Skip to main content

NAFCU Compliance Blog

Syndicate content
A Helping Hand for Credit Union Compliance Officers(And other occasional ramblings from the NAFCU Compliance Team)
Updated: 1 hour 32 min ago

Tax Reform Questions; Programming Note

Fri, 01/12/2018 - 5:00am

Written by Brandy Bruyere, Vice President of Regulatory Compliance

On December 15, 2017, Congress passed the Tax Cuts and Jobs Act (TCJA). NAFCU advocated for credit unions' interests all year while tax reform was high on Congress' agenda, and the credit union tax exemption remained intact, even with the substantial reforms to the tax code. However, the TCJA did make some changes impacting credit unions. NAFCU put together a summary of these changes that may help folks in various areas of your credit union, but here's a few questions the NAFCU compliance team has been receiving from members.

What happened to the home equity interest deduction?

One of the changes in the TCJA that has caused confusion relates to the extent that interest paid on "home equity" loans is deductible. Some news outlets reported rather generally that home equity interest is no longer deductible under the TCJA, but it seems to be more complicated than that. The tax code distinguishes between "acquisition indebtedness" and other "home equity indebtedness." Of note, loans that a borrower takes out to "substantially improve" a property fall into the "acquisition" category, so it seems this home loan interest will remain deductible. However, a loan that accesses home equity for other purposes, such as to finance the purchase of a vehicle, would not be deductible through 2025.

Do we have to pay excise tax on certain compensation?

Another change is that credit unions will be subject to an excise tax on compensation in excess of $1 million. This will apply to an organization's top 5 highest paid employees – although that group can, over time, actually include more than five employees because that "club," so to speak, has permanent membership. If an employee is in the top five paid staff in 2018, but falls out of the top five in 2019, that person is still categorized as "top five" under the code. The rate for this excise tax is the corporate tax rate, which is 21% under the TCJA.

"Compensation" means pay that is reportable in box 1 of an employee's W-2 and for which there is not a "substantial risk of forfeiture" of that income. From talking to credit unions, it seems that some deferred compensation from 457(f) plans vests in one single year, which is where some credit unions may have staff that reach this $1 million threshold. Others have a different vesting dates which can help manage to what extent compensation may exceed that $1 million threshold, since the year the deferred compensation vests is the year it is counted as compensation for purposes of these rules. Also of note, distributions from 457(b) plans and 401(k) plans are excluded from this threshold.

The TCJA also removes an exemption from excise taxes for non-profit institutions relating to certain excess parachute payments to any employee that is "highly compensated" under the IRS definitions for qualified plans, which is a salary of $120,000 or more in 2018. Apparently these payments are those made when an employee leaves the organization, and equal or exceed three times the employee's annual salary.

NAFCU is reaching out to the IRS to discuss the need for guidance and clarification with the implementation of these provisions.

Related Note – Private Mortgage Insurance

The deduction for private mortgage insurance expired on December 31, 2016. Many credit unions are in the process of providing the data needed to produce 1098 forms for members by the end of the month in order to comply with IRS reporting requirements. The TCJA did not extend the PMI deduction, but a bill was introduced in Congress to extend some deductions, including the PMI deduction. If passed, PMI paid in 2017 could become deductible. While NAFCU's Legislative Affairs Team sees support for this bill on Capitol Hill, Congress is tackling some issues that are very politically charged, such as immigration and border security. The bill could pass, but perhaps not in time for credit unions to meet the January 31 deadline for 1098 reporting.

NAFCU called the IRS helpline for 1098 reporting and confirmed that so long as the law does not allow the deduction of PMI, this box should not be completed on the 1098. However, if Congress were to pass a bill making PMI deductible for 2017 at a later date, the IRS may issue guidance on how to proceed but helpline staff stated that one likely outcome is that 1098 reporters may need to file amended 1098 forms to reflect PMI paid in 2017. The IRS will update as the situation develops.

Programming Note - Martin Luther King Jr. Day

NAFCU's offices will be closing at noon on Friday and all day on Monday in recognition of Martin Luther King Jr. Day on January 15th. We will be back to  blogging on Wednesday, January 17th.

Categories: CU Industry Blogs

Marijuana Banking Just Got More Complicated

Wed, 01/10/2018 - 4:00am

Written by Pamela Yu, Special Counsel for Compliance and Research

Well, we can't say we didn't see this coming...we blogged back in March, 2017 on what the change in administration might mean for marijuana banking, and the federal government announced a change in its policy towards marijuana enforcement late last week.

U.S. Attorney General Jeff Sessions changes DOJ's position on marijuana.

In a move long forecasted by many legal and policy observers, last Thursday the attorney general issued a memorandum to rescind Obama-era guidance on federal enforcement of marijuana. Released just days after California became the latest (and largest) state to begin sales of recreational marijuana, the memo directs "all U.S. Attorneys to use previously established prosecutorial principles," in marijuana enforcement, thus eliminating the already-limited guidance that provided some measure of direction in navigating the conflict between federal illegality and state legality of marijuana. This policy shift will significantly heighten risks for credit unions serving state-authorized marijuana-related businesses or operating in states with legalized cannabis.

Sessions' memo rescinds a 2013 directive, written by then-Deputy Attorney General James M. Cole, which instructed federal prosecutors to focus its marijuana enforcement efforts on eight priorities, including keeping marijuana out of the hands of minors and black market criminals and cartels.  It also rolls back a 2014 Cole memo that directed U.S. Attorneys to apply the same eight enforcement priorities in prosecuting financial crimes based on transactions involving marijuana proceeds.  The so-called Cole memo guidance had cleared up some of the uncertainty about how federal prosecutors would address the conflict of laws as states began allowing sales of marijuana for medical and recreational use. 

Today, 29 states and the District of Columbia (DC) permit medical marijuana and, of those, eight states and DC also allow adult-use recreational marijuana. A recent Gallup poll shows that public support for the legalization of marijuana is at an all-time high, with 64 percent of Americans favoring legalization, including for the first time a majority of Republicans (51 percent now support legalizing marijuana).  Nevertheless, marijuana remains a schedule 1 substance under the federal Controlled Substances Act. Thus, a litany of federal criminal statutes may be implicated for credit unions handling marijuana-related funds.

So what does this mean for credit unions?  In short, providing financial services in states where marijuana is legal under state law just got a lot more complicated. 

Marijuana Banking

At this point, is unclear whether the rescission of the Cole memo guidance will mean a federal crackdown on state-sanctioned marijuana.  The roll-back of formal guidance with respect to marijuana enforcement has created a policy void (note that the memo eliminates prior directives but does not replace them with new guidance) but it is too soon to tell if enforcement will significantly increase.  In effect, the Sessions memo empowers the country's 93 U.S. Attorneys to exercise prosecutorial discretion in their respective jurisdictions. We don't know how prosecutors will use this discretion—some jurisdictions may take a more aggressive enforcement posture while others may not—but the door is now open for federal officials to carry out enforcement against marijuana activities in states that have legalized cannabis.  This creates significant legal uncertainty for credit unions that have been serving marijuana-related businesses under the auspices of the Cole memo guidance. 

There are some existing barriers to marijuana enforcement that remain in place.  For example, the Rohrabacher-Blumenauer (also known as Rohrabacher-Farr) appropriations bill provision that has been in place since December 2014 prohibits the Department of Justice (DOJ) from using federal funds to prevent states "from implementing their own state laws that authorize the use, distribution, possession or cultivation of medical marijuana."  However, the provision must be renewed each fiscal year in order to remain in effect and its protections apply only to medical marijuana, leaving particularly vulnerable those credit unions operating in recreational states.

 BSA Compliance

 In 2014, as a supplement to the Cole memo on marijuana-related financial crimes, the Financial Crimes Enforcement Network (FinCEN) issued guidance to clarify "how financial institutions can provide services to marijuana-related businesses consistent with their BSA obligations." See, FIN-2014-G001.   Despite limited protections, together the Cole memos and FinCEN guidance created a framework for credit unions to serve marijuana-related businesses consistent with their legal and compliance obligations. 

However, as we previously cautioned, FinCEN's guidance depends heavily on the enforcement posture articulated in the Cole memos. Now that those memos have been reversed, credit unions can no longer rely on the FinCEN guidance for serving marijuana-businesses, significantly heightening BSA compliance risks. To add fuel to the fire, some credit unions may now be questioning whether their compliance with FinCEN's 2014 instruction to file either a "Marijuana Limited," a "Marijuana Priority," or a "Marijuana Termination" suspicious activity report (SAR) for each transaction involving marijuana-related funds has created a damning paper trail for federal prosecutors.  FinCEN and the DOJ have yet to offer any assurance that SARs issued under FIN-2014-G001 will not be used to prosecute financial crimes, even against those who relied on the guidance in good faith.  While it is perhaps unlikely that marijuana SARs will be used as evidence for the widespread prosecution of financial institutions, it is not outside the realm of possibility that federal authorities could make an example out of a bank or credit union to send the message that federal marijuana enforcement priorities have changed. Regardless, the increased liability and compliance risk will certainly have a chilling effect on the ability for credit unions to provide services to marijuana-related businesses. It is likely FinCEN will release additional guidance or information soon in light of these changes.

Momentum for Change

On a more optimistic note, Thursday's rescission may create momentum for congressional action on marijuana.  Marijuana banking advocates on the Hill have been challenged in mobilizing change.  The uncertainties created by Sessions' action could actually galvanize support in Congress to find a legislative solution to the conflict between federal and state drug laws. With support for marijuana protections in both parties the attorney general's tougher stance on marijuana could—ironically—become the impetus for a statutory solution for marijuana banking.

Categories: CU Industry Blogs

Breaking Down the TRID Fix: Rate Lock Revised LEs Are One and Done

Mon, 01/08/2018 - 5:00am

Written by Elizabeth M. Young LaBerge, Senior Regulatory Compliance Counsel

How's 2018 treating you so far, credit union compliance world?

My year started out right. Last week, I contacted the CFPB through their Regulatory Inquiry website and got a call back same day. That's a response time that the NAFCU Regulatory Compliance Team can appreciate. And the informal answer from the Bureau: you don't have to do any extra work unless you want to. So I'm batting a thousand so far.

The Question: Rate Lock Revisions and the 2013 Preamble

Subsection 1026.19(e)(3)(iv) describes when a revised Loan Estimate can be used to reset tolerances. The subsection contains five paragraphs describing five sets of circumstances where a revised Loan Estimate can be issued and used to reset tolerance for good faith purposes. Four of these circumstances are permissive, meaning that a revised Loan Estimate can, but is not required to be, issued. In other words, if the credit union decides that reissuing the Loan Estimate is not worth the cost, it can chose not to, though it won't be able to reset tolerances due to the event.

One of the circumstances is not voluntary, it's required. That's paragraph 19(e)(3)(iv)(D). If the rate was not locked when the initial Loan Estimate was provided, and the applicant locks in the rate, a revised Loan Estimate is mandatory. The language of this paragraph is quite specific:

"(D) Interest rate dependent charges. The points or lender credits change because the interest rate was not locked when the disclosures required under paragraph (e)(1)(i) of this section were provided. No later than three business days after the date the interest rate is locked, the creditor shall provide a revised version of the disclosures required under paragraph (e)(1)(i) of this section to the consumer with the revised interest rate, the points disclosed pursuant to §1026.37(f)(1), lender credits, and any other interest rate dependent charges and terms.” 12 C.F.R. § 1026.419(e)(3)(iv)(D) (Emphasis added).

Nothing in the regulation or the commentary directly addresses what happens when a rate lock agreement is entered into, the rate is locked, and then the lock expires. The 2013 preamble to original TRID referenced rate lock expiration, but only very briefly:

"Upon a review of the proposed rule text and commentary, the Bureau acknowledges that the  requires redisclosure where a rate lock agreement does not exist. But the Bureau intended that § 1026.19(e)(3)(iv)(D) only applies in situation where a rate lock agreement has been entered into between the creditor and borrower, or where such agreement has expired." 79 Fed. Reg. 79833 (Emphasis added).

But as you can see, paragraph 19(e)(3)(iv)(D) is pretty narrowly drawn. Reading a requirement into that paragraph to redisclose at the time a locked rate expires would be difficult to do.

The Answer: TRID Fix and Informal Guidance from the Bureau

In the TRID Fix amendments, the Bureau sought to clarify that the requirement to issue a revised disclosure under paragraph 19(e)(3)(iv)(D) would not apply repeatedly. In the preamble, the Bureau stated:

"When a revised Loan Estimate is provided as required by § 1026.19(e)(3)(iv)(D), the rate lock information disclosed pursuant to § 1026.37(a)(13)(i) must be updated to reflect the expiration date of the interest rate disclosed, regardless of any changes to the disclosed interest rate or interest rate-related charges. Once the interest rate is subject to a rate lock agreement, § 1026.19(e)(3)(iv)(D) does not subsequently require the disclosure of a revised Loan Estimate." 82 Fed. Reg. 37682 (Emphasis added).

So, no revised Loan Estimate is triggered under paragraph 19(e)(3)(iv)(D) when the rate lock expires. A change in circumstances may exist allowing a revised Loan Estimate to be issued and used to reset tolerances under another paragraph in subsection 1026.19(e)(3)(iv), but that would be at the credit union's option.

However, we still wanted to check on another variable. What if a second rate lock agreement is entered into with the borrower regarding the same application? Would each rate lock agreement create a new obligation to issue a revised Loan Estimate each time the rate was locked?

The Bureau's informal guidance indicated that the answer was no. The Bureau stated that paragraph 19(e)(3)(iv)(D) would apply only once. If the rate is locked again or the rate expires again, the credit union may wish to issue a revised Loan Estimate for the borrower's information and to ensure clarity; or it may wish to issue a revised Loan Estimate under another paragraph in subsection 1026.19(e)(3)(iv) to reset tolerances; but it is not required to do so by the regulation.

Good to know!


Categories: CU Industry Blogs

FinCEN SAR Stats; Sessions Releases Marijuana Memo; Request for BSAAG Nominees

Thu, 01/04/2018 - 3:26pm

Written by Shari R. Pogach, Regulatory Paralegal

Have you ever wondered what happened to the Financial Crimes Enforcement Network's (FinCEN) Suspicious Activity Report Statistics (SAR Stats)?  Well the data is still available; it's just gone totally interactive.

If you go to FinCEN's website, you can find a link for "SAR Statistics."

This link goes to the interactive report generator page:


The drop down boxes allow for filtering of the statistical data according to:  industry type; year & month; suspicious activity category/type; states/territories; county/metro & micro area; instrument type(s)/payment mechanism(s); product type; relationship; and regulator.  Each drop down allows for all, one, or multiple filter categories.  Once you have determined your filters, you can then generate a report and export it to a CSV file or to a PDF for further study.

FinCEN's FAQ/Glossary page cautions the statistics are:

"Statistical data for SARs are updated as information is processed and refreshed data is periodically made available for this tool. For this reason, there may be discrepancies between the statistical figures returned from queries performed at different times. In addition, slight differences in query criteria may return different statistical results. Also note that the statistics generated by this tool do not include SAR fields that contain unknown or blank data. To the extent statistics including blank or unknown data are tabulated outside of this tool for other purposes, there may be discrepancies between statistics generated by this tool and those generated through other means. FinCEN makes no claims, promises or guarantees about the accuracy or completeness of the statistical figures provided from this tool and expressly disclaims liability for errors, omissions, or discrepancies in the statistical figures."

Still, the generated reports can indicate trends in your area, state or region of your part of the country and can be a useful additional resource for BSA compliance personnel.  The website indicates the data has been updated as of November 30, 2017.


Sessions Releases Marijuana Memo.  Attorney General Jeff Sessions released a memorandum on federal marijuana enforcement policy.  Basically the Department of Justice has rescinded the Obama administration policy of non-interference with marijuana-friendly state laws.  Look for more on this in a blog next week.


BSAAG.  FinCEN is asking for nominees for membership on the Bank Secrecy Act Advisory Group (BSSAG).  New members will be selected for three-year membership terms.  If you would like more information or are interested in having NAFCU submit you as a candidate, please email Senior Regulatory Affairs Counsel Michael Emancipator at by January 15 as potential nominees must be submitted to FinCEN by January 26, 2018.

Categories: CU Industry Blogs

New Year, New Priorities: NCUA's 2018 Supervisory Priorities; New HMDA Tools Available

Wed, 01/03/2018 - 4:00am

Written by Jennifer Aguilar, Regulatory Compliance Counsel

Welcome to 2018!

I hope everyone had a wonderful and safe holiday season. As we recover from our holiday hangovers, its time to start thinking about all the things we want to accomplish this year. Whether it’s a personal goal like finally taking that vacation you've been planning for the past five years, or a professional one like sharpening your skills by attending Regulatory Compliance Seminar, we all have our priorities for the year. NCUA is no different.

In the last letter to credit unions of 2017, NCUA outlined its examination priorities for 2018. While many of their priorities remain the same as last year, they added a few that are discussed below. As a starting point, here are the ones that haven't changed: internal controls and fraud prevention, interest rate and liquidity risk, commercial lending and the Military Lending Act. The new priorities are addressed below.

Cybersecurity Assessment. While this was an NCUA priority in 2017, NCUA announced that it will be implementing its Automated Cybersecurity Examination Tool (ACET) in 2018. This tool will allow examiners to assess a credit union's cyber preparedness and will be used in examinations for credit unions with more than $1 billion in assets. As the ACET is based off the FFIEC's Cybersecurity Assessment Tool (CAT), NCUA encourages credit unions to continue to use the CAT to self-assess their cybersecurity risks. NAFCU's Cybersecurity Compliance webpage provides a number of useful resources for credit unions, including our editable, self-tallying CAT Workbook (member login required) that was updated last month.

Bank Secrecy Act Compliance. BSA compliance was also a priority in 2017; however, NCUA has changed the focus of its examinations from money service businesses to the new customer due diligence regulations. These new requirements become mandatory May 11, 2018, so examiners will be assessing compliance beginning in the second half of 2018. NCUA recommends credit unions review its BSA webpage for additional information and resources. To assist credit unions with these new rules, NAFCU has blogged on the new rule, triggering events for account review and the technical amendments and has published an article on the new rule (member login required). FinCEN has also published a few FAQs on the new rule. We expect additional FinCEN guidance in the coming months.

Automobile Lending. Examiners will look more closely at those credit unions with higher risk auto lending programs. Higher risk programs are those with maturities over seven years, high loan-to-value ratios, near-prime or subprime loans or indirect lending programs. NCUA recommends credit unions review its supervisory letter on concentration risk for more information. For indirect lending programs, credit unions may also want to review NCUA's report on What to Look out for When Managing an Indirect Lending Program and Letter to Credit Unions 10-CU-05.

HMDA. As part of its 2018 priorities, NCUA announced that it will look for "good faith efforts to comply" with the new HMDA rules. While credit unions subject to HMDA are still required to collect and report data following the new rules, NCUA indicated that examiners will simply review LARs and help credit unions determine their compliance weaknesses in both data collection and reporting. As long as credit unions are making good faith efforts to comply with all the new requirements, examiners will credit those efforts. NCUA also announced that it will not cite violations nor require data resubmissions unless the errors are material. More information on NCUA's 2018 HMDA examinations can be found in last week's blog. Credit unions may find it helpful to review the CFPB's HMDA implementation and Resources for HMDA Filers webpages and NAFCU's HMDA Compliance webpage which includes a number of charts, articles and blogs on the new rules.

Overdrafts. Examiners will review credit unions' compliance with Regulation E's overdraft rules. Section 1005.17 provides a number of requirements for overdraft programs, including requiring members to opt-in before certain fees can be assessed. Model Form A-9 provides a sample opt-in form. While the 2018 priorities refer only to Regulation E, credit unions may also want to review the overdraft rules contained in the Truth in Savings rule. Section 707.4 requires overdraft fees to be disclosed in a credit union's account opening disclosures and section 707.11 requires overdraft fees be disclosed on periodic statements and provides rules for advertising an overdraft program. Credit unions may also find it helpful to review Letter to Credit Unions 05-CU-03 which includes NCUA's Interagency Guidance on Overdraft Protection Programs and NAFCU's blogs on overdraft programs.

* * *

New HMDA Tools Available. Last week, the CFPB announced that its check digit tool and its rate spread calculator are now available. The check digit tool provides the last two digits of the ULI and verifies the check digit is calculated correctly. More information on the check digit can be found in this prior NAFCU blog. The rate spread calculator provides the rate spread for a loan with a final action date of January 1, 2018 or later.

Categories: CU Industry Blogs

CFPB Issues HMDA Compliance Statement, Will Revisit Rule; Year End Tax Changes

Wed, 12/27/2017 - 3:30am

Written by Brandy Bruyere, Vice President of Regulatory Compliance

I hope everyone had a safe and enjoyable holiday. As many credit unions are finalizing implementation of HMDA changes ahead of the January 1, 2018 deadline, some had hoped for a broader delay of HMDA given new leadership at the CFPB. Instead on December 21, just in time for the holidays, the CFPB expanded on its previous (and buried) supervisory guidance. Here is an excerpt from the press release:

The Bureau recognizes the significant systems and operational challenges needed to meet the impending requirements under the rule. Accordingly, for HMDA data collected in 2018 and reported in 2019, the Bureau does not intend to require financial institutions to resubmit data unless data errors are material, or to pay penalties with respect to data errors. Accordingly, collection and submission of the 2018 HMDA data will provide financial institutions an opportunity to focus on identifying any gaps in their implementation of the additional requirements and making improvements in their HMDA compliance management systems for future years. The Bureau expects that any supervisory examinations of 2018 HMDA data will be diagnostic, to help institutions identify compliance weaknesses, and will credit good-faith compliance efforts. (Emphasis added.)

Note that the focus for examining compliance with 2018 data collection will be "diagnostic" for "identifying any gaps" in implementation. Most credit unions are not examined by the CFPB, but NCUA indicated a very similar stance in its 2018 supervisory priorities, also issued on Thursday:

Beginning in the second quarter, examiners will perform limited reviews of quarterly Loan/Application Registers (LAR), when applicable, to evaluate federal credit unions’ good faith efforts to comply with…amendments to Regulation C…The NCUA’s review of 2018 HMDA data will be diagnostic in nature, designed to help credit unions identify compliance weaknesses in collecting 2018 data for submission in 2019, and will credit good faith compliance efforts.

Recognizing the impending January 1, 2018 effective date of the Bureau’s amendments to Regulation C and the significant systems and operational challenges needed to adjust to the revised regulation, for HMDA data collected in 2018 and reported in 2019, the NCUA does not intend to cite violations for data errors found in the quarterly LARs, nor require data resubmission unless data errors are material. Furthermore, the NCUA does not intend to assess penalties with respect to errors in data collected in 2018 and reported in 2019. However, credit unions subject to HMDA reporting must still collect the data, establish a quarterly LAR, and submit 2018 data by the March 1, 2019 deadline.

Collection and submission of the 2018 HMDA data will provide credit unions an opportunity to identify any gaps in their implementation of amended Regulation C and make improvements in their HMDA compliance management systems for future years… (Emphasis added.)

In addition, the CFPB indicated its intent to initiate rulemaking to "reconsider various aspects" of the HMDA rule including the scope of reportable transactions, institutions that must report, and the number of discretionary data points:

"More specifically, the rulemaking may re-examine lending-activity criteria that determine whether institutions are required to report mortgage data. The rulemaking may also look at adjusting the new requirements to report certain types of transactions. Finally, the rulemaking may re-assess the additional information that the rule requires beyond the new data points specified under the Dodd-Frank Act."

We'll keep members posted as this develops and in the meantime, we're here if anyone has any last minute HMDA questions.


Tax Bill Impacts Executive Compensation. The recent tax reform bill made certain executive compensation taxable which may impact some credit unions. The year is ending soon though, so credit unions using non-qualified deferred compensation plans may want to reach out to their plan providers before the end of the year to discuss possible changes to make prior to January 1, 2018.


Programming Note. In observance of the New Year, NAFCU will be closed on Friday, December 29 and Monday, January 1. We'll be back to blogging next Wednesday, January 3. We wish you all a safe and happy New Year!


Sled Ride. We took Nolan on a pre-holiday trip to Ohio, where he got to experience his first sled ride. He had a blast. 


Categories: CU Industry Blogs

"Consumer Compliance Outlook—Fintech, Alternate Data, and Fair Lending Risks"

Wed, 12/20/2017 - 3:00am

Written by André B. Cotten, Regulatory  Compliance Counsel

Consumer Compliance Outlook. The Second 2017 Issue of the Philadelphia Federal Reserve's Consumer Compliance Outlook is now available. This issue continued to expound on the rise of financial innovation and provided an overview of key federal regulations for servicemember financial protection.

My colleagues and I have previously written about the growing role of fintech and the data sharing consumer protection principles. Today's blog post will explore potential fair lending risks with the use of big data and the rise of fintech.

The article discussed how fintech has already produced real benefits to consumers, including increased speed, convenience, and new product offerings that make it easier for consumers to manage their financial lives. Fintech also offers the possibility of bringing banking and financial products to underserved communities and the underbanked.

With that being said, many firms are exploring ways to leverage new data and analytic techniques to extend credit to more consumers. The CFPB has noted that approximately 26 million Americans are credit invisible, which means that they do not have a credit record and another 19.4 million do not have sufficient recent credit data to generate a credit score.

The Federal Reserve's Article is intended to offer some general guideposts for evaluating UDAAP and fair lending risks related to fintech, with a focus on alternative data. Note, fair lending and UDAAP are broad areas of the law where sound legal analysis depends on the specific facts and circumstances.


The Equal Credit Opportunity Act (ECOA) and the Fair Housing Act (FHA) are the two key federal fair lending laws. These fair lending laws broadly prohibit two kinds of discrimination: disparate treatment and disparate impact. In some instances, both theories may apply. Disparate treatment occurs when a lender treats a consumer different because of a protected characteristic (i.e. race, color, religion, national origin, sex, marital status, age).

Disparate impact occurs when a lender's policy or practice has a disproportionately negative impact on a prohibited basis, even though the lender may have no intent to discriminate and the practice appears neutral. A policy or practice that has a disparate impact may violate the law, unless the policy or practice meets a legitimate business necessity that cannot reasonably be achieved by a means that has less impact on protected classes.  

Moreover, Section 5 of the Federal Trade Commission Act prohibits unfair or deceptive acts or practice. The Dodd-Frank Act prohibits unfair, deceptive, or abusive acts or practices. Many states also have town on UDAAP laws. Deception in the financial services industry often involves misrepresenting the terms or costs of financial services products.

Questions to Consider When Thinking about Fintech and Alternative Data

The Consumer Compliance Outlook considers that many firms and financial institutions are exploring new data sources and analytical techniques. The Federal Reserve warns financial institutions to conduct a thorough analysis to ensure compliance with consumer protection laws prior to implementing new data and modeling methods. The article provides a series of questions to help financial institutions determine whether they are appropriately using alternative data. The questions are grouped into two broad categories: basis for considering the data; how the data is being used.

What is the Basis for Considering the Data?

Question #1: Is there a nexus to creditworthiness?

Generally, the more speculative the nexus with creditworthiness, the higher the fair lending risk. In addition to accuracy and reliability, it is important to consider whether the data is representative of all consumers or only a subset.

Question #2: Will the predictive relationship be ephemeral or stable over time?

Financial institutions may want to consider whether the predictive potential of the data is likely to be stable over time or ephemeral. For example, if a model uses online data from social media sites, such as Yelp or Facebook, what happens to the reliability of that data as consumers' online habits evolve?

How are You Using the Data?

Question #3: Are you using the data for the purpose which they have been validated?

The Federal Reserve advises that it is important to ask if the data has been validated and tested for the specific uses. For example, if a financial institution validates a data field for marketing, it does not mean this same data is appropriate to use for underwriting or pricing.

Question #4: Do consumers know how you are using the data?

Consumers generally understand how their financial behavior affects their traditional credit scores. However,  alternative credit scoring methods could raise questions of fairness and transparency.

The ECOA and the FCRA require financial institutions who deny credit to provide consumers with adverse action notices specifying the top factors used to make that decision. The FCRA also requires that consumers receive risk-based pricing notices, if they are provided credit on worse terms than others.

With that being said, it is important that fintech firms, and any banks with which they partner, ensure that the information conveyed in adverse action notices and risk-based pricing notices complies with the legal requirements for these notices.

Certain behavioral data may raise particular concerns about fairness and transparency. UDAAP issues could also arise if a firm misrepresents how consumer data will be used.

Question #5: Are you using data about consumers to determine what content they are shown?

Technology can make it easier to use data to target marketing and advertising to consumers most likely to be interested in specific products, but doing so may amplify redlining and steering risks.

The Federal Reserve stated that the core concern is that, rather than increasing access to credit, these sophisticated marketing efforts could exacerbate existing inequities in access to financial services. Thus, these efforts should be carefully reviewed.

Question #5: Which consumers are evaluated with the data?

Are algorithms using nontraditional data applied to all consumers or only those who lack conventional credit histories? Applying alternative algorithms only to those consumers who would otherwise be denied based on traditional criteria could help ensure that the algorithms expand access to credit.

In closing, the Consumer Compliance Outlook states that fintech can bring great benefits to consumers by enhancing speed, convenience and access to credit. However, fintech is not immune to the consumer protection risks that exist in brick-and-mortar financial institutions. The Federal Reserve encourages financial institutions to ensure that fintech trends and products promote a fair and transparent financial marketplace and that the potential fintech benefits are realized and shared by as many consumers as possible.


Programming Note. NAFCU's offices will be closed Friday, December 22nd and Monday, December 25th in observance of the Christmas holiday. We wish you all a safe and wonderful holiday. We'll be open on Tuesday, December 26th and back to blogging on Wednesday, December 27th.  Happy Holidays!

Categories: CU Industry Blogs

Second MLA Interpretive Rule Part II – Security Interests and Timing Edition

Mon, 12/18/2017 - 3:00am

Written by: Reginald Watson, Regulatory Compliance Counsel

Greetings regulatory compliance world! The U.S. Department of Defense (the Department) has issued it's second MLA interpretive rule which further develops the first interpretive Q&A guidance by adding clarifying language to three questions and creating an additional question and answer. Last week, Stephanie blogged about the amendments to question 2 in the Simultaneous Loan Edition and this post will discuss the remaining amendments to questions 17 and 18 referring to security interests and statutory rights as well as the newly created question 20 which explains the timing requirements of the optional safe harbor.

Security Interests and the Statutory Lien

In the past, we have blogged about the Military Lending Act Rule (MLA Rule) and some of the problematic language in section 232.8(e) which under some interpretations could have limited the covered borrower's right to grant a security interest to credit unions, or a credit union's right to enforce the statutory lien. Questions 16, 17, and 18 of the first MLA interpretive rule clarified that the prohibition in Section 232.8(e) neither prohibits share secured loans or credit unions from exercising statutory lien rights. Instead, it is intended to prevent creditors from creating remotely created checks or remotely created payment orders in order to collect payments from a covered borrower.

The recent amendments to question 17 and 18 do not change this interpretation, but rather clarify any issues that may arise when the MLA conflicts with other federal or state laws. For each question, the Department simplified the language permitting share secured loans and the statutory lien, and added a note explaining that "the MLA does not preempt any State or Federal law, rule or regulation to the extent that such law, rule or regulation provides greater protection to covered borrowers than the protections provided by the MLA." Thus, although the MLA permits borrowers to convey a security interest for all types of consumer credit, the transaction will still be governed by all other relevant federal or state laws, rules and regulations. Similarly, in situations where the credit union seeks to enforce the statutory lien, the credit union may exercise this right "provided the creditor’s actions are not prohibited by other State or Federal law, rule or regulation."

Optional Safe Harbor

The newly created Question 20 addresses the timing requirements for verifying a consumer's covered status under the optional safe harbor found in 32 C.F.R. §232.5(b). Section 232.5 creates an optional safe harbor which allows a credit union to conclusively determine that a consumer is "covered" by verifying their military affiliation via the Department's database or a consumer report "solely at the time a consumer applies to establish the account or 30 days prior to that time…" Question 20 clarifies how credit unions can qualify for the safe harbor by verifying that the borrower is covered at any time during the 30 days preceding the time at which a consumer either initiates the transaction or applies to establish an account:

        20. To qualify for the optional safe harbor under 32 CFR 232.5(b)(3), must the creditor determine the consumer’s covered borrower status         simultaneously with the consumer’s submission of an application for consumer credit or exactly 30 days prior?

        Answer: No. Section 232.5(b)(3)(i) and (ii) permit the creditor to qualify for the safe harbor when it makes a timely determination         regarding the status of a consumer at the time the consumer either initiates the transaction or submits an application to establish an account,         or anytime during a 30-day period of time prior to such action. Therefore, a creditor qualifies for the safe harbor under § 232.5(b)         when the qualified covered borrower check that the creditor relies on is conducted at the time a consumer initiates a credit         transaction or applies to establish an account, or up to 30 days prior to the action taken by the consumer. Similarly, the timing         provisions in § 232.5(b)(3)(i) and (ii) permit a creditor to qualify for the safe harbor when it conducts a qualified covered borrower check         simultaneously with the initiation of the transaction or submission of an application by the consumer or during the course of the creditor’s         processing of that application for consumer credit.

(emphasis added)

Accordingly, credit unions may verify the military affiliation of a prospective customer at any time starting 30 days before the consumer initiates a transaction or applies for an account.  Furthermore, the interpretive guidance extends this time period throughout the course of the creditor's processing of an application for consumer credit in order to qualify for the optional safe harbor.

NAFCU's Regulatory Compliance Team is continuing to review the guidance to understand its full impact on credit unions and will make necessary updates to our Military Lending Act Compliance Guide in the coming weeks. NAFCU members can download our currently available MLA-related resources here.

Categories: CU Industry Blogs

Second MLA Interpretative Rule– Simultaneous Loan Edition

Fri, 12/15/2017 - 9:44am

Written By Stephanie Lyon, Regulatory Compliance Counsel

After months of anticipation, it is finally here… the second set of the MLA Interpretative Rules has arrived. To better understand how this second attempt at interpreting the rule affects the first, it is important to review the first interpretative rule that was released in August of 2016. The first interpretative rule provided substantial guidance but also left many more questions unanswered as we pointed out in our previous MLA blogs. The second set builds upon the first by amending prior guidance on 3 questions and providing an additional question and answer. This blog will focus on one of the most contentious questions raised by credit unions regarding simultaneous purchase and cash-out loans (aka infamous question #2), but look out for Monday's blog that will discuss the rest of the guidance.

As you may remember, question #2 of the 2016 interpretative guidance focused on an exemption for loans that are "expressly intended" to finance the purchase of personal property. The guidance indicated that the MLA rule applies to "hybrid purchase money loans" for personal property – meaning a loan that provides credit in an amount greater than the purchase price is covered by the MLA. To summarize the guidance, any credit transaction that provides purchase money secured financing of personal property along with additional “cash-out” financing is not eligible for the exception. See,  81 Fed. Reg. 58841.

Because the exceptions for the purchase of personal property and motor vehicles had nearly the same wording, this left many credit unions wondering whether motor vehicle purchase loans that exceed the purchase price of the vehicle could be MLA covered loans. Examples of these kinds of situations could include the financing of negative equity, title, insurance or other add-ons. Guidance published on Thursday provides some clarification, although not all positive.

Negative Equity

Negative equity occurs when a member owes more on their loans than the value of the vehicle. Under the MLA rule, if the credit union makes a vehicle loan secured by that vehicle, the loan would be excluded from the MLA rule. The rule clarifies that in cases when the member has a negative equity vehicle loan and wants to roll over the negative equity into a new vehicle loan secured by the vehicle, the loan would still be excluded from the MLA rule even if the credit union lent the member the money needed to pay off the other vehicle loan. Here is a relevant excerpt from the interpretative guidance:

"[I]f a covered borrower trades in a motor vehicle with negative equity as part of the purchase of another motor vehicle, and the credit transaction to purchase the second vehicle includes financing to repay the credit on the trade-in vehicle, the entire credit transaction is eligible for the exception under § 232.3(f)(2)(ii) because the trade-in of the first motor vehicle is expressly related to the purchase of the second motor vehicle."

For example, let's say a member's car is worth $12,500 but they owe $15,000 on the car loan. The member wants to finance the purchase of a new car worth $20,000 and also wants to pay off the $2,500 negative equity of the current loan. The dealership offers to purchases their existing vehicle for $12,500 and connects them with Helpful Credit Union who qualifies the member for a $22,500 loan to pay off the negative equity and cover the cost of the new car. In this situation, it was not clear whether the additional funds lent to cover negative equity would now make the transaction a covered loan as funds were advanced for more than just the purchase of the new vehicle; now we know that this is an excluded transaction not covered by the MLA.

Add-On Products

Another ambiguity with MLA rule was whether extending credit for a personal or vehicle loan that also financed add-on products (i.e., warranties, upgrades, insurance, etc.) would subject the otherwise exempt loan to MLA protections. The answer to this question gets a bit tricky as it depends on what add-on products the credit union is financing.

The interpretive rule states that "[g]enerally, financing costs related to the object securing the credit will not disqualify the transaction from the exceptions, but financing credit-related costs will disqualify the transaction from the exceptions." See, 82 Fed. Reg. 58740. This means that financing costs related to the vehicle or the personal property does not disqualify the loan from the exception, but financing credit-related products or services does.

The interpretative guidance also provides a couple of examples of add-ons which are and are not considered to be "intended to finance the purchase of a vehicle or personal property secured by the vehicle or property being purchased":

Items that can be financed without losing the MLA exception:

  • A credit transaction that finances the purchase of a motor vehicle (and is secured by that vehicle), and also finances optional leather seats within that vehicle and an extended warranty for service of that vehicle is eligible for the exception under section 232.3(f)(2)(ii).
  • A credit transaction that finances the purchase of an appliance (and is secured by that appliance), and also finances the delivery and installation of that appliance.

Items that will not qualify for the MLA exception when financed:

  • A credit transaction that includes financing for Guaranteed Auto Protection (GAP) insurance or a credit insurance premium.
  • Any credit transaction that provides purchase money secured financing of a motor vehicle or personal property along with additional “cash out” financing.

This could make it difficult for some MLA covered borrowers to purchase GAP insurance directly from auto dealers as these fees are likely "credit related ancillary products" that are included in the MAPR calculation. These premiums could quickly lead to an MAPR above 36%.

NAFCU previously blogged on credit related ancillary products and insurance issue here that may help you understand which products are "okay" and which products are not for the purposes of retaining the exception. Don't forget that NAFCU members can download our MLA Compliance Guide and related resources here.

Categories: CU Industry Blogs

Should We Block That Marijuana Transaction?

Wed, 12/13/2017 - 4:00am

Written by Pamela Yu, Special Counsel for Compliance and Research

Earlier this year, I blogged about some of the legal and compliance uncertainties and operational challenges facing credit unions that are providing, or interested in providing, financial services to marijuana-related businesses that are legal under state law but remain illegal under the federal Controlled Substances Act (CSA).  I've also blogged about one credit union's efforts to become the first cannabis credit union and the difficulties in banking these unbankable businesses.

Not much has changed in 2017 with respect to resolving the conflict of laws impacting marijuana banking.  But in April West Virginia became the 29th state to legalize medical marijuana and the November elections saw gains for legalized marijuana advocates.  In the meantime, the attorney general continues to see marijuana as a "life-wrecking" substance that is "only slightly less awful" than heroin.  In short, the debate over state-sanctioned pot is ongoing and the law in this area is far from settled.

Meanwhile credit unions are increasingly being forced to contend with the cannabis conundrum, whether they have chosen to take on marijuana-business accounts or not. Recently, some of our members have contacted NAFCU's Compliance Team for assistance with how to handle marijuana-related transactions. Namely—should a credit union affirmatively block marijuana-related transactions?

Liability Under Federal Law

 Marijuana remains a schedule I controlled substance under the CSA, which makes it illegal under federal law.  See12 U.S.C. §812(b)(1).  Thus, federal criminal statutes may be implicated when handling marijuana-related funds.  For example, it is a federal criminal offense to engage in certain financial and monetary transactions with the proceeds of a “specified unlawful activity,” including marijuana-related funds.  See, 18 U.S.C. §§ 1956 and 1957.  It is also a federal criminal offense to transact funds “derived from” marijuana-related activity by or through a money transmitting business. See18 U.S.C. § 1960.  Financial institutions that conduct transactions with funds derived by marijuana-related activity may also be subject to criminal liability for failing to identify or report financial transactions involving marijuana proceeds.  See31 U.S.C. §5318(g).  In light of these liability concerns, some credit unions are wondering if they have an obligation or affirmative duty to prevent marijuana-related payments or transactions of funds associated with marijuana-related activity.

Blocking Merchant Codes

Ultimately it is a risk-based decision for the credit union, but keep in mind that credit unions are under no legal obligation to supervise their members' behavior nor to enforce federal drug laws.  There is no federal regulatory requirement to affirmatively prevent member transactions to state-sanctioned marijuana-related businesses.  Yet, the liability risk remains.  So what should a credit union do?

Some credit unions have considered taking such action as blocking marijuana-related transactions based on merchant codes.  There is some precedent for this: the Unlawful Internet Gambling Enforcement Act (UIGEA), for example, prohibits gambling businesses from knowingly accepting payments in connection with the participation of another person in a bet or wager that involves the use of the Internet and that is unlawful under any federal or state law (“restricted transactions”). See, 31 U.S.C. §§ 5361-5367.  Under the UIGEA, Treasury and the Federal Reserve Board promulgated regulations requiring certain participants in payment systems that could be used for unlawful Internet gambling to have policies and procedures reasonably designed to identify and block or otherwise prevent or prohibit the processing of restricted transactions. See, Unlawful Internet Gambling Enforcement Act of 2006 Overview.

However, blocking marijuana-related transactions would be an administrative burden—and there are ways to circumvent code-blocking. For example, critics have suggested that the UIGEA has had debatable success in effectively blocking illegal gambling transactions.  One reason that code-blocking has not worked well, according to some reports, is because of a circumvention technique called "factoring."  In factoring, a merchant engaged in illegal gambling submits its card transactions through another merchant's terminal using that merchant's identification number and merchant category code and then pays the other merchant a percentage of the submitted transactions.  While this violates card associations' rules, this type of circumvention illustrates the difficulty in trying to police member behavior.  It is also worth bearing in mind that restrictions on internet gambling transactions are specifically governed by federal law, the UIGEA.  There is no similar statute requiring marijuana-related transactions to be blocked by financial institutions.

Also, there is the risk of over-blocking.  Some merchants may sell both legal and (federally) illegal products—the marijuana merchant for example could sell marijuana as well as tobacco products, e-cigarettes, magazines, T-shirts, hats, etc. So, a customer could shop at a marijuana merchant but only purchase legal products and still be blocked. 

Reputation Risk

Another consideration is reputation risk. Although illegal on the federal level, marijuana is legal at the state level in 29 states.  More and more states are legalizing cannabis, both medically and recreationally, and there is majority and growing public support for legalized marijuana.  Particularly with respect to medical marijuana—where members with legitimate medical conditions may rely on medical marijuana to treat or alleviate serious illnesses including cancer and epilepsy—there could be risks to the credit union's reputation if members become upset that their transactions for medical marijuana are blocked by the credit union, particular if there is no regulatory obligation to do so.

On the other hand, there might be reputation risk to allowing marijuana-related transactions or in not taking some affirmative action to prevent payments to marijuana-related businesses.  For example, a credit union with a field of membership that includes law enforcement agencies could suffer reputational harm in allowing marijuana-related transactions despite continued federal prohibitions against marijuana.

BSA Compliance

If the credit union determines to allow marijuana-related transactions, reporting requirements under the Bank Secrecy Act and anti-money laundering (BSA/AML) rules certainly come into play.  If a transaction appears to be associated with marijuana, FinCEN guidance issued in 2014 is instructive. See, FIN-2014-G001. The FinCEN guidance "clarifies how financial institutions can provide services to marijuana-related businesses consistent with their BSA obligations." See, FIN-2014-G001, p.2.  For example, the credit union may need to file a marijuana-related suspicious activity report (SAR) for member transactions that involve marijuana-related funds. 

The FinCEN guidance discusses three specific marijuana-related SARs: (1) marijuana limited; (2) marijuana priority; and (3) marijuana termination.  BSA obligations are heightened for transactions involving marijuana, even if the transaction is related to a marijuana-related business that is legal under state law.  For instance, all transactions with a marijuana-related business require a SAR, simply by virtue of the fact that the subject is engaged in a marijuana-related business. 

FinCEN's discussion of the "marijuana limited" SAR filing states:

A financial institution providing financial services to a marijuana-related business that it reasonably believes, based on its customer due diligence, does not implicate one of the Cole Memo priorities or violate state law should file a “Marijuana Limited” SAR. The content of this SAR should be limited to the following information: (i) identifying information of the subject and related parties; (ii) addresses of the subject and related parties; (iii) the fact that the filing institution is filing the SAR solely because the subject is engaged in a marijuana-related business; and (iv) the fact that no additional suspicious activity has been identified. Financial institutions should use the term “MARIJUANA LIMITED” in the narrative section.

See, FIN-2014-G001, pp.3-4.  Thus, at a minimum, a "marijuana limited" SAR should be filed for all transactions involving a marijuana-related business or marijuana-related funds.

In the end, this is a complex and still uncertain issue and a lot remains unclear about how credit unions should address state-sanctioned marijuana activities.

Categories: CU Industry Blogs

TRID Amendments – Tolerances, Expiration of Loan Estimates and Updated Forms Guide; Zoolights!

Mon, 12/11/2017 - 4:46pm

Written by Brandy Bruyere, Vice President of Regulatory Compliance

Once in a while, our blog schedule is updated and I blog twice in a row. We ended last week with HMDA, and we'll start the week off with TRID.


TRID requires credit unions to provide a Loan Estimate in good faith and based on the best information reasonably available, with certain costs being subject to zero tolerance, 10 percent tolerance or no tolerance. Some of the 2017 amendments incorporate past guidance or imperfect attempts to fix errors in the rules relating to tolerances. For example, in February 2016, the CFPB amended the preamble to TRID to correct a mistake regarding which fees are subject to no tolerance, and now the 2017 rule formally incorporate this change. This clarifies that property taxes, homeowner's association dues, condominium fees and cooperative fees are subject to no tolerance when the figures on the Loan Estimate are based on the best information reasonably available. This chart summarizes the tolerance categories as tweaked by the TRID amendments:


TRID Tolerances for Settlement Costs

Zero tolerance

·   All other fees which are not either 10% tolerance or subject to no tolerance. Examples include:

-   Fees paid to the credit union, mortgage broker, or an affiliate of either

-   Any fees paid to any party if the member was not permitted to shop

-   Transfer taxes

10% tolerance

·   Recording fees

·   Fees paid to unaffiliated 3rd-party  when the member is permitted to shop (examples could include settlement agent fees, notary fees)

No tolerance limitation

·   The following IF the estimate was “consistent with the best information reasonably available”* to the credit union at the time of disclosure

-   Prepaid interest

-   Property taxes

-   Property insurance premiums

-   Homeowner's association fees

-   Condominium fees

-   Cooperative fees

-   Amounts placed into an escrow or similar account

-   Charges paid to 3rd-party service providers selected by the member that are NOT on a list provided by the credit union

-   Charges paid for 3rd-party services NOT required by the credit union, including charges to affiliates

*Note, estimates cannot be unreasonably low in order to meet this standard

The CFPB also added commentary to clarify that the 10 percent tolerance applies in the aggregate as opposed to a specific charge. For example, if a fee subject to 10 percent tolerance was left out of the Loan Estimate, it could be on the Closing Disclosure (and charged to the borrower) so long as the aggregate amount of fees does not exceed ten percent of the amount shown on the Loan Estimate. The CFPB provided an example in comment 19(e)(3)(ii)-2:

  1. Assume that, [in the Loan Estimate], the creditor includes a $300 estimated fee for a settlement agent, the settlement agent fee is included in the category of charges subject to [10 percent tolerance], and the sum of all charges subject to [10 percent tolerance] (including the settlement agent fee) equals $1,000. In this case, the creditor does not violate [tolerance limitations] if the actual settlement agent fee exceeds the estimated settlement agent fee by more than 10 percent (i.e., the fee exceeds $330), provided that the sum of all such actual charges does not exceed the sum of all such estimated charges by more than 10 percent (i.e., the sum of all such charges does not exceed $1,100).

Expiration of the Loan Estimates.

Section 1026.19(e)(3)(iv)(E) allows credit unions to revise charges originally disclosed on the Loan Estimate if the consumer indicates an intent to proceed with the loan more than ten business days after receiving the Loan Estimate. There was uncertainty under TRID as to whether the credit union could voluntarily extend this ten business day window. The amended rule clarifies that credit unions may do this. However, the consumer must be permitted to rely on the Loan Estimate and to indicate their intent to proceed within the specified window of time. For example, if a credit union decides to extend the expiration date for a total of 14 business days, then the member must be allowed to indicate their intent to proceed under the terms in the Loan Estimate such as the disclosed rate.

Updated Forms Guide.

Finally, last week the CFPB updated its TRID Guide to Forms to incorporate the 2017 changes to TRID. Updates include:

  • The Loan Estimate in the General Requirements, General Information, Loan Terms, Projected Payments table, Costs at Closing, Loan Costs and Other Costs, Calculating Cash to Close table, Alternative Calculating Cash to Close table, Comparisons, and Confirm Receipt.
  • The Closing Disclosure in the General Requirements, General Information, Costs at Closing table, Other Costs, Calculating Cash to Close table, Summaries of Transactions, Borrower’s Transaction, Seller’s Transaction, Escrow Account, Loan Calculations, and Confirm Receipt.  
  • Coverage of closed-end credit transactions secured by a cooperative unit in various sections of the guide.

Palate Cleanser. Since I started the week off with TRID, I thought I'd share a photo of Nolan at Zoolights. He was a big fan of the train!

Categories: CU Industry Blogs

A Tale of Two Signs? HMDA Lobby Notices

Fri, 12/08/2017 - 3:30am

Written by Brandy Bruyere, Vice President of Regulatory Compliance

Recently, we received a great question from a NAFCU member on HMDA implementation. While the new HMDA rules change the lobby notice disclosures, what about the current rule's requirement? Specifically, the rule requires credit unions that are subject to HMDA reporting make modified data available to the public to 3 years and post a disclosure statement for 5 years. Here are some key excerpts from section 1003.5:

(d) Availability of data. A financial institution shall make its modified register available to the public for a period of three years and its disclosure statement available for a period of five years. An institution shall make the data available for inspection and copying during the hours the office is normally open to the public for business. It may impose a reasonable fee for any cost incurred in providing or reproducing the data.

(e) Notice of availability. A financial institution shall post a general notice about the availability of its HMDA data in the lobby of its home office and of each branch office located in an MSA and Metropolitan Division. An institution shall provide promptly upon request the location of the institution's offices where the statement is available for inspection and copying, or it may include the location in the lobby notice. (Emphasis added.)

Currently the Federal Financial Institutions Examination Council (FFIEC) prepares the disclosure statements and Regulation C requires credit unions to make this statement available to the public within 3 business days after receiving the disclosure from the FFIEC. Section 1003.5(b) also requires the credit union to either:

  • Making available to the public in the credit union's home office and at least one branch office in each Metropolitan Statistical Area (MSA) and Metropolitan District (MD) where the credit union has offices the disclosure statement within 10 business days of receiving the statement; or
  • Post the address for sending written requests in the lobby of each branch office and provide a copy of the disclosure statement within 15 calendar days of receipt for the MSA or MD for which the request was made.

Beginning January 1, 2018, the CFPB's suggested text for the lobby notice required under paragraph 1003.5(e) will point consumers to the CFPB's website. However, access to prior years' disclosure statements and modified LARs will not be available via the Bureau's website. It seems the amended HMDA rule did not clearly contemplate that there would be a few years where prior years' data would still need to be available as the suggested language for the lobby notices only seem to look forward based on data collected in 2017 and beyond.  However, there are a couple of blurbs in the preamble to the 2015 HMDA rule (links below) clarifying that current Regulation C will apply to requests for HMDA data collected prior to 2017:

"The Bureau notes that § 1003.5(b) is effective January 1, 2018 and thus applies to the disclosure of 2017 HMDA data. Current Regulation C applies to requests received by financial institutions for HMDA data for calendar years prior to 2017.


Financial institutions will make available to the public their 2017 HMDA data pursuant to § 1003.5(b) through (e) of this final rule. Financial institutions make available to the public their HMDA data for calendar years prior to 2017 pursuant to current Regulation C."

It will be important to keep in mind that current HMDA requires making a modified LAR available to the public for three years and the disclosure statement for 5 years. As a result, the CFPB's suggested text for the lobby notice only tells half the story.

After hearing others had received information from the CFPB on this, NAFCU reached out to the CFPB using its regulatory inquiries system and received non-binding, informal guidance on whether lobby notices will continue to be required for both versions of HMDA.  In speaking to CFPB staff, based on the language in the preamble referencing the current rule, it seems credit can have both notices available – one for the timeframe required by current Regulation C and one for amended Regulation C. Alternatively, credit unions may be able to develop a combined statement. Here is the "suggested text" under the current rule:

"5(e) Notice of availability.                                                       

1. Poster—suggested text.An institution may use any text that meets the requirements of the regulation. Some of the Federal agencies that receive HMDA data provide HMDA posters that an institution can use to inform the public of the availability of its HMDA data, or the institution may create its own posters. If an institution prints its own, the following language is suggested but is not required:

Home Mortgage Disclosure Act Notice

The HMDA data about our residential mortgage lending are available for review. The data show geographic distribution of loans and applications; ethnicity, race, sex, and income of applicants and borrowers; and information about loan approvals and denials. Inquire at this office regarding the locations where HMDA data may be inspected.

  1. Additional language for institutions making the disclosure statement available on request.An institution that posts a notice informing the public of the address to which a request should be sent could include the following sentence, for example, in its general notice: “To receive a copy of these data send a written request to [address].”

Here is the suggested text from the amended rule:

"5(b) Disclosure Statement


  1. Format of notice.A financial institution may make the written notice required under §1003.5(b)(2) available in paper or electronic form.
  2. Notice—suggested text.A financial institution may use any text that meets the requirements of §1003.5(b)(2). The following language is suggested but is not required:

Home Mortgage Disclosure Act Notice

The HMDA data about our residential mortgage lending are available online for review. The data show geographic distribution of loans and applications; ethnicity, race, sex, age, and income of applicants and borrowers; and information about loan approvals and denials. These data are available online at the Consumer Financial Protection Bureau's Web site ( HMDA data for many other financial institutions are also available at this Web site.

  1. Combined notice.A financial institution may use the same notice to satisfy the requirements of both §1003.5(b)(2) and §1003.5(c)."

Credit unions could consider indicating which years' data particular statements would apply to when determining whether to have two separate notices or combine notice statements. Either way, it will be important to be mindful of properly handling requests for HMDA data for years prior to 2017 given the length of time the rule requires financial institutions to make this information available.

Palate Cleanser.

If I'm going to blog about HMDA on a Friday, the least I can do is share a cute Lemmy picture. He decided to perch on the refurbished toy storage bench to peek outside, maybe to look at our holiday lights or maybe to stare down a package delivery person. Either way, he swears this is a comfortable fit!

Categories: CU Industry Blogs

FinCEN Launches Information Sharing Exchange Program

Wed, 12/06/2017 - 4:00am

Written by Shari R. Pogach, Regulatory Paralegal

The Financial Crimes Enforcement Network (FinCEN) wants to strengthen information sharing with financial institutions.  To help achieve this, it announced it has launched its FinCEN Exchange program to enhance public-private information sharing.  Working closely with law enforcement, FinCEN plans to convene regular briefings with financial institutions to exchange information on important potential illegal finance threats.   The program is intended to help financial institutions better identify risks and better focus on higher priority issues.  This will in turn help FinCEN and law enforcement get critical information to continue the fight against money laundering and other financial crimes.

Participation in the FinCEN Exchange is strictly voluntary with no new regulatory requirements.  It also doesn't replace or affect any existing channels by which law enforcement interacts directly with the financial industry. FinCEN indicates operational briefings under this new program will start in the coming weeks.

Historically, FinCEN has convened over a dozen special briefings in five cities with over 40 financial institutions and multiple law enforcement agencies since 2015.  According to FinCEN, the information given by financial institutions through suspicious activity reports (SARs) after these briefings has helped the public sector map out and target weapons proliferators, sophisticated global money laundering operations, human trafficking and smuggling rings, and corruption and trade-based money laundering networks.  The briefings also helped financial institutions to focus on specific priorities and better identify risks.

The FinCEN Exchange will convene more regularly scheduled and as-needed operational briefings across the nation with law enforcement, FinCEN and financial institutions to exchange information on priority illegal finance and national security threats.  In consultation with law enforcement, FinCEN plans to invite financial institutions to participate based on a variety of factors, including whether an institution may have information that is relevant to a particular topic. 

FinCEN states the form of each briefing may vary but the sharing of information is intended to equip financial institutions to provide more responsive information into SARs. Financial institutions are also highly encouraged, as appropriate, to voluntarily share information with other FinCEN Exchange participants as well as other financial institutions or associations of financial institutions pursuant to Section 314(b) of the USA PATRIOT Act.

Categories: CU Industry Blogs

Flag on the Play: Imposing Penalty Rates

Mon, 12/04/2017 - 5:00am

Written by Jennifer Aguilar, Regulatory Compliance Counsel

It's December. Football weather has settled in and the playoff race is heating up. If you're anything like me, you spent the entire day yesterday glued to the RedZone or, for those lucky few, you actually got to watch your team on the local broadcast. As every sports fan knows, sometimes no matter how hard the players play, sometimes it's up to the referees to decide the outcome (eyeroll and audible groan as you remember that terrible completely wrong call the refs made that cost your team the game). Most of time, the referees are on the same page and impose the right call, like these guys:

But, sometimes, no one can agree on what right call should be, like these guys:

So, what to do then? Well, go back to the rulebook. Every once in a while, credit unions find themselves in a similar position – your member hasn't paid her bill on time or has exceeded her credit limit and now you need to be the ref and enforce the rules and impose a penalty rate. But before you do so, you may find it helpful to review the rulebook first to ensure that you're making the right call. As penalty rates are most common with open-end credit products, the rules discussed below apply to open-end not home-secured credit.

The first rulebook to review is the credit agreement. This agreement lays out the obligations between you and your member but it also lays out your rights when the member fails to live up to her obligations. Before you can impose a penalty rate for such failures, you have to have the authority to do so. The agreement will usually tell you whether or not you have such authority. The agreement will also explain the circumstances under which a penalty rate may be imposed. In the event your agreement is silent on this issue, your state law may explain whether the credit union has the authority to impose a penalty rate. While the credit agreement is an important place to start, don’t forget that there is another rulebook to review too – Regulation Z.

Penalty rates are generally permissible under Regulation Z. So, as long as you have the contractual authority to do so and one of the circumstances laid out in the credit agreement has occurred, you may impose the penalty rate. Regulation Z does, however, have a couple rules that must be followed. Section 1026.9(g) requires advance notice before you can impose the penalty rate. The notice must be provided after the event that triggered the penalty rate and at least 45 days before the effective date of the increased rate. The notice must include the following:

  • Statement that the penalty rate has been triggered;
  • Date the penalty rate will apply;
  • Circumstances under which the penalty rate will no longer apply or a statement that the penalty rate may apply indefinitely;
  • Statement of which balances the penalty rate will apply to and which balances the regular rate will continue to apply to, if any;
  • If the account is a credit card, a statement of the principal reasons for the rate increase; and
  • If the rate increase is the result of a failure to make a minimum periodic payment within 60 days of the due date, a statement that the increased rate will no longer apply to transactions occurring before or within 14 days of the notice if the member makes the next six consecutive minimum payments on time.

If the open-end credit plan is a credit card and the penalty rate was imposed because the member failed to make a minimum payment within 60 days of the due date, section 1026.59(e) requires credit unions to review the account periodically to determine whether the penalty rate is still applicable. The first review is required within six months of the sixth payment due date following the effective date of the penalty rate. After that, the review is required once every six months. In conducting the account review, the rule requires credit unions to review the factors that led to the application of the penalty rate. If the credit union determines that the penalty rate should no longer apply based on the review, the rule requires the credit union to reduce the rate back to the rate that previously applied within 45 days of completing the review. No review is required if the member makes the next six consecutive payments on time and, as a result, the credit union returns the rate to the rate that applied prior to imposing the penalty rate.

Categories: CU Industry Blogs

Reg E Error Resolution for POS Disputes and Unjust Enrichment; Blockchain Resources

Fri, 12/01/2017 - 3:30am

By Stephanie Lyon, Regulatory Compliance Counsel

Talk about Black Friday, the perfect opportunity for fraudsters to go holiday shopping with your member's debit cards, online or in store. The holiday season truly is a fantastic time to review key provisions of the error resolution process of Regulation E. So let's dig in!

The basic concept of the error resolution process is that members will notify their credit union when they notice an unauthorized EFT from their account. See, 12 C.F.R. § 1005.11(b). The credit union will receive the information needed to investigate the claim and resolve the issue within a specified time period. While the credit union investigates the error, the member will be provided with provisional funds to minimize disruptions to the member's life.  See, 12 C.F.R. § 1005.11(c)(2)(i). Finally, the credit union will notify the member of the resolution and make the provisional credit final or revoke the credit if no error occurred. Sounds simple enough, right?

Wrong. Regulation E is deceptively simple, but it is full of compliance pitfalls and stumbling blocks. We have already addressed a couple of these issues in prior blogs here and here. Today's blog focuses on point-of-sale (POS) dispute timelines and what to do if you finalized the provisional credit and new information shows the member was already refunded by the merchant or the transaction was not unauthorized.

The normal timeline to resolve a Reg E error is within 10 business days of when the member notifies the credit union of an unauthorized transfer from their account. See, 12 C.F.R. § 1005.11(c)(1). Some credit unions pride themselves in providing extreme member service and correcting most errors within this timeline and to save themselves the hassle of providing provisional credit. While admirable and very member-friendly, this also means the credit union will have to mad-rush to investigate the dispute, contact merchants, compare signatures, pull video from the security cameras (if any) and come to a conclusion. Whew! I am exhausted just thinking about the process. In POS dispute cases, 10 days is simply not enough to even get a return call from merchants, let alone any documentation of the transaction.

To remedy this, the regulation permits the investigation period to be extended up to 90 days for point-of-sale (POS) debit card transactions such as swiping your debit card at any store in the mall. See, 12 C.F.R. § 1005.11(c)(3)(ii). To take advantage of the extended timeline, the credit union must: (1) provisionally credit members for the amount of the alleged error as long as the member notifies the credit union in writing; (2) notify the member within 2 business days of the amount and date the provisional credit was given; and (3) give the member full use of the provisional credit while the investigation is pending.

Taking the time to investigate a POS dispute is essential as lately, credit unions are noticing that merchants are refunding members after the credit union has already resolved the error and finalized provisional credit. Basically, the member is getting back their money twice. As awesome as it is to get a windfall, it is simply not right. So credit unions want to know whether they can remove funds from a member's account if the member had been made whole by the merchant or if the credit union uncovers convincing evidence that the transaction was not unauthorized.

The answer to this question is not found in the regulation—of course. That would make it way too easy on the NAFCU compliance team that takes these questions as a white elephant gift from the regulators. Regulation E explicitly states that credit unions can reverse provisional credit if there was no error or a different error occurred. See, 12 C.F.R. § 1005.11(d). Nothing in the regulation states that credit unions can take back final credit if it later discovers that no error or a different error occurred. If this seems inherently unfair, you are not alone. There is an entire contract law concept called unjust enrichment that has been around long before any of us or our predecessors were thinking about compliance. The just of this notion is that someone received a benefit they were not entitled to at the expense of someone else. Unfortunately, to pursue an unjust enrichment claim, the credit union would have to file a civil suit against the member who received the windfall. A less expensive option may be to politely ask the member to reimburse the credit union if the merchant credited the member or if the member later admits to having made the transaction. But an even better option is probably to take the full 90 days to investigate the dispute and ensure the credit union is monitoring the member's account during that time.

Regardless of the option, this is an area where the regulation is not entirely clear on when or whether a credit union has the ability to revoke final credit if the member is unjustly enriched. Interestingly enough, the remittance transfer rule that makes up sections 1005.30 to 1005.36 of Regulation E, has a provision regarding these types of unjust enrichment cases that should be added to the EFT error resolution part of the regulation. Here is a relevant excerpt from the official interpretation to section 1005.33(f):

…In addition, nothing in this section prevents an account-holding institution or creditor from reversing amounts it has previously credited to correct an error if a sender receives more than one credit to correct the same error. For example, assume that a sender concurrently asserts an error with his or her account-holding institution and remittance transfer provider for the same error, and the sender receives credit from the account-holding institution for the error within 45 days of the notice of error. If the remittance transfer provider subsequently provides a credit of the same amount to the sender for the same error, the account-holding institution may reverse the amounts it had previously credited to the consumer's account, even after the 45-day error resolution period under §1005.11.

12 C.F.R. § 1005, Supp I, 1005.33(f)—1 (emphasis added). I am just going to put it out there, adding this to the official interpretation of section 1005.11(d) would be a pretty fantastic present for all compliance officers.


Blockchain Resources

NAFCU Regulatory Affairs Counsel Andrew Morris recently wrote an article for our Cyber Café edition of the Compliance Monitor (log-in required). To continue to assist credit unions interested in staying ahead of the curve he teamed up with NAFCU Special Counsel Pamela Yu, to produce a webpage that describes how blockchain technology impacts credit union regulations from BSA to Mortgage Servicing. This resource is available to all and can be accessed here.

Categories: CU Industry Blogs

We Listened So You Don't Have To: Interagency Fair Lending Hot Topics Webinar

Wed, 11/29/2017 - 3:30am

Written by: André B. Cotten, Regulatory Compliance Counsel

On November 16th, 2017, the CFPB, NCUA and several other representatives from federal agencies presented a webinar on lending topics ranging from the HMDA changes to Regulation B special purpose credit programs, compliance management for consumer loans and fair lending considerations. You can listen to the webinar here and download the presentation slides here. Here is a quick summary of the main topics discussed:

HMDA Changes and Fair Lending

A CFPB representative quickly went over the new HMDA rules that will be in effect for HMDA data collected in 2018 and reported in 2019. According to the speaker, the FFIEC released its HMDA Examiner Transaction Testing Guidelines that will be used by all federal regulators in assessing the accuracy of the HMDA data that financial institutions record and report. This guide has important information regarding testing procedures and tolerance calculations for errors in different sample sizes.

As far as examinations, the CFPB highlighted that it will be updating its HMDA Examination Procedures and Getting It Right Guide to make complying with the rules easier. And as we previously reported, the CFPB's approach in initial examinations will be consistent with the approach taken for other regulations, which means "good faith efforts" to comply will be taken into account.

Special Purpose Credit Programs

A NCUA representative reviewed Regulation B Special Purpose Credit Programs. A special purpose credit program is characterized as a credit incentive. For instance, a credit union offers a one-time rate reduction for designated loan products to one or more of its membership groups. In other words, this incentive program would not be offered to the credit union's entire field of membership.

NCUA discussed credit risks associated with offering these type of special purpose credit programs. According to the official interpretations to Regulation B, the credit union makes the determination if the program benefits an "economically disadvantaged class of persons". The requirements for special purpose credit programs are detailed in section 1002.8. Note, the credit union's program cannot be established to evade ECOA's nondiscrimination requirements. To comply with Regulation B, the credit union may request common characteristic information to determine eligibility. If financial need is one of the criteria for the special purpose credit program, the credit union may also request information need to determine financial need.

Compliance Management for Consumer Loans

A representative from the Federal Reserve Board presented on compliance management for consumer loans. Although most credit unions are not supervised by the Federal Reserve, a credit union would still find the presenters remarks helpful.

The discussion focused on fair lending risks and compliance management for the pricing of consumer loans. However, the same principles would apply to developing an effective fair lending risk management program for consumer loan underwriting, and for mortgage and indirect auto pricing and underwriting.

Many credit unions offer consumer loans that serve a critical need for members. The Federal Reserve identified common scenarios the fair lending risk for pricing arises, which include the following:

  • The credit union grants the loan originators broad discretion to set the interest rate and fees
  • The credit union does not use rate sheets or other pricing guidelines
  • The credit union does not require the loan originators to clearly and consistently document pricing decisions, including exceptions
  • The credit union does not monitor for potential pricing disparities on a prohibited basis.

The Federal Reserve Board's representative also identified the elements of an effective compliance management system: Board of Directors and Senior Management Oversight; Policies and Procedures; Risk Monitoring and Management Information Systems (MIS); Internal Controls.

The Federal Reserve expects the financial institution's board and senior management to ensure they understand the level of risk in the credit union's products, services, and business lines, including the fair lending risk in consumer loan pricing. Board and Senior Managers are also expected to administer compliance management program that is consistent with the size, complexity, and risk profile of the financial institution's products, services, and business lines.

In regards to policies and procedures, the Federal Reserve encourages financial institutions to develop policies and procedures (such as rate sheets, checklists, job aids, etc.) designed to ensure consistent outcomes and prevent discrimination on a prohibited basis. Financial institutions are also encouraged to provide training on the fair lending risk in consumer loan pricing, and the financial institution's policies should appropriately control that risk.

The Federal Reserve also provided some best practices. Financial institutions may want to use rate sheets or loan origination software that use clear pricing criteria, and, if applicable, clear pricing exception criteria. The financial institution may also want to require loan originators to clearly and consistently document pricing decisions, including exceptions.

Then, in regards to risk monitoring and management information systems, the financial institution may want to develop risk monitoring systems commensurate with the level of discretion permitted. The Federal Reserve also provided several fact scenarios and commentary to better explain various fair lending risk scenarios. The credit union may also want to provide the board of directors and senior management with the information needed to identify and evaluate fair lending risk for consumer loan pricing.

When developing and modifying internal controls, the Federal Reserve advises that financial institutions may want to develop periodic fair lending self-assessment processes. These processes can include compliance reviews and audits that are appropriate for the size, complexity, and risk profile of the credit union's products, services, and business lines.

Other Related Fair Lending Topics

There were numerous other presenters during the webinar. The FDIC representative provided additional guidance concerning Fair Lending Monitoring Programs. The FDIC's Compliance Manual defines "monitoring" as a proactive approach by an institution to identify procedural or training weaknesses in an effort to preclude regulatory violations. It also includes transactional testing. The FDIC discussed performing periodic analyses of data for fair lending risks. These reviews should be conducted on a portfolio-wide basis.

Moreover, a representative from HUD discussed recent common issues in consumer complaints at HUD. Some common complaints include the following: the treatment of disability income; the treatment of parental leave income; collateral policies; reasonable accommodations; and targeting tools for marketing through social media.

Lastly, an attorney from the Department of Justice discussed denial investigations and cases. The DOJ representative used a recent case to explain instances of mistreatment based on prohibited criteria. The complaint alleges that the bank required employees to deny loans from minority applicants more quickly than similarly-qualified white applicants. The bank also instructed its employees not to provide credit assistance to applicants whose applications were marginally qualified.


Live Webcast on Tuesday, December 5 - Must a Credit Union Website be ADA Compliant? Protecting Your Credit Union from Potentially Frivolous Claims 

Over the past few months, credit unions have been hit with scores of lawsuits (and perhaps hundreds of “attorney demand letters”) challenging the accessibility of credit union websites to visually-impaired individuals.  Under the Americans with Disabilities Act of 1990, “public accommodations” are charged with being accessible to those with impairments.  These cases and claims allege that credit union websites are places of “public accommodation;” that they are not fully-accessible to visually-impaired individuals; and that the visually-impaired claimant stands ready to resolve the matter “confidentially” for a cash settlement. 

This 90-minute webcast will feature speakers with current experience in the legal and procedural issues involved, and will cover background information, current cases specific to credit unions, and what your credit union can do now to minimize its risk. Register here.

Categories: CU Industry Blogs

NCUA Issues Temporary Exemption on Appraisals for Disaster Zones

Mon, 11/27/2017 - 9:39am

By Reginald Watson, Regulatory Compliance Counsel

Greetings compliance friends! In the wake of excessive flooding brought about by the many recent tragic hurricanes, NCUA together with several other agencies have granted temporary exceptions to the current appraisal requirements in major disaster zones. Since we've received quite a few questions on this, I figured it would be a good opportunity to review the NCUA appraisal requirements and un-package this temporary exemption.

NCUA's appraisal requirements depend on the loan value and its terms. NCUA’s Rules and Regulations do not require a formal appraisal if the transaction is 250k or less. Generally, any loan with a transactional value of $25,500 or less requires only a “written valuation” that meets FIRREA requirements. A loan with a transactional value between $25,501 and $250,000 only requires a formal appraisal if it is a "higher-priced" mortgage loan; and all loans of $250,001 or more require an appraisal.

For transactions requiring an appraisal, the central requirement is that the appraisal must be "performed by a state certified or licensed appraiser." For transactions requiring a written valuation, it must "be performed by an individual having no direct or indirect interest in the property, and qualified and experienced to perform such estimates of value for the type and amount of credit being considered."  12 C.F.R. §722.3(d). The minimum requirements for written estimates of market value are addressed in Appendix B of the Interagency Appraisal and Evaluation Guidelines.

In addition to the transaction threshold issue, §722.3 outlines the other exceptions to the general requirement to seek an appraisal, including situations in which:

  • A lien has been taken out on the property as collateral only through an abundance of caution, and the transaction terms are no more favorable than they would have been in the absence of a lien;
  • A lien has been taken out on the property for purposes other than the real estate's value;
  • A lease of real estate is entered into, unless the lease is the economic equivalent of a purchase or sale of the leased real estate;
  • The transaction involves an existing extension of credit at the lending credit union provided that there is no advancement of new monies and no obvious or material changes to market conditions;
  • The transaction involves the purchase, sale, investment in, exchange of, or extension of credit secured by, a loan or interest in a loan, pooled loans, or interests in real property, including mortgage-backed securities;
  • The transaction is wholly or partially insured or guaranteed by a United States government agency or United States government sponsored agency;
  • The transaction either: 
    • Qualifies for sale to a United States government agency or United States government sponsored agency; or
    • Involves a residential real estate transaction in which the appraisal conforms to the Federal National Mortgage Association or Federal Home Loan Mortgage Corporation appraisal standards applicable to that category of real estate; or
  • The regional director has granted a waiver from the appraisal requirement for a category of loans meeting the definition of a member business loan.

Appendix A to the Interagency Appraisal and Evaluation Guidelines, provides additional guidance on these exemptions and describes how institutions can comply with Title XI of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA).The guidance was joined by NCUA, and was attached to Letter to Credit Unions 2010-23.

Higher Priced Mortgages

As referenced in §722.3(f), if a loan is a second mortgage that is closed-end consumer credit secured by the consumer’s principal dwelling and qualifies as a higher-priced mortgage loan (HPML), it may require an appraisal under Regulation Z. §1026.35(c). An HPML is a closed-end secured residential loan "with an annual percentage rate that exceeds the average prime offer rate for a comparable transaction by a certain number of percentage points. §1026.35(c)(2) also provides an appraisal threshold exemption which is currently $25,500, along with additional exemptions to the appraisal rule for HPMLs. The threshold is set to increase to $26,000 on January 1, 2018. The CFPB official commentary discusses all these exemptions in further detail and emphasizes that although these types of transactions may be exempt from the CFPB's appraisal rule, the requirements under FIRREA and §722.3 still apply. Thus, an appraisal would be required for HPMLs between $25,500 and $250,000, and a written valuation conforming to the Interagency Appraisal and Evaluation Guidelines would be required for loans that do not require an appraisal under NCUA. An additional written appraisal for HPMLs may be required for recently acquired properties subject to certain conditions found in §1026.35(c)(4).

In summary, it appears any loan with a transactional value of $25,500 or less requires only a written valuation that conforms to Appendix B of the interagency guidance. A loan with a transactional value between $25,500 and $250,000 only requires a formal appraisal if it is a HPML. All loans carrying a value of $250,001 or more require an appraisal.

Loans in Disaster Areas

On October 16, 2017, NCUA, together with several other agencies, released a Letter to Credit Unions (17-CU-06) granting a temporary exemption to the FIRREA appraisal requirements in major disaster areas, as defined by the President. The exemption provides flexibility to credit unions with loans secured by real estate and located in the affected areas, including parts of Florida, Georgia, Puerto Rico, Texas, and the U.S. Virgin Islands. The exemptions will remain in effect for a three-year period from the date of the declaration.

The order specifically requires that the property involved was located within the major disaster area, there is a binding commitment to fund the transaction, the value of the real property supports the institution's decision to enter into the transaction, and the transaction must continue to be subject to review by management in the course of examinations of the institution.

This waiver is an attempt to ensure that any shortage of appraisers would not further delay the recovery process for these regions. We at NAFCU have been saddened to see the extent of the damage and loss of life and have compiled a list of resources to help credit unions in these disaster areas. Our thoughts and prayers go out to all those who have been affected.

Categories: CU Industry Blogs

NCUA Reverses Position on "Individual Policy" Requirements for Fidelity Bonds

Wed, 11/22/2017 - 4:00am

Written by Pamela Yu, Special Counsel for Compliance and Research

NCUA's Office of General Counsel (OGC) recently issued its third formal legal opinion of 2017.  Dated September 26, 2017, the opinion letter concludes that the "individual policy" requirement in NCUA's fidelity bond rule does not prohibit a credit union from purchasing a fidelity bond that covers both the credit union and its credit union service organization (CUSO), provided the credit union owns at least 50 percent of the CUSO or the CUSO qualifies as a "nominee," as defined in the letter.  See, NCUA Legal Opinion 17-0959

Notably, the opinion represents a reversal from OGC's previous interpretations of the rule.  Opinion 17-0959 supersedes two previous legal opinions on this topic issued in 2004 and 2014, respectively. See, NCUA Legal Opinions 04-0744 and 14-0311.


The Federal Credit Union Act (FCU Act) directs NCUA to require fidelity bond coverage for credit union employees who handle funds or collateral.  See, 12 U.S.C. §1766(h)Part 713 of NCUA's regulations, which implements that provision, describes the fidelity bond and insurance coverage required for federal credit unions (the provision is also applicable to federally insured state-chartered credit unions by §741.221). 

The fidelity bond rule requires, among other things, that a bond (at a minimum) must be purchased in "an individual policy."  See, 12 C.F.R. §713.3(a).  According to NCUA, the "individual policy" requirement was added to the rule in 1999 to address specific concerns raised during the public comment period about jointly purchased fidelity bonds:

"[One] commenter was concerned that in [joint fidelity bond policies] a loss suffered by one or two of the joint policy holders could reduce the amount of coverage available for the other joint policy holders below the required minimum amount, i.e. two losses equal to the single loss limit of liability would exhaust the coverage available for all credit unions to zero even though some of these credit unions would not have suffered a loss. This commenter also noted a concern with the joint purchase of fidelity bond policies even when the policy purchased does not have an aggregate limit of liability. While it is true that a loss suffered by one credit union would not reduce the amount of coverage available to the other credit unions purchasing the policy, this commenter suggested that, when several credit unions purchase a policy in a group, they may not give adequate attention to providing for the specific risks faced by individual credit unions. Compromises might be made in coverage amounts that would not be made if the policy were purchased individually.  In addition, this commenter argued that the joint policy holders might not adjust coverages in a timely manner because of the difficulty of doing so in a group purchasing scenario." See, 64 Fed. Reg. 28718, 28719 (May 27, 1999).   

Based on these and other concerns, the NCUA Board clarified the rule to provide that a fidelity bond must be individually purchased by each credit union, but it did not define "individual policy."

Previous Opinions

In 2004, OGC was asked if a CUSO that provided management services for several credit unions could purchase a single fidelity bond with all its credit unions named as insureds. In opinion 04-0744, the office found that the joint bond was not permissible under §713.3(a), noting that "the principal reason for not permitting a credit union’s bond to cover additional insureds is to ensure that the coverage of the other insureds does not conflict with or in any way dilute the individual credit union’s required coverage."

In 2014, the office was asked to consider whether a credit union could include one or more CUSOs as additional insureds under its fidelity bond.  Again, OGC opined that a federally insured credit union is required to obtain fidelity bond coverage under an individual policy, and could not include one or more CUSOs or other parties as additional insureds under its fidelity bond.  See, NCUA Legal Opinion 14-0311. Citing the 2004 opinion and its rationale, OGC further noted that the requirement "prevents a claim against one insured from depleting coverage limits for the credit union."


In a departure from its position since 1999, OGC has now changed its opinion of the permissibility of certain joint coverage fidelity bond provisions.  The reversal was precipitated by the office's recent review of bond forms approved by NCUA pursuant to §713.3(b), and the realization that several already-approved bond forms included joint coverage provisions.  For example, some of the approved forms, which NCUA approved before the 1999 rule change, included nominee provisions, joint insureds provisions, and definitions of "insured" that include subsidiaries that are more than 50 percent owned by the insured.  Given the "inconsistency between NCUA's approvals and [OGC's] legal opinions," the office now says that the "individual policy" requirement does not prohibit a credit union from covering its majority owned CUSO under its fidelity bond.   A CUSO may also be covered if it otherwise qualifies as a nominee.  However, joint coverage of non-majority-owned CUSOs or other entities continues to be impermissible.  See, NCUA Legal Opinion 17-0959

This change in position may lead to formal amendments or other revisions to the fidelity bond rule.  The opinion notes that NCUA recently published a proposed regulatory reform agenda, which includes a recommendation to consider revisions to Part 713.  See, 82 Fed. Reg. 39702, 39707 (Aug. 21, 2017).


Programming Note. NAFCU's offices will close at noon today and also be closed on Thursday and Friday in observance of Thanksgiving. We wish you all a safe and wonderful holiday. We'll be open and back to blogging on Monday.  Happy Thanksgiving!

Categories: CU Industry Blogs

NCUA Streamlines, Improves Appeals Process

Tue, 11/21/2017 - 10:04am

Written by Shari R. Pogach, Regulatory Paralegal

During its October meeting, a new final rule was adopted by the National Credit Union Administration (NCUA) Board to streamline and establish uniform procedures in cases in which a decision by a regional director or other program office director is appealed to the NCUA Board.  Effective January 1, 2018, the new procedures will apply to agency regulations with currently embedded appeals provisions. 

Most authorized appeals to the NCUA Board will be governed by the new 12 CFR part 746, Subpart B. The regulations under which a credit union can appeal initial agency determinations include:

  • 701 – Organization and Operation of Federal Credit Unions,
  • 703 – Investment and Deposit Activities,
  • 705 – Community Development Revolving Loan Fund Access for Credit Unions,
  • 708a – Bank Conversions and Mergers,
  • 709 – Involuntary Liquidation of Federal Credit Unions and Adjudication of Creditor Claims Involving Federally Insured Credit Unions in Liquidation,
  • 741 – Requirements for Insurance,
  • 745, Subpart B – Share Insurance and Appendix,
  • 747 – Administrative Actions, Adjudicative Hearings, Rules of Practice and Procedure, and Investigations,
  • 750 – Golden Parachutes, and
  • FCU Act – Chartering and Field of Membership Determinations.

There are, however, five areas that are excluded from the scope of this new rule:  Enforcement Actions; Creditor claims in liquidation that are litigated or reviewed by the Board under formal agency adjudication procedures; Material Supervisory Determinations; Prompt Corrective Action; and Other Exclusions including appeals of adverse determinations under Freedom of Information Act (FOIA), requests made under NCUA's Touhy regulation, appeals of initial determinations made under the Privacy Act and consumer complaints to the agency.  NAFCU members can get more details on the exclusions and procedures outlined in the final rule in Final Regulation 17-EF-12 (your member login is needed).

NCUA's stated intent with this new rule is to provide "credit unions, and other persons or entities that are affected by agency decisions, with an opportunity to obtain meaningful review of those decisions. The Board believes this final rule strikes an appropriate balance that will afford a petitioner fair consideration of the issues while avoiding procedures that are overly burdensome, time consuming, and expensive."

Did you know that NAFCU has an Exam Fairness Guide that's available to members and to nonmembers on our website?  We are all aware that examinations can have a significant impact on a credit union.  This guide takes you through exam basics such as the goals of an NCUA exam, risk-focused versus defined-scope exams, frequency of exams and extended exam cycles. It also has helpful tips for navigating exam challenges, the appeals process and achieving fair exam outcomes.  The current guide reflects the appeals process as it stands today but will be updated in 2018 to reflect the new appeals process procedures.

Categories: CU Industry Blogs

"Friday Fun: Regulatory Requirements for Online Account Openings"

Fri, 11/17/2017 - 3:30am

Written by: Andre' B. Cotten, Regulatory Compliance Counsel

Greetings, Compliance Friends! Opening accounts online is a major convenience for members. However, for compliance officers, the online account opening process is riddled with potential pitfalls. For example, when and how does the credit union provide the account opening disclosures. Today's blog is meant to be a high-level review of some of the relevant requirements credit unions may want to consider when establishing online account opening policies and procedures.

Bank Secrecy Act

From a BSA standpoint, opening accounts online can represent risks related to a credit union's Customer Identification Program (CIP) and Know Your Customer requirements. Generally, a credit union's CIP program is based on its own risk assessment and not prescriptive requirements. Although, from a CIP perspective, members opening accounts online is generally considered higher risk. From NAFCU's understanding, many financial institutions utilize complex vendor software in order to ensure the CIP requirements are met when individuals seek to open accounts online.

The FFIEC BSA/AML exam manual discusses "non documentary" methods of verifying identity that may also be helpful to the credit union. Note, the BSA requires that the credit union know the member's identity with reasonable certainty and have the member's name, address, date of birth and identification number so that guides what needs to be verified.


However, a consumer must fall within the field of membership before they can be admitted as a member in the credit union. This determination will depend on the credit union's statement of its field of membership, the clause of the statement relied on by the potential member, and the credit union's policies and procedures.

Note, Article II, Section 2 of NCUA's FCU Bylaws requires a member to sign an application for membership. The credit union might verify this language in its own bylaws, and if it does appear, consider electronic signatures under the E-SIGN Act or whether it will require a member to come in and provide a wet signature for the signature card and to establish insurance under Part 745.

As an additional reference, NCUA Opinion Letter 2004-0543 discusses electronic signatures in the membership context.


The E-Sign Act requires credit unions to receive the member's affirmative consent to receive electronic records. See, 15 U.S.C. § 7001(c). . As an industry standard, it seems many credit unions require members to comply with the E-SIGN consent and procedures when registered for online banking to give legal effect to the disclosures transmitted to the members  through the online banking platform.

For more information, NCUA issued a Risk Alert soon after the E-SIGN Act became effective in March 2001. Here is an additional link for your reference: Consumer Compliance Outlook 4Q Article on ESIGN .

Regulation E

The determination whether a credit union is required to provide additional disclosures when a member establishes an account online depends on what other types of products or services the member is requesting. For example, if the member requests a debit card to execute electronic fund transfers, then the credit union would need to comply with Regulation E.

Regulation E requires initial disclosures be provided "at the time a consumer contracts for an electronic fund transfer service or before the electronic fund transfer is made involving the consumer's account." Below are some Regulation E links of interest:

  • Section 1005.4 contains general disclosure requirements and references providing disclosures electronically (E-SIGN)
  • Section 1005.7 contains requirements for initial account disclosures
  • Supplement I to Part 1005 contains commentary to both sections that clarify requirements
  • Appendix A contains Model Forms for Regulation E – Model Form A-2 applies to initial account disclosures

Truth in Savings

NCUA's Truth in Savings Rule has a similar requirement that specifies that credit union must provide account opening disclosures before the account is opened or a service is provide din connection with the account. See, 12 C.F.R. § 707.4(a)(1)(ii).

Here are some Truth in Savings links of interest:

  • Section 707.4 contains the requirements for delivery or initial account disclosures
  • Section 707.3 describes how disclosures can be provided electronically (i.e., following E-SIGN) and the relationship to Regulation E
  • Appendix C contains commentary to both sections that clarify requirements
  • Appendix B contains Model Forms for TIS – Model Form B-1 applies to initial account disclosures


Under the GLBA, Initial Privacy Notices and Opt-Out Notices can be provided electronically. The notieces can be delivered pursuant to the E-SIGN Act, or  in certain circumstances, the notices can be delivered when the consumer is conducting transactions electronically. Under section 1016.9(b)(1)(iii), it is considered valid delivery to post the privacy notice on a website and require the consumer to acknowledge receipt of the notice as a necessary step to obtaining a particular financial product or service.

Another privacy consideration for online banking is the Children’s Online Privacy Protection Act (COPPA). COPPA imposes certain requirements on operators of websites or online services directed to children. Credit unions are subject to COPPA if they operate a website or online service directed to children, or have actual knowledge that they are collecting or maintaining personal information from a child online. Making COPPA determinations generally requires an analysis of the specific facts and circumstances surrounding a credit union’s online activities against the requirements of COPPA. Thus, a credit union may want to work with local counsel to see if COPPA applies. The FTC’s website has an excellent overview of COPPA.

State Law

Lastly, there may be state law considerations. An online banking agreement establishes contractual obligations between the credit union and the member. The credit union may consider consulting with local counsel to develop a comprehensive agreement that includes, but is not limited to: balance and transaction information; password creation and maintenance; access authorization; and technical assistance.

Additional Resources

Below are a few resources on authentication, cybersecurity, and other issues related to online banking:

  • NCUA Official Sign is required on a webpage where a credit union accepts deposits or opens accounts under section 740.4(a). Downloadable graphics of the sign are available here.
  • Regulation CC requires the credit union to provide disclosures relating to funds availability “before opening a new account,” under section 229.17.
  • NCUA Letter to Credit Unions 2011-CU-09 discusses Online Member Authentication Guidance
  • FFIEC IT Booklets provides guidance on cybersecurity considerations.
Categories: CU Industry Blogs