Skip to main content

NAFCU Compliance Blog

Syndicate content
A Helping Hand for Credit Union Compliance Officers(And other occasional ramblings from the NAFCU Compliance Team)
Updated: 4 weeks 1 day ago

Curbing the CFPB Watchdog

Thu, 02/15/2018 - 4:56pm

Written by Shari R. Pogach, Regulatory Paralegal

The Consumer Financial Protection Bureau (CFPB) has gone through some significant changes since the resignation of former Director Richard Cordray last November.  Moving from continuously issuing regulations and enforcement actions, under its current leadership, the bureau appears to be heading to a kinder and gentler mode.  Acting Director Mick Mulvaney has made it clear in both a memo to CFPB staff and the bureau's recently released five-year strategic plan that going forward, the CFPB will go no further than furthering its statutory responsibilities outlined under Dodd-Frank.  According to its mission, the bureau will "regulate the offering and provision of consumer financial products or services under the Federal consumer financial laws" and "educate and empower consumers to make better informed financial decisions."

The CFPB has three goals under the current strategic plan:

  1. Ensure that all consumers have access to markets for consumer financial products and services.
  2. Implement and enforce the law consistently to ensure that markets for consumer financial products and services are fair, transparent, and competitive.
  3. Foster operational excellence through efficient and effective processes, governance and security of resources and information.

The plan outlines the objectives and strategies to enable the bureau to achieve these goals.  One significant objective is to "regularly identify and address outdated, unnecessary, or unduly burdensome regulations in order to reduce unwarranted regulatory burdens."  This will be done by getting input and feedback on existing regulations, looking at alternative approaches and alternatives to regulation.  Rules and regulations will be assessed and reviewed to evaluate their effectiveness and for opportunities to clarify, modernize and streamline when feasible. 

In addition to the new direction set by Acting Director Mulvaney, President Donald Trump’s budget proposal called for cutting the CFPB's funding and limiting its enforcement powers.  Since its inception, the bureau has been criticized as having too much power with too little oversight from Congress. Under this strategic plan, Acting Director Mulvaney seeks to rein in the bureau's "unparalleled powers."


Programming Note.  NAFCU will close at noon today and be closed on Monday for President's Day weekend. We will be back to blogging on Wednesday. Enjoy your weekend!

Categories: CU Industry Blogs

SALE! BOGO! DOORBUSTER!: Running Promotions on Your Credit Cards

Wed, 02/14/2018 - 4:00am

Written by Jennifer Aguilar, Regulatory Compliance Counsel

In my opinion, the first Sunday after the Super Bowl is the most depressing day of the year. After months of having every Sunday filled with excitement and record-breaking moments, you suddenly have a day with nothing to do. And that's just depressing. So, I filled my day with a trip to the mall. Pause – I'll give you all a moment to recover from the shock that there's still someone out there who doesn't shop online. . . I always prefer the mall because most of the stores are so desperate to get people in the door that they give you really great discounts that you often can't get online. They all have these colorful signs in the windows advertising discounts on your entire purchase or free gifts with your purchase.

Like any other business, credit unions also use these kinds of flashy offers to attract customers. However, unlike the stores at the mall, credit unions have to comply with a number of different requirements for their offers. From advertising to account opening and beyond, the rules are complex and can be hard to follow. Today's post will focus on the rules for how long credit unions must honor a promotional rate on a credit card. The rules below apply for both new accounts and promotions on existing accounts.

Generally speaking, the credit card rules in Regulation Z prohibit credit unions from increasing the rate on a credit card unless a specific exception applies. One of those exceptions – contained in section 1026.55(b)(1) – allows credit unions to increase the rate after the expiration of a promotional period.  The promotional period must be at least six months. Well, that's pretty easy, right? Not so fast. The commentary actually provides two different methods for calculating the promotional period depending on the types of transactions subject to the promotional rate – multiple transactions or one-time transactions.

Multiple Transactions. The first method covers promotional rates that apply to multiple transactions. For example, all purchases made between February and September. Credit unions may limit the types of transactions that qualify for the promotional rate to particular categories – such as all purchases or a balance transfer over $1,000 – or a particular time period – such as all purchase made in December.  If the promotional rate applies to multiple transactions, it does not matter how many transactions the member actually makes – as long as multiple transactions qualify for the promotional rate than the first method applies.

So, what is the calculation method? Well, the promotional period begins on the date the credit union provides the 55(b)(1) disclosures – that is, the disclosures that explain the length of the promotional period and the APR that will apply after the end of the promotional period. However, if the date the account can first be used is later than the date the credit union provided the disclosures, then the promotional period begins on that date instead. The promotional period must end at least six months from that beginning date. Here is an example from the commentary that illustrates how this works:

On November 1, 2017 the card issuer offers the consumer a 0% rate for six months on purchases made during the months of November and December and states that a 17% rate will apply after the promotion. The following purchases are made: November 15 for $500; December 15 for $300; and January 15 for $150. The card issuer may begin charging the 17% rate on the $500 purchase and the $300 purchase starting on May 1, 2018 as this is six months from November 1. However, the issuer may charge the 17% rate on the $150 purchase beginning on January 15 since it was made after the specified time period.

One-time transactions. The second method covers promotional rates that will apply to only one transaction. For example, a balance transfer. Again, credit unions can put limitations on the transaction that will qualify for the promotional rate – such as a purchase over $5,000 or a balance transfer made in January. When the promotional rate applies only to one-time transactions, then the promotional period begins on the date of that transaction. The promotional period must end at least six months from that transaction date. Here are a couple examples from the commentary that illustrate how this works:

Example 1: On June 1, 2017, a card issuer offers a 0% APR for six months on the purchase of an appliance and an 18% rate will apply after that. On September 1, 2017 a $5,000 appliance is purchased.  The card issuer may begin charging the 18% rate on March 1, 2018 as this is six months from September 1.

Example 2: On June 1, 2017, a card issuer offers the consumer a 5% rate for six months on a balance transfer of at least $1,000 and states that a 15% rate will apply after that. On June 15, a $3,000 balance is transferred to the account. On July 15, a $200 purchase is charged to the account. The card issuer may begin charging the 15% rate on the $3,000 transferred balance on December 15 as this is six months from June 15. However, the card issuer may charge the 15% rate on the $200 purchase beginning on July 15 because this purchase did not qualify for the promotional rate.

When dealing with promotional rates, credit unions will need to first determine whether the promotional rate will apply to multiple transactions or only to one particular transaction. Once the credit union has made this determination, it can determine when the promotional period starts. Determining when the promotional period starts is essential for compliance as the period must run for at least six months.

Categories: CU Industry Blogs

Rumor Has It…Exams Include Website Reviews

Mon, 02/12/2018 - 11:58am

Written by Brandy Bruyere, Vice President of Regulatory Compliance

NAFCU has been hearing from members that examiners are conducting website reviews as part of recent examinations. A credit union's website can contain advertising content as well as impact other areas of compliance. Here are some things to consider if conducting a review is on your radar.

Advertising Content

Keep in mind that federal regulations define advertisement quite broadly. For example, under Regulation Z, an ad is "a commercial message in any medium that promotes, directly or indirectly, a credit transaction." NCUA's Truth in Savings rule is similarly broad, as is NCUA's general advertising rule. As a result, much of a credit union's website could include content that federal regulation considers to be an advertisement. Below are several regulatory provisions that may impact a credit union's website due to its advertising content:

  • Use of the Official NCUA Sign and Advertising StatementSection 740.4(a) requires credit unions to display the official sign "on its Internet page, if any, where it accepts deposits or opens accounts." Section 707.5 requires a credit union's website to state "federally insured by NCUA," but this can be accomplished using the official sign. However, if a particular credit union page has information about investment-type products that are not insured, such as those offered through a CUSO, it could be problematic to include this information if it insinuates that uninsured products are insured.
  • Accuracy of AdvertisingSection 740.2 generally prohibits insured credit unions from any advertisement that is "inaccurate or deceptive in any particular, or which in any way misrepresents its services, contracts, or financial condition." There is no staff commentary and not much guidance as to what might be deceptive or a misrepresentation, but these kinds of considerations often involve judgement calls made from a consumer's perspective.
  • Deposit Accounts and the TIS Advertising Rule – If website content promotes share accounts, section 707.8 prohibits such advertisements from being misleading or inaccurate. This includes limits on when an account can be described as "free" and a requirement to state the "annual percentage yield" if the ad states a rate of return (APY may be used after the unabbreviated term is used at least once). Where the APY is stated, additional disclosures are also triggered as applicable including:
    • A statement that the rate may change, if a variable rate account;
    • The period of time the APY will be offered for interest and dividend bearing term share accounts;
    • The minimum balance required to earn the advertised APY;
    • The minimum deposit required to open the account to hear the APY, if greater than the minimum balance;
    • A statement about fees; and
    • If a share term account, disclosures regarding the term of the account, early withdrawal penalties, and specific disclosures for noncompounding term share accounts with a stated maturity of over a year.

There are also specific disclosures triggered if a bonus is stated in an advertisement for an account and requirements if overdraft features are promoted. However, the staff commentary to the rule allows for some flexibility here to provide some disclosures a click away:

"9. Electronic advertising. If an electronic advertisement, such as an advertisement appearing on an internet Web site, displays a triggering term, such as a bonus or annual percentage yield, the advertisement must clearly refer the member to the location where the additional required information begins. For example, an advertisement that includes a bonus or annual percentage yield may be accompanied by a link that directly takes the member to the additional information.” (Emphasis added.) See, 12 C.F.R. Part 707, App. C, comment 707.8(a)-9.

  • Regulation Z – Content that promotes a credit product will have Reg Z implications. Section 1026.16 applies to open-end credit products and section 1026.24 applies to closed-end credit products. Both of these rules contain "trigger terms" that, if used, require additional disclosures. Of course, these terms are not the same for open-end versus closed-end credit, or home-secured versus non-home-secured loans. For example, the rate or APR when used for open-end credit products NAFCU has articles for members on open-end credit ads and home secured ads which may help. But like the TIS rule, Reg Z does contain commentary about providing some disclosures a click away in an electronic format, here is an excerpt:

Paragraph 16(c)(1)


2. Electronic advertisement. If an electronic advertisement (such as an advertisement appearing on an Internet Web site) contains the table or schedule permitted under §1026.16(c)(1), any statement of terms set forth in §1026.6 appearing anywhere else in the advertisement must clearly direct the consumer to the location where the table or schedule begins. For example, a term triggering additional disclosures may be accompanied by a link that directly takes the consumer to the additional information.” (Emphasis added.) See, 12 C.F.R. Part 1026, Supp. I, comments 1026.16(c)(1)-1 and -2.

For closed-end credit, there are more specific provisions in section 1026.24(e) and its commentary.

  • Other Lending Implications - Section 701.31(d) requires the "equal housing lender" logo on real estate related advertising, or "any other method reasonably calculated to satisfy the notice requirement," although there is no guidance as to what this alternative may be. As a result, the logo is generally used. Also if the credit union accepts loan applications online, keep in mind that the same fair lending type considerations would be in play on web based applications as well.

Electronic Funds Transfers and Other Account Considerations – Credit unions that offer EFTs or open accounts online may want to consider that Regulation E requires certain disclosures to be made "at the time a consumer contracts for an electronic fund transfer service or before the first [EFT] is made involving an account." Where accounts are offered or opened online, Regulation CC requirements regarding the credit union's funds availability policy and another possible disclosure requirement.

Weblinking – If the credit union links to third-party websites, keep in mind NCUA's guidance on weblinking, such as "speed bumps":

COPPA – Websites can have implications under the Children's Online Privacy Protection Act (COPPA) rules. Making determinations as to the applicability of COPPA generally requires an analysis of the specific facts and circumstances of the credit union's situation against the requirements of the rule. COPPA can apply to any internet services you provide, such as online banking.  The credit union may be accessing information through things like cookies or similar internet devices that often collect nonpublic personal information. The FTC’s rule implementing COPPA is located in 16 CFR 312. If a credit union is “collecting” information from minors under the age of 13 you will need to comply with the COPPA requirements.

Overall, considering the credit union's website content from the perspective of how it would be reviewed if it were in print (e.g., an ad, an application, etc.) can be helpful in reviewing for compliance. Also, while not specific to exams, many credit unions are also considering the Americans with Disabilities Act as well when reviewing their websites.

Categories: CU Industry Blogs

ICYMI: An Overview of the CFPB's Payday Lending Rule

Fri, 02/09/2018 - 3:00am

Written by: André B. Cotten, Regulatory Compliance Counsel

Happy Friday, Compliance Friends! Last fall, one of my colleagues posted a blog about the PAL exemption under the CFPB's Payday Lending Rule. To refresh your memory, the CFPB issued a final rule in early October 2017. This rule is intended to put a stop to what the Bureau coined as,  "payday debt traps", but as written does, impact some credit unions' products. Today's blog will provide a high level overview of what's included in the CFPB's Payday Lending Rule.

Scope of the Rule

Payday loans are typically for small-dollar amounts and are due in full by the borrower's next paycheck, usually two or four weeks. From some providers, they are expensive, with annual percentage rates of over 300 percent or even higher. As a condition on the loan, sometimes the borrower writes a post-dated check for the full balance, including fees, or allows the lender to electronically debit funds from their checking account.

With that being said, the Payday Lending Rule applies to two types of loans. First, it applies to short-term loans that have terms of 45 days or less, including typical 14-day and 30-day payday loans, as well as short-term vehicle title loans that are usually made for 30-day terms, and longer-term balloon-payment loans. The rule also has underwriting requirements for these loans.

Second, certain parts of the rule apply to longer-term loans with terms of more than 45 days that have (a) a cost of credit that exceeds 36 percent per annum; and (b) a form of "leveraged payment mechanism" that gives the credit union a right to withdraw payments from the member's account. The payments part of the rule applies to both categories of loans. Note, at this time, the CFPB is not finalizing the ability-to-repay portions of the rule as to covered longer-term loans other than those with balloon payments.

The rule excludes or exempts several types of member credit, including: (1) loans extended solely to finance the purchase of a car or other member good in which the good secures the loan; (2) home mortgages and other loans secured by real property or a dwelling if recorded or perfected; (3) credit cards; (4) student loans; (5) non-recourse pawn loans; (6) overdraft services and lines of credit; (7) wage advance programs; (8) no-cost advances; (9) alternative loans (i.e. meet the requirements of NCUA's PAL program); and accommodation loans.

Ability-to-Repay Requirements and Alternative Requirements for Covered Short-Term Loans

The CFPB has indicated that it is concerned about payday loans being heavily marketed to financially vulnerable members. Faced with other challenging financial circumstances, these borrowers sometimes end up in a revolving cycle of debt.

Thus, the CFPB included ability to repay requirements in the Payday Lending Rule. The rule will require credit unions to determine that a member will have the ability to repay the loans according to the terms of the covered short-term or longer-term balloon-payment loans.

The first set of requirements addresses the underwriting of these loans. A credit union, before making a covered short-term or longer-term balloon-payment loan, must make a reasonable determination that the member would be able to make the payments on the loan and be able to meet the member's basic living expenses and other major financial obligations without needing to re-borrow over the following 30 days. The rule specifically lists the following requirements:

  • Verify the member's net monthly income using a reliable record of income payment;
  • Verify the member's monthly debt obligations using a national consumer report;
  • Verify the member's monthly housing costs using a national consumer report if possible, or otherwise rely on the member's written statement of monthly housing expenses;
  • Forecast a reasonable amount of basic living expenses, other than debt obligations an housing costs; and
  • Determine the member's ability to repay the loan based on the credit union's projections of the member's residual income or debt-to-income ratio.

Furthermore, a credit union is prohibited from making a covered short-term loan to a member who has already taken out three covered short-term or longer-term balloon-payment loans within 30 days of each other, for 30 days after the third loan is no longer outstanding.

Second, and in the alternative, credit unions are allowed to make a covered short-term loan without meeting all the specific underwriting criteria set out above, as long as the loan satisfies certain prescribed terms, the member meets specified borrowing history conditions, and the required disclosures are provided to the member. Among other conditions, under this alternative approach, credit unions are allowed to make up to three covered short-term loans in short succession, provided that the first loan has a principal amount no larger than $500, the second loan has a principal amount at least one-third smaller than the principal amount on the first loan, i.e. below $350, and the third loan has a principal amount at least two-thirds smaller than the principal amount on the first loan, i.e. below $167.

In addition, the rule does not permit a credit union to make a covered short-term loan under the alternative requirements if it would result in the member having more than six covered short-term loans during a consecutive 12-month period or being in debt for more than 90 days on covered short-term loans during a consecutive 12-month period. The rule also does not permit credit unions to take vehicle security in connection with loans that are made according to this alternative approach.

Payment Practice Rules

The cycle of taking on new debt to pay back old debt can turn a single, unaffordable loan into a long-term revolving debt cycle. The consequences of this ongoing debt can be severe. For example, a credit union's repeated attempts to debit payments can add significant penalties, as overdue members get hit with insufficient funds fees and may even have their checking account closed.

As a result, the Payday Lending Rule is also intended to prevent credit unions from making multiple attempts to withdraw payment from member's accounts in connection with a short-term, longer-term balloon-payment, or high-cost longer-term loan. The rule prohibits additional attempts after the credit union's second consecutive attempt to withdraw payments from the accounts from which the prior attempts were made have failed due to a lack of sufficient funds, unless the credit union obtains the members' new and specific authorization to make further withdrawals from the accounts.

This prohibition on further withdrawal attempts applies whether the two failed attempts are initiated through a single payment channel or different channels, such as the automated clearinghouse system and the check network. The rule requires that credit unions must provide notice to members when the prohibition has been triggered and follow certain procedures in obtaining new authorizations.

In addition to the requirements related to the prohibition on further payment withdrawal attempts, a credit union is required to provide a written notice, depending on means of delivery, a certain number of days before its first attempt to withdraw payment or before an attempt to withdraw a nonconforming payment. The notice must contain key information about the upcoming payment attempt, and if applicable, alert the member to unusual payment attempts. A credit union is permitted to provide electronic notices as long as the member consents to electronic communications requirements.

Update on the Payday Lending Rule

Recently, the CFPB issued a press release that stated the Bureau intends to engage in a rulemaking process so that the CFPB may reconsider the Payday Rule. The Bureau also indicated that it may waive the April 16, 2018 deadline for preliminary approval to become a registered information system ("RIS") under the Payday Rule. NAFCU will continue to closely monitor the CFPB as its new leadership sets its pace and agenda.

Categories: CU Industry Blogs

The Final Prepaid Rule: Version 3.0; Refresher on the EU's GDPR

Wed, 02/07/2018 - 5:00am

Written by Elizabeth M. Young LaBerge, Senior Regulatory Compliance Counsel

Since 1982, no less than seven different cuts of Ridley Scott's science fiction masterpiece Blade Runner have been shown to theater audiences. The initial workprint version didn't test well, so the studio re-cut it, adding a rightfully maligned voice-over and a preposterous "happy ending." Both the director and generations of film snobs-to-come found it insufferable. A version with extended, more violent fight scenes was released for international audiences, and a version with toned down violence and nudity was produced for television broadcast. In the early 90's, positive responses to an unauthorized release of the original workprint prompted the 1992 release of a director's cut version, but Ridley Scott still didn't feel he had sufficient time or control to finish it the way he wanted. In 2007, Scott was able to make the version he wanted -- the "Final Cut" -- which was released with the 25th Anniversary Edition blu-ray. Blade Runner is one of my favorite movies, and it proves that, sometimes to get something right you need a quarter of a century and at least seven iterations.

Which is to say, the CFPB is still working on the Prepaids Rule.

The initial proposed rule was released on December 23, 2014, with following corrections to the proposal being released February 5, 2015. The rule went final for the first time on November 22, 2016, with an effective date of October 1, 2017. Less than 4 months later, on March 15, 2017 the Bureau issued another proposal, recognizing some issues with implementation of the final rule, seeking more time for additional adjustments and suggesting the effective date be delayed six months. That proposal went final on April 25, 2017, with a new effective date of April 1, 2018. However, the Bureau did believe further adjustments were necessary, and on June 29, 2017, another proposal was issued, delaying the implementation date further and proposing changes to the regulation. While it has not yet been published in the Federal Register, the Bureau has released the third Final Rule on prepaids, and the new effective date is April 1, 2019.

With all this rule writing and rewriting, one of the more painful parts of this process has been identifying the regulatory language that would be current on the effective date. On that front, the CFPB has done us a solid: they finally released an unofficial, informal redline of the rule, allowing compliance personnel to read the rules as a whole. The redline is even bookmarked!

The FINAL Final Rule

The most recent final rule makes several changes to the rule, most significant of which is the April 1, 2019 effective date. Other changes include:

  • Revising the error resolution and limited liability provisions so that they only apply to prepaid accounts that are registered with the credit union and for which the identity of the account holder has been verified;
  • Creating limited exceptions to the credit-related provisions to address situations where a credit card is liked to a digital wallet;
  • Expanding situations where an account issuer can run a negative balance, if certain conditions are met;
  • Making clarifications and minor adjustments to several provisions in Regulation E, including the definition of a prepaid account, unsolicited issuance of access devices, pre-acquisition disclosure requirements and submission of prepaid account agreements; and
  • Technical corrections!

Refresher on the European Union's GDPR

 The NAFCU Compliance Team has seen an uptick in questions about the scope of the European Union's General Data Protection Regulation (GDPR). Apparently some vendors are raising the red flag for their clients. NAFCU recently hosted a webcast (for purchase) on the GDPR which credit unions may find helpful. We also blogged about the GDPR in May of last year, and that might be worth revisiting: Privacy Laws from Across the Pond: Scoping Out the GDPR.

The GDPR's scope is drawn very broadly. It does not require the credit union to have a location in the EU or for the website user to be an EU citizen or resident for the rule to apply. Here is a section from that prior blog post:


The Directive applied mostly to organizations that had an establishment or "means of processing" physically located within the EU. The GDPR, however, expands the application of EU privacy law to organizations not located in the EU, but doing certain business in the EU.

For entities that do not have an establishment in the EU, the GDPR applies to any organization that processes the personal data of natural persons in the EU under two circumstances: 1) when offering them goods or services, even if it's not in return for payment, or 2) in monitoring their behavior which takes place within the EU. See, EU Regulation 2016/679, Ch. 1, Art. 3(2)."

The full post contains more detail, including the definitions that are necessary to really understand this scope. However, even if the credit union falls within the scope, there is still a question as to whether and when compliance with the rule may be appropriate for individual credit unions. It is not clear how the European Union would enforce the law against organizations without a presence in the EU. Neither the CFPB nor NCUA have indicated an appetite to examine for it. Credit unions seeking a realistic assessment of the risk that GDPR noncompliance would pose to the credit union should speak with an attorney experienced in international law. A proper assessment of this risk should help the credit union assess whether GDPR compliance is appropriate and necessary at this time.

Categories: CU Industry Blogs

Home is Where You Make It: RV Loan Disclosure Rules; New HMDA Tool

Mon, 02/05/2018 - 3:04am

Written By: Reginald Watson, Regulatory Compliance Counsel

Happy Monday! The perils of winter often lead my mind to drift back to last summer when I spent time exploring some of the beautiful American landscape with my brother and his bandmates aboard a funky-looking RV. Being more settled into my role as a compliance practitioner, I sometimes find myself wondering about the nuances in the rules and how the financing disclosures cover similar yet slightly different secured transactions. I recently embarked upon a journey to fully investigate the disclosure rules with regard to recreational vehicles and found that the more I read, the more tripped up I became. Upon returning from this expedition, I've decided to share what I learned with you, my compliance friends. This blog will discuss the disclosure rules for recreational vehicles, boats and trailers.

The confusion when it comes to recreational vehicles arises from the fact that their characterization as either personal property versus real property is state specific, with most states taking the personal property approach. This tends to get even hazier when a borrower decides to make the RV their primary dwelling. Thus, it can be difficult to figure out which regulations apply since every situation does not neatly fit into either category, which is something the TILA-RESPA integrated disclosure (TRID) rules don't seem to want anything to do with. It seems the Bureau only intended for TRID to apply to loans secured by land (and cooperatives starting October 2018). The TRID preamble explains that applying the integrated disclosure rules to loans secured by personal property, including "chattel-dwelling" loans, "could reduce the intended consumer benefit of the disclosures because of those loans' unique characteristics. Excluding them from coverage of these integrated disclosures, however, would not excuse them from [TILA/Regulation Z's general] disclosure requirements."

Although an RV would not be considered a dwelling for TRID as well as most RESPA rules, it could be considered a dwelling for other purposes under sections 1026.17 and 1026.18 of Reg Z. These rules apply to all closed-end consumer credit transactions, including those that are secured by personal property that is not a dwelling and those that are secured by personal property that is a dwelling, but is not also real property. These disclosure would include things like the itemization of the amount financed, the finance charge, the annual percentage rate, the interest rate, the payment schedule, the number of payments, and any applicable late and prepayment fees among other requirements. See, 12 C.F.R. §1026.18 and related commentary.

Parts of Regulation Z have specific scope provisions, so there are rules that discuss applicability to a “dwelling” or a “principal dwelling” depending on the rule. Meanwhile, the staff commentary to the definition of "dwelling" clarifies that this can include RVs. Here's an excerpt from the commentary for reference:

1026.2(a)(19) Dwelling

  1. Scope. A dwelling need not be the consumer's principal residence to fit the definition, and thus a vacation or second home could be a dwelling. However, for purposes of the definition of residential mortgage transaction and the right to rescind, a dwelling must be the principal residence of the consumer. (See the commentary to §§1026.2(a)(24), 1026.15, and 1026.23.)
  2. Use as a residence. Mobile homes, boats, and trailers are dwellings if they are in fact used as residences, just as are condominium and cooperative units. Recreational vehicles, campers, and the like not used as residences are not dwellings. (Emphasis added).

Determining that an RV is used as a residence, or a principal residence, will impact when a loan on an RV or boat would be subject to a particular rule(i.e. the right to rescind only attaches if the dwelling is the borrower's principal residence).As another example, the requirement to provide periodic statements for residential mortgages applies for closed-end loans secured by a dwelling. The higher-priced mortgage loan escrow rule applies to certain loans secured by a first position lien on a principal dwelling. Generally, the regulations permit a consumer to have only one "principal dwelling," which is discussed in further detail in the CFPB’s staff commentary.

What about rules besides Reg Z and RESPA? Looking at both Regulation B's appraisal disclosure rules and HMDA's reporting rules, these have exclusions for recreational vehicles and boats. See, 12 C.F.R. 1002.14(b)(2), and Interp 1 to 12 C.F.R. §1003.2(f)-Comment 3. I hope you enjoy this photo of the RV from last summer's tour, somewhere in West Virginia I presume:


HMDA LAR Formatting Tool

CFPB has launched a new formatting tool intended to help credit unions, typically those with small volumes of covered loans and applications, create an electronic file that can be submitted to the HMDA Platform. The 2018 LAR Formatting Tool should be used for data collected in 2018 and reported in 2019. The 2018 LAR Formatting Tool and the updated 2018 Filing Instructions Guide can be accessed from the Bureau's HMDA resources website.

Categories: CU Industry Blogs

ADA Litigation Update: One Down, More to Go

Fri, 02/02/2018 - 4:00am

Written by Pamela Yu, Special Counsel for Compliance and Research

Last Friday, a federal judge in Virginia granted a credit union's motion to dismiss in a lawsuit alleging the credit union's website was not compliant with the Americans with Disabilities Act (ADA).  The ruling represents a big initial victory for credit unions facing growing litigation threats over unclear website accessibility requirements under the ADA.

The Shakedown

Credit unions nationwide have faced a tide of lawsuits and demand letters over the past year relative to the ADA.  Currently, the ADA and the Department of Justice's (DOJ) implementing regulations are silent on website accessibility standards, and the DOJ recently removed an earlier initiative from its rulemaking agenda and withdrew two advanced notices of proposed rulemaking on the subject.  See, 82 Fed. Reg. 60932 (Dec. 26, 2017).  Ambiguities in the law have spawned a new cottage industry for opportunistic plaintiffs' attorneys looking to make a quick dollar off the backs of credit unions and other well-intentioned entities.  Generally the shakedown goes something like this:  lawyers send multiple, identical demand letters alleging ADA website violations to credit unions, banks, and other entities throughout a targeted state on behalf of one unnamed, repeat complainant, then settle for several thousand dollars per case. If the case doesn't settle, the lawyers file suit. 

Some credit unions are making the business decision to settle, but others have decided to fight the charges in federal court. 

Carroll v. Northwest Federal Credit Union

In the first of these cases involving a credit union to be decided by the court, the plaintiff generally alleged that he is a visually-impaired individual who visited the credit union's website but was unable to navigate the website due to accessibility barriers and, as a result, was denied the full use and enjoyment of the facilities and services of the credit union.  However, the plaintiff did not allege he was a member of the credit union or even clearly within the credit union's limited field of membership (multiple-common bond).  See, Carroll v. Northwest Federal Credit Union, No. 1:17-cv-01205, slip. op. at 5 (E.D. Va. Jan. 26, 2018).

NAFCU filed a brief as amicus curiae (i.e., "friend of the court") in support of the defendant credit union's motion to dismiss on the grounds that, among other things, a website is not a place of public accommodation under Title III of the ADA and the plaintiff lacked standing to sue because he was not a member of the credit union.  

A Credit Union Win

The court's January 26th decision granted the credit union's motion to dismiss, ruling that the plaintiff did not have standing to sue the credit union because he was not a member or eligible for membership and would not likely use the credit union's services.  The court therefore determined the plaintiff did not sufficiently establish an injury-in-fact:

"Here, the defendant, Northwest Federal Credit Union ("Northwest FCU"), is a credit union chartered by the Federal government which only includes a specific membership field. . . . Plaintiff is not included in this membership field, nor has he alleged any facts in his Complaint to suggest he is [a member] or otherwise eligible to become a member of Northwest FCU.  As a result, Plaintiff is unable to deposit money in, or obtain a loan or other services from Defendant. 

Plaintiff is unable to show that he has suffered an injury in fact or that there is certain impending future harm.  [Plaintiff] cannot make this showing because he has not established that he is entitled, or would ever be entitled, to utilize any services provided by Northwest FCU." Carroll v. Northwest Federal Credit Union, No. 1:17-cv-01205, slip. op. at 5 (E.D. Va. Jan. 26, 2018).

In addition, the court found that a website is not a place of public accommodation subject to Title III ADA protections:

"Plaintiff's claim also fails because the website is not a place of public accommodation.  Title III of the ADA prohibits discrimination in public accommodations based on disability.  The statute provides for a list of entities that are considered public accommodations.  Notably absent from the list is the term "website".  Not only is "website" not found on the list, but the statute does not list anything that is not a brick and mortar "place".  Over the years Congress has extensively amended the ADA; however, at no point did Congress choose to add websites as a public accommodation."  Id. (citations omitted).

The War Rages On

The decision is a huge first win for credit unions in the battle against these unwarranted ADA legal actions.  But the war is not over.  The lower court's decision is not considered binding under common law principles: “A single district court decision . . . has little precedential effect[, and i]t is not binding on . . . other district judges in the same district.” See, U.S. v. Articles of Drug Consisting of 203 Paper Bags, 818 F.2d 569, 572 (7th Cir. 1987).

Other judges in the same district and in various other federal jurisdictions will likely consider similar credit union ADA cases soon. While the decision in Carroll is persuasive authority—especially as it is the first case to rule on whether credit union membership is necessary to establish standing—the decision is not binding precedent on other courts or federal jurisdictions. 

NAFCU has filed three additional amicus briefs to support credit unions in several similar cases, and on January 5th NAFCU stood with one of those credit unions while the judge heard oral arguments on their motion to dismiss.  We will continue to fight for our members against these unfair suits.  Meanwhile, the plaintiff in Carroll has filed an amended complaint.  Because the court dismissed the case "without prejudice," the plaintiff was free to amend his complaint and refile a new suit.  Notably, however, the plaintiff is still not a member of the credit union.  Stay tuned

For more information about ADA website litigation and NAFCU's ongoing efforts to stand up for credit unions on this issue, please visit our dedicated ADA webpage here.

Categories: CU Industry Blogs

RDC Patent Infringement Letters; Court Issues Motion to Dismiss in ADA Case

Mon, 01/29/2018 - 3:30am

Written by Brandy Bruyere, VP of Regulatory Compliance

In recent weeks, NAFCU has heard from multiple credit unions who have received letters from a firm alleging that the credit union's remote deposit capture function infringes on USAA's patents in this area. As widely reported in many news outlets, USAA started developing RDC technology in 2005 and now holds about 50 RDC-related patents. In 2012, USAA was involved in a dispute with another RDC provider, where the parties claimed each side infringed on the other's patents. The case ultimately ended in a settlement in 2014. Then, in 2017, noting that USAA wanted to "work toward recovering the investment" the institution made in RDC technology, USAA began sending letters to financial institutions via a law firm called Epicenter Law. In more recent months, credit unions have also started to receive similar correspondence.

Specifically, the letters "invite" the credit union to pay a licensing fee (unspecified in amount) to patent USAA's rights that are allegedly infringed by the credit union's RDC program. While the letters stress that the attorneys "are not litigation counsel" but rather focus on negotiating "patent licensing deals," the issue is still raising questions from credit unions.

If you receive a letter or have questions on this topic, a good place to reach out is to the credit union's RDC vendor(s). The credit union's agreement with the particular vendors may address indemnification in these kinds of claims. Our understanding is that at least some vendors have taken the position that their technology is not infringing on USAA's patents, and some vendors have even taken the position that they are not aware of any patent infringement by the vendor's technology – but that position may vary from vendor to vendor. NAFCU continues to monitor this issue and will keep members posted of any activity that develops.

ADA Motion to Dismiss. A federal judge in Virginia issued an order granting a credit union's motion to dismiss in a case claiming the credit union's website was not compliant with the ADA. NAFCU filed an amicus brief in this case supporting the credit union's arguments and continues to fight for credit unions on this issue. Credit unions can find more information on ADA website litigation here.

Lawyer Dog. Sometimes I wonder how much English my dog actually understands. I spend a large portion of my evenings policing Lemmy so he will not steal Nolan's food. Last week, I sternly told Lemmy to go to bed because he came pretty close to taking a PB&J from Nolan. Lemmy interpreted my order and went to bed but this is the barest of compliance, in my opinion.

Categories: CU Industry Blogs

Considering Medical Information under the FCRA; Housing & Alternative Credit Scores Research

Fri, 01/26/2018 - 4:13pm

Written by Elizabeth M. Young LaBerge, Senior Regulatory Compliance Counsel

Good morning, Credit Union Compliance World!

In a short space of time, your NAFCU Regulatory Compliance Team got pinged with a couple different versions of the same question – when can credit unions consider medical information in making credit decisions? It's an area where most credit unions don't have a lot of traffic.

Credit union compliance officers clearly have an instinct is that this is an Equal Credit Opportunity Act (ECOA) issue. This makes sense because it speaks to our sense of fairness, but neither ECOA nor Regulation B address the question. However, it is dealt with fairly directly by the FACTA amendments to the FCRA.

Section 604(g)(2) of the FCRA (codified at 15 U.SC. § 1681b(g)(2)) generally prohibits credit unions from obtaining or using medical information in connection with any determination for credit. This applies to any creditor and "medical information" is defined to include any information relating to physical, mental or behavioral health of an individual.

The medical information does not need to come from a credit report for this prohibition to be implicated. It is important to understand that the prohibition against using medical information applies regardless of how the credit union obtained the medical information. The information could be received from the member directly, or from their friends or family.

Subpart D of Regulation V implements the medical information provisions of the FCRA. Section 1022.30 contains the general prohibition against obtaining or using medical information in credit decisions, unless an exception is met.

While the rule prohibits obtaining medical information, it also addresses that this information is often provided to credit unions completely unsolicited. Section 1022.30(c) states that if unsolicited medical information is shared with the credit union, the credit union has not violated the prohibition. However, to use that information, the credit union would need to meet an exception under the rule.

Section 1022.30 contains several exceptions to this general prohibition which may apply, including a financial exception, an exception for special credit-related assistance programs for those with medical conditions, an exception for forbearance programs triggered by medical conditions or events, an exception for following the member's documented request to accommodate a particular circumstance, and more. Below is more detail on the financial exception.

Financial Exception

The financial exception allows a creditor to obtain and use medical information as long as the information is the "type of information routinely used in making credit edibility determination, such as information relating to debts, expenses, income, benefits, assets, collateral, or the purpose of the loan, including the use of proceeds." The information can only be used in a manner and to an extent that it is no less favorable that comparable non-medical information. To illustrate, the credit union could consider that an applicant owes medical bills related to oncology to the same extent that it would consider similar bills not related to a medical issue. The bills can be considered as a liability affecting their income and assets, but the applicant's implicit need for oncology treatment should not be considered. The credit union cannot consider the applicant's physical, mental or behavioral health, condition or history, type of treatment, or prognosis into account. 12 C.F.R. § 1022.30(d)(1).

So, if an applicant makes a disclosure of medical information during a loan application process or asks for loss mitigation assistance in connection with a medical crisis, the credit union might review section 1022.30 closely to ensure it is in compliance when requesting or considering any medical information in connection with a loan. Another thing to consider is whether state laws in your jurisdiction regarding fair lending or disability protections have prohibitions against considering medical information or the member's medical condition in a credit decision.

Housing & Alternative Credit Scores Research

NAFCU is conducting research to help us in our advocacy efforts on your behalf. We want to hear about your credit union's health, mortgage lending and views on alternative credit scores. If you have a moment, please take the time to complete this survey. The survey will be open through this Friday.

Categories: CU Industry Blogs

OFAC Blacklists the "Thieves-in-Law" Crime Syndicate; January 2018 BSA Blast

Thu, 01/25/2018 - 3:48pm

Written by Shari R. Pogach, Regulatory Paralegal

Thieves-in-Law, another organized criminal network to be on the lookout for.  And, no, this is not a joke..................

Late last month, the U.S. Department of the Treasury's (Treasury) Office of Foreign Assets Control (OFAC) announced it was targeting one of Russia's oldest and most notorious organized criminal gangs – "Vory v Zakone" or "Thieves-in-Law" (Thieves).  The announcement indicated the criminal network was being targeted for "its involvement in serious transnational criminal activities" across the globe. Ever heard of them?  I hadn't.

As a group, the Thieves-in-Law originated in the former Soviet Union's Stalinist prison camps and gulags.  This Wikipedia entry provides some history along with the rules of conduct for its members.  Members are required to have served several jail sentences, not allowed to get married and take an oath to uphold the group's code that includes living only off their criminal profits and supporting other Thieves members.

Now, apparently, its members are the heads of a vast underworld network that has spread throughout the former Soviet Union, Europe and the United States to the great financial centers.  As a criminal organization, it has engaged in money laundering, extortion, bribery, robbery, identity theft and trafficking.

Individual Thieves engaging in criminal activity in the United States have been targeted by U.S. law enforcement before, but Treasury's designation of the whole network as a "Transnational Criminal Organization" is the first action to treat them as a single group. As OFAC Director John E. Smith stated, “Treasury is designating the Thieves-in-Law as part of a broader strategy to disrupt the financial infrastructure of transnational criminal organizations that pose a threat to the United States and our allies.”      

The Treasury action also targeted 10 individuals and two entities linked to the Thieves-in-Law organization.  This action generally prohibits U.S. persons from conducting financial or other transactions with these individuals and entities, and freezes any assets they may have under U.S. jurisdiction.


BSA Blast.  It's 2018 and the first quarter January issue of the BSA Blast is now available. (NAFCU login required).  The articles in this issue cover: 1) a Texas community bank's civil money penalty lesson on the importance of "Knowing Your Customer"; and 2) Citibank's banking regulator fines it $70 million for not correcting its BSA/AML compliance issues.  The BSA training quiz included in this issue focuses on Currency Transaction Reports (CTRs).

Categories: CU Industry Blogs

314(b): Beware of Oversharing

Wed, 01/24/2018 - 4:00am

Written by Jennifer Aguilar, Regulatory Compliance Counsel

Under section 314(b) of the Patriot Act, credit unions, and other financial institutions, are permitted to share information with one another regarding individuals they suspect may be involved in terrorist or money laundering activities. Those institutions who elect to share information under 314(b) are provided with a safe harbor from liability if they notify FinCEN of their intent to share, verify that the institution with whom it will share information with has also notified FinCEN of its intent to share, use the shared information only for the permissible purposes and have procedures in place to protect the shared information. See, 31 C.F.R. § 1010.540(b).

One question that often comes up for 314(b) sharing is what type of information can be shared under the safe harbor. Of course, any information directly related to possible terrorist and money laundering activities may be shared, but what about other types of suspected criminal activities, such as fraud? Information about these types of activities can be shared under the 314(b) safe harbor, but only in certain circumstances. FinCEN guidance in this area can be a bit confusing so it's helpful to break it down into a few steps to determine when credit unions are permitted to share information about these types of activities:

  1. Whether the credit union suspects a specified unlawful activity has occurred;
  2. Whether a transaction involving the proceeds from that activity has taken place; and
  3. Whether that transaction is part of a terrorist or money laundering scheme.

First, what types of activities are considered "specified unlawful activities" (SUAs)? FinCEN guidance points to the Patriot Act to determine which activities are SUAs. The Act defines a "specified unlawful activity" rather broadly to include financial transactions resulting from the distribution of controlled substances or extortion, fraud, bribery, trafficking and counterfeiting, as well as many other federal criminal offenses. See, 18 U.S.C. § 1956(c)(7). So, the first step in determining whether information can be shared under 314(b)'s safe harbor is to review the activity involved and establish that a SUA has occurred or that the credit union suspects a SUA has occurred.

Second, has a transaction involving the proceeds from a SUA taken place? FinCEN 2009-G002 explains that a credit union may share information if it "suspects that the transaction may involve the proceeds of one or more SUAs." This phrasing is important because it establishes the fact that the credit union must first suspect that a SUA has occurred. Additionally, FinCEN 2012-R006 explains that a credit union may not share information solely to determine whether a SUA has occurred. This means that sharing in order establish a suspicion that a SUA has occurred is not permissible; sharing is only permitted once the credit union has already established that it suspects a specified unlawful activity has occurred.

For example, suppose John Doe is a pusher for Jane Doe's international drug operation. John sells the drugs then deposits the proceeds at ABC credit union. Under FinCEN guidance, ABC may not share information in order to determine whether the proceeds came from drug sales. However, ABC may share information once it suspects that the proceeds are from drug sales.

Finally, is the transaction part of a terrorist or money laundering scheme? FinCEN 2009-G002 explains that the purpose of 314(b) sharing is "to identify and report activities that the financial institution 'suspects may involve possible terrorist financing or money laundering.'" Even if the credit union suspects that a transaction involved the proceeds from an SUA, it may only share information if it also suspects that the SUA relates to terrorist or money laundering activities. In the fraud context, this means that even if the credit union suspects a fraud has occurred and there is a transaction involving the proceeds from that fraud, the credit union may only share information about that fraud if the credit union also suspects the fraud is part of a terrorist or money laundering scheme.

When it comes to sharing information about SUAs, a credit union would need to review all the facts involved and ensure that all three elements have been satisfied: the credit union knows or suspects a SUA has occurred, a transaction involving the proceeds from that SUA has occurred and that transaction is part of terrorist or money laundering activities. It is important that all three of these elements are present in order to stay within the 314(b) safe harbor. Sharing information about fraud may be important to help prevent further harm, but, if the fraud does not relate to terrorist or money laundering activities, a credit union may lose its safe harbor protection by oversharing. This of course does not mean that the credit union cannot do anything – state law may allow the credit union to report the fraud to the local police and, depending on the circumstances, a SAR may be appropriate.

Categories: CU Industry Blogs

Some Things Never Change: HMDA Commercial Loan Reporting; So, I heard something juicy...a Note from Carrie Hunt

Mon, 01/22/2018 - 3:00am

Written By Reginald Watson, Regulatory Compliance Counsel

HMDA has switched from a purpose-based standard to a dwelling-secured rule in terms of scope for loans where the credit union has taken "final action" on or after January 1, 2018; however, there is an exception for business purpose loans that has been tripping up some of our members as they adjust to the new normal. Fear not, some things just don't change. This blog will discuss how to address business loans in this new landscape and the particular issues that arise with loans for mixed-use (residential and commercial) purposes.

Under the old Regulation C, closed-end, business or commercial purpose loans made to purchase, refinance or improve a dwelling were reportable under HMDA. While the CFPB shifts transaction coverage away from the purpose-based scope for consumer loans in new Regulation C, it does not do so for commercial or business purpose loans. Instead, it retains the same purpose-based scope of reportable business or commercial purpose transactions by excluding all other business or commercial loans or lines of credit not made for the three specific purposes of home purchase, refinancing, or home improvement. Thus, a closed-end mortgage loan or an open-end line of credit that is, or will be, made primarily for a business or commercial purpose is excluded from the new definition of a covered loan, unless the loan or line of credit is a home purchase loan, a home improvement loan or a refinancing as defined in the new section 1003.2.

To figure out whether to use the dwelling-based approach versus the purpose-based approach, the credit union in each case may look to whether a closed-end mortgage loan or an open-end line of credit is for a business or commercial purpose. This analysis might be simple in many cases, but gets a little trickier in "mixed-use" situations where a property is used for both residential and commercial purposes, for example, a loan to improve the heating system in a building containing apartment units and retail space.

The new HMDA rule clarifies that a property used for both residential and commercial purposes is a dwelling if the property's primary use is residential. The rule also grants credit unions the discretion to use any reasonable standard to determine the primary use of the property on a case-by-case basis. Here is the commentary for reference:

  1. Mixed-use properties. A property used for both residential and commercial purposes, such as a building containing apartment units and retail space, is a dwelling if the property's primary use is residential. An institution may use any reasonable standard to determine the primary use of the property, such as by square footage or by the income generated. An institution may select the standard to apply on a case-by-case basis.

There is some discussion in the preamble to the rule as well but not much on what might be a "reasonable standard." However, the rule contains a similar provision for determining whether a loan is for agricultural purposes, so while not directly on point, that preamble discussion may be somewhat informative.

Sometimes credit unions also ask about loan purpose. That's a bit of a different issue, but the commentary to new section 1003.3(c)(10) indicates that section 1026.3(a) of Regulation Z and its commentary inform whether the loan is for business or commercial purposes.


So, I heard something juicy…A note from Carrie Hunt, NAFCU EVP of Government Affairs and General Counsel

At NAFCU we hear a lot of rumors- some true and some just pulp fiction.  Part of what we do is to figure out fact from falsehood.  One of our latest pieces of intel came from the Sunshine State.  We were hearing there was some new law or rule in Florida that was restricting credit union expansions to 5% of a county's population.  So, upon slicing in, we discovered that there is no formal rule/statute limiting a field of membership expansion to 5 percent of a county’s population.  HOWEVER, the Florida Office of Financial Regulation (OFR) may limit expansion on a case-by-case basis.  It seems that their concern is that a credit union with a field of membership of only 5,000, trying to expand to a field of membership of 100,000, would be too extreme of a move. As a result, the Florida OFR sometimes set limits based on the population size depending on how many members the credit union currently serves. 

Hmm.  I would prefer the fruit to ripen on the tree before being picked.

Categories: CU Industry Blogs

The Circle of Life: Federal Considerations for Member Decedents

Fri, 01/19/2018 - 5:24pm

Written by: André B. Cotten, Regulatory Compliance Counsel

Hello Compliance Friends! Over the holidays, I had a chance to relax, travel and check out some old and new films. One of my favorite movies will forever be Disney's The Lion King. The death of Mufasa will forever pull at my six-year old heart strings.  Today's blog will talk about what to do when Mufasa Member finds himself in a wildebeest stampede and the circle of life suddenly closes.

As compliance practitioners, I am sure that you are aware a lot of these issues would need to be discussed with your local counsel because they directly involve state law issues. However, I have highlighted some NCUA specific and federal law issues that may serve as helpful reminders. I have segmented this post according to subject areas for your convenience.


The FCU Model Bylaws contain the following provision with regard to keeping a deceased member’s account open. You may want to review your credit union’s bylaws for a similar provision.

“(d) The share account of a deceased member (other than one held in joint tenancy with another member) may be continued until the close of the dividend period in which the administration of the deceased's estate is completed.” 12 CFR 701, App. A.

(emphasis added)

The bylaws do not address closing an account and re-opening a new one. On the other hand, an account held in joint tenancy can remain open. If it is determined that the joint tenant is not a member in his/her own right but within the credit union's field of membership, then the person would need to become a member so that the credit union would not impermissibly be offering services to a nonmember.Note, insurance may end six months after death of a member unless the account is restructured

Moreover, after a member dies, the credit union still has the responsibility to protect member funds and information. To begin, under many states' laws, absent a named beneficiary, the funds of the account are a part of the deceased member’s estate. Therefore, a credit union may need to avoid releasing the funds until the qualified representative of the estate has been named by a court or according to the applicable state’s probate laws. 

Account information is considered non-public personal information and therefore cannot be disclosed without providing an opt-out notice, unless the disclosure falls under one of the exceptions. Note, non-public personal information may be disclosed to a person holding a legal or beneficial interest relating to the member, and to persons acting in a fiduciary or representative capacity on behalf of the member.

Lastly, before closing a member account, the credit union may want to proceed with caution. Depending on its respective policy, the credit union may want to flag on the account that the owner has died, and then allow a period of time for any surviving owners or the member's estate to take ownership of the matter. The documents needed to close an account will depend on state law, the account agreement and the credit union's internal policies and procedures.

Tax Issues

To begin, one concern from a federal perspective is that having continued tax reporting of a member's social security number after the person's death can cause tax complications. Although, this may not always be possible if Mufasa Member dies later in the tax year. IRS Publication 559 contains an overview of issues involving deceased persons, and while aimed at executors of estates, has some helpful information about Form 1099.

In addition, the credit union should note that a discharge of indebtedness under a settlement agreement between a credit union and a debtor or a debtor's estate is an "identifiable event" that triggers the obligation to file Form 1099-C.  The instructions for Form 1099-C may be accessed here.


With regard to credit, the credit union's options would be determined by state law, the loan agreement, and the specific situation. Often, if the decedent was the only borrower, the credit union could be looking at making a claim against the estate.  Even though someone may be making loan payments, unless they are contractually obligated to make those payments, the credit union may want to see if an estate has been established (or if there’s some other claim that should be made, for example, if the member had life and disability insurance under which a claim could be made).  Absent a will, state law will determine the disposition of the decedent’s assets to heirs, including vehicles and real property. Often, heirs have to decide if they want to keep an asset (and likely refinance the loan), or if they want to sell the asset to pay off the credit union’s loan, etc.

In regards to mortgage loans, a lot of mortgages include due-on-sale clauses which allow the lender to call the loan upon the death of the borrower; however, there are situations in which a due-on-sale clause cannot be exercised – for example, if the property is transferred under joint tenancy.

This is the section of NCUA’s rules and regulations that references due-on-sales clauses.  Note the general prohibition on exercising a due-on-sales clause where property is transferred on the death of a joint tenant or tenant in the entirety, or transferred to a spouse or children, as discussed in 12 CFR 701.21(g)(6). Overall, this is a fact specific analysis that the credit union may want to review with local counsel.

Special Issues

There is a rule that Social Security benefits are not paid for the month that Mufasa Member dies. Here is the Social Security Regulation:

Ҥ404.311 When does my entitlement to old-age benefits begin and end?


(b) We will find your entitlement to old-age benefits ends with the month before the month you die.”

This seems unfair and actually legislation has been introduced in the past on this topic but the way the rule is written, even if a member dies on the last day of a month, the member is not entitled to Social Security benefits for that entire month. Here is an excerpt from a Social Security guide:

“If the deceased was receiving Social Security benefits, you must return the benefit received for the month of death or any later months. For example, if the person dies in July, you must return the benefit paid in August. If benefits were paid by direct deposit, contact the bank or other financial institution. Request that any funds received for the month of death or later be returned to Social Security. If the benefits were paid by check, do not cash any checks received for the month in which the person dies or later. Return the checks to Social Security as soon as possible. However, eligible family members may be able to receive death benefits for the month in which the beneficiary died.”

There is guidance with regards to check reclamations specifically. The Social Security Program Operations Manual has a section on electronic funds transfer reclamations and a section on check reclamations.

The Department of Treasury’s Green Book  also addresses check reclamations more specifically including how to reply to a "Notice of Reclamation" and when there may be a right to protest.


As I previously mentioned, when the circle of life closes on a member, there are numerous state law issues that are implicated, and a credit union will need to consult with local counsel to determine how best to draft and modify its policies. However, there are some NCUA and federal law issues that are implicated when a member dies, and credit unions will need to maintain policies that strike a balance between state law, federal regulations, and the business needs of the credit union.

Editor's Note: As helpful insight from a blog reader, I added information about NCUA's 6-month grace period for decedent accounts. I modified this post on Friday, January 19, 2018 to provide a more through legal analysis and to be a more complete resource for NAFCU's members.

Categories: CU Industry Blogs

Upcoming ACH Rules And Resources

Wed, 01/17/2018 - 3:00am

Written By Stephanie Lyon, Regulatory Compliance Counsel

NACHA has been fairly busy these past few years finalizing and updating rules, issuing bulletins and seeking industry comments for new rules to make ACH transactions faster. A couple of ACH rule deadlines are looming, so it is a good time to review these rules, highlight resources and give you a heads up on things you may have missed from last year.

Same Day ACH Phase 3

Most credit unions that originate ACHs are well aware of the Same Day ACH rule that was passed a couple of years ago to expedite the sending and receiving of ACHs. As of today, the deadlines for Phase 1 and Phase 2 are long gone, paving the way for the effective date of March 16, 2018 for Same Day ACH Phase 3. Folks, this is only 58 days away!

Here is a table that details the different requirements of each implementation phase, highlighting Phase 3 requirements:

As noted on the table, the current NACHA requirement under Phase 2 is that credit unions give credit for same day ACHs by the end of the credit union's processing day. You can review Phase II requirements in more detail in this previous blog. Phase 3 establishes a more streamline funds availability timeline that requires Receiving Depositary Financial Institutions (RDFIs) to make same day ACHs credits available for withdrawal by 5:00pm RDFI's local time. While becoming an ACH originator is still optional, credits unions that receive ACHs are all bound by this requirement.

To make the process of complying with Phase 3 easier, NACHA published several resources available in its Resource Center, including its revised Guidance for RDFIs on Meeting Phase 3 Requirements. The guidance is especially helpful in determining the credit union's local time in cases where the RDFI's geographic footprint is not limited to one time zone.

Third-Party Sender Customer Due Diligence

Another ACH compliance deadline that is also around the corner is the registration of Third-Party Sender members by March 1st, 2018. This requirement became effective in September 2017 to promote consistent customer due diligence among all Originating Financial Institutions (ODFIs). The rule generally requires that all ODFIs register their Third-Party Sender members or, in the alternative, confirm that the ODFI does not have any Third-Party Sender members. See, revised NACHA Op. Rules, Art. II, 2.15.1.

NACHA rules define a Third-Party Sender as "an organization that is not an Originator that authorized an ODFI or a Third-Party Service Provider to transmit, for its account or the account of another Third-Party Sender a credit entry, debit entry, or non-monetary entry to the Receiver’s account at the RDFI." As part of the rule, NACHA expects that credit unions will have effective procedures to determine if a corporate/business member is a Third-Party Sender. If the credit union is unsure whether a member is considered a Third-Party Sender, it may want to use NACHA's Third-Party Sender Identification Tool for assistance with this determination and/or contact their counsel.

The registration process for Third-Party Sender members can be found here. Some of the information required to be disclosed will be:

  • The ODFI’s name and contact information;
  • the name and principal business location of the Third-Party Sender;
  • the ODFI’s routing number used in ACH transactions originated for the Third-Party Sender member; and
  • the company identification(s) of the Third-Party Sender. 

Note that if for some reason the credit union later discovers an unregistered Third-Party Sender member, the credit union will have 10 days from the date it discovers the member to register them in the database.

Aside from the initial registration, the NACHA rules will also require supplemental registration for Third-Party Sender members if the credit union receives a request from NACHA for additional information. See, revised NACHA Op. Rules, App. 8, Pt. 8.4. The rule only gives the credit union 10 banking days to respond to supplemental information request so the credit union may want to obtain this information for all Third-Party Sender members ahead of time to avoid having to chase down this information later on.

Among the supplemental information that can be requested by NACHA is:

  • Any doing-business-as names, taxpayer identification number(s), and street and website address(es) of the Third-Party Sender;
  • the name and contact information for the Third-Party Sender’s contact person;
  • names and titles of the Third-Party Sender’s principals;
  • the approximate number of Originators for which the Third-Party Sender transmits entries; and
  • a statement as to whether the Third-Party Sender transmits debit entries, credit entries or both. 

Additional information on Third-Party Sender registration requirements can be found here and in ACH Operations Bulletin #2-2014: ACH Transactions Involving Third-Party Senders and Other Payments Intermediaries.

Recent ACH Operations Bulletins

Towards the end of the year, NACHA release a couple of Operations Bulletins that may have flown under the radar. The first one is ACH Operations Bulletin #3-2017, released September 2017. Unlike most NACHA Operations Bulletins, this was not made public because it details fraud mitigation strategies for social media schemes. Each NACHA member should have received this bulletin, but if for some reason you cannot find it, you may want to contact NACHA to get a copy.

The second Operations Bulleting was #4-2017, issued November 2017. The bulletin provides risk mitigation strategies for consumer-to-other-consumer (C2C) debits for financial institutions and their service providers. Something to note from this bulletin is that "NACHA strongly discourages ODFIs from facilitating these payments unless the ODFI is certain of its full compliance with all rules that apply to the origination of all ACH debits, regardless of the nature of the Originator." So if your credit union is considering offering C2C debits, this is a good bulletin to keep in mind when establishing internal controls.

Finally, NAFCU recently hosted a webcast on ACH Operating Rules in 2018 that is available on-demand and goes over all these rule changes as well as NACHA rule proposals and available resources.

Categories: CU Industry Blogs

Tax Reform Questions; Programming Note

Fri, 01/12/2018 - 5:00am

Written by Brandy Bruyere, Vice President of Regulatory Compliance

On December 15, 2017, Congress passed the Tax Cuts and Jobs Act (TCJA). NAFCU advocated for credit unions' interests all year while tax reform was high on Congress' agenda, and the credit union tax exemption remained intact, even with the substantial reforms to the tax code. However, the TCJA did make some changes impacting credit unions. NAFCU put together a summary of these changes that may help folks in various areas of your credit union, but here's a few questions the NAFCU compliance team has been receiving from members.

What happened to the home equity interest deduction?

One of the changes in the TCJA that has caused confusion relates to the extent that interest paid on "home equity" loans is deductible. Some news outlets reported rather generally that home equity interest is no longer deductible under the TCJA, but it seems to be more complicated than that. The tax code distinguishes between "acquisition indebtedness" and other "home equity indebtedness." Of note, loans that a borrower takes out to "substantially improve" a property fall into the "acquisition" category, so it seems this home loan interest will remain deductible. However, a loan that accesses home equity for other purposes, such as to finance the purchase of a vehicle, would not be deductible through 2025.

Do we have to pay excise tax on certain compensation?

Another change is that credit unions will be subject to an excise tax on compensation in excess of $1 million. This will apply to an organization's top 5 highest paid employees – although that group can, over time, actually include more than five employees because that "club," so to speak, has permanent membership. If an employee is in the top five paid staff in 2018, but falls out of the top five in 2019, that person is still categorized as "top five" under the code. The rate for this excise tax is the corporate tax rate, which is 21% under the TCJA.

"Compensation" means pay that is reportable in box 1 of an employee's W-2 and for which there is not a "substantial risk of forfeiture" of that income. From talking to credit unions, it seems that some deferred compensation from 457(f) plans vests in one single year, which is where some credit unions may have staff that reach this $1 million threshold. Others have a different vesting dates which can help manage to what extent compensation may exceed that $1 million threshold, since the year the deferred compensation vests is the year it is counted as compensation for purposes of these rules. Also of note, distributions from 457(b) plans and 401(k) plans are excluded from this threshold.

The TCJA also removes an exemption from excise taxes for non-profit institutions relating to certain excess parachute payments to any employee that is "highly compensated" under the IRS definitions for qualified plans, which is a salary of $120,000 or more in 2018. Apparently these payments are those made when an employee leaves the organization, and equal or exceed three times the employee's annual salary.

NAFCU is reaching out to the IRS to discuss the need for guidance and clarification with the implementation of these provisions.

Related Note – Private Mortgage Insurance

The deduction for private mortgage insurance expired on December 31, 2016. Many credit unions are in the process of providing the data needed to produce 1098 forms for members by the end of the month in order to comply with IRS reporting requirements. The TCJA did not extend the PMI deduction, but a bill was introduced in Congress to extend some deductions, including the PMI deduction. If passed, PMI paid in 2017 could become deductible. While NAFCU's Legislative Affairs Team sees support for this bill on Capitol Hill, Congress is tackling some issues that are very politically charged, such as immigration and border security. The bill could pass, but perhaps not in time for credit unions to meet the January 31 deadline for 1098 reporting.

NAFCU called the IRS helpline for 1098 reporting and confirmed that so long as the law does not allow the deduction of PMI, this box should not be completed on the 1098. However, if Congress were to pass a bill making PMI deductible for 2017 at a later date, the IRS may issue guidance on how to proceed but helpline staff stated that one likely outcome is that 1098 reporters may need to file amended 1098 forms to reflect PMI paid in 2017. The IRS will update as the situation develops.

Programming Note - Martin Luther King Jr. Day

NAFCU's offices will be closing at noon on Friday and all day on Monday in recognition of Martin Luther King Jr. Day on January 15th. We will be back to  blogging on Wednesday, January 17th.

Categories: CU Industry Blogs

Marijuana Banking Just Got More Complicated

Wed, 01/10/2018 - 4:00am

Written by Pamela Yu, Special Counsel for Compliance and Research

Well, we can't say we didn't see this coming...we blogged back in March, 2017 on what the change in administration might mean for marijuana banking, and the federal government announced a change in its policy towards marijuana enforcement late last week.

U.S. Attorney General Jeff Sessions changes DOJ's position on marijuana.

In a move long forecasted by many legal and policy observers, last Thursday the attorney general issued a memorandum to rescind Obama-era guidance on federal enforcement of marijuana. Released just days after California became the latest (and largest) state to begin sales of recreational marijuana, the memo directs "all U.S. Attorneys to use previously established prosecutorial principles," in marijuana enforcement, thus eliminating the already-limited guidance that provided some measure of direction in navigating the conflict between federal illegality and state legality of marijuana. This policy shift will significantly heighten risks for credit unions serving state-authorized marijuana-related businesses or operating in states with legalized cannabis.

Sessions' memo rescinds a 2013 directive, written by then-Deputy Attorney General James M. Cole, which instructed federal prosecutors to focus its marijuana enforcement efforts on eight priorities, including keeping marijuana out of the hands of minors and black market criminals and cartels.  It also rolls back a 2014 Cole memo that directed U.S. Attorneys to apply the same eight enforcement priorities in prosecuting financial crimes based on transactions involving marijuana proceeds.  The so-called Cole memo guidance had cleared up some of the uncertainty about how federal prosecutors would address the conflict of laws as states began allowing sales of marijuana for medical and recreational use. 

Today, 29 states and the District of Columbia (DC) permit medical marijuana and, of those, eight states and DC also allow adult-use recreational marijuana. A recent Gallup poll shows that public support for the legalization of marijuana is at an all-time high, with 64 percent of Americans favoring legalization, including for the first time a majority of Republicans (51 percent now support legalizing marijuana).  Nevertheless, marijuana remains a schedule 1 substance under the federal Controlled Substances Act. Thus, a litany of federal criminal statutes may be implicated for credit unions handling marijuana-related funds.

So what does this mean for credit unions?  In short, providing financial services in states where marijuana is legal under state law just got a lot more complicated. 

Marijuana Banking

At this point, is unclear whether the rescission of the Cole memo guidance will mean a federal crackdown on state-sanctioned marijuana.  The roll-back of formal guidance with respect to marijuana enforcement has created a policy void (note that the memo eliminates prior directives but does not replace them with new guidance) but it is too soon to tell if enforcement will significantly increase.  In effect, the Sessions memo empowers the country's 93 U.S. Attorneys to exercise prosecutorial discretion in their respective jurisdictions. We don't know how prosecutors will use this discretion—some jurisdictions may take a more aggressive enforcement posture while others may not—but the door is now open for federal officials to carry out enforcement against marijuana activities in states that have legalized cannabis.  This creates significant legal uncertainty for credit unions that have been serving marijuana-related businesses under the auspices of the Cole memo guidance. 

There are some existing barriers to marijuana enforcement that remain in place.  For example, the Rohrabacher-Blumenauer (also known as Rohrabacher-Farr) appropriations bill provision that has been in place since December 2014 prohibits the Department of Justice (DOJ) from using federal funds to prevent states "from implementing their own state laws that authorize the use, distribution, possession or cultivation of medical marijuana."  However, the provision must be renewed each fiscal year in order to remain in effect and its protections apply only to medical marijuana, leaving particularly vulnerable those credit unions operating in recreational states.

 BSA Compliance

 In 2014, as a supplement to the Cole memo on marijuana-related financial crimes, the Financial Crimes Enforcement Network (FinCEN) issued guidance to clarify "how financial institutions can provide services to marijuana-related businesses consistent with their BSA obligations." See, FIN-2014-G001.   Despite limited protections, together the Cole memos and FinCEN guidance created a framework for credit unions to serve marijuana-related businesses consistent with their legal and compliance obligations. 

However, as we previously cautioned, FinCEN's guidance depends heavily on the enforcement posture articulated in the Cole memos. Now that those memos have been reversed, credit unions can no longer rely on the FinCEN guidance for serving marijuana-businesses, significantly heightening BSA compliance risks. To add fuel to the fire, some credit unions may now be questioning whether their compliance with FinCEN's 2014 instruction to file either a "Marijuana Limited," a "Marijuana Priority," or a "Marijuana Termination" suspicious activity report (SAR) for each transaction involving marijuana-related funds has created a damning paper trail for federal prosecutors.  FinCEN and the DOJ have yet to offer any assurance that SARs issued under FIN-2014-G001 will not be used to prosecute financial crimes, even against those who relied on the guidance in good faith.  While it is perhaps unlikely that marijuana SARs will be used as evidence for the widespread prosecution of financial institutions, it is not outside the realm of possibility that federal authorities could make an example out of a bank or credit union to send the message that federal marijuana enforcement priorities have changed. Regardless, the increased liability and compliance risk will certainly have a chilling effect on the ability for credit unions to provide services to marijuana-related businesses. It is likely FinCEN will release additional guidance or information soon in light of these changes.

Momentum for Change

On a more optimistic note, Thursday's rescission may create momentum for congressional action on marijuana.  Marijuana banking advocates on the Hill have been challenged in mobilizing change.  The uncertainties created by Sessions' action could actually galvanize support in Congress to find a legislative solution to the conflict between federal and state drug laws. With support for marijuana protections in both parties the attorney general's tougher stance on marijuana could—ironically—become the impetus for a statutory solution for marijuana banking.

Categories: CU Industry Blogs

Breaking Down the TRID Fix: Rate Lock Revised LEs Are One and Done

Mon, 01/08/2018 - 5:00am

Written by Elizabeth M. Young LaBerge, Senior Regulatory Compliance Counsel

How's 2018 treating you so far, credit union compliance world?

My year started out right. Last week, I contacted the CFPB through their Regulatory Inquiry website and got a call back same day. That's a response time that the NAFCU Regulatory Compliance Team can appreciate. And the informal answer from the Bureau: you don't have to do any extra work unless you want to. So I'm batting a thousand so far.

The Question: Rate Lock Revisions and the 2013 Preamble

Subsection 1026.19(e)(3)(iv) describes when a revised Loan Estimate can be used to reset tolerances. The subsection contains five paragraphs describing five sets of circumstances where a revised Loan Estimate can be issued and used to reset tolerance for good faith purposes. Four of these circumstances are permissive, meaning that a revised Loan Estimate can, but is not required to be, issued. In other words, if the credit union decides that reissuing the Loan Estimate is not worth the cost, it can chose not to, though it won't be able to reset tolerances due to the event.

One of the circumstances is not voluntary, it's required. That's paragraph 19(e)(3)(iv)(D). If the rate was not locked when the initial Loan Estimate was provided, and the applicant locks in the rate, a revised Loan Estimate is mandatory. The language of this paragraph is quite specific:

"(D) Interest rate dependent charges. The points or lender credits change because the interest rate was not locked when the disclosures required under paragraph (e)(1)(i) of this section were provided. No later than three business days after the date the interest rate is locked, the creditor shall provide a revised version of the disclosures required under paragraph (e)(1)(i) of this section to the consumer with the revised interest rate, the points disclosed pursuant to §1026.37(f)(1), lender credits, and any other interest rate dependent charges and terms.” 12 C.F.R. § 1026.419(e)(3)(iv)(D) (Emphasis added).

Nothing in the regulation or the commentary directly addresses what happens when a rate lock agreement is entered into, the rate is locked, and then the lock expires. The 2013 preamble to original TRID referenced rate lock expiration, but only very briefly:

"Upon a review of the proposed rule text and commentary, the Bureau acknowledges that the  requires redisclosure where a rate lock agreement does not exist. But the Bureau intended that § 1026.19(e)(3)(iv)(D) only applies in situation where a rate lock agreement has been entered into between the creditor and borrower, or where such agreement has expired." 79 Fed. Reg. 79833 (Emphasis added).

But as you can see, paragraph 19(e)(3)(iv)(D) is pretty narrowly drawn. Reading a requirement into that paragraph to redisclose at the time a locked rate expires would be difficult to do.

The Answer: TRID Fix and Informal Guidance from the Bureau

In the TRID Fix amendments, the Bureau sought to clarify that the requirement to issue a revised disclosure under paragraph 19(e)(3)(iv)(D) would not apply repeatedly. In the preamble, the Bureau stated:

"When a revised Loan Estimate is provided as required by § 1026.19(e)(3)(iv)(D), the rate lock information disclosed pursuant to § 1026.37(a)(13)(i) must be updated to reflect the expiration date of the interest rate disclosed, regardless of any changes to the disclosed interest rate or interest rate-related charges. Once the interest rate is subject to a rate lock agreement, § 1026.19(e)(3)(iv)(D) does not subsequently require the disclosure of a revised Loan Estimate." 82 Fed. Reg. 37682 (Emphasis added).

So, no revised Loan Estimate is triggered under paragraph 19(e)(3)(iv)(D) when the rate lock expires. A change in circumstances may exist allowing a revised Loan Estimate to be issued and used to reset tolerances under another paragraph in subsection 1026.19(e)(3)(iv), but that would be at the credit union's option.

However, we still wanted to check on another variable. What if a second rate lock agreement is entered into with the borrower regarding the same application? Would each rate lock agreement create a new obligation to issue a revised Loan Estimate each time the rate was locked?

The Bureau's informal guidance indicated that the answer was no. The Bureau stated that paragraph 19(e)(3)(iv)(D) would apply only once. If the rate is locked again or the rate expires again, the credit union may wish to issue a revised Loan Estimate for the borrower's information and to ensure clarity; or it may wish to issue a revised Loan Estimate under another paragraph in subsection 1026.19(e)(3)(iv) to reset tolerances; but it is not required to do so by the regulation.

Good to know!


Categories: CU Industry Blogs

FinCEN SAR Stats; Sessions Releases Marijuana Memo; Request for BSAAG Nominees

Thu, 01/04/2018 - 3:26pm

Written by Shari R. Pogach, Regulatory Paralegal

Have you ever wondered what happened to the Financial Crimes Enforcement Network's (FinCEN) Suspicious Activity Report Statistics (SAR Stats)?  Well the data is still available; it's just gone totally interactive.

If you go to FinCEN's website, you can find a link for "SAR Statistics."

This link goes to the interactive report generator page:


The drop down boxes allow for filtering of the statistical data according to:  industry type; year & month; suspicious activity category/type; states/territories; county/metro & micro area; instrument type(s)/payment mechanism(s); product type; relationship; and regulator.  Each drop down allows for all, one, or multiple filter categories.  Once you have determined your filters, you can then generate a report and export it to a CSV file or to a PDF for further study.

FinCEN's FAQ/Glossary page cautions the statistics are:

"Statistical data for SARs are updated as information is processed and refreshed data is periodically made available for this tool. For this reason, there may be discrepancies between the statistical figures returned from queries performed at different times. In addition, slight differences in query criteria may return different statistical results. Also note that the statistics generated by this tool do not include SAR fields that contain unknown or blank data. To the extent statistics including blank or unknown data are tabulated outside of this tool for other purposes, there may be discrepancies between statistics generated by this tool and those generated through other means. FinCEN makes no claims, promises or guarantees about the accuracy or completeness of the statistical figures provided from this tool and expressly disclaims liability for errors, omissions, or discrepancies in the statistical figures."

Still, the generated reports can indicate trends in your area, state or region of your part of the country and can be a useful additional resource for BSA compliance personnel.  The website indicates the data has been updated as of November 30, 2017.


Sessions Releases Marijuana Memo.  Attorney General Jeff Sessions released a memorandum on federal marijuana enforcement policy.  Basically the Department of Justice has rescinded the Obama administration policy of non-interference with marijuana-friendly state laws.  Look for more on this in a blog next week.


BSAAG.  FinCEN is asking for nominees for membership on the Bank Secrecy Act Advisory Group (BSSAG).  New members will be selected for three-year membership terms.  If you would like more information or are interested in having NAFCU submit you as a candidate, please email Senior Regulatory Affairs Counsel Michael Emancipator at by January 15 as potential nominees must be submitted to FinCEN by January 26, 2018.

Categories: CU Industry Blogs

New Year, New Priorities: NCUA's 2018 Supervisory Priorities; New HMDA Tools Available

Wed, 01/03/2018 - 4:00am

Written by Jennifer Aguilar, Regulatory Compliance Counsel

Welcome to 2018!

I hope everyone had a wonderful and safe holiday season. As we recover from our holiday hangovers, its time to start thinking about all the things we want to accomplish this year. Whether it’s a personal goal like finally taking that vacation you've been planning for the past five years, or a professional one like sharpening your skills by attending Regulatory Compliance Seminar, we all have our priorities for the year. NCUA is no different.

In the last letter to credit unions of 2017, NCUA outlined its examination priorities for 2018. While many of their priorities remain the same as last year, they added a few that are discussed below. As a starting point, here are the ones that haven't changed: internal controls and fraud prevention, interest rate and liquidity risk, commercial lending and the Military Lending Act. The new priorities are addressed below.

Cybersecurity Assessment. While this was an NCUA priority in 2017, NCUA announced that it will be implementing its Automated Cybersecurity Examination Tool (ACET) in 2018. This tool will allow examiners to assess a credit union's cyber preparedness and will be used in examinations for credit unions with more than $1 billion in assets. As the ACET is based off the FFIEC's Cybersecurity Assessment Tool (CAT), NCUA encourages credit unions to continue to use the CAT to self-assess their cybersecurity risks. NAFCU's Cybersecurity Compliance webpage provides a number of useful resources for credit unions, including our editable, self-tallying CAT Workbook (member login required) that was updated last month.

Bank Secrecy Act Compliance. BSA compliance was also a priority in 2017; however, NCUA has changed the focus of its examinations from money service businesses to the new customer due diligence regulations. These new requirements become mandatory May 11, 2018, so examiners will be assessing compliance beginning in the second half of 2018. NCUA recommends credit unions review its BSA webpage for additional information and resources. To assist credit unions with these new rules, NAFCU has blogged on the new rule, triggering events for account review and the technical amendments and has published an article on the new rule (member login required). FinCEN has also published a few FAQs on the new rule. We expect additional FinCEN guidance in the coming months.

Automobile Lending. Examiners will look more closely at those credit unions with higher risk auto lending programs. Higher risk programs are those with maturities over seven years, high loan-to-value ratios, near-prime or subprime loans or indirect lending programs. NCUA recommends credit unions review its supervisory letter on concentration risk for more information. For indirect lending programs, credit unions may also want to review NCUA's report on What to Look out for When Managing an Indirect Lending Program and Letter to Credit Unions 10-CU-05.

HMDA. As part of its 2018 priorities, NCUA announced that it will look for "good faith efforts to comply" with the new HMDA rules. While credit unions subject to HMDA are still required to collect and report data following the new rules, NCUA indicated that examiners will simply review LARs and help credit unions determine their compliance weaknesses in both data collection and reporting. As long as credit unions are making good faith efforts to comply with all the new requirements, examiners will credit those efforts. NCUA also announced that it will not cite violations nor require data resubmissions unless the errors are material. More information on NCUA's 2018 HMDA examinations can be found in last week's blog. Credit unions may find it helpful to review the CFPB's HMDA implementation and Resources for HMDA Filers webpages and NAFCU's HMDA Compliance webpage which includes a number of charts, articles and blogs on the new rules.

Overdrafts. Examiners will review credit unions' compliance with Regulation E's overdraft rules. Section 1005.17 provides a number of requirements for overdraft programs, including requiring members to opt-in before certain fees can be assessed. Model Form A-9 provides a sample opt-in form. While the 2018 priorities refer only to Regulation E, credit unions may also want to review the overdraft rules contained in the Truth in Savings rule. Section 707.4 requires overdraft fees to be disclosed in a credit union's account opening disclosures and section 707.11 requires overdraft fees be disclosed on periodic statements and provides rules for advertising an overdraft program. Credit unions may also find it helpful to review Letter to Credit Unions 05-CU-03 which includes NCUA's Interagency Guidance on Overdraft Protection Programs and NAFCU's blogs on overdraft programs.

* * *

New HMDA Tools Available. Last week, the CFPB announced that its check digit tool and its rate spread calculator are now available. The check digit tool provides the last two digits of the ULI and verifies the check digit is calculated correctly. More information on the check digit can be found in this prior NAFCU blog. The rate spread calculator provides the rate spread for a loan with a final action date of January 1, 2018 or later.

Categories: CU Industry Blogs

CFPB Issues HMDA Compliance Statement, Will Revisit Rule; Year End Tax Changes

Wed, 12/27/2017 - 3:30am

Written by Brandy Bruyere, Vice President of Regulatory Compliance

I hope everyone had a safe and enjoyable holiday. As many credit unions are finalizing implementation of HMDA changes ahead of the January 1, 2018 deadline, some had hoped for a broader delay of HMDA given new leadership at the CFPB. Instead on December 21, just in time for the holidays, the CFPB expanded on its previous (and buried) supervisory guidance. Here is an excerpt from the press release:

The Bureau recognizes the significant systems and operational challenges needed to meet the impending requirements under the rule. Accordingly, for HMDA data collected in 2018 and reported in 2019, the Bureau does not intend to require financial institutions to resubmit data unless data errors are material, or to pay penalties with respect to data errors. Accordingly, collection and submission of the 2018 HMDA data will provide financial institutions an opportunity to focus on identifying any gaps in their implementation of the additional requirements and making improvements in their HMDA compliance management systems for future years. The Bureau expects that any supervisory examinations of 2018 HMDA data will be diagnostic, to help institutions identify compliance weaknesses, and will credit good-faith compliance efforts. (Emphasis added.)

Note that the focus for examining compliance with 2018 data collection will be "diagnostic" for "identifying any gaps" in implementation. Most credit unions are not examined by the CFPB, but NCUA indicated a very similar stance in its 2018 supervisory priorities, also issued on Thursday:

Beginning in the second quarter, examiners will perform limited reviews of quarterly Loan/Application Registers (LAR), when applicable, to evaluate federal credit unions’ good faith efforts to comply with…amendments to Regulation C…The NCUA’s review of 2018 HMDA data will be diagnostic in nature, designed to help credit unions identify compliance weaknesses in collecting 2018 data for submission in 2019, and will credit good faith compliance efforts.

Recognizing the impending January 1, 2018 effective date of the Bureau’s amendments to Regulation C and the significant systems and operational challenges needed to adjust to the revised regulation, for HMDA data collected in 2018 and reported in 2019, the NCUA does not intend to cite violations for data errors found in the quarterly LARs, nor require data resubmission unless data errors are material. Furthermore, the NCUA does not intend to assess penalties with respect to errors in data collected in 2018 and reported in 2019. However, credit unions subject to HMDA reporting must still collect the data, establish a quarterly LAR, and submit 2018 data by the March 1, 2019 deadline.

Collection and submission of the 2018 HMDA data will provide credit unions an opportunity to identify any gaps in their implementation of amended Regulation C and make improvements in their HMDA compliance management systems for future years… (Emphasis added.)

In addition, the CFPB indicated its intent to initiate rulemaking to "reconsider various aspects" of the HMDA rule including the scope of reportable transactions, institutions that must report, and the number of discretionary data points:

"More specifically, the rulemaking may re-examine lending-activity criteria that determine whether institutions are required to report mortgage data. The rulemaking may also look at adjusting the new requirements to report certain types of transactions. Finally, the rulemaking may re-assess the additional information that the rule requires beyond the new data points specified under the Dodd-Frank Act."

We'll keep members posted as this develops and in the meantime, we're here if anyone has any last minute HMDA questions.


Tax Bill Impacts Executive Compensation. The recent tax reform bill made certain executive compensation taxable which may impact some credit unions. The year is ending soon though, so credit unions using non-qualified deferred compensation plans may want to reach out to their plan providers before the end of the year to discuss possible changes to make prior to January 1, 2018.


Programming Note. In observance of the New Year, NAFCU will be closed on Friday, December 29 and Monday, January 1. We'll be back to blogging next Wednesday, January 3. We wish you all a safe and happy New Year!


Sled Ride. We took Nolan on a pre-holiday trip to Ohio, where he got to experience his first sled ride. He had a blast. 


Categories: CU Industry Blogs