The Winter issue of the Regulatory Compliance Digest features a summary of the latest updates from CFPB, FDIC, FinCEN, and the Federal Reserve Board, as well as HMDA planning reminders, compliance hot topics and regulatory updates.
The Regulatory Compliance Digest is intended to keep you informed of regulatory changes in advance of their effective date, so your institution can evaluate changes or updates to necessary policies, procedures and processes in place to be compliant at the time of enactment.
Industry Trends & Insights
Kicking off 2024 with Home Mortgage Disclosure Act (HMDA) Season
Yes, it is that time of year when we begin our new year planning, and this year we should add the impending HDMA filing deadline to our to-do list. Considering the recent regulatory enforcement actions, now is the right time to evaluate your current HMDA process. The importance of HMDA is often ignored by those responsible for its accuracy. It is important that lenders and lending administration understands what HMDA is and why it is important to the financial institution.
So why is HMDA important? The HMDA requires financial institutions to maintain, report, and publicly disclose loan-level information about mortgages. This data paints the picture of how your financial institution is serving the housing needs of the communities you do business in. In addition, it provides information to government officials who use that data to make policy decisions and allocate resources and funding. Most importantly, it spotlights lending patterns, including those that may be discriminatory. HMDA data is used to assess the financial institution’s fair lending performance as well as CRA performance.
In addition to examination comments regarding violations, failure to comply with HMDA requirements can have major repercussions to the financial institution. In addition to the time and money a resubmission entails, regulators can impose hefty monetary penalties and legal consequences for violations of fair lending laws and regulations.
Recent Enforcement Actions. Two of the most recent enforcement actions clearly illustrate the importance of HMDA and the role of lending in ensuring compliance:
- On November 28, 2023, the CFPB issued an order against Bank of America, N.A. for HMDA violations. It was found that between 2016 and late 2020, hundreds of Bank of America’s loan officers were not asking applicants for their race, ethnicity, and sex, as required by law, and falsely recorded that the applicants chose not to provide the information. This conduct violated HMDA, Regulation C, and the Consumer Financial Protection Act of 2010 and Bank of America was required a $12 million civil money penalty and to develop policies and procedures to ensure compliance with HMDA and Regulation C, including recording and auditing phone applications to make sure that HMDA data are accurately collected and recorded.
- On October 10, 2023, the CFPB filed a lawsuit against Freedom Mortgage Corporation (Freedom), a residential mortgage loan originator and servicer that in 2020, reported HMDA data on over 700,000 loans and applications and originated nearly 400,000 HMDA-reportable loans, making it the third largest mortgage lender in the United States by origination volume. In 2019, the CFPB issued an order against Freedom finding that it intentionally misreported certain HMDA data fields from at least 2014 to 2017 and it now alleges that the mortgage loan data for 2020 that Freedom submitted pursuant to HMDA contained widespread errors across multiple data fields, in violation of HMDA and its implementing Regulation C. The Bureau’s complaint further alleges that by reporting inaccurate mortgage loan data for 2020, Freedom also violated the 2019 order and the Consumer Financial Protection Act of 2010 (CFPA). The Bureau seeks appropriate injunctive relief and a civil money penalty.
Action Plan.As you move through the process of validating the accuracy of your HMDA data prior to the March 1st submission, take notice of the errors. Are the one-off errors due to human intervention or indicative of a great systemic problem? Understanding the root cause is the key to implementing an effective, ongoing process. Consider the following:
- How is the financial institution receiving applications? If applications are being taken in person, by telephone or through web applications, how is government monitoring information and HMDA information being collected. Just because the application is not taken in person, does not mean you can ignore the data collection requirements.
- Do policy and procedures address all parts of the HMDA process in the institution from application through collection, validation, and submission for all types of HMDA applicable lending? Every step of the process should be documented including not only data collection and reporting requirements but also the frequency of internal reviews and training.
- Is the correct team involved? HMDA compliance does not just apply to the compliance officer. In addition to compliance, the team needs to include both consumer and commercial lenders as well as your tech staff to ensure both correct collection and software mapping.
- Are there sufficient error prevention and detection measures to ensure accuracy? Most strong HMDA programs have these measures built in. Whether they are quarterly internal monitoring or third-party review, these measures are important for the early detection and remediation of issues.
- Are you training the right people in the right way? You will have experienced persons on staff that know the ins and outs of HMDA and a periodic refresher is enough. But what about new hires, commercial lenders, fair lending officers, etc.? A simple refresher may not be enough. In addition to in person or computer-based HMDA training, think about actual case studies gleaned from your periodic review of HMDA. HMDA is not always cut and dry, especially in the commercial lending arena.
- What happens when issues are detected as referenced in the recent enforcement actions? There should be a plan in place for escalation of identified as well as potential issues. For those responsible for data collection and accuracy, job descriptions should reflect those responsibilities and annual reviews should incorporate commentary on compliance with HMDA and those specific responsibilities.
As HMDA is the cornerstone of compliance with the hot topics of fair lending and CRA, we believe that the regulators will continue to scrutinize an institutions data as well as its practices in achieving compliance.
Regulatory Updates
Agencies Announce Dollar Thresholds for Smaller Loan Exemption from Appraisal Requirements for Higher-priced Mortgage Loans
On November 13, 2023, joint agencies announced that the 2024 threshold for whether higher-priced mortgage loans are subject to special appraisal requirements will increase from $31,000 to $32,400.
The threshold amount will be effective January 1, 2024, and is based on the annual percentage increase in the Consumer Price Index for Urban Wage Earners and Clerical Workers, known as CPI-W, as of June 1, 2023.
The Dodd-Frank Act added special appraisal requirements for higher-priced mortgage loans, including that creditors obtain a written appraisal based on a physical visit to the interior of the home before making a higher-priced mortgage loan. The rules implementing these requirements contain an exemption for loans of $25,000 or less, adjusted annually to reflect CPI-W increases.
Fair Credit Reporting Act Disclosures
On November 9, 2023, the Consumer Financial Protection Bureau (CFPB) announced that the ceiling on allowable charges under section 612(f) of the Fair Credit Reporting Act (FCRA) will increase to $15.50, effective for 2024.
Agencies Announce Dollar Thresholds for Applicability of Truth in Lending and Consumer Leasing Rules for Consumer Credit and Lease Transactions
On November 13, 2023, the FRB and the CFPB announced the dollar thresholds used to determine whether certain consumer credit and lease transactions in 2024 are subject to certain Regulation Z (Truth in Lending) and Regulation M (Consumer Leasing) requirements.
Specifically, based on the annual percentage increase in the CPI-W as of June 1, 2023, Regulation Z (Truth in Lending) and Regulation M (Consumer Leasing) generally will apply to consumer credit transactions and consumer leases of $69,500 or less in 2024. However, private education loans and loans secured by real property, such as mortgages, are subject to Regulation Z (Truth in Lending) regardless of the amount of the loan.
Updated Consumer Compliance Examination Manual
On November 30, 2023, the Federal Deposit Insurance Corporation (FDIC) announced its recent update to its compliance manual. In addition to several new sections on the examination process, updates have been made to the following sections:
- Determining Whether TIL Restitution is Required
- Flood Disaster Protection Act
- Retail Insurance Sales
- Bank Subsidiaries and Affiliates
CFPB Issues New Report on State Community Reinvestment Laws
On November 2, 2023, the CFPB published a new analysis on state Community Reinvestment Act laws, highlighting how states ensure financial institutions’ lending, services, and investment activities meet the credit needs of their communities. The report examined the laws of seven states (Connecticut, Illinois, Massachusetts, New York, Rhode Island, Washington, West Virginia) and the District of Columbia, and found that many of those states adopted laws similar to the federal Community Reinvestment Act in decades following the 1977 passage of the landmark federal anti-redlining law.
Interagency Statement for Banks on the Issuance of the Beneficial Ownership Information Access Rule
On December 21, 2023, FinCEN issued a final rule (the “Access Rule”) regarding access by authorized recipients to beneficial ownership information (BOI) that will be reported to FinCEN, pursuant to section 6403 of the Corporate Transparency Act (CTA) and stored in the Beneficial Ownership Information Technology (BO IT) System. Financial institutions subject to customer due diligence requirements, including banks, are one category of authorized recipients of BOI. FinCEN, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, and State bank and credit union regulators are issuing this statement to provide clarity for banks on the Access Rule.
The Access Rule does not create a new regulatory requirement for banks to access BOI from the BO IT System or a supervisory expectation that they do so. Therefore, the Access Rule does not necessitate changes to Bank Secrecy Act (BSA)/anti-money laundering (AML) compliance programs designed to comply with the existing Customer Due Diligence rule (the “current CDD Rule”) and other existing BSA requirements, such as customer identification program requirements4 and suspicious activity reporting.5 However, any access to and use of BOI obtained from the BO IT System must comply with the requirements of the CTA and the Access Rule.
Beneficial Ownership Information Reporting Deadline Extension for Reporting Companies Created or Registered in 2024
On November 30, 2023, FinCEN amended the beneficial ownership information (BOI) reporting rule (the “Reporting Rule”) to extend the filing deadline for certain BOI reports. Under the Reporting Rule prior to this amendment, entities created or registered on or after the rule’s effective date of January 1, 2024, had to file initial BOI reports with FinCEN within 30 calendar days of notice of their creation or registration. This amendment extends that filing deadline from 30 calendar days to 90 calendar days for entities created or registered on or after January 1, 2024, and before January 1, 2025, to give those entities additional time to understand the new reporting obligation and collect the necessary information to complete their filings. Entities created or registered on or after January 1, 2025, will continue to have 30 calendar days to file their BOI reports with FinCEN.
FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security Announce New Reporting Key Term and Highlight Red Flags Relating to Global Evasion of U.S. Export Controls
On November 9, 2023, the FinCEN and the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a new SAR key term to support financial institutions2 in reporting potential efforts to evade U.S. export controls beyond the Russia-related circumstances that were the focus of those prior two alerts. Financial institutions should continue to use the key term “FIN-2022RUSSIABIS” when filing SARs related to potential Russia-related export control evasion. This Notice, which applies to export control evasion occurring in support of other nation-state adversaries and illicit actors globally, provides U.S. financial institutions with red flags to assist them in identifying transactions potentially tied to the illicit acquisition of items subject to the Export Administration Regulations (EAR),3 including, for example, advanced technologies that can be used in new or novel ways to enhance adversaries’ military capabilities or support mass surveillance programs that enable human rights abuses.
[H2] FinCEN Alert to Financial Institutions to Counter Financing to Hamas and its Terrorist Activities
On November 3, 2023, FinCEN informed U.S. financial institutions that the Financial Action Task Force (FATF), an intergovernmental body formed to develop policies to combat money laundering and other issues like terrorism financing, adopted a report on how terrorist groups like Hamas use crowdfunding techniques to raise money for their attacks. The FATF has shared that all jurisdictions should be vigilant to current and emerging risks from the circumvention of measures taken against the Russian Federation in order to protect the international financial system. The FATF noted that the Russian Federation’s war of aggression against Ukraine continues to run counter to FATF’s principles, and, thus, the suspension of the membership of the Russian Federation continues to stand.
The FATF also updated its lists of jurisdictions with strategic AML/CFT/CPF deficiencies. U.S. financial institutions should consider the FATF’s stance toward these jurisdictions when reviewing their obligations and risk-based policies, procedures, and practices.
On October 27, 2023, the FATF added Bulgaria to its list of Jurisdictions Under Increased Monitoring and removed Albania, the Cayman Islands, Jordan, and Panama from that list.
The FATF’s list of High-Risk Jurisdictions Subject to a Call for Action remains the same, with Iran and the Democratic People’s Republic of Korea (DPRK) still subject to the FATF’s countermeasures. Burma remains on the list of High-Risk Jurisdictions Subject to a Call for Action and is still subject to enhanced due diligence, not counter-measures.
Have Questions?
If you would like to discuss any compliance matters for your institution, please contact your Cherry Bekaert Advisor or reach out to the Firm’s Risk Advisory regulatory compliance team today.
DISCLAIMER
External links to other websites outside of www.cbh.com are being provided as a convenience and for informational purposes only. The links do not constitute an endorsement or an approval by Cherry Bekaert of any of the information, products, services, or opinions of the organization or individual. Cherry Bekaert bears no responsibility for the accuracy, legality, or content of the external websites or for that of subsequent links. Contact the external website for answers to questions regarding its content.