring property, financing businesses, developing wealth and upward mobility.  By the late 1960’s the consumer credit market was booming. 

The Equal Credit Opportunity Act (“ECOA”) and regulation B are not nearly as old as you might think. In fact, the first attempt at regulating credit access was the Consumer Credit Protection Act of 1968.  This legislation was passed to protect consumer credit rights that up to that point been largely ignored.  The 1968 was passed as the result of a continuing growth in consumer credit its effects on the economy.  For example, in the year before the regulation was passed, consumers were paying fees and interest that equaled the government’s payments on the national debt!  One of the goals of the Consumer Credit protection Act then was to protect consumer rights and to preserve the consumer credit industry.  

The Civil Rights Movement was occurring at the same time as the passage of the CCPA and in 1968, the Fair Housing act was passed by Congress.  The FHA was designed to assist communities that that had been excluded from credit markets obtain access to credit.  We will discuss the Fair Housing Act in more detail next month.  

One of the things that the CCPA did was to empanel a commission of congress called the National Commission on Consumer Finance.  This commission was directed to hold hearings about the structure and operation of the consumer credit industry.  These hearings were conducted throughout 197.  The commission made its report and disbanded. 

Unintended Consequences

 While performing the duties they were assigned,   the members of the National Commission on Consumer Finance conducted several hearings about the credit approval process for consumer loans.  The stories and anecdotes from these hearings raised a tremendous public outcry about the behavior of banks and financial institutions that were in the business of granting credit.   One of the common themes of the testimonies given was that women and minorities were being left behind when it came to the growth of the consumer credit market.  Public pressure forced additional hearings on the consumer credit market, and the evidence showed that women in particular and minorities in general were being given unfair and unequal treatment by banks. 

What was Going On? 

So what was it that bans were doing that was causing a concern?    There were several practices that had become normal and regular for banks when the applicant for consumer credit was a woman or a member of a racial minority group.  

Women had more difficulty than men in obtaining or maintaining credit, more frequently were asked embarrassing questions when applying for credit, and more frequently were required to have cosigners or extra collateral. [1]  When a divorced or single woman applied for credit she was immediately asked questions about her life choices, sexual habits, and various other personal information that was both irrelevant to the credit decision and not asked of men. 

Racial minorities had difficulty even obtaining credit applications let alone credit approvals.  In cases, where members of minority groups attempted to get a loan applicant, there were either told that the bank was not making consumer loans,  or that the area that the person lived was outside of the lending area of the bank. 

For applicants that receive public assistance, child support of alimony, banks would not consider these as sources of income under the theory that they were temporary and might disappear.  

Despite being subjected to embarrassing or incorrect information, in the cases where women and minorities persisted and completed a credit applications, banks would drag out the process for interminable time periods and would engage in strong efforts to discourage the applicant from going forward.  

In many cases, when a person lived in a neighborhood that was predominately comprised of minorities, the borrower was told that the collateral did not have enough value without further explanation. 

The ECOA

Though these stories created a great deal of interest, the CCPA was not amended until 1974 when the first Equal Credit Opportunity Act was passed.  This Act prevented discrimination in credit on the basis of sex and marital status. 

 In 1976, the ECOA was amended to prohibit credit discrimination on the basis of  

1.       Race, color, religion, national origin, sex, marital status or age

2.       When all or part of the applicants income derives from public assistance

3.       If the applicant had filed a former claim of discrimination  

The 1976 amendment also added the requirement that the financial institution had to notify the applicant of the reasons for a decline.   Regulation B establishes the rules that implement the ECOA.  .    These include the following: 

1.       Limitations on the types of information that can be requested in a credit application.

2.       Limitations on the characteristics that can be considered about an applicant.

3.       Rules on when an applicant’s spouse can be requested to sign a loan applicant

4.       Rules on the time limits for when a credit decision can be made.

5.       Copy of Appraisals An applicant on a real estate secured loan now must receive a copy of the appraisal or evaluation used to establish the value of the collateral

6.       Collection of Government Monitoring Information- In cases of loan requests for the purchase or refinancing of a primary residence, government monitoring information (race, sex, and ethnicity) must be obtained. 

 

What is Regulation B designed to do?  

There are two main goals of the ECOA and its implementing regulation, Regulation B.

·         Enhanced Credit Opportunities for women and minorities

·         Greater consumer education

Credit Opportunities

One of the complaints about consumer banking regulation that is often raised is that it promotes bad loans.  However, for the inception of these regulations, Congress made clear that these laws apply only to credit worthy individuals.  It has never been the case that Congress or the regulators want banks to make bad loans.  The problem was and is that people who are truly creditworthy were being overlooked and excluded based on factors that were outside of their control. 

The law then is designed to prevent discrimination on an   illegal basis.  Even today, a great deal of disagreement over what discrimination might mean.  Of course, each and even decision to make or not make a loan is a form of discrimination.  That is part of the natural process of decision making.  Instead here what is prevented is discriminating on an illegal basis; making the adverse action based on who the applicant is rather than their credit worthiness. 

There are two tests for illegal discrimination. The first is the effects test.  Under this test, if the overall effect of a credit policy results in an uneven or disproportionate negative result, it may be in violation of the regulation.   Suppose for example, a bank decided that it would not include temporary work income as income for credit applications.  In this case, the decision to do so would be applied across all lines and to all borrowers.  However, the effect of this decision would impact women and minorities in greater numbers because temporary workers are way more likely to be women and minorities in the assessment area of the bank.  This would be an effects test violation of regulation B. 

The second test is the intent test.  This test is pretty straight forward.  This would be cases where a lender intended to treat applicants differently based on who they are and in fact did so.  While this area was largely in evidence in the 1960’s when these laws were first enacted, the number of cases of intentional discrimination has significantly reduced over the years.  

Borrower Education

The borrower education portion of the ECOA and Reg. B is typified by the notice requirements.  In an effort to make banks inform the applicant about the decision that was made, the regulations require a quick and concise decision process.  The notice requirement is designed to let the applicant know the specific reasons why their credit application was declined so that they can address the problem. If there are problems with the credit report, then the borrower needs to know what the problems are and who is reporting them.  In this manner the borrower is informed and the bank is kept “honest” about its decisions. 

The reasons that the examiners test adverse actions for timing and accuracy is that borrowers should have the ability to know exactly what is wrong and have an opportunity to fix it.  This is the reasoning behind requiring a copy of an appraisal report.  

Why are there a Regulation B and the ECOA?

The development of the consumer credit market brought with it a series of bad behaviors that directly and negatively impacted the ability of women and minorities to obtain credit.   These behaviors included asking women to check with their husbands before getting a loan, denying a single woman credit, discouraging minorities from applying for credit and outright refusal to grant credit.  

The law and regulation are designed to open up credit to all who are worthy by limiting practices that unfairly exclude groups of people and by making sure that applicants are fairly informed of the reasons for a denial.  
Embrace your inner compliance officer by knowing that this regulation is well earned, well intended and provides a good outcome for people who would otherwise not be able to obtain credit through no fault of their own. 


[1] Gates, Margaret J., "Credit Discrimination Against WomenCauses and Solution," Vanderbilt Law.
Posted by at No comments:

Sunday, January 5, 2014


Marketing in the Age of UDAAP
The beginning of the New Year brings about new energy, new plans for “Taking on and ruling the world” and new ideas for how to make the New Year the best ever!  For many banks this new energy includes new ideas for how to market their banks and to obtain new customers.  For our clients, while we encourage innovation and reaching out to the customers, we also offer a word of caution.  Be careful, what you market and especially, how you market!  
The Unfair Deceptive Abusive Acts or Practices rule (“UDAAP”) is a burgeoning area of regulatory pursuit. This is one of those very sophisticated areas of regulation that look at the impact of practices versus simple compliance with the letter of the law.    Much like Fair Lending laws, it is possible to be in technical compliance with UDAAP and still have a regulatory problem, if the impact of a particular practice causes harm. 
UDAP versus UDAAP
While the Federal Trade Commission (FTC) has the authority to protect consumers against unfair or deceptive acts or practices (UDAP) in commerce generally; tis responsibility is delegated to the federal banking regulators for national banks, savings associations, and credit unions.   In the past, though this authority existed, it was rarely used to produce enforcement actions in the banking area.   There have been very few regulations or rules that have been published in this area, so the definitions that are used come from policy statements of the FTC.  These statements define the first two aspects of the rule.  According to these pronouncements: 
What is “unfair’?
  • The practice causes or is likely to cause substantial injury.
  • The injury cannot reasonably be avoided.
  • The injury is not outweighed by any benefits.
What is “deceptive”?
  • The practice misleads or is likely to mislead.
  • A “reasonable” consumer would be misled.
  • The presentation, omission or practice is material.
What do these standards mean for products?  Note that these definitions generally refer to conditions that are terms of the product.  Any product can be subject to a UDAAP claim, but the ones that most often fall under these two standards are ones that have add on fees or interest charges that are triggered by conditions within the product.  Here is a list of the products that get the most scrutiny under the rubric of UDAAP: 
  • Overdraft programs
  • Check/debit processing order
  • Loan payment processing
  • ATM fees
  • Loans with balloon payments
  • Credit life and disability insurance sales
  • Rewards programs
  • Gift card sales
  • Credit Card programs
Recently, the CFPB was given rulemaking authority in this area and has added a definition for the second “A” in UDAAP. 
What is “abusive”?
  • The practice materially interferes with the consumers ability to understand a term or condition of a product or service.
  • The practice takes unreasonable advantage of a consumer’s lack of understanding of the risk, costs and conditions of a products or service.
The focus of this part of the rule has been on the advertising that financial institutions use to promote products.   When the products that are offered have complicated terms, the information given to consumers has to fully and completely explain the worst case scenario for the customer.   If the advertising material or disclosure given to the customer is misleading or inaccurate, then a UDAAP concern can be found.  
We believe that it is also critical to pay particular attention to the second part of rule that defines abusive; a practice that takes advantage of a customer’s lack of understanding of fees and costs of a product.   We believe that this part of the rule requires that banks to vigilant not only about disclosures they give to customers, but also about the level of fees that are being charged to the customer.   An add-on interest charge may make economic sense.  It may also be designed with a legitimate business purpose in mind.  The fee can be applied to all customers that have a specific type of account and therefore, not a violation of fair lending or equal credit opportunities laws.  However, these types of fees can adversely impact customers of limited means.  As a result, these sorts of additional charges on an account can represent a UDAAP concern. 
Fees associated with overdrafts a particular matter of concern for regulators.   Even in cases when customers have been made aware of the facts that fees will be charged and have agreed to pay the overdraft fees, it is clear that regulators will consider large fees paid by customers who consistently overdraw accounts to be a matter for UDAAP review.   [1]
Some Quick Tips:  
Recent enforcement actions under UDAPP include actions for the lack of vendor management[2], telemarketing[3] and the previously mentioned overdrafts.   These actions suggest the need for compliance officers to monitor several areas when considering UDAAP compliance: 
Vendors: if they are being used to do marketing compliance staff should review the material being used to ensure that it is accurate and complete;
Marketing:  Compliance staff should also do the same for marketing materials that are being used in house;
Credit Add-on products:  Credit insurance, credit score tracking and the like increase the inherent risk of consumer products.  Compliance testing should include these products;
Overdrafts: Compliance officers should monitor the overdraft programs to ensure that fees as well as the number of transactions do not rise to the level of abusive. 
 

 

 
 
 
 
 
 
 
 

[1] A $137.5 million Settlement has been reached in several class action lawsuits about the order in which RBS Citizens Bank, N.A., including its Citizens Bank and Charter One brands, and Citizens Bank of Pennsylvania ("Citizens Bank") posted Debit Card Transactions to consumer deposit accounts. 100BBR 827
[2] July 2012: CFPB and The Office of the Comptroller of the Currency (OCC) fined Capital One $60 million in penalties and forced it to pay restitution of $150 million. Regulators found that Capital One’s outsourced customer center was misrepresenting credit card add-on products to subprime customers. Its telemarketing scripting contained
many inaccuracies.
 
[3] September 2012: CFPB and FDIC fined Discover $14 million in civil penalties and forced it to pay a restitution of $200 million. Regulators found issues with the telemarketing sales of credit card add-on products, such as credit insurance, credit score tracking, and identity theft protection with claims that customers were enrolled without consent or that agents were suggesting the products were free.
 
 
Posted by at No comments:

Sunday, December 29, 2013



The Target Case and the implications for Red Flags Policies and Procedures  

For many of our clients, when it comes to Red Flags and Identity theft policies and procedures, the response has been a bit of “write it and forget about it”.  Lets face it, the changes to the Fact Act that  prompted regulators to ask banks to develop policies and procedures in this areas have been  have not been followed up with a great deal of examination or regulatory resources.   With the financial meltdown, the development of a new regulatory agency, significant changes in consumer regulation and ongoing concerns in BSA/AML, Red Flags and identity Theft have not been the priority.   However, we believe that significant change is at hand.  We believe that this is true due to a confluence of factors. 

By now most of us have heard about the case of Fraud that Target Department stores is currently experiencing.  In fact, as the days go by it seems that the level of the breach of security is ever increasing.  More and more customers are finding out that their debit cards may have been corrupted and the potential for identity theft is poignant.  In addition to the obvious financial consequences of this breach of security is the harm to the reputation of Target stores.  The loss in confidence in the ability of an institutions ability to handle confidential information can be particular harmful to the bottom line.  This is especially true when considering a bank.  There can be no question then, that the trouble that Target stores is having will heighten the review of Red Flags policies and procedures at banks in the coming year. 

Increased Enforcement

It is not just the Target incident that will soon heighten regulatory activity in this area. The dispute about which entities would be included in the act’s definition of a creditor prevented any enforcement action from 2008 through 2010.  The FTC resolved this dispute by changing the definition and with their updated rule.  In 2013 the SEC and the Futures Trading Commission published their versions of the rule and so now the circle is complete.    All the agencies will use a form of Interagency Guidelines on Identity Theft Detection, Prevention, and Mitigation [1]when evaluating the Red Flags and identity theft program at a bank.    We suggest that the beginning of the year is a great time to review your Red Flags policies and procedures to make sure they are up to date. 

26 Red Flags

The Interagency Guidance describes 26 examples of red flags that Banks should be able to identify, monitor and address should they be activated.   Although the guidance does not purport to be exhaustive, we believe that these 26 items are the minimum that should be part of a proper Red Flags risk mitigation program.     

There are five categories that fit the 26 examples given in the guidance.  These categories are:

·         Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services;

·         The presentation of suspicious documents;

·         The presentation of suspicious personal identifying information, such as a suspicious address change;

·         The unusual use of, or other suspicious activity related to, a covered account; and

·         Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor.

In addition to the above list there is a sixth category that does not include examples.  It is described as:
·         Other red flags based upon the financial institutions experience.  

This last category should be given particular care and attention.  In the event that there is some sort of fraud activity that the Bank has experienced that outside of the norm, the expectation is that the compliance team will be vigilant in taking steps to monitor and mitigate that activity.   Examiners will pay particular attention to this area as this category tends to show activity that is unique to the product base or customer base of the bank that experienced the fraud. 

Red Flags and BSA Compliance

A quick review of the categories of fraud that are discussed in the Red Flags guidance should alert the reader to the similar areas of focus between a strong CIP/KYC program and a Red Flags program.  As part of strong BSA program, information is collected from customers and monitored on a regular basis in an effort to fully identify and monitor customer activity to reduce the possibility of suspicious activity.  A strong Red Flags program should address this same area of information.  

The account opening process could, and in our opinion should serve as the heart of the Red Flags and BSA/AML programs.   A strong program will require account opening staff to obtain complete and accurate documentation from the potential customer at the time an account is being opened.  Any discrepancies in the information provided should be pursued and the account should not be opened unless or until the discrepancy is resolved.  In the event that no resolution is provided by the customer the SAR investigation process should begin and the potential for a SAR filing should be thoroughly pursued. 

The same symbiotic relationship between Red Flags and ongoing monitoring for BSA/AML exists. Even with established customers, unusual or unexpected activity should serve as a red flag for identity theft or fraud as well as a key for heightened scrutiny or Enhanced Due Diligence.  

The Red Flags Program

While the BSA and the red flags programs can be quite similar and work side by side, regulators are expecting to see a robust separate red flags program that is designed to identify and monitor fraudulent activity and to take steps to mitigate the risk of further fraud.   The strong Red Flags program should include:

·         A Red Flags Risk Assessment- The assessment should include all covered accounts and should be updated annually

·         Policies- Board approved policies in the area of red flags should be reviewed and approve don an annual basis

·         Procedures- Compliance staff should review procedures on a regular basis to make sure that current practices at the bank are in compliance with the procedures and that procedures are in fact up to date and consistent with policy.  

·         Ongoing Review- Compliance should verify on a regular basis that staff understands the requirements of the red flags procedures and why they are important.   We recommend a quarterly transaction testing sample to gauge the level of understanding. 

·         Independent testing- As part of the regular audit scope for operations compliance, there should be independent testing of compliance in this area. 

Although the area of Red Flags has been somewhat dormant over the past several years, expect that 2014 will bring renewed focus on this area. 


[1] 12 CFR 334 Appendix J
Posted by at No comments:
Subscribe to: Comments (Atom)