regulatory updates & current risks for executives
TRANSCRIPT
11/19/2014
1
1
Welcome Banker Briefing Event: Regulatory Updates & Current
Risks for Executives
CSBS and Community BankingCharles G. Cooper
Commissioner
Texas Department of Banking
Assets Under Supervision Texas
3
Texas State‐Chartered Banks $225.5 Billion
26%
Texas State‐Chartered Savings Institutions $10.2 Billion
1%
Texas State‐Chartered Credit Unions
$29.5 Billion3%
Texas Nationally‐Chartered Banks
$142.0 Billion16%
Texas Federally‐Chartered Savings Institutions
$71.3 Billion8%
Texas Federally‐Chartered Credit Unions$50.7 Billion
6%
Out‐of‐State State‐Chartered Banks
$43.3 Billion5%
Out‐of‐State Nationally Chartered Banks
$292.1 Billion34%
Out‐of‐State Federally‐Chartered Savings Institutions
$ 1 Billion<1%
Assets of Federally Insured Texas Financial Institutions$865.5 Billion
As of June 30, 2014
Source: FDIC
11/19/2014
2
US Bank Charters by Authority
4
OCC Banks17%
OCC Thrifts8%
State75%
In 1985 there were more than 18,000 active bank charters in the United States. Since then, the US has seen a 62% decrease in the number of active bank charters. Despite this rapid consolidation, the state charter remains strong. Of the 6,821 banks in operation as of YR 2013, 5,168 (75%) hold a state charter.
Source: FDIC and CSBS
Growth in Banking Assets Since 1992 By Asset Group
5
$0
$2,000,000
$4,000,000
$6,000,000
$8,000,000
$10,000,000
$12,000,000
$14,000,000
$16,000,000
Millions
>$50B
$10B‐$50B
$1B‐$10B
$100M‐$1B
<100M
Interstate Branching
Financial Crisis
Source: CSBS
What is CSBS?
• Nationwide organization of state banking regulators
• Advancing quality and effectiveness of state regulation
• Promoting economic growth and consumer protection
6
11/19/2014
3
Financial Policy in D.C.
• Must be developed with better understanding of the role of community banks.
• Preserving community banks is critical to a strong, dynamic, and stable economy.
• Must have a frank dialogue between bankers, regulators, and policymakers.
7
Three focal points of research:
• New banks and emerging technologies;
• Effect of government policy on bank lending andrisk taking; and
• Impact of federal policy on community bankviability.
8
Key Takeaways:
• Economic conditions alone do not explain why therehave been almost no new bank charters since 2008.
• CRE guidance was impactful, but caused unintendedconsequences.
• Federal agencies’ appeals processes are inconsistentand seldom used by bankers.
9
11/19/2014
4
Key Takeaways, Continued:
• Rising compliance costs have the potential to limit financial services available to communities.
• Washington’s one‐size‐fits‐all approach to regulation has a disproportionate impact on community banks.
10
Town Hall and Survey Report
• Town hall meetings with bankers across the country:
– Held in 30 states, including Texas
– More than 1,300 bankers attended
• Survey of more than 1,000 bankers.
11
CSBS Community Banking Steering Group
• Established in 2011.
• Focused on the viability of the community bank business model and impediments they face.
• Accomplishments:– Regulatory Relief Proposals;
– Defining Community Banks; and
– White paper: “An Incremental Approach to Financial Regulation.”
12
11/19/2014
5
Support Community Bank Business Model
• Supervision should account for relationship‐lending.
• Remove barriers to private capital investment.
• Grant QM status to all loans held in portfolio.
• Fair lending.
• Speed up application process.
• Eliminate brokered deposit designation for reciprocal deposits.
13
Legislative Initiatives
• Establish a petition process for rural loans.
• QM Status for loans held in portfolio.
• CLEAR Relief Act.
• Community Banking or Supervisory Experience on Fed and FDIC Boards.
14
Conclusions
• Enhancing legislation and regulation to better fit the relationship lending model.
• Improving research on community banks.
– Providing quantitative data for qualitative stories.
– “Changing the conversation”
• Your voice matters!
15
11/19/2014
6
Questions?Charles G. Cooper
Commissioner, Texas Department of Banking
Peter G. Weinstock
Hunton & Williams LLP1445 Ross Avenue, Suite 3700
Dallas, Texas 75202(214) 468-3395
© Copyright 2014 – All Rights Reserved
52958218
Fair Lending
Banker Briefing – Regulatory Updates & Current Risks for Executives
November 18, 2014
Fair Lending
Banker Briefing – Regulatory Updates & Current Risks for Executives
November 18, 2014
Debbie Ray, CRCM, CRP, AMLP
Weaver12221 Merit Drive, Suite 1400
Dallas, Texas 75251(972) 448-9229
18
PRACTICESBanking and FinanceFinancial Institutions Corporate and
RegulatoryFair LendingConsumer Financial Compliance and
Litigation
[email protected] Ross Avenue, #3700Dallas, TX 75202p 214.468.3395f 214.740.7182
EDUCATIONJD, Duke University School of Law, 1985
BA, State University of New York, 1982
BAR ADMISSIONSTexas
Peter's practice focuses on corporate and regulatory representation of a wide range of financial institution franchises.
Peter's practice focuses on corporate and regulatory representation of small to large regional and national financial institution franchises. During
the past several years, Peter has devoted substantial time to regulatory, law enforcement and internal investigations of financial institutions. He is
Co-Practice Group Leader of the Financial Institutions Section. He has counseled institutions on more than 150 M&A transactions, as well as
provided representation on securities offerings and capital planning.
Relevant ExperienceRepresentation includes:
lead counsel on the North American Corporate Deal of the Year (Middle Market) – The M&A Atlas Awards – for Cascade Bancorp, Inc.’s
successful topping bid to acquire Home Federal Bancorp, Inc., a NASDAQ-listed bank;
more representations of buyers, sellers and credit committees of firms involved in 363 bankruptcy actions than any other firm;
more M&A transactions than any firm over the last 14 years (according to SNL Financial, December 2013);
number 1 in 2013 with 19 M&A transactions and year-to-date in 2014 with 18 M&A transactions (according to SNL Financial);
hundreds of capital offerings;
hundreds of fair lending, CMPs, and other enforcement actions;
testimony before Panel of the House Judiciary Committee regarding Operation “Choke Point” in July 2014; and
myriad compliance issues before all of the federal bank regulatory authorities, including the CFPB; and negotiations of administrative
actions.
For the last 18 years, he has served as co-editor of ICBA’s Newsletter, "SUBCHAPTER S: THE NEXT GENERATION.” He is the author of
numerous articles in law and banking publications. His article, “Acquisitions of Failed Banks – Present Risk and Opportunity,” was voted the
second best article appearing in The Risk Managers Association Journal of 2011. He has spoken at over 150 banking conferences and
seminars, including for over the last 11 years, ICBA’s annual conference. Mr. Weinstock is listed in Chambers USA “Leaders in Their Field” for
banking.
Peter WeinstockPartnerHunton & Williams LLP
11/19/2014
7
19
12221 Merit Drive, #1400Dallas, TX 75251p 972.448.9229f 972.702.8321
EDUCATIONBA, University of Texas at San Antonio
CERTIFICATIONSCertified Regulatory Compliance Manager, ABA Institute of Certified Bankers
Certified Risk Professional, BAI
Anti-Money Laundering Professional, BAI
Debbie Ray, CRCM, CRP, AMLP has more than 24 years of experience working in the financial services industry. Her practice emphasis is in the realm of federal regulatory bank compliance with a focus on fair lending. Debbie served the United States Department of the Treasury as a Bank Examiner in the San Antonio field office of the Office of the Comptroller of the Currency. She became a bank compliance officer at three large financial institutions before starting her consulting practice in 2002. With her background in federal regulatory, private industry and consulting, Debbie brings a unique and well-rounded perspective to her engagements.
Professional Experience More than 24 years of experience in Regulatory Consumer Compliance
Seasoned professional with extensive experience in working with potential and levied enforcement actions related to fair lending as well as a
strong knowledge of the “alphabet soup” of regulations A to Z
Has served a variety of clients nationwide, including de novo charters to those under administrative actions, assets of $20 million to multi-billion
dollar companies, banks and mortgage companies and those supervised by each of the regulatory agencies
Specialized in Consumer Compliance and participated in the regulatory oversight and examination of nationally chartered banks with the Office
of the Comptroller of the Currency
Prior owner of AIIZ Compliance Consulting, Inc., a professional services bank consulting firm
Professional Involvement and Recognition Member, Dallas Area Compliance Association
Member, Institute of Certified Bankers
Member, Independent Bankers Association of Texas
Member, Bankers Administration Institute
Speaker, Texas Bar Association
Speaker, Texas Association of Bank Counsel
Speaker, Dallas Area Compliance Association
Instructor, American Bankers Association Compliance School
Panelist, American Bankers Association, National Regulatory Compliance Conference
Author, American Bankers Association Bank Compliance Magazine article on fair lending testing and attorney-client privilege
Author, 2014 Bankers Digest, “The Four D’s of the CFPB”
Debbie RayDirector, Risk Advisory ServicesWeaver
20
Fair Lending
21
From 2009 – 2013, the bank regulatory agencies, the FTC and HUD, referred 147 fair
lending matters to DOJ. All eight of the fair lending discrimination cases filed by the DOJ
in 2013 were referrals from the bank regulatory agencies – two of which were
jointly investigated with the CFPB.
DOJ Referrals
11/19/2014
8
22
2013: OCC 1
CFPB 6
FRB 6
FDIC 11
HUD 1
DOJ Referrals (cont’d)
23
2010: FDIC made 33 of 49 lending discrimination referrals to DOJ
No other agency referred more than 6
OCC – 2 of 49 in 2010
FDIC regulates > 50% of all banks
2011: There were 29 referrals to DOJ:
OTS 4
OCC 1
FRB 7
FDIC 14
2012: There were 13 referrals to DOJ:
OCC 1
CFPB 1
FRB 2
FDIC 8
DOJ Referrals (cont’d)
24
The 25 referrals in 2013 included the following types of alleged discrimination:
• 10 involving race or national origin
• 10 involving marital status
• 4 involving age
• 4 involving source of income
• 3 involving sex
• 1 involving disability 1
1 Several referrals involved multiple protected classes; therefore, the number of referrals by protected class categories totals more than 25.
DOJ Referrals (cont’d)
11/19/2014
9
25
At December 31, 2013, there were 8 authorized suits and 3 pending DOJ referrals of which:
3 race/national origin discrimination
At December 31, 2012, there were 7 pending DOJ referrals of which:
3 race/national origin mortgage pricing
1 gender/familial status mortgage underwriting
1 unsecured consumer lending
1 mortgage steering and pricing
At December 31, 2011, there were 5 authorized suits and 30 pending DOJ investigations:
14 pricing discrimination
3 redlining
1 marketing based on national origin
1 reverse redlining
1 reverse redlining and steering
1 underwriting based on maternity leave policy
DOJ Referrals (cont’d)
26
2010 and 2011 referrals returned as of 12/31/11:
57% FDIC
43% FRB
62.5% OTS
33% OCC
2012 referrals returned as of 12/31/12:
4 of 8 FDIC
2 of 2 FRB
1 of 1 OCC
2013 referrals returned as of 12/31/13:
4 of 6 CFPB
7 of 11 FDIC
3 of 6 FRB
1 of 1 OCC
DOJ Referrals (cont’d)
27
• Applies to any aspect of a credit transaction
• “Aspect” of a credit transaction is broadly defined. What is considered starts at marketing and continues through to foreclosure/modification
• “Credit transaction” is any extension of credit, including:– Consumer
– Business
– Overdrafts/NSFs
Equal Credit Opportunity Act
11/19/2014
10
28
• Prohibits discrimination in all aspects of residential real estate, including:– Loans to buy, build, repair or improve a dwelling– Purchases of residential loans if purchaser influences
the credit decision or is involved in setting credit terms– Selling, brokering, appraising or renting a dwelling
• Must make “reasonable accommodations” for people with disabilities when they apply for credit
Fair Housing Act
29
• Under fair lending laws, a financial institution may not:– apply different rules for approval or evaluating collateral;– vary terms, including interest rate, term or available credit product;– provide different levels of assistance or otherwise service the credit
differently; – apply different default/modification/foreclosure outcomes; or – steer to a less favorable product on a prohibited basis
based on or to: (i) someone in a “protected class,” 1 (ii) the neighborhood in which the person lives or property is located, or (iii) a person associated with the prospective borrower (co-borrowers, spouse or live-in aide) (regulators sometimes call them prohibited basis groups).
1 Regulators sometimes call them “prohibited basis groups.”
ECOA/FHA
30
Prohibited Bases for Fair Lending
Equal Credit Opportunity Act Fair Housing Act
Race or color Race or color
Religion Religion
National origin National origin
Sex Sex 1
Marital status Familial status
Age Handicap
Receipt of public assistance
Exercised rights under CCPA
CFPB: “Fair, equitable and nondiscriminatory access to credit.”1 Note HUD’s Equal Access to Housing in HUD Programs Regardless of Sexual Orientation or Gender Identity Rule (so called “Equal Access Rule”).
11/19/2014
11
31
ECOA – Aspect of a Credit Transaction
Access Assistance
Steering
Underwriting
Pricing
Marketing
Foreclosure
Ass
ista
nce
Mod
ifica
tion
Servicing/Mitigation
32
• Courts recognize three types of proof of lending discrimination:– Overt evidence of disparate treatment– Comparative evidence of disparate treatment– Evidence of disparate impact
Types of Lending Discrimination
33
• Regulators:– Lack of definitive underwriting standards– Overreliance on loan officers’ experience levels– Risk-based pricing that is not based on objective
criteria or consistently applied– Discretion– Lack of internal controls– Lack of clear documentation of reasons for decisions
or exceptions– Lack of monitoring– Financial incentives
Risk Areas
11/19/2014
12
34
• Subjectivity:– Character– Integrity– Desirable– Honesty– Legitimate doubts– Established customers– Unquestionable character– More liberal terms allowed
• Exceptions:– Exception– Management should be integrated into policy– Exceptions should be documented (reason codes)– Form– Dual signatures– Reporting
Policy Issues
35
So what goes wrong? – Our view:• Lack of comprehensive data in files• Officers gaming the system• Lack of clarity on policies and rate cards• Lack of centralized underwriting and pricing
But mainly it is:• Data dumps• Matched pairs• Interviews• Interview summaries
Disparate Pricing
36
• We have put together a list of 19 legitimate pricing factors that regulators have accepted and put into one of the models we have reviewed. While this is not an exhaustive list of legitimate factors, it is pretty extensive.– Loan Term– Loan Amount (deals with profitability)– Credit Score– Debt to Income (DTI) or Revenue of Borrower– Deposit Relationship– Prior Loan Relationship– Renewal (a renewal of an existing loan may be priced differently)– Workout– Guarantor– Co-Borrower– Delinquencies– Delinquencies (with institution)– Adverse Actions (generally collection actions)– Bankruptcies– Auto Debit– Payment Frequency (bullet loans are often priced differently)– Employee Loan– Loan to Value (LTV) (where there is collateral)– Commercial (whether the credit appears to be a personal credit but is tied to a commercial relationship or
collateralized by a business asset)
Pricing Factors
11/19/2014
13
37
• May only request information about spouse or former spouse if:– spouse is allowed to use account;– spouse is contractually liable on account;– applicant is relying on spouse’s income to help repay credit; or– applicant is relying on alimony, child support or separate
maintenance payments.
• If applicant applies for individual, unsecured credit, cannot inquire about marital status.
• If applicant applies for individual, secured credit, cannot inquire whether collateral is community property.
Regulation B – Information About Spouse or Former Spouse
38
• Spousal Signature/Guaranty– If applicant qualifies for loan, cannot require spouse to co-sign or
guarantee loan– May require guarantees of partners, directors or officers of a
business entity, including spouse if spouse has an interest in the business
– Must have documentation of intent to apply for joint credit– Execution of financial statements is not enough– Can require spouse to execute security agreements– Highly recommend second review of adverse action notices
Regulation B – Marital Status (cont’d)
39
• Lenders may be responsible for violations by brokers or agents if they:– “Knew or had reasonable notice of the act or practice”
• What to do?– Consider reviewing third-party lenders like lender evaluates
its direct loans• Communicate lenders’ policies regarding fair lending – check third-
party’s policies• Document compliance requirements in agreements• Clear guidelines for processing applications, approvals and setting
prices
• Train third parties• Analyze lender’s data and third-party’s data separately and
as a whole
Third-Party Risks in Fair Lending
11/19/2014
14
40
• Examiner questions that banks should be able to answer:– Do policies or procedures clearly define underwriting
practices?– Are all applicants provided the same level of assistance?– Are all applicants provided equal opportunities to correct
adverse or incomplete information?– Are all applicants provided the same information (including
alternatives for loan products)?– Is pricing set by price card or rate sheet and subject to
centralized oversight or approval?– Are exceptions monitored, analyzed and tracked?– Are reasons for denial accurately and promptly
communicated?
Applying the Rules
41
The features the CFPB considers in a well-developed fair lending program within the compliance management system:
– An up-to-date fair lending policy statement;
– Regular fair lending training for all employees involved with any aspect of the institution’s credit transactions, as well as all officers and board members;
– Ongoing monitoring for compliance with fair lending policies and procedures, and appropriate corrective action if necessary;
Fair Lending Program Checklist
42
– Ongoing monitoring for compliance with other policies and procedures that are intended to reduce fair lending risk (such as controls on loan originator discretion), and appropriate corrective action if necessary;
– Review of lending policies for potential fair lending violations, including potential disparate impact;
– Regular assessment of the marketing of loan products. (expand this to include assessment of your lending performance as well. Know your story!)
Fair Lending Program Checklist (cont’d)
11/19/2014
15
43
– Meaningful oversight of fair lending compliance by management and where appropriate, the financial institution’s board of directors;
– Depending on the size and complexity of the financial institution, regular statistical analysis, as appropriate, of loan-level data for potential disparities on a prohibited basis in pricing, underwriting, or other aspects of the credit transaction, to include both mortgage and non-mortgage products such as credit cards, auto lending, and student lending. Note that use of proxies will be necessary for non-HMDA type transactions.
Fair Lending Program Checklist (cont’d)
44
Break2:45 -2:55
Cyber Security RisksWhat banks should be doing.
Banker Briefing | November 18, 2014
11/19/2014
16
What We’ll Cover
• Current landscape – what’s going on
• Common security measures by banks
• Why this isn’t enough (case studies)
• What banks should be doing
46
Presenters
47
Brian ThomasWeaverPartner, IT Advisory Services
Jarrett KolthoffSpearTip
President
Weaver
IT Advisory Services
48
IT Audit - IT internal audit- External audit support- SOX- SOC reporting
Information Security- Penetration testing- Vulnerability assessment- ISO 27001- Data privacy
IT Consulting- Independent verification & validation- IT assessments and planning- Project risk management
Analytics- Audit preparation- Audit support- Forensics support- Management analytics- Continuous monitoring
11/19/2014
17
49
Current Landscape
Background
50
Two kinds of banks:
those that have been breached
those that know that they’ve been breached
What’s going on
• Zero day malware via phishing and websites
• Gets past typical controls• Impact:
– Data / system hijacking & ransom– Data exfiltration (credentials, account
info, card info)– Fraudulent transactions, credit card fraud,
identity theft, fraudulent wires, account takeover
51
11/19/2014
18
52
What’s going on
53
Common Measures
What are we doing today?
• Anti-virus, anti-malware• Patching updating• Employee and customer
training• Perimeter security• Scanning, vulnerability
assessment, and penetration testing
• Social engineering assessments• Some risk assessment & vendor
management 54
11/19/2014
19
What is accomplished?
• Identifying / fixing known issues• Making it harder to attack us• Educating our employees
55
What’s NOT accomplished?
• Progress against zero day malware• Getting hands around the cyber risk• Ability to detect issues quickly• Resiliency, preparedness for when
something happens
56
57
“Prevention is ideal, detection is a must!”
11/19/2014
20
58
Case Studies
Gameover/Zeus
+ Bank credential-stealing malware
+ C2 via decentralized network
+ May be found in conjunction with CryptoWall
11/19/2014
21
Regional Bank
+ Credentials compromised via Gameover/Zeus
+ ACH transfer initiated
+ DDOS attack launched against servers responsible for wire
transfer
+ DDOS attack launched against Exchange Server
+ Russian citizen arrested in Switzerland by INTERPOL
+ Arrested suspect was a “mule”
Local Bank
+ Organization credentials compromised via Gameover/Zeus
+ Wire transfer altered after transfer initiation
+ Organization initiated litigation against the bank
+ Organization IT staff reinstalled operating systems on infected
systems
+ Evidence of data destruction recovered despite spoliation
+ Bank successfully defended against claims of inadequate
security mechanisms
+ Employee systems compromised with CryptoWall
+ IT staff failed to preserve crucial
evidence
+ Analysis found evidence of data
exfiltration despite evidence
destruction
+ 17GB of sensitive data was
exfiltrated just prior to encryption
Financial Institution
11/19/2014
22
64
Steps to Take
GROWING RISKS
+ New consumer protection laws hold officers accountable
for cyber breaches.+ State attorneys general now target businesses for non-
disclosure of cyber breaches.+ Improperly handled cyber attacks are now considered
breaches of fiduciary duty.
YOU PERSONALLY FACE GROWING LIABILITYFOR PROTECTING COMPANY ASSETS
Executives and Directors are no longer viewed as innocent victims in the event of a cyber breach.
POTENTIAL HARM
+ Lawsuits resulting from a breach can cost millions.
+ Incident response and remediation can result in
significant expense.+ Loss of public trust can permanently damage share price
and growth.
A SINGLE BREACH COULD RESULT IN PERMANENT COMPANY DEVALUATION
Cyber criminals now target trade secrets, intellectual property, and financials, as well as personal data.
11/19/2014
23
FACTS
+ Continuous monitoring of cyber threats is now an essential practice.
+ Tools such as mobile devices open doors for cyber breaches.
+ Cyber crime methods and technology change and escalate daily.
+ Audits and Vulnerability Assessments are NOT enough
YOUR CURRENT TACTICS FOR CYBER SECURITY ARE NOT ENOUGH
Misconceptions and misinformation can leave you vulnerable and at risk.
Preparing for BattleLeveraging Cyber Threat Intelligence Proactively
+ Can you Respond to an incident
+ Is there Zero-Day malware within
our environment now
+ What do the hackers currently have
of mine
Questions & Discussion
11/19/2014
24
Jarrett KolthoffPresident & CEOTel: 800.236.6550Email: [email protected]
Brian J. Thomas, CISA, CISSPPartner, Advisory ServicesTel: 713.800.1050Email: [email protected]
: @IT_Risk
71
Break3:45 -3:55
Banker BriefingRegulatory Updates & Current Risks for Executives
Gilbert D. Barker, Deputy Comptroller
Southern District
Please note that the following slides are for discussion purposes only and reference should be made to the relevant statutes, regulations and guidance for specific requirements
11/19/2014
25
Commercial Composite Rating Trends(Community Banks and Thrifts)
73
Condition Trends – Banks and Thrifts
Southern District Regions: Loan Growth Rate (Annual)Community Banks (Excludes De Novos & Mergers)
74
Loan Growth Trends
Dodd-Frank Implementation
75
Regulatory Burden =Regulatory Relief or Regulator Burden?
11/19/2014
26
Southern District Radar Screen
76
Threat Assessment
Increased Incidents of Fraud
Practices that have led to fraud in the OCC’s Southern District:
• Lack of Dual Controls or Restrictions– Employees are allowed to withdraw cash at the teller line (e.g., CD’s,
deposit accounts, lines of credit) supposedly on behalf of customers.
– Employees are allowed to make loans and disburse cash supposedly on behalf of customers.
– Employees are allowed unrestricted access to teller or vault cash.
– Employees are allowed to request a hold on the mailing of monthly account statements supposedly on behalf of customers who don’t want
them mailed.
77
Fraud
Increased Incidents of Fraud
Practices that have led to fraud in the OCC’s Southern District:
• Lack of independent verification of customer documentation– Borrowers are allowed to submit documentation on collateral without
independent verification by the bank (e.g., life insurance policies and securities certificates or statements). This is complicated by sophisticated technology which can make fictitious documents appear genuine.
• Lack of mandatory employee vacations– Employees are not required to take at least one or two weeks
consecutive vacations to prevent them from “managing” a fraud.
78
Fraud - continued
11/19/2014
27
Increased Incidents of Fraud
• “Takeaways” from increased incidents of fraud
– Community bankers are placing more confidence in the integrity of their employees than the integrity of their audit and internal control processes.
– Bank audit and internal controls schedules and procedures have become entirely too predictable, allowing employees to get comfortable with audit scope and timing.
– Banks are cutting internal controls and audit costs as a means to make up for profits they once enjoyed.
79
Fraud - continued
Third Party Relationships
OCC Banking Bulletin 2013‐29 (October 30, 2013)
• Provides guidance for assessing and managing risks associated with third party relationships
• Banks must practice effective risk management regardless of whether the bank performs the activity internally or through a third party
• Practical advice for community bankers: Questions to ask a third party provider:
Let me understand what you will be doing for us; let me make sure I know what you will not be doing for us.
Explain to me how you will do this for the bank and our customers.
What do you do to make sure this all works as expected for the bank and our customers?
What do you do to make sure this all complies with laws and regulations?
How will you know when things are not working – how and when will you monitor and report to the bank that something is not being done correctly?
80
Third Party Relationships - continued
OCC Banking Bulletin 2013‐29 (October 30, 2013)• Management should negotiate a contract that clearly specifies the rights and
responsibilities of each party to the contract
• Items that should be addressed in the contract include (but are not limited to):
81
Scope of Services Performance Measures
Responsibilities Regarding Information
Compliance with Applicable Laws and Regulations
Cost and Compensation Ownership and License
Confidentiality Indemnification
OCC Supervision Customer Complaints
Default and Termination
11/19/2014
28
Flood Disaster Protection Act
Violation 2010 2011 2012 2013
Obtain and Maintain Flood Insurance (22.3)
56 45 54 48
Required Use of Standard Flood Hazard Determination Form (22.6)
8 0 10 9
Force Placement of Flood Insurance if Lapsed (22.7)
36 27 32 17
Provide Special Notice if Property is in a Special Flood Hazard Area
(22.9)
30 15 18 23
Southern District Common Flood Violations
Ensuring the safety and soundness of national banks for all Americans 82
Biggert‐Waters Flood Insurance Reform Act of 2012: Five Noteworthy Areas
• Changes to civil monetary penalty (effective July 6, 2012)
– $385 to $2000 per violation; removes aggregate maximum
• Escrows (regulations required to become effective)
• Force placed flood insurance (effective upon enactment July 6, 2012)
• Mandatory acceptance of private flood insurance (regulations required to become effective)
• Increased limit of coverage for non‐condo residential buildings (OCC Bulletin 2014‐26 – increased coverage available June 1, 2014)
83
Flood Disaster Protection Act
Bank Secrecy Act
• Vast majority of banks are doing a great job in BSA compliance– Enforcement actions down a bit over the last couple of years
– Enforcement actions have been taken on only a very small subset of all institutions
• Compliance considered in the “M” component of the CAMELS rating
• Problem areas:– BSA/AML Skills and Resource Challenges
– Bulk cash
– Risk assessments – incomplete, not accurate, needs to be more than just large categories of customers (e.g., PEPs)
– Monitoring – fine tuning software, adjustment for growth
– Alert Disposition
• De‐risking
84
11/19/2014
29
Questions????
85
Gilbert D. [email protected]
214-720-7005
Dalié JiménezCorey Stone
Credit Reporting & Scoring Primer
P R I M E RJ U L Y 2 8 , 2 0 1 1
Exam Process
Karyn MysliwiecCFPB
CFPB Supervision Regions
11/19/2014
30
CFPB Regional Offices
Northeast Midwest Southeast West
Steve [email protected]
Anthony [email protected]
Edwin [email protected]
Delaware, New Jersey, New York, Pennsylvania,
Connecticut, Rhode Island, Massachusetts,
Vermont, New Hampshire, Maine,
Puerto Rico
Minnesota, Iowa, Illinois, Michigan, Ohio, Indiana,
Kentucky, Missouri, Wisconsin
West Virginia, Virginia, District of Columbia,
Maryland, North Carolina, South
Carolina, Georgia, Florida, Alabama, Mississippi, Texas,
Oklahoma, Arkansas, Tennessee, Louisiana
Washington, Oregon, California, Idaho, Nevada, Montana, Wyoming, Utah,
Arizona, New Mexico, Colorado, North Dakota, South Dakota, Nebraska, Kansas, Hawaii, Alaska
Purpose of the Supervision Manual
Provide transparent guidance to CFPB examiners that enables them to conduct consistent reviews of supervised entities
Review compliance management systems
Check compliance with federal consumer
financial laws
ECOA, HMDA,
FCRA, etc.
Risk Assessment
• Inherent Risks to Consumers
• As Mitigated by Effectiveness of Compliance Management
Identify and Prioritize
Examinations
Evaluate: In order to:
11/19/2014
31
How would a CFPB Exam Proceed
Part I – Compliance Supervision and Examination• Overview• Examination Process
Part II – Examinations Procedures
A. Compliance Management System– Compliance Management Review (CMR) Procedures
B. Product-Based Procedures– Consumer Reporting Larger Participants– Mortgage Origination– Mortgage Servicing– Short-Term, Small-Dollar Lending
C. Statutory- and Regulation-Based ProceduresUDAAP, TILA, HOPA, SAFE Act, FDCPA, TISA,
ECOA, HMDA, RESPA, UCLA, FCRA, EFTA, GLBA,
Interagency Fair Lending Examination Procedures
What is a Compliance Management System
A compliance management system (CMS) is how a supervised entity:
Establishes its compliance responsibilities;
Communicates those responsibilities to employees;
Ensures that responsibilities for meeting legal requirements and following internal policies are incorporated into business processes;
Reviews operations to ensure responsibilities and legal requirements are met; and
Takes corrective action and updates tools, systems, and materials as necessary.
What is an Effective Compliance Management System
An effective CMS commonly has four interdependent control components:
Board and Management Oversight
Compliance Program– Policies & Procedures, Training, and Monitoring/Correction
Response to Consumer Complaints
Compliance Audit
When all four control components are strong and well-coordinated, a supervised entity should be successful at managing its compliance responsibilities and risks.
11/19/2014
32
Mortgage Origination Exam Procedure
[I]n conjunction with the compliance management system review… each examination will cover one or more of the following modules:
Module 1: Company Business Model
Module 2: Advertising and Marketing
Module 3: Loan Disclosures and Terms
Module 4: Underwriting, Appraisals & Originator Compensation
Module 5: Closing
Module 6: Fair Lending
Module 7: Privacy
Mortgage Servicing Exam Procedure
[I]n conjunction with the compliance management system review…each examination will cover one or more of the following modules:
Routine Servicing
Module 1 – Servicing Transfers, Loan Ownership Transfers, and Escrow Disclosures
Module 2 – Payment Processing and Account Maintenance
Module 3 – Customer Inquiries and Complaints
Module 4 – Maintenance of Escrow Accounts and Insurance Products
Module 5 – Credit Reporting
Module 6 – Information Sharing and Privacy
Default Servicing
Module 7: Collections and Accounts in Bankruptcy
Module 8: Loss Mitigation
Foreclosure
Module 9: Foreclosures
Mortgage Exam Objectives
According to the Supervision Manual, the objectives of every origination or servicing exam are:
1. To assess the quality of a supervised entity’s compliance management systems in its mortgage [origination / servicing] business.
2. To identify acts or practices that materially increase the risk of violations of federal consumer financial law, and associated harm to consumers, in connection with mortgage [origination / servicing].
3. To gather facts that help determine whether a supervised entity engages in acts or practices that are likely to violate federal consumer financial law in connection with mortgage [origination / servicing].
4. To determine…whether a violation of a federal consumer financial law has occurred and whether further supervisory or enforcement actions are appropriate.
11/19/2014
33
Two Important Takeaways for your CMS
1) View customer complaints as invaluable business intelligence.
As noted in the exam procedures, “[a]n effective compliance management system should ensure
that a supervised entity is responsive and responsible in handling consumer complaints and
inquiries” and “[i]ntelligence gathered from consumer contacts should be organized, retained,
and used as part of an institution’s compliance management system.”
2) Monitor third-party service providers, particularly those who interface
with your customers or handle their information, with extra care.
In Supervisory Highlights: Fall 2012, the Bureau notes, in light of significant examination findings,
that it “considers oversight of service providers to be a key component of an effective CMS, and expects
supervised entities that retain or operate through service providers to have an effective process for
managing the risks of those relationships to ensure compliance with applicable federal consumer law.”
Keeping up with Mortgage Rules
Latest information on mortgage rules can be found at:
www.consumerfinance.gov/regulations
Register for direct-to-you email updates at the same page
If you have questions about the meaning or intent of the regulations:
202-435-7700
Sign up for Email Updates on Mortgage Rules
http://www.consumerfinance.gov/regulations/
11/19/2014
34
Questions?
101
Thank You!