Reg. E Foreign Remittance Rule

Great day, y'all!

At a mere 31 pages, the CFPB International Fund Transfers, Small Entity Compliance Guide is a must for home or office.  Small enough to go anywhere; big enough for the really tough jobs. (Sorry, practicing for my next gig as infomercial spokesperson)

On October 17, 2012, the CFPB released its guide for the Reg. E Foreign Remittance Transfer rule which will take effect 02/07/13.  If your bank plans to permit your consumer customers to electronically send funds outside the U.S., you should take advantage of this overview of the new Reg. E rule; it’s straight from the horse’s…uh…mouth.  In addition, the Bureau plans to have a replay of its wildly entertaining Remittance Rule Overview webinar that was attended by thousands this afternoon.  

http://files.consumerfinance.gov/f/201210_cfpb_small_business_guide.pdf

And remember, it makes a great gift for the holidays!

Your partner in the madness!

The Long and Winding Road

In 1938 the Wheeler-Lea Act amended section 5 of the Federal Trade Commission Act to declare unfair or deceptive acts or practices in commerce illegal and expanded the FTC’s authority to include consumer protection. Adopted as a companion amendment to the 1938 Federal Food, Drug, and Cosmetic Act, which granted the FDA authority over the food and drug industry, medical devices, and cosmetics, as well as establishing mandatory pre-market drug approvals, the amendment gave the FTC authority over drug advertisements.

While the instigating factor was unfair or deceptive acts or practices relating to the advertisement of drugs, the amendment was drafted much broader, specifically: “Unfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.” (Note the focus on commerce - not consumers!) While the prohibition applies to all engaged in commerce, the FTC was not granted authority over banks, savings and loan institutions, or Federal credit unions.

In 1975, the FTC Act was amended to require the banking agencies to establish consumer complaint processes and take action on complaints alleging unfair or deceptive practices. (Note the focus on consumers – not commerce!) This amendment prompted the FRB to issue Regulation AA, Subpart A establishing the consumer complaint process. Over the course of time, Congress took action on specific abusive, unfair, or deceptive acts or practices, resulting in regulations such as those covering TILA, Fair Credit, Home Equity, TISA, HOEPA, and Privacy – but none of the agencies adopted a regulation covering the broad topic of “unfair or deceptive acts or practices.”

Oh, they skirted the topic from time to time. In 1980 the FRB issued a policy statement on unfairness, followed by a policy statement on deception in 1983. And in 1985, Regulation AA was expanded to include Subpart B “for the purpose of preventing specific unfair or deceptive acts or practices of banks.” Beginning in 2002, the agencies issued various notifications to institutions of their intent to enforce the prohibitions against unfair or deceptive trade practices, based on the law and interpretations established by the courts and the FTC. And, agency examination procedures for FTC Unfair or Deceptive Acts or Practices were added to some, but not all, supervisory manuals, and no interagency exam procedures were issued.

The 2010 Dodd-Frank Act (DFA) reopened the debate as to whether the banking agencies should promulgate rules prohibiting unfair or deceptive acts or practices, and added a new category of concern – abusive. Additionally, the DFA directs the newly created CFPB to issue regulations to prevent UDAAP against consumers. (Again, note the focus on consumers – not commerce!) While to date the CFPB has not issued the required regulation, it did include UDAAP procedures in its examination manual.

Bureau examiners are directed “to assess the quality of the regulated entity’s compliance risk management systems, including internal controls and policies and procedures, for avoiding unfair, deceptive, or abusive acts or practices.” Further, the procedures enumerate specific topics that should be covered in the institution’s policies and includes consideration of whether “internal control processes are documented” in evaluating the adequacy of the institution’s program.

Gulp! Based on the exam procedures, I feel a project plan coming on. Have you specifically identified the policies, procedures, and internal controls relating to UDAAP in your institution? Are they all documented? Does your training program specifically cover UDAAP, and do you include third party providers in UDAAP training? Do you routinely analyze (and, of course document the analysis of) consumer complaints specifically for UDAAP? Oh, wait – generally the level of formality of the program expected will be dictated by the level of risk – have you done a UDAAP risk assessment? Have you expanded the audit scope so that it “includes a review of potential unfair, deceptive, or abusive acts or practices” and is that work “performed consistent with the audit plan?” And the list goes on!

But wait – there’s more! Within the introductory information of the examination procedures, in the section Relationship to Other Laws it states: “a transaction that is in technical compliance with other federal or state laws may nevertheless violate the prohibition against UDAAPs.” The example provided relates to an advertisement that complies with TILA but contains other statements that are untrue or misleading. But what impact, if any, does UDAAP have on an institution’s use of a Model disclosure?

The FTC’s clear and conspicuous standard, which is included in the CFPB’s manual, evaluates communications with consumers based on the “four Ps” – prominence, presentation, placement, and proximity. The Model forms generally appear to meet the prominence, placement, and proximity tests. The presentation standard stated in the CFPB manual looks for an “easy-to-understand format” and the FTC version asks if the wording and format are easy for consumers to understand. Well, have you read those Model forms lately? Do we need to expand our project plan to include designing disclosures with wording and formatting that are easy for the consumer to understand AND that meet all regulatory requirements?!?!

Clearly, regulators are focused on UDAAP and consumers – just look at the recent CFPB enforcement action against Capital One based on “deceptive” practices – yet, 75 years after Congress declared “unfair or deceptive acts or practices in or affecting commerce unlawful,” we have yet to see a regulation dealing with this broad topic. The CFPB is required to issue regulation; all of the agencies continue to issue guidance relating to specific products or practices; and, examiners are including varying degrees of UDAAP reviews in examination scopes. And, my personal view is that the regulatory consumer-centric focus will ultimately expand to encompass all types of customers.

Institutions that implement a project plan addressing UDAAP now will be better positioned to respond to the new regulation and the increased regulatory focus. Determine your UDAAP-readiness by reviewing the examination procedures published by your primary regulator – and those published by the CFPB – to identify opportunities for enhancement. Then draft a plan and timeline to implement those enhancements. And, by all means, stay tuned to the agencies for breaking news!

Anchors Away and the SCRA

Usually the phrases “Servicmember’s Civil Relief Act” and “enforcement action” don’t appear in the same hemisphere let alone the same sentence. However, that combination does occur in the OCC/DOJ announcement of a 07/26/12 enforcement action against Capital One. The full text may be found at the URL below.

It’s probably been a while since you took the SCRA 101 class in Bankers School, but, if you recall, the core of the Act is that servicemembers are provided relief from certain obligations, and it temporarily suspends many judicial and administrative proceedings and transactions involving civil liabilities when their service affects their ability to meet or attend to civil matters.

We all should be avid and vocal supporters of our military men and women. However, the nature of Capital One’s crimes does not appear to fit the punishment (as often occurs in this season of enforcement actions). From the text of the settlement, it appears that the grievous nature of the crime was one of not paying attention rather than an intentional infliction of financial distress targeted on our troops.

Regardless, there are several points that community banks should take from the enforcement action because, you know, stuff always rolls down hill. Institutions should
•Have procedures for determining whether the institution has servicemembers as customers;
• Understand the special protections servicemembers are afforded;
• Have procedures for timely providing any requested SCRA benefits;
• Obtain and retain accurate and complete records that document the basis for decisions regarding servicemembers’ eligibility for SCRA benefits or protections;
• Document the institution’s compliance with the Act;
• Have adequate oversight over any third-party vendors, such as marketing, sales, servicing, credit card accounts, mortgage loans, motor vehicle finance loans, and consumer loans and lines of credit;
• Follow the letter of the law, especially with regard to any collection activity (from collection calls through the sale of the repossessed/foreclosed collateral).
http://www.occ.treas.gov/news-issuances/news-releases/2012/nr-occ-2012-115.html

As always, ABS stands ready, willing, and able to partner with you in the battle.

A New Risk Measurement?

While the Federal Reserve, the FDIC, and the Office of the Comptroller all expect a financial institution to have in place a risk management program, commensurate with the size and complexity of the institution, to identify, measure, monitor, and control risk, the categories of risk to be included in a risk management program vary across agency. All three agencies include: credit risk; liquidity risk; price/market risk; transactional/operational risk; and, compliance/legal risk. The Fed and the OCC include reputation risk; and the OCC also incorporates interest rate risk, strategic risk, and foreign exchange risk. In spite of the differences in categories of risk, the primary objective of the program is consistent across the agencies: to measure the institution’s potential risk of loss associated with its activities, given the level of mitigating factors implemented by the institution.

Enter the Consumer Financial Protection Bureau. The CFPB was established as a regulator of financial institutions to supervise banks, credit unions, and other financial companies and to enforce Federal consumer financial laws. However, its mission is to make markets for consumer financial products and services work for Americans; a somewhat different focus from the other regulatory agencies. And the difference is further highlighted in the Risk Assessment process set forth in the CFPB Supervision and Examination Manual published in September 2011. This risk assessment evaluates the “risk to consumers,” defined as “the potential for consumers to suffer economic loss or other legally-cognizable injury as a result of a violation of Federal consumer financial law.”

The two risk assessments use the same methodology; with both evaluating the inherent risk and analyzing the effectiveness of the controls to arrive at a residual risk level or, in the case of the CFPB, an overall consumer risk level. But if one approach is focused on the risk to the financial institution and the other on the risk to the consumer, are the results comparable? In a case where an institution has a high level of residual compliance risk associated with a specific product, is there an equally high level of consumer risk?

Let’s look at a few examples. If an institution makes a significant number of real estate loans in a special flood hazard area, has a history of flood violations, and has weak controls, the residual risk to the institution is high. If a consumer obtains a real estate loan in a special flood hazard area and the institution fails to require flood insurance, the risk that the consumer may suffer a loss if the area floods is also high. In spite of the difference in focus, the residual risks appear comparable – when an institution is facing a high level of compliance risk, there is also a high level of consumer risk.

In our next example, consider an institution with a history of violations relating to transaction limitations for savings accounts under Regulation D. Given the prior violations and assuming weak controls, the residual risk to the institution is high. However, under the CFPB’s definition of consumer risk, does this violation have “the potential for consumers to suffer economic loss or other legally-cognizable injury as a result of a violation of Federal consumer financial law?” Because the institution’s lack of enforcing these limitations will allow the consumer to continue to maintain the account and continue to exceed the transaction limitations, there is no harm to the consumer.

Clearly these two different risk assessment approaches do not always yield comparable results. How, then, is the institution to identify, measure, monitor, and control consumer risk? Although the CFPB does not require institutions to implement its risk assessment methodology, it appears that institutions will need to add consumer risk and the CFPB’s methodology to its current risk management program.

Another interesting difference in the CFPB’s risk assessment is the manner in which an institution’s inherent risk to consumer is mitigated or amplified by the strength or weakness of the controls. The CFPB provides a Risk Matrix similar to those developed to represent the traditional method, with inherent risk categorized as high, moderate, or low, and the quality of risk controls defined as strong, adequate, or weak.

However, under this new methodology, a high level of inherent risk cannot be mitigated to less than moderate risk level – even with strong controls. A low risk area increases to moderate risk if the risk controls are weak. And, across every inherent risk level, implementing adequate controls will not reduce the residual risk below the inherent risk level.

To illustrate, let’s apply a typical point rating system to this risk assessment analysis. Using a one-to-three scale:

• High/Weak = 3 points
• Moderate/Adequate = 2 points
• Low/Strong = 1 point

Based on the total point structure, the Overall risk categories are defined as:

• High Risk = 7 to 9 points
• Moderate Risk = 4 to 6 points
• Low Risk = 1 to 3 points

The resulting risk matrix, using the traditional risk assessment methodology is:

Whereas, under the CFPB’s new risk assessment methodology, the amplified by approach produces a very different matrix:

As you can see from this illustration, implementing strong controls will result in a decreased residual risk; however, adequate controls will never reduce the residual risk level below the inherent level. How long before an examiner tells you that adequate controls are no longer good enough?

Will your Risk Management Program withstand this new focus?

CFPB's New Service Provider Pronouncement

The CFPB, Obamacare for the financial industry, has reared its ugly head, again, and rattled the “unfair, deceptive or abusive acts or practices” sabre. The Bureau (and I don’t mean the piece of furniture where you keep your socks and underwear and sometimes hide a Christmas gift for your spouse) has announced that covered financial institutions may be held responsible for illegal actions of a service provider. Institutions are expected to be responsible for their service provider’s activities beyond the normal due diligence practices that have served the industry and consumers well for the past several decades. The Bureau’s expectations are summed up in the following bullet points:
• Conducting thorough due diligence to verify that the service provider understands and is capable of complying with Federal consumer financial law; (A nebulous expectation from a nebulous agency. Do we give them a 10 page multiple choice test to document their understanding? Is it a pass/fail grading system? And what about Spring Break?)
• Requesting and reviewing the service provider’s policies, procedures, internal controls, and training materials to ensure that the service provider conducts appropriate training and oversight of employees or agents that have consumer contact or compliance responsibilities; (Does the Bureau really believe that the large national or international service provider will turn over all the documentation that an institution needs to properly do this? And if they do, how many institutions have the staff, time, and wherewithal to properly analyze all this information provided? If they do comply, I have Las Vegas odds that the price of the service will increase.)
• Including in the contract clear expectations about compliance as well as appropriate and enforceable consequences for violating any compliance-related responsibilities, including engaging in unfair, deceptive, or abusive acts or practices; (Unfortunately, it’s the CFPB that determines what is an unfair, deceptive, or abusive acts or practice and only then when it can’t cite a violation of anything else.)
• Establishing internal controls and on-going monitoring to determine whether the service provider is complying with Federal consumer financial law; and (Again, how may large service providers will put up with this nonsense?)
• Taking prompt action to address fully any problems identified thorough the monitoring process, including terminating the relationship where appropriate. (This is the only sensible part of the expectations, and institutions are already doing this.)

Presumably, the resources that institutions would normally employ to serve their customers are thought, by the Bureau, to be better used in combatting the evils lurking in the service provider realm. Undeterred by the fact that most consumers neither care about the consumer compliance laws designed to protect them nor read the ream after ream of disclosures designed to make them better informed, the Bureau, in its never-ending quest to protect somebody from something, marches on making mountains out of molehills.

You should be concerned about this pronouncement even if your institution isn’t regulated by the CFPB. The tone set by the Bureau will, as does other kinds of…stuff, roll downhill and will be coming soon to a regulator near you.

ABS is ready, willing, and able to assist you with compliance strategies.

Model Risk Management

In April 2011, the OCC released Bulletin 2011-12, Supervisory Guidance on Model Risk Management, describing the elements of a sound program for effective management of risks arising when banks use quantitative models to make decisions. Superseding guidance issued in 2000 which focused primarily on model validation, this guidance significantly expands the elements required to meet the supervisory standards. Consistent with other risk management related supervisory guidance, all banking organizations are expected to implement a process – commensurate with the size, complexity, and risk profile of the institution - to identify, measure, monitor, and control model risk. The guidance articulates three categories of activities that should be included in your program: 1) Model Development, Implementation, and Use; 2) Model Validation; and 3) Governance, Policies, and Controls. Does your program measure up?

Model Development, Implementation, and Use

Model development is not something that most Community Banks undertake; more often, the institution acquires a model from a vendor. Nonetheless, the institution retains accountability for evaluating the model to verify that the model’s purpose, design, theory, and logic are appropriate for the institution’s intended use. The institution should, to the extent possible, obtain documentation from the vendor that sufficiently explains the: methodologies and processing components, including the mathematical operations; model merits and limitations; and integrity, relevance, and suitability of data or data proxies used.

During implementation and periodically thereafter, testing of the model should be performed and documented. The type of testing is directly correlated with the type of model; however, testing should confirm the validity and accuracy of the model’s output, re-validate the limitations and assumptions, and confirm the overall functionality and performance of the model. Testing should also include a verification of data flow between, and integration with, other related systems or models. One often overlooked testing process involves the evaluation of feedback and questions from line of business users relating to the reports provided and the model’s output. Finally, the testing should incorporate an evaluation of continued applicability of the model given current business strategy and a re-assessment of the costs and benefits associated with the model. With respect to vendor-supplied models, the vendor should provide the institution with its testing results confirming that the model performs as expected.

Model Validation

The purpose of model validation is to re-affirm that the model is performing as expected. The validation process and activities should: 1) verify that the model is aligned with design objectives and business use; 2) identify the potential impact and validity of limitations and assumptions; and, 3) generally assess the overall accuracy and soundness of the model. Validation should be performed, to the extent possible, by individuals independent of development and use of the model, but with appropriate knowledge, skills, and expertise. The validation framework should encompass three core elements: 1) evaluation of the conceptual soundness, including developmental evidence; 2) ongoing monitoring, including process verification and benchmarking; and 3) outcomes analysis, including back-testing. In addition to reviewing the results of vendor-completed validation, institutions relying on vendor-provided models are expected to perform their own periodic validation of the model. This validation should include a re-evaluation of the appropriateness of any bank-specific customization and vendor-input data and assumptions, an examination of the extent to which vendor-data is representative of the bank’s situation, and an analysis of model performance using the institution’s outcomes.

Governance, Policies, and Controls

Institutions are expected to develop and maintain strong governance, policies, and controls over model risk management. The board and senior management are expected to establish a framework for model risk management, based on a solid understanding of model risk in the aggregate, and addressing the development, implementation, use, and validation of models. Senior management is charged with responsibility for establishing adequate policies and procedures, assigning competent staff, providing oversight with respect to the development, implementation, use, validation, and corrective action associated with identified model deficiencies. Senior management is also accountable for apprising the board of the level of model risk and compliance with policy. The board ensures that risk levels are within tolerance and directs changes where required.

Internal audit, acting at the direction of the board, should assess the overall effectiveness of the model risk management framework. This includes an assessment and evaluation of: 1) the framework’s ability to address risk at the individual model and the aggregate model levels; 2) the related policies, procedures, and internal controls; and 3) the sufficiency of documentation to support the model risk management framework. Audit will also ensure that adequate validation is performed and appropriately documented, and the identified deficiencies are resolved.

Policies and procedures, consistent with the guidance, define responsibilities, include model and risk definitions, and provide for the development, implementation, use, testing, and validation of models. Policies should require maintenance of an inventory of models across the institution, incorporate standards for utilizing external resources, model accuracy, acceptable levels of discrepancies, and define procedures for resolving unacceptable discrepancies. The board will, at least annually, review and, when necessary, revise the policies and procedures to adjust for changes in market conditions, bank products and strategies, bank exposure and activities, and industry practices.

While many of the activities included in the guidance are common industry practice, regulators expect each institution to confirm that its practices conform to the principles contained therein. But it’s vital to remember, programs will vary from institution to institution; each institution’s program will be evaluated in the context of its own size, complexity, and risk profile.

We Told You So...Did You Listen? CompliancePro is STILL the ANSWER!

Last year American Bank Systems SOUNDED THE ALARM to thrifts formerly regulated by the OTS that trials lay ahead with future oversight by the OCC. Our solution then...CompliancePro...Our solution today, STILL CompliancePro.  The consequences of inaction by some institutions can be seen in the recent NY TIMES article.  Our blog entry from June 2011 is still valid today.  Let American Bank Systems help you avoid the trials of institutions like those in the article that are running for the hills, or on their way to failure.

_________________________________________________

Thursday, June 23, 2011

From the OTS to the OCC - Are You Ready?

From the OTS to the OCC - Are You Ready?

With CompliancePro^® from American Bank Systems Your Answer is YES!

As a result of the Dodd-Frank Act, which became law in 2010, all OTS thrift institutions will come under the oversight of the OCC on July 21, 2011. You may be unclear as to some of the differences between these two regulators. Below are some of the questions you should be asking yourself to assess your state of preparedness for this change, along with answers that we believe you should consider.

 

Should we expect a higher level of scrutiny according to OCC examination philosophy?

Maintaining satisfactory or better compliance examination ratings is essential to financial institution stability, especially in our current and expanding regulatory culture. The OCC has a reputation of being more assertive and intense than the OTS. They place a lot of weight on the institution’s internal compliance audits with emphasis also on written policies and procedures, and training. Comparatively, the OCC performs very little transactional testing, especially if they have confidence in the institution’s compliance risk management system and controls. Whereas the OTS may look at thirty loans during an examination, the OCC may look at as few as five. However, if deficiencies are discovered, the OCC will typically provide lower examination ratings. CompliancePro® is a time tested and proven tool to strengthen regulatory compliance programs, and ready financial institutions for examination preparedness.

 

Are we prepared to meet the OCC’s supervisory expectations for compliance risk management?

The OCC employs a risk-based supervisory philosophy focused on evaluating risk, identifying material and emerging problems, and ensuring that individual institutions take corrective action before problems compromise their safety and soundness. Institutions are expected to have a compliance risk management system which assesses risk by products/services offered and which monitors and manages compliance risk by performing regular monitoring between examinations. CompliancePro® can help you meet these expectations with its risk assessment and monitoring and issue management capabilities which provide for regular and consistent review and testing for all consumer regulated activity across lines of business, bank products and regulation.

 

Will our risk assessment process meet the standards of the OCC?

Simply speaking, the OCC’s focus on risk management is huge. This is their starting point for examinations. Whatever policies, procedures, training, or controls you have in place; it has to follow the risk assessment. While regulatory consumer compliance risk processes in large institutions are relatively well established, some small and medium sized institutions may need to improve upon their risk assessments to satisfy the OCC. If your current risk process is informal, rudimentary and undocumented, the CompliancePro® Risk Module is what you need to prepare a sound risk assessment process with our Inherent Risk and Risk Mitigation Analysis functionality, reporting and dashboard capability.

Email us at: espringer@abs-ok.com or call at 405-607-7000.

A Blog to Nowhere (being totally irrelevant but, perhaps, interesting reading)

Here is a blog entry that will have absolutely no relevance to the vast majority of banks about a form that very few Compliance Officers will ever search for in their loan files. Yet, perhaps you’ll find this interesting nonetheless. The form I mention is the Small Business Jobs Act Certification, and I mention it only because, as General Counsel for American Bank Systems, I learned about this form while adding it to our new CompliancePro® Loans system.

The certification form is required when a community bank, participating in the Small Business Lending Fund (SBLF), makes a small business loan. The SBLF is a source of capital created by the Small Business Jobs Act of 2010 to encourage community banks to make loans to small businesses. The sole purpose of the certification form is to document that none of the principals of the borrower receiving funds under the SBLF have been convicted of, or pleaded nolo contender to, a sex offense against a minor.

Now, don’t get me wrong, I am completely in favor of not loaning taxpayer money to any business run by a sex offender. But I find it interesting that, somewhere in the making of the legislation that was intended to jolt the Nation’s lagging economy, some Congress member read the bill and thought to himself or herself, “A $30 billion fund to encourage lending to small business will help put our economy back on track. Great! But wait! No funds for sex offenders!”

Again, I think that’s a good thing. It just strikes me as odd that something like that would be so important to a member of Congress in the midst of a national debate about what our economy needs. It also strikes me as odd that not all sex offenders are excluded from receiving funds; apparently Congress was not as concerned about lending to persons who commit a sex offense against an adult.

By the way, if you are a Compliance Officer and your bank is one of the few that participated in this program, you have to certify annually that the principals of the businesses that received loans are not sex offenders of the ilk described. And if you have to make such an annual certification, wouldn’t you be glad to have the borrower certification form in your loan system?

Guilty Until Proven Innocent

CFPB's announcement trumpeting their bank attack, I mean consumer help, efforts struck a chord with me, and I want to share not jus the chord but whole chorus with you.

WASHINGTON, D.C. – Today, the Consumer Financial Protection Bureau (CFPB) began accepting consumer complaints about bank accounts, including checking accounts, savings accounts, CDs, and related services.
Apparently, the consumer complaint practices of the states, OCC, FRB, and FDIC, along with those of the dreaded trial lawyers, weren’t enough to beat financial institutions into submission. The phrase from the movie, Animal House, “Thank you sir, may I have another.”, comes to mind as I consider what the Bureau (J. Edgar would be mortified at the use of this term) intends for all financial institutions.

“Deposit accounts play a critical role in the lives of most Americans, but these products and the laws governing them are complicated,” said CFPB Director Richard Cordray. “Consumers need someone on their side to keep banks and credit unions accountable—that is our job.”
Complicated? Complicated? The regulatory process has burdened the institutions and the consumers with so many rules that what once was a two-line account agreement (We’ll hold your money until you want it) has become a document the size of an Obama state-of-the-union speech, complete with applause lines. (…subject to the requirements of §229.10(c)(1) (i) through (v) and §229.10(c)(2) only with respect to the first $5,000 of funds deposited on any one banking day; but the amount of the deposit in excess of $5,000 shall be available for withdrawal not later than the ninth business day following the banking day on which funds are deposited; and…) The Bureau can uncomplicate the products by repealing a boatload of the regulations that caused the complification (to quote Pres. Bush 43).

By the way, Mr. Courderoy, “your job” hasn’t even been established yet. Your recess appointment was a clear violation of congressional rules and served to further advance the anti-business sentiment of the current administration.

Almost nine out of ten American households have at least one checking account, and many also maintain a savings account. Yet, despite the fact that they are commonplace, bank accounts can be complex and confusing.
Flying an F-16 is complex and confusing. Adding and subtracting is neither complex nor confusing. If I cannot understand how to fly an F-16, I should not be allowed to get in the cockpit. If I cannot understand how to add and subtract, I should not be allowed to open a deposit account. Maybe a new law, "No Consumer Left Behind" is in order.

Consumers can file a bank account complaint with the CFPB using the Bureau’s website, or by mail, fax, or telephone. The CFPB’s U.S.-based call centers handle calls with little or no wait times, provide services for the hearing- and speech-impaired, and have the ability to assist the public in 187 languages.
187 languages??? God bless America! The Bureau is diligently working to make it “super easy” to file a frivolous complaint against a financial institution. They, at the same time, are making it “super hard” for institutions to comply, earn a profit, and provide the necessary products and services that the consumers need and want.

The CFPB recently redesigned its website to provide a more seamless customer experience when filing a complaint or checking the status of an existing complaint. In addition, the consumerfinance.gov homepage prominently features the work the Bureau is doing to make the costs and risks of financial products clear to consumers. A new navigation bar makes it easier for all of the site’s visitors – consumers, financial institutions, and others – to access the information and tools available online.
Shouting louder in a language the hearer doesn’t understand will not help with understanding. If the regulatory language of the existing regulations (required by the regulators) is not understood by the consumer, how will adding more regulatory language help? You are simply shouting louder in a language that the consumer does not understand.

The Bureau expects banks to respond to complaints within 15 days and seeks to close all complaints within 60 days. Consumers are given a tracking number after submitting a complaint. They are then able to log in to the CFPB website at any time and check the status of their case. Each complaint will be processed individually and consumers will have the option to dispute a bank’s resolution. Sadly, the Bureau is the “ambulance chasing lawyer” (and my apologies to all ambulance chasing lawyers) of the regulatory agencies. With all the free time most bankers have, we can now spend it responding to complaints about bank pens not working, bank calendars not having pretty enough pictures, and why an overdraft fee was charged on an account where the owner spends more than he makes (sort of like Congress).

The CFPB began taking credit card inquiries and complaints when it launched on July 21, 2011. In December, the Bureau began handling complaints on mortgages and other home loans. Today’s announcement represents the third phase of the Bureau’s Consumer Response complaints program.
The Bureau’s Consumer Response team has already received and resolved thousands of complaints on mortgages and credit cards. As of February 22, 2012, the Bureau had received over 20,000 complaints, including nearly 7,000 on mortgages and almost 12,000 on credit cards. The Bureau has seen three major issue areas with respect to credit cards: consumer confusion, third-party fraud, and factual disputes between the consumer and the card issuer. For mortgages, the biggest complaint source has been foreclosures, and the majority of those complaints have been sent to companies for review and response.
A good statistic to show, and one which will never be shown, is how many of the complaints were frivolous or fraudulent on the consumer’s part. Maybe we should start our own website and trumpet these findings.

On the topic of banking accounts, the Bureau anticipates receiving complaints in five categories:
• Account opening, closing, and management;
• Deposits and withdrawals;
• Using a debit or ATM card;
• Making or receiving payments and sending money to others; and
• Problems related to low account funds.
And if we don’t receive them, we’ll manufacture the complaints so as to justify our existence. Vee haf vays (“we have ways” for all you non-German speakers) of getting the evidence to match our conclusions.

Consumers with complaints on bank accounts, credit cards, and mortgages should contact the Bureau at ConsumerFinance.gov or call 1-855-411-CFPB.
Or 1-728-662-2265 (RAT ON A BANK)

Re-Use of Credit Reports

I do not want a new credit report.
I do not want to have to retort
Or even begin to resort
To saying, “I do not like you new credit report”.

This old one seems to work just fine.
I wish the federales wouldn’t mind
If I used it just one more time
Because this old one seems to work just fine.

Oh for the “halcyon days” of yesteryear when our customers’ financial and credit information stayed the same for decades and “just a little dab (of credit research) would do ya”. In the golden years of lending, we would obtain a consumer report (we called them credit reports back then) once a year whether we needed to or not. We would happily lend, using that same credit bureau over and over and over again, oblivious to the pending storm clouds brewing in what was to become known as the Fair Credit Reporting Act. Regulators became enamored with changing how we did things here in Hooterville and wanted us to do things the big city way. So we stumbled and we bumbled and we fumbled and found ourselves more confused than we could ever have imagined.

We’ll try and sort through the confusion, give citations for extra credit reading, and come to some sense of what the FCRA expectations are with regard to two topics: Reuse of existing credit reports; Annual review of customer credit.

Can the lender reuse an existing consumer report to underwrite a new request for credit? We believe the answer to the question is “no”.

FCRA 604(a) Permissible purposes of consumer reports: …Any consumer reporting agency may furnish a consumer report under the following circumstances and no other:
(3) To a bank which it has reason to believe
(A) intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer

FCRA 607(a) Compliance procedures: …These procedures shall require that prospective users of the information identify themselves, certify the purposes for which the information is sought, and certify that the information will be used for no other purpose…

The foregoing FCRA sections mean that, in order to obtain a credit report, the lender must certify that it has a permissible purpose to obtain the report AND that the report will be used for that specific purpose and no other. If a report is "reused" to underwrite a later credit request, the credit report is being used for a purpose other than the purpose certified to at the time the report was obtained. Lenders are not permitted to obtain a credit report for the purpose of determining whether not a current credit application will be granted AND any future credit applications the customer might submit. Except in the instance of simultaneous applications for credit, one application for credit, one consumer report is the rule.

The prohibition cannot be removed by Bank policy (i.e.“Credit reports are considered valid for a period of one year from the date of the report.”) or by generic customer permission (i.e. “I understand that where appropriate, a consumer report may be obtained.”)

In addition to the regulatory prohibition, the lender may have a contractual restriction with the report provider that limits it from reusing a consumer report. The following is common verbiage found in most credit report contracts: “We certify that consumer reports, as defined by the Fair Credit Reporting Act, will be ordered only when intended to be used as a factor in establishing a consumer's eligibility for new or continued credit (i.e. modifications to existing accounts), collection of an account, insurance, licensing, employment purposes, or otherwise in connection with a legitimate business transaction involving the consumer and such reports will be used for no other purpose."

Another regulatory factor against reusing an existing consumer report to underwrite a new request is that the consumer may have placed a fraud alert or credit freeze on his or her consumer report to combat actual or suspected identity theft, and without a new credit report, a lender would be unaware of that action. The lender may perpetuate the consumer’s identity theft problem by granting credit underwritten by an old consumer report. Where a consumer report is obtained, Section 605.A(h) of the FCRA prohibits the lender from proceeding with any application for credit where a consumer report reveals that there is a fraud alert or credit freeze without first addressing the alert or freeze. The lender may find itself in legal hot water for granting credit while using an old consumer report without knowledge of the consumer’s freeze or alert or for granting credit using a new consumer report without regard to freeze or alert warnings on the consumer report.

Finally, there is the issue of providing accurate risk-based pricing (RPB) or exception notices as required by Regulation V. Without the benefit of a new consumer report, the Bank will not be able to provide an accurate risk-based pricing or exception notice. Because a consumer’s information can quickly change, using data from an old consumer report to create an RBP or exception notice could cause the Bank to violate the Regulation by providing inaccurate information in the notice with regard to credit score, factors influencing the score, etc.

Can the Bank obtain a new consumer report to review the credit of an existing loan customer? We believe that the answer to the question is generally “no”.

FCRA 604(a) Permissible purposes of consumer reports: …Any consumer reporting agency may furnish a consumer report under the following circumstances and no other:
(3) To a bank which it has reason to believe
(A) intends to use the information in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer

In the FTC’s informal Gowen staff opinion letter, it states “Your questions raise the issue of whether a creditor in a closed end credit transaction may exploit consumer reports obtained for "review" purposes in order to market its products or services. In the circumstances you described, we believe the answer is "no." The permissible purpose created by this provision, however, is limited to an account review for the purpose of deciding whether to retain or modify current account terms.

The terms of a closed-end credit transaction are predetermined and generally may not be changed unilaterally by the creditor unless the contract expressly provides for such action (e.g., in the event of default). Therefore, the creditor is unlikely to have a reason to consider "whether to retain or modify current account terms" and, thus, would not have any routine need to procure consumer reports to "review" its accounts. Second, the credit bureau must require the creditor to "certify the purposes for which the information is sought, and certify that the information will be used for no other purpose.”

In the FTC’s informal Benner staff opinion letter “Once an account is closed because the consumer has paid the debt in full (and also, in the case of an open-end account such as a credit card account, notified the creditor to close the account), it is our view that no permissible purpose exists for a CRA to provide file information on a consumer to the creditor. Because there no longer exists any account to "review" and the consumer is not applying for credit, the FCRA provides no permissible purpose for the creditor to receive a consumer report from a CRA.”

A recent FTC Staff Report notes, “A report from a CRA on the personal credit of a consumer to a business credit grantor is a “consumer report” regardless of the purpose for which the information may in fact be used. Reports obtained from CRAs on consumers retain their character as “consumer reports” even if they are subsequently furnished in connection with a commercial credit or insurance transaction.”

The regulatory cite along with the informal letters and staff report hold that review of a close-end account is not a permissible purpose to obtain a consumer report. Furthermore, use of a consumer report to review a closed-end, non-consumer credit account is also prohibited.

In order for a creditor to have a permissible purpose to obtain a consumer report to review an account, it must have an existing credit account with the consumer and must use the consumer report solely to consider taking action with respect to the account (e.g., modifying the terms of an open end account, changing the rate, etc.).

Lastly, the FCRA does not distinguish between “hard pulls”, where the credit score can be impacted and “soft pulls” where it cannot be impacted. The Bank must have a permissible purpose to obtain a consumer report in either instance. So for instances of account review, both “hard pull” and “soft pull” consumer reports come under the same restrictions.

So, as the cold, harsh regulatory climate in which we live drags us away from the cheerful warmth of the old credit report, we trudge onward with the new credit report, walking uphill both ways in waist-deep snow.