What The Board Needs to Know

Compliance hot topics

In the last few Years Compliance has felt like this

Still a lot to do

New RESPA DisclosuresNew Credit Card Disclosures, Processing Rules and Fee

RestrictionsShorter Allowable Hold Periods on DepositsNew Overdraft Opt-in, Disclosures and RestrictionsOverhaul of Open-end Credit Reg Z DisclosuresNew Uniform Privacy Disclosures

Implemented During 2010

New Risk-Based Pricing NoticesNew Closed-End Mortgage Reg Z DisclosuresNew Mortgage Loan Officer Compensation RulesSAFE Act RegistrationFinancial Literacy Requirements (Federal Credit Unions)

Implemented During 2011

Changes to Online Banking Authentication SystemsConsumer Financial Protection Bureau

Coming up soon

Board responsibility for compliance

Ensure Board SupportAppoint a Compliance Officer (and staff if necessary)Provide Appropriate ResourcesApprove Policy and ProgramsReview Status ReportsSupport Risk Based Compliance Management

Board Responsibilities

CARD ActOverdraft Protection Opt-inReg Z Open-End DisclosuresMortgage DisclosuresLoan Officer CompensationSAFE Act RegistrationFinancial Literacy TrainingVendor Due DiligenceFlood InsuranceBank Secrecy ActOnline Banking Authentication SystemsConsumer Financial Protection Bureau

Key Current Issues

Rule of Thumb: Anytime a regulation makes it into mainstream news media, it’s a big deal.

CARD Act

Prohibitions on raising interest rates on existing balances (except for variable rate cards and some penalty rates)

Elimination of a floor on variable rate cardsNew periodic statement disclosuresPayment due dates on the same day every monthOpt-in for over-the-limit feesNew rules for card issuance to members under 21Card agreements posted on the credit union’s websiteSix month rate increase reviewsFee restrictions

CARD Act

Fee Income: An endangered species

Overdraft Opt-In

Applies to one-time debit card and ATM transactions onlyMember must opt-in for serviceRegulatory mandated disclosureCredit Union confirmation requiredNo discrimination against members who do not opt-in

Overdraft Opt-in

A major overhaul . . . .

Reg Z Open-end Loan Disclosures

New disclosures for applications and solicitations (applies to credit cards only)

New account opening disclosuresNew periodic statement disclosuresNew change-in-terms notificationsNew underwriting and procedural changes for credit unions

that offer Multi-feature Open-ended Lending (MFOEL)

Reg Z Open-end Loan Disclosures

More important than ever . . . .

Mortgage disclosures

RESPA: New standardized Good Faith Estimate Changes to HUD-1 Settlement Statement Comparison of fees disclosed on both documents Limitation on the amount fees can change from application to

closingRegulation Z TIL Statement Changes:

New payment disclosures Statement that the borrower may not be able to refinance

Mortgage Disclosures

The end of yield-spread premiums.

Loan Officer Comp-ensation

Applies to compensation related to the origination of mortgage loans.

Prohibits any loan originator or mortgage broker compensation based on the terms or conditions of the transaction other than the amount of credit extended.

Prohibits payment of compensation by any other party if the consumer is directly compensating the loan originator.

Prohibits loan originators from steering applicants to loan products based on the fact that the loan officer will receive greater compensation for the loan.

Loan Officer Compensation

You can’t make mortgage loans without it . . .

SAFE Act Registration

All Mortgage Loan Originators (MLOs) should have been registered by July 29, 2011.

After the registration deadline MLOs cannot originate mortgage loans without their identification number.

The Board must approve a written SAFE Act Policy.All newly hired MLOs must be registered before acting as an

MLO.

SAFE Act Registration

Requirement for Federal Credit Unions Only.

Financial Literacy Training

Directors must have the following financial skills: Working familiarity with basic finance and accounting practices Ability to read and understand the credit union’s balance sheet

and income statement Ability to ask substantive questions of management and auditors

Level of financial knowledge should be consistent with the size and complexity of the credit union.

Directors appointed prior to January 27, 2011 should have acquired necessary skills by July 27, 2011.

Directors appointed after January 27, 2011 will need to acquire necessary skills within six months of their appointment.

Financial Literacy Training

Do you really know your vendors?

Vendor due diligence

Third party arrangements should be evaluated for possible risks and managed in a manner commensurate with the credit union’s size, complexity and risk profile.

Credit Union management should complete the following tasks: Risk Assessment and Planning Due Diligence Risk Measurement, Monitoring and Controls

A plan should be in place to evaluate all new vendors, monitor existing relationships and manage risk.

Vendor Due Diligence

You never think about it until it’s too late.

Flood Insurance

Large fines are possibleCredit Unions must do the following:

Determine the flood zone of all real property securing a loan each time the credit union makes, increases, extends or renews a loan

Notify property owners in flood zones of insurance requirements within a reasonable time (10 days) prior to consummation

Ensure adequate flood insurance is in place prior to consummation

Track insurance coverage through the life of the loan Force place insurance when necessary

Flood Insurance

An oldie, but a goodie . . . .

Bank Secrecy Act

Independent testing of BSA compliance.A specifically designated person or persons

responsible for managing BSA compliance (BSA compliance officer).

Training for appropriate personnel.A system of internal controls to ensure ongoing

compliance.

BSA Program Requirements

•Approve the BSA Program annually

•Appoint a BSA Officer

•Review the BSA Risk Assessment as applicable

•Review periodic BSA program updates

•Ensure BSA officer has adequate staffing and resources

•Review reports of filed Suspicious Activity Reports

•Champion policy and procedure

BSA Board Responsibilities

Changing requirements for a changing world.

Online Banking Authenti-cation

Changes should be completed by January 1, 2012.Required by the supplement to the FFIEC’s “Authentication in an

Internet Banking Environment.”Examiner expectations include:

Risk Assessments (updated at least every 12 months or as membership, products, services, or on-line threats change)

Increased authentication for higher risk transactions (member initiated ACH withdrawals, business accounts)

Implementation of layered security for online banking Re-evaluation of authentication techniques

(username/password/cookie and simple challenge questions will no longer be considered adequate)

Member Awareness and Education ProgramAssistance and cooperation from your online banking provider is

critical. Status updates should be provided to the board.

Updated Online Banking Authentication Systems

Still a lot of unknowns . . .

CFPB

Direct examination authority only for financial institutions with $10 billion or more in assets.

The Bureau has rulemaking authority for many consumer protection regulations.

The Bureau can go on joint examinations with the NCUA if there is practice the NCUA is concerned about.

Even beneficial changes mean more work for credit unions: New forms New procedures New training

Consumer Financial Protection Bureau

Heather LineCompliance SpecialistUtah Credit Union Association801-599-2168heather@utahscreditunions.org

Thank You