Community Bank Compliance

Wednesday, March 6, 2019

Outsourcing and Collaboration - The Time Has Come

A Three-Part Series. Part Three -Choose Your Partner

Many banks today rely on outsourced functions ranging from core operating systems to monthly billing programs. The reliance on third parties to provide core functions at banks is no longer viewed as a less than desirable situation, it is normal. However, over time the types of relationships that banks began to form with outside vendors became more complicated and in some cases exotic. Some banks used third parties to offer loan products and services that would otherwise not be offered. In many cases, the administration of the contractual relationship was minimal; especially when the relationship was profitable.

The level and type of risk that these agreements created came under great scrutiny during the financial crisis of 2009. Among the relationships that are most often scrutinized for areas of risk are:

· Third-party product providers such as mortgage brokers, auto dealers, and credit card providers;

· Loan servicing providers such as providers of flood insurance monitoring, debt collection, and loss mitigation/foreclosure activities;

· Disclosure preparers, such as disclosure preparation software and third-party documentation preparers;

· Technology providers such as software vendors and website developers; and

· Providers of outsourced bank compliance functions such as companies that provide compliance audits, fair lending reviews, and compliance monitoring activities.[1]

According to the FDIC, a third-party relationship could be considered “significant” if:

• The institution’s relationship with the third party is a new relationship or involves implementing new institution activities;

• The relationship has a material effect on the institution’s revenues or expenses;

• The third party performs critical functions;

• The third party stores, accesses, transmits, or performs transactions on sensitive customer information;

• The third-party relationship significantly increases the institution’s geographic market;

• The third party provides a product or performs a service involving lending or card payment transactions

• The third party poses risks that could materially affect the institution’s earnings, capital, or reputation;

• The third party provides a product or performs a service that covers or could cover a large number of consumers;

• The third party provides a product or performs a service that implicates several or higher risk consumer protection regulations;

• The third party is involved in deposit taking arrangements such as affinity arrangements; or

• The third-party markets products or services directly to institution customers that could pose a risk of financial loss to the individual

The FDIC, the OCC and the FRB have all issued guidance on the proper way to administer vendor management. While the published guidance from each of these regulators its own idiosyncrasies, there are clear basic themes that appear in each.

All of the guidance has similar statements that address the types of risk involved with third party relationships and all discuss steps for mitigating risks. We will discuss the methods for reducing risk further in part two of this series.

Level of Due Diligence

One of the questions that we noted above was about what level of due diligence is required for a third-party contract. The OCC guidance defines a critical activity as

Critical activities—significant bank functions (e.g., payments, clearing, settlements, custody) or significant shared services (e.g., information technology), or other activities that

· could cause a bank to face significant risk if the third party fails to meet expectations;

· could have significant customer impacts require significant investment in resources to implement the third-party relationship and manage the risk;

· Could have a major impact on bank operations if the bank has to find an alternate third party or if the outsourced activity has to be brought in-house.^{^[1]}

For those arrangements that involve critical activities, the expectation is that the that bank will perform comprehensive due diligence at the start of the contracting process as well as monitoring throughout the execution of the contract.

The steps that are necessary for the proper engagement of a third party for a critical activity are discussed in each of the regulatory guidance documents that have been released. The OCC bulletin provides the most comprehensive list that includes:

Relationship Plan: Management should develop a full plan for the type of relationship it seeks to engage. The plan should consider the overall potential risks, the manner in which the results will be monitored and a backup plan in case the vendor fails in its duties.
Due Diligence: The bank should conduct a comprehensive search on the background of the vendor, obtain references, information on its principals, financial condition and technical capabilities. It is during this process that a financial institution can ask a vendor for copies of the results of independent audits of the vendor. There has recently been a great deal of attention given to the due diligence process for vendors. Several commenters and several banks have interpreted the guidance to require that a bank research a vendor and all of its subcontractors in all cases. We do not believe that this is the intention of the guidance. It is not at all unusual for a third-party provider to use subcontractors. We believe that a financial institution should get a full understanding of how the subcontracting process works and consider that as part of the due diligence, however, it impractical to expect a bank to research the backgrounds of all potential subcontractors before engaging a provider.
Risk Assessment: Management should prepare a risk assessment based upon the specific information gathered for each potential vendor. The risk assessment should compare the characteristics of the firms in a uniform manner that allows the Board to fully understand the risk associated with each vendor. ^{^[2]}
Contract Negotiation: The contract should include all of the details of the work to be performed and the expectations of management. The contract should also include a system of reports that will allow the bank to monitor performance with the specifics of the contract. Expectations such as compliance with applicable regulations must be spelled out. The OCC bulletin includes the following phrase:

Ensure that the contract establishes the bank’s right to audit, monitor performance, and require remediation when issues are identified. Generally, a third-party contract should include provisions for periodic independent internal or external audits of the third party, and relevant subcontractors, at intervals and scopes consistent with the bank’s in-house functions to monitor performance with the contract

This language has also been the subject of a great deal of media and financial institution attention. Some have interpreted this phrase to mean that a community bank that uses one of the large core providers has the right to perform an independent audit of the provider. We believe that this interpretation is inaccurate as it would be impractical to carry out. We believe that the phrase means that the financial institution is entitled to a copy of the report of the independent auditor.

Ongoing Monitoring: Banks must develop a program for ongoing monitoring of the performance of the vendor. We recommend that the monitoring program should include not only information provided by the vendor, but also internal monitoring including

Customer complaints;

o Significant changes in sources of expenses and revenues

o Changes in loan declines, withdrawals or approvals

o Changes in the nature of customer relations ships (e.g. large growth in CD customers).

Oversight and Evaluation: There should be a fixed period for evaluating the overall success and efficacy of the vendor relationship. The Board should, on a regular basis evaluate whether or not the relationship with the vendor is on balance a relationship with keeping.

While all of the above steps represent best practices for developing relationships with vendors, it is important to remember that a balance must be maintained. The vendor management program cannot be so time consuming or stringent that a bank is left without the ability to engage consultants. However, there must be sufficient diligence and monitoring of vendor relationship to ensure that the bank is managing risks effectively.

James DeFrantz is the Principal of Virtual Compliance Management Services LLC. He can be reached directly at JDeFrantz@VCM4you.com

[1] OCC BULLETIN 2013-29

[2] Ibid.

Monday, February 18, 2019

Outsourcing and Collaboration - The Time Has Come

A Three-Part Series. Part Two -Outsourcing Requires Vigilance

In Part One of this series we talked about some of the reasons why a financial institution may want to outsource and/or collaborate. In summary, we detailed:

Leveraging the experience and resources of outside firms - this allows an institution to augment the resources that is has onsite.
Allowing the additional resources to be used to offer new and different products. New products and services have a learning curve associated with them and by using outsourced resources, the learning curve can be shortened.
Increasing the overall effectiveness of the BSA program. Outsourcing helps get a different perspective to the internal operations of the Bank. In this manner, outsourcing can make the BSA program more effective.

While the reasons for looking to collaborate are generally positive, it is also important to remember that there are certain steps that must be taken to make collaboration successful.

Know Your Product or Service

Engaging an outside resource shouldn’t be done at the expense of the knowledge base of the financial institution. While you may not have specific expertise, there should be at least a clear understanding of the basics of product or service being offered. Knowing the inherent risks and rewards of the product should be the basis for the decision to offer it to the public. Having a general understanding of how the products works, issues and concerns that have resulted from offering the product in the past, the experiences of other financial institutions are important considerations. At the end of the day, there must be enough knowledge to understand whether or not the product or service is performing well.

Risk Assessments Are a Key

Think of the risk assessment as a matrix – not the type where you get to choose a red pill or a blue pill, just a square with several blocks. There is a formula that you can use to complete an effective risk assessment. The basic formula is INHERENT RISK (minus) INTERNAL CONTROLS (equals) MITIGATED RISK.

Inherent Risk

Inherent risk is the risk associated with the products, customers and overall compliance structure at your Bank.

An inherent risk is a risk category that really relates broadly to the activities and operations of a company without considering necessarily the company. For example, unsecured lending is inherently riskier than secured lending. If I were auditing an institution that was primarily involved in unsecured lending, then I would have a higher assessment of inherent risk in that organization than, let’s say, secured lending. And that’s a fairly simple example, but that type of a risk assessment is done for each critical business component^{^[1]}.

When considering the level of inherent risk of a new product or service, consider all the worst-case scenarios lurking in the background. For example, supposed you are considering the inherent risk associated with consumer lending. The inherent risk might look something like this:

Consumer Loans- Inherent Risk

Compliance Risk - The risk associated with the regulatory requirements for making consumer loans, e.g. disclosures, accurate calculations, etc.

Reputation Risk- The risk that the products will result in consumer complaints, UDAAP violations or potential fair lending concerns.

Transactional Risk- The risks associated with the systems in place that are being used to support offering the product. Can your core support the loan types being offered?

Strategic Risk- Are your products really meeting the credit needs of the community you serve?

The point of this part of the exercise should be to determine the level of risks that are part of offering the products at all. This level of risk doesn’t consider anything of your compliance program.

Internal Controls

Once you have identified the risks inherent in the products you offer, the customers you serve and the overall current compliance program, the next step is to review the steps your institution has taken to address them. This is where your policies, procedures, training and independent audits come in. There is really an opportunity to self-reflect and simultaneously project your aspirations during this part of the risk assessment. It is one thing to note you have policies and procedures in place. It is a far different consideration to determine how effective they are. Are the policies and procedures written and updated on an annual basis? How much of the policies and procedures are internally developed and how much have been “borrowed” from other institutions? (Note: This is not to imply that borrowing is a bad thing, if the information truly reflects the situation at your institution). The risk assessment should contain an analysis of the current state of the internal controls. What would excellent controls look like and what would it take for the compliance department to get there? These considerations should be included.

Mitigated Risk

Your overall assessment of how well the internal controls at your institution address the possibility of problems is the mitigated risk. For the risk assessment to be a most effective tool, it is necessary for this process to truly consider potential problems with internal controls. Written policies and procedures, for example, can be comprehensive and up to the minute accurate, but totally ineffective if staff don’t use them. Training is an area often taken for granted. The online training that most institutions offer is a great start for training. However, for a full in-depth understanding, additional training that includes case-studies is a best practice.

A word about Strategic Risk

For the banking industry in general regulators have put strategic risk at the forefront. For example, its semiannual risk perspective for spring 2016, the OCC noted that strategic risk is a concern:

“Banks are several years into the risk accumulation phase of the economic cycle. The banking environment continues to evolve, with growing competition among banks, nonbanks, and financial technology firms. Banks are increasingly offering innovative products and services, enabling them to better meet the needs of their customers. While doing so may heighten strategic risk if banks do not use sound risk management practices that align with their overall business strategies, failure to innovate to meet evolving needs or financial services may place a bank at a competitive disadvantage.”^{^[2]}

As part of the risk process it is important to consider whether your institution is keeping up with trends in technology and innovation. The financial industry is being disrupted in a way that will significantly impact the relationship between customers and institutions. Without the right technology and business plan, it will be easy to be left behind.

In Part Three will we will discuss the process for picking outsourcing partners.

James DeFrantz is the Principal of Virtual Compliance Management Services LLC. He can be reached directly at JDeFrantz@VCM4you.com

[1]William Lewis, Price Waterhouse Coopers Comptroller of Currency Administrator of National Banks Audit Roundtable, Part 1 Risk Assessment and Internal Controls .

[2] OCC Semiannual Risk Perspective from the National Risk Committee Spring 2016

Sunday, February 3, 2019

Collaboration and Outsourcing – The time has Come

A Three-Part Series. Part One- Why Outsource?

For many financial institutions, resources are the main limitation for the offering or products and services. While traditional products such as business loans, commercial real estate, mortgages and consumer loans remain the mainstay of the offerings by financial institutions, the competition for customers in these areas remains fierce. According to the FDIC, community banks and smaller institutions have found that the traditional model for income has experience some positive growth in the past two years, but this growth continues to be strained by the number fintech companies that have begun to “disrupt” the financial services industry. Fintech, regtech and other software companies continue to make inroads in the traditional community bank and credit union customer base.

“Researchers have projected that fintech could be responsible for a reduction of between 10% and 40% of bank revenue by 2025. It’s estimated that between 15% and 25% percent of U.S. banks could be gone by 2020 as a result of consolidation brought about largely by the rise of fintech and increased regulations on banks.[1]”

Opportunities Abound in Other Areas

As competition for customers in the traditional banking products continues to increase, the need for innovation that will increase overall non-interest income becomes more important. While there are other opportunities available, financial institutions often find themselves unable to attempt new things based upon limited resources such as training, software and experience. Despite the fact that there may be some difficulties, the returns on the investment in these products is worth the effort. For example,

“McKinsey, a consultancy, analyzed the impact of fintech on retail banks from an opportunity standpoint. It determined that progressive banks can increase revenues from innovative new offers and business models by 5%; increase revenues from new products and distinctive digital sales by 10%; and lower operational costs through automation, digitization and transaction migration by 30%. This would result in a total potential net profit opportunity of +45 percent. [2]“

In addition to the innovations in fintech and in the software’s overall effectiveness in general, often overlooked markets such as the remittance market remain a strong source of potential income.

o Global remittances have grown to a record level of $613-billion in 2017, a 7% increase from $573-billion in 2016, according to the World Bank.

o Payments to low- and middle-income countries rose at a high percentage: up 8.5% to $466-billion last year, from $429-billion the year before, according to the World Bank’s Migration and Development Brief.[3]

“Operation chokepoint”- the rather infamous program brought heavy scrutiny on money services business in general and remittances specifically has now ended. However, the fear of regulatory concerns still remains with many financial institutions. As a result, this huge market with its potential for large amounts of noninterest income fees remains largely untapped.

Outsourcing

With the proper understanding of how a money remitter (’MSB’) works and combined with outsource resources to properly monitor transactions, MSBs present an outstanding opportunity for noninterest income.

There are ways for institutions to address this concern and that is what the interagency guidance on third party resources is intended to address. According to the recent guidance published by the FFIEC

Collaborative arrangements involve two or more banks with the objective of participating in a common activity or pooling resources to achieve a common goal. Banks use collaborative arrangements to pool human, technology, or other resources to reduce costs, increase operational efficiencies and leverage specialized experience [4]

This is not to say that you should offer products that you don’t understand. On the other hand, under the right circumstances, financial institutions can offer full range of products using the services of a third party

By using the collaborations not only with other financial institutions, but with fintech firms, regulatory tech firms and specialized consulting firms the possibilities for growth and additional products increases dramatically.

In part two we will discuss the risk assessments process

James DeFrantz is the Principal of Virtual Compliance Management Services LLC. He can be reached directly at JDeFrantz@VCM4you.com

[1] How the Rise of Fintech Could Affect Your Bank Josh Beard The Whitlock Company

[2] Ibid

[3]Global Remittances Reach $613 Billion Says World Bank Toby Shapshak Forbes Magazine May 2018

[4] Interagency Statement on Sharing Bank Secrecy Act Resources October 3, 2018

Tuesday, February 13, 2018

Making the Case for MSB's

For many thousands of workers in the United States, the end of the week renews a weekly ritual; payday. For those workers who are expatriates, payday renews another ritual, the trip to the local money transmitter also known as Money Service Businesses. Money Services businesses are defined by FinCEN as follows:

The term "money services business" includes any person doing business, whether on a regular basis or as an organized business concern, in one or more of the following capacities:

(1) Currency dealer or exchanger.
(2) Check casher.
(3) Issuer of traveler's checks, money orders or stored value.
(4) Seller or redeemer of traveler's checks, money orders or stored value.
(5) Money transmitter.
(6) U.S. Postal Service.

For many years MSB’s have served the needs of the expatriate workers who are sending money home. The remittance market is a multi-billion-dollar business serving a large population of the people who tend to be underbanked or unbanked.

Storm Clouds

In 2013 the US Department of Justice initiated Operation Chokepoint. This initiative was described in a 2013;

Operation Choke Point was a 2013 initiative of the United States Department of Justice, which would investigate banks in the United States and the business they do with firearm dealers, payday lenders, and other companies believed to be at higher risk for fraud and money laundering.[1]

The Justice Department’s decision to focus on the activities of MSB’s directly impacted their treatment by banks. Soon, MSB’s became persona non-grata; the major theme was that these organizations have potential for money laundering and therefore had to be given scrutiny. There was a second theme that was less prominent; the better the monitoring the lower the risk. Eventually the regulators were forced to cease the initiative. Unfortunately, a great deal of the stigma associated with MSB’s remains.

Community Banking Transitions

Today community banks are experiencing shrinking margins in traditional business lines. Competition for C & I and CRE has become fierce, shrinking margins and making lending in these areas more expensive. In the meantime, the main reason for community banking- serving the underserved is still an area that has a great deal of space for growth. In 2016, the FDIC estimated that 27% of all households were unbanked or underbanked.

The Remittance Market

Remittances are a growing market that continues to grow according to the world bank statistics $138,165,000,000 in remittances was sent from United States to other countries in 2016. In 2018, the market is expected to grow more than in the previous two years for several reasons. The average size of an individual remittance remains $200.00. There are a number of money transfer business that have developed systems that are familiar to the customers and efficient in their delivery. The forces created by operation chokepoint and growing remittance market are creating great opportunities. Despite the huge demand and potential for fee income, many MSB’s are in search of a banking relationship.

Why Should a community bank consider an MSB relationship?

Because of the history we have already discussed for many banks, the term MSB ends the discussion. However, for those banks that are looking for ways to improve overall profitability; there are several positives to consider

o Fee income: Because the business model is built on small dollar transactions, there is a large volume of transaction. Each transaction has the potential to generate fees. The experience of banks that offer accounts to MSB’s has vbeen a steady reliable source of fee income.

o Small expenditures of capital: The expenditure of capital that is necessary is largely dependent on the strength of your overall BSA compliance program. At the end of the day, the financial institution must dedicate sufficient resources to monitor the activity of the MSB.

o Extremely Low Cost: The costs of the resources mentioned above can and often is covered by the client MSB.

o Serving the underserved: As we previously noted, the vast majority of the customers using MSB’s are part of the larger underbanked and unbanked population.

o Opportunities for new markets, projects and a whole new generation of bank customers: Today’s MSB customer can easily be tomorrow’s entrepreneur who opens a large business account at your bank.

MSB’s and Risk

For many institutions the decision has been made that the regulatory risk associated with Money service Business is too great to justify offering the product. Of course, most of make this decision harken back to the struct scrutiny of Operation Chokepoint.

The fact that so many MSB’s lost their banking relationships caused the FDIC (the main “tormentor of financial institutions in this area) to issue FIL 5-2015 which was directed at the mass “de-risking” that that banks were forcing on MSB’s.

The FDIC is aware that some institutions may be hesitant to provide certain types of banking services due to concerns that they will be unable to comply with the associated requirements of the Bank Secrecy Act (BSA). The FDIC and the other federal banking agencies recognize that as a practical matter, it is not possible for a financial institution to detect and report all potentially illicit transactions that flow through an institution. Isolated or technical violations, which are limited instances of noncompliance with the BSA that occur within an otherwise adequate system of policies, procedures, and processes, generally do not prompt serious regulatory concern or reflect negatively on management’s supervision or commitment to BSA compliance. When an institution follows existing guidance and establishes and maintains an appropriate risk based program, the institution will be well-positioned to appropriately manage customer accounts, while generally detecting and deterring illicit financial transactions.[2]

Put another way, the regulators were noting that despite the appears otherwise the principles for managing the risks of MSB’s still applied; the better the monitoring, the lower the risk. When considering whether to offer an MSB a bank account, your financial institutions should be able to administrate the account to keep risks low. In addition to the guidance published by the FDIC, FinCen, the FFIEC and the other banking regulatory agencies have all published guidance making it clear that there are no absolute regulatory restrictions on banking MSB’s.

The time is now for community banking institutions to consider the possibility of baking relationship with MSB’s

[1] Zibel, Alan; Kendall, Brent (August 8, 2013). "Probe Turns Up Heat on Banks". The Wall Street Journal

[2] FIL 5-2015

Monday, February 5, 2018

RETHINKING THE BUSINESS MODEL FOR COMMUNITY BANKING

Community banks and credit unions have been a key part of the American economy since its beginning. These are the lending institutions that make loans to small sole proprietors, first time home buyers and dreamers of all kinds. Over the years, the business model for these institutions hardly varied. A review of the loan portfolios of community banks across the country will include three similar components:

· CRE- Commercial real estate loans have been one of the mainstays of the community banking business. These loans provide a viable, recognizable and reliable (usually) source of income. The return on investment for these loans have been the source of a large portion of the earnings for community banks for many years. The drawback for this type of lending is that it ties up a large portion of the capital of a bank and the return on investment takes a significant amount of time develop. A loss from one of these loans has the potential to threaten the existence of a small financial institution

· CNI – Commercial and Industrial loans have been the beating heart for community banks for many years. Very much like CRE loans, the income from these loans is recognizable and except for a few notable exceptions, reliable. Not only do these loans have the same concerns as CRE, the competition for these loans is fierce and smaller institutions often finds themselves left with the borrowers who present the highest level of risk.

· Consumer products - In the past 15 years, consumer loans have also proven to be a good source of earnings. Interest rates for consumer products have remained well above the prime rate and for a financial institution that is properly equipped, consumer products can provide a strong stream of income. Consumer products also tend to be for smaller amounts, have higher rates of losses and are heavily regulated.

This three-pronged approach to earning income has been a steady, tried and true method for earnings at small financial institutions. However, there are several factors that are coming together that have threatened this business model.

· Fintech – Financial technology (“Fintech”) companies are those companies that use software to deliver financial products. Today one of the most recognizable fintech companies is PayPal. Using just a smart phone, PayPal gives its users the ability to make payments, pay bills, deliver gift cards and conduct financial transactions with people throughout the country. For community banks, the knowledge of the existence of PayPal is interesting, but what is more critical is the reason that PayPal was developed. PayPal, and its fintech brethren exist to fill a specific need that Banks were not meeting.

· NBFI – The Operation Chokepoint program was a program spearheaded by the Justice Department that was aimed directly at Non-Bank Financial Institutions, aka Money Service Businesses. At the time the program was started, a decision was made that money service businesses represented an unacceptable money laundering risk. Ultimately, Operation Chokepoint fell into disrepute and was ended. Although Operation Chokepoint has ended, its legacy is still prevalent. MSB’s still have significant problems getting bank accounts. Despite this fact, the amount of money moved through remittances continues to grow. MSB’s continue to serve this market for a huge population of people who are unbanked and underbanked.

· Underbanked and Unbanked- The number of unbanked and underbanked families continues to grow. Unbanked families are those without a bank account and underbanked families are those that use minimal banking services. The number of people in these families totaled approximately 90 million in 2016[1]. Equally as important as the sheer size of the unbanked and underbanked population is the reason that many of these potential customers remain that way. High fees, poor customer service and bad public image have all been contributing factors for the large population of unbanked and underbanked customers.

Customer Bases in the Future

The combination of these forces will greatly impact the future of the business model for community banks. Customers will continue to change their expectations for their financial institutions. The traditional balance has changed, instead of being forced to choose the products that financial institutions offer, customers have come to demand products from their companies.

The financial needs of customers have also changed. Electronic banking, online account opening, remote deposit capture and iPhone applications are now almost necessities. Younger customers, who make up a significant number of the unbanked and underbanked population rarely use traditional forms of community banking such as branch visits. Fast information, fast movement of money, low costs transactions and accessibility are most desirable to the potential clients of today’s financial institutions.

Implications for the Small Bank Business Model

Fintech companies, NBFI’s and the need for new and different services presented by the unbanked and underbanked population will all continue to put pressure on community bankers to begin to make a change. Change may be hard, but it is also inevitable and necessary. For community banks and credit unions now is a good time to consider NBFI’s as viable and important customers. They are a vehicle for consumers to meet their ongoing needs and they need bank accounts.

Fintech companies reason for existing is to fill the unmet needs of unbanked and underbanked. These companies have developed applications that allow everything from alternate means of credit scoring to international transfer of funds using applications. A community bank or credit union that creates a partnership with the right fintech company can offer products and services that will greatly distinguish them in the market and allow for continued growth and alternate means of income. 2018 is a great time to start thinking about a new business model.

[1] In our most recent survey, published in October 2016, the FDIC reported that 7 percent of households were unbanked, lacking any account relationship at an insured institution. The survey also showed that an additional one-in-five (or 19.9 percent of) households were underbanked, defined as households in which a member had a bank account, but nevertheless turned to alternative financial services providers during the year to address one or more needs for transactional services such as check cashing or credit. Altogether, the survey reported that some 90 million Americans, or nearly 27 percent of households, are unbanked or underbanked.

Monday, July 24, 2017

Section 1071 of the Dodd Frank Act- A New Look at Fair Lending - A Two-Part Series

Part One- Towards a LAR for Commercial Loans

As the dust settled form the financial meltdown of 2008 there were a large number of new significant regulations to consider. The qualified mortgage rules, mortgage servicing rules and appraisal valuations all garnered a great deal of attention and focus. Of course, due to the impact of these rules, this attention was well deserved. However, as the dust settled from getting compliance programs in place, it is time to give attention to future regulatory requirements.

One of the most significant of the future regulations is section 1071 of the Dodd Frank Act. This section amends the Equal Credit Opportunity Act (AKA as Reg. B) to require banks to gather information about applicants for commercial loans. The information that will be gathered is very similar to information that is currently required by the Home Mortgage Disclosure Act (HMDA). Many believe that the future of this regulation is in doubt due to the general hostility of the current presidential administration to the Dodd Frank Act. Regardless of whether this regulation becomes fully implemented, the information that it requires is well worth considering.

Specifics

For the time being, this section of the Dodd Frank Act has been put on hold until the implementing regulations have been written. There are many who believe the future of the CFPB is in doubt, but merely hoping things change is not a successful strategy. Earlier in 2017, the CFPB started taking comments on the regulation with an eye toward developing a final rule early next year. It is likely the regulation will be implemented in some form early in 2018.

What is the type of information that is required? So far, the list of information required is as follows:

‘‘(1) IN GENERAL. —Each financial institution shall compile and maintain, in accordance with regulations of the Bureau, a record of the information provided by any loan applicant pursuant to a request under subsection (b).

‘‘(2) ITEMIZATION.—Information compiled and maintained under paragraph (1) shall be itemized in order to clearly and conspicuously disclose—

‘‘(A) the number of the application and the date on which the application was received;

‘‘(B) the type and purpose of the loan or other credit being applied for;

‘‘(C) the amount of the credit or credit limit applied for, and the amount of the credit transaction or the credit limit approved for such applicant;

‘‘(D) the type of action taken with respect to such application, and the date of such action;

‘‘(E) the census tract in which is located the principal place of business of the women-owned, minority-owned, or small business loan applicant;

‘‘(F) the gross annual revenue of the business in the last fiscal year of the women-owned, minority-owned, or small business loan applicant preceding the date of the application;

‘‘(G) the race, sex, and ethnicity of the principal owners of the business; and

‘‘(H) any additional data that the Bureau determines would aid in fulfilling the purposes of this section.

‘‘(3) NO PERSONALLY IDENTIFIABLE INFORMATION.—In compiling and maintaining any record of information under this section, a financial institution may not include in such record the name, specific address (other than the census tract required under paragraph (1)(E)), telephone number, electronic mail address, or any other personally identifiable information concerning any individual who is, or is connected with, the women owned, minority-owned, or small business loan applicant.

When the regulation is enacted, what will be required? Why are the regulators doing this to us? In reverse order, the reason given for this change to the ECOA is as follows:

“The purpose of this section is to facilitate enforcement of fair lending laws and enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority owned, and small businesses” [1]

Put another way, the purpose of the collection of this information will be to allow banks, economists and regulators to more completely and accurately determine the types of loans that are being requested by minority and women owned business. Presumably, the collected data will be used to provide regulators with tools to craft legislation to help expand fair lending laws and rules to the commercial lending area. The merits of whether these regulations should be expanded to the commercial lending will be discussed in part two of this blog.

There are some unique features to the requirements of this law. For example, the lending staff member who is doing the underwriting is NOT ALLOWED to ask the questions required by the law;

Where feasible, no loan underwriter or other officer or employee of a financial institution, or any affiliate of a financial institution, involved in making any determination concerning an application for credit shall have access to any information provided by the applicant pursuant to a request under subsection (b) in connection with such application.[2]

The idea here is this information must not be part of any credit decision, and the bank is under an obligation to present evidence that this information has been segregated from the credit decision. Therefore, even in cases where there are too few staff members to totally segregate the collection of the information from the loan staff, a protective wall still must be created.

If a financial institution determines that a loan underwriter or other officer or employee of a financial institution, or any affiliate of a financial institution, involved in making any determination concerning an application for credit should have access to any information provided by the applicant pursuant to a request under subsection (b), the financial institution shall provide notice to the applicant of the access of the underwriter to such information, along with notice that the financial institution may not discriminate on the basis of such information [3]

The time is coming when this information must be collected and the Bank must make sure that once it is collected, that the information has no impact on the credit decision.

Implications for the Future

What does this regulation mean for the future? It is of course, difficult to predict the future with any real accuracy. However, it is clear that the trend for regulations is that the scope and influence of fair lending and equal credit opportunity laws will increase in influence over the next decade. It will be increasingly important for banks to determine with detail the credit needs of the communities they serve. Moreover, there will be increased emphasis on banks’ ability to show how the credit products being offered meet the credit needs of that same community.

Why not start now?

The obvious question to ask is with all of the regulations that are coming into effect at this point and the resulting requirements, why start dealing with a regulation that has not come into existence? Why not cross that bridge when we come to it? In fact, there is a chance that this law may never get an implementing regulation.

Delay will result in higher costs and increase the risk of noncompliance. Whether or not Section 1071 is implemented within the next year or the next few years, information about the borrowers you serve and the products that you offer to serve them should be part of your strategic plan, fair lending plan and CRA plan. This information will be a critical component of showing your regulators that you are a vital part of the local economy and community. Moreover, this information should be a critical part of your institutions’ drive to reach out to the new customers who are currently among the large number of unbanked and underbanked. This pool of potential customers is one of the keys to successful banking in the future. In fact, whether or not the regulation is ever implemented, developing information on women and minority owned businesses will be a ket strategic advantage for the financial institutions that realize the vast potential that these business owners present.

In Part two of this blog, we will make the case for collection of information on loans to women and minority owned businesses regardless of regulation requirements.