• The Landscape of Compliance: Old Pitfalls and New Challenges
  • September 15, 2011 | Author: Karla L. Reyerson
  • Law Firm: Fredrikson & Byron, P.A. - Minneapolis Office
  • Throughout the economic downturn, bank examinations have focused chiefly on safety and soundness matters, such as capital, liquidity, and asset quality. Now, as we are finally seeing some stabilization in the industry and even a few upgrades to previously weak CAMELS ratings, regulators are paying close attention to compliance matters, such as consumer protection and other operational regulatory requirements.

    Compliance downgrades carry with them significant ramifications that can harm a bank’s reputation, prevent it from completing organizational changes or expansion activities, and cost money in the form of civil money penalties and increased overhead in complying with regulatory directives.

    Dodd-Frank Act Signals Increased Focus on Consumer Protection Laws

    One of the earliest signs that bank regulators planned to increase their focus on compliance matters came out of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) enacted on July 21, 2010. The Dodd-Frank Act provides for the establishment of the Consumer Financial Protection Bureau (CFPB), which is charged with oversight of substantially all consumer protection laws, including the Truth in Lending Act (TILA), Real Estate Settlement Procedures Act of 1974 (RESPA), the Home Mortgage Disclosure Act of 1975 (HMDA), the Equal Credit Opportunity Act (ECOA), the Truth in Savings Act (TISA), the Electronic Fund Transfer Act (EFTA), and federal privacy laws.

    While the CFPB has examination authority only over large financial institutions (those with more than $10 billion in assets), its rules will apply to all financial institutions. The CFPB may also, on a sampling basis, send its own examiners to join in on examinations conducted by a bank’s primary federal regulator. Further, other federal bank regulators have signaled that they plan to enhance their focus on compliance with consumer protection laws for the banks they regulate. For example, soon after the Dodd-Frank Act was enacted, the FDIC created the Division of Depositor and Consumer Protection (DCP), which “is dedicated to depositor and consumer protection” and is designed to “provide increased visibility to the FDIC’s compliance examination and enforcement program.” Clearly, the fact that many institutions will not be examined by the CFPB does not mean they will be held to a lesser compliance standard.

    Transition from UDAP to UDAAP Raises Bar for Bank Compliance Programs

    As part of the creation of the CFPB, the Dodd-Frank Act prescribes rules for the prevention of unfair, deceptive, or abusive acts or practices in connection with consumer transactions involving financial products or services. Banks are already subject to prohibitions against unfair or deceptive acts or practices (UDAP) found in section 5 of the Federal Trade Commission Act (FTC Act) and the related regulatory restrictions of Regulation AA. However, the CFPB’s authority adds a new element to these restrictions related to acts or practices deemed to be “abusive” (hence, UDAAP).

    Under the revised standard, a bank’s act or practice may be deemed “abusive” if it (1) materially interferes with the ability of consumers to understand a term or condition of a consumer financial product or service or (2) takes unreasonable advantage of consumers’ lack of understanding of the risks, costs or conditions associated with a product or service, their inability to protect their own interests, or their reasonable reliance on the bank to act in their best interest.

    As of the time this article was written, the CFPB had not yet proposed regulations to implement these new UDAAP standards. However, federal bank regulators are not waiting for new regulations before scrutinizing the fairness of bank products and services to consumers. Instead, the regulators are using their current authority under UDAP to criticize acts or practices they believe are unfair to, or may mislead, consumers. A UDAP claim is serious, as it can lead to a public enforcement action or civil money penalties, not to mention the damage it can do to an institution’s reputation.

    Therefore, banks should not wait for UDAAP rules to be finalized before reviewing their products and services to detect potential problem areas. The OCC released Advisory Letter 2002-3 on this subject on March 22, 2002, and the FDIC and Federal Reserve Board jointly released guidance on March 11, 2004. These resources may be helpful in recognizing any potential UDAP problems. It will also help to keep in mind the Dodd-Frank Act’s definition of “abusive,” as discussed above, until proposed regulations provide additional guidance.

    CRA is Back in the Spotlight

    Another emerging trend is an increase in the number of downgrades to Community Reinvestment Act (CRA) ratings. This is largely a product of the recession and the related banking crisis. As the economy sputtered, fewer qualified borrowers within banks’ local communities were to be found. That, coupled with weak loan demand and increasingly conservative loan underwriting standards, resulted in a decrease in the number of loans some institutions made within their assessment areas, including some decreases in lending to low- and moderate-income neighborhoods.

    Another source of downgrades comes from violations involving discriminatory or other illegal credit practices. Specifically, the CRA provides that evaluation of a financial institution’s CRA performance will be adversely affected by violations of ECOA, the Fair Housing Act, the Home Ownership and Equity Protection Act, the FTC Act, RESPA or TILA. A bank that is cited for violations under these laws may experience a corresponding downgrade to its CRA rating. Reportedly, banks in some parts of the country are experiencing increasingly rigorous fair lending exams, which may account for some of the CRA downgrades.

    CRA ratings are publicly available, and the consequences of a downgrade can be significant. In addition to the damage a downgrade can do to a bank’s reputation, a “Needs to Improve” or “Substantial Noncompliance” rating can prevent a bank from completing mergers and acquisitions or reorganization activities. As regulators take a closer look at CRA compliance, institutions will want to do the same before their next CRA exam.

    Overdraft Protection Compliance Continues to Be a Hot Topic

    Federal bank regulators are also keeping a close eye on their banks’ compliance with regulations and guidance related to consumer overdraft protection plans. Following the implementation of revisions to Regulations DD and E in 2010 regarding disclosure of overdraft and returned item fees, as well as opt-in requirements for overdraft services, both the FDIC and OCC have come out with additional guidance regarding overdraft protection products. The FDIC’s guidance is already final and was included in Financial Institution Letter 61-2010 dated November 2010; compliance was expected by July 1, 2011. The OCC’s guidance was still in proposed form at the time this article was written, with a comment period deadline of August 7, 2011.

    While there are certain material differences between the FDIC’s and the OCC’s guidelines for overdraft protection programs, the general theme is that banks are expected to provide their customers with the information necessary to make informed decisions and to avoid taking advantage of customers using these programs in order to generate fee income.

    All financial institutions should become familiar with these guidelines. Even if the guidelines do not directly apply to a particular institution, they provide a useful indication of emerging industry practices. Further, regulators have been looking closely at consumer overdraft protection programs in determining whether their banks comply with UDAP requirements. Regulators may cite practices that technically comply with other bank regulations if they believe such practices are unfair, deceptive, or (in the near future) abusive.

    Regulators Continue to Cite Banks for Other Common Compliance Pitfalls

    In addition to some of the new areas of enhanced regulatory scrutiny, financial institutions continue to be cited for some common compliance pitfalls. These violations often stem from disclosure issues under TILA, TISA and RESPA, a failure to adhere to fair lending laws, inaccuracies in HMDA reporting, and flood insurance issues. Flood violations are particularly troublesome because where a violation is found, the statute provides that the regulatory agency “shall” assess civil money penalties. Many of these regulations are highly technical, and we have seen even the smallest infractions result in violations. Therefore, as institutions attempt to get up to speed on new compliance requirements, they must ensure that compliance with these and other complicated rules does not suffer.


    When the Dodd-Frank Act was signed into law, the banking industry was put on notice that some of the Acts’s provisions signaled the intent of the federal government to intensify its involvement in protecting American consumers from what appeared to be unfair, misleading or otherwise inappropriate financial products and practices. Although many of the Dodd-Frank Act consumer protection provisions are not yet in effect, it is clear that federal bank regulators are proceeding with implementing this mandate. As such, financial institutions should take a close look at their compliance programs now and recognize their next compliance examination may be anything but business as usual.