1

DODD FRANK & MONEY TRANSMITTERS:

10 KEY ASPECTS OF REGULATION E

IRIS AIMEE PINEDO

JANUARY 13, 2014

2

CFBP-Remittance Transfer Rule

On January 20, 2012, The Consumer Financial Protection Bureau (CFPB) released its

long-anticipated rules governing certain electronic money transfers or “remittance

transfers.” Subpart B to Regulation E of the Dodd Frank Wall Street Reform and

Consumer Protection Act1 establishes a new regulatory framework governing cross-

border electronic transfer payments originated

by US consumers. The new “remittance

transfer” rules took effect on October 28,

2013 imposing—for the first time—federally

mandated disclosure, error resolution and

cancellation rights on remittance transfer

providers, which can include both financial and

non-financial institutions. The CFPB believes

that the new remittance transfer rules will

create new protections and improve

predictability for consumers who send

“remittance transfers” from the United States to

individuals and businesses in foreign countries.

“Dodd Frank 1073 creates certain disclosure requirements which obligate

US based remittance transfer providers to know the exact costs and

delivery terms for consumer initiated international payments. The

drafters of Dodd Frank 1073 assumed that these disclosures would drive

down costs for international electronic payments by enabling US

consumers to comparison shop between providers. The drafters also tied

the disclosures to consumer error resolution rights so that almost any

1 In December 2011, the CFPB restated the Board’s implementing Regulation E at 12 CFR Part 1005 (76 Fed. Reg. 81020) (December 27,

2011). In February 2012, the CFPB published subpart B (Requirements for Remittance Transfers) to Regulation E to implement the new

remittance protections set forth in the Dodd-Frank Act (77 Fed. Reg. 6194) (February 7, 2012) 1. Following a series of amendments published

later in 2012 and early 2013, the Bureau published another amendment in May 2013 to, among other things, establish a new effective date of

October 28, 2013 (78 Fed. Reg. 30661) (May 22, 2013).

The Consumer Financial

Protection Bureau (“CFPB” or

“Bureau”) will conduct

rulemaking, supervision and

enforcement with respect to the

Federal consumer financial laws

and a) Handle consumer

complaints and inquiries; b)

Promote financial education; c)

Research consumer behavior;

and, c) Monitor financial

markets for risks to consumers.

3

deviation from disclosed costs and delivery terms will result in liability to

the US remittance provider”.2

Non-depository financial institutions such as money remittances companies are

subject to these new federal rules, adding a new element to the BSA/AML Program:

Establishing a Compliance Program

The development of internal policies, procedures and controls

The designation of a compliance officer

An ongoing employee training program

An independent audit function to test programs

Establishing a Know your Agent (KYA) program

Establishing a Know your Customer (KYC) program

Establishing a Know your Foreign Counterparty (KYFC) program

Reporting and Record-keeping (including FinCEN registration)

Detecting and reporting Suspicious Activity

Administering Office of Foreign Assets Control (OFAC) sanctions

Protecting Non-Public Consumer Information (GLBA- Gramm-Leach-Bliley)

Establishing Consumer protections (CFPB- Remittance Rule)

Money transmitters and their agents are perceived as high risk in money laundering,

terrorist financing and abuse to consumers as loss of funds, wrong product/service,

failed transactions, overpricing, divulging/losing private data, and claims ignored.

The newly established Consumer Financial Protection Bureau is empowered to

exercise enforcement authority against money transmitters that can bring consumer

compliance risk as a result of non-compliance with Dodd Frank.

What is a Consumer Compliance Risk? In general, the risk of legal or regulatory

sanctions, financial loss, consumer harm, or damage to reputation and franchise

value caused by a failure to comply with or adhere to:

2 White paper on Dodd Frank Section 1073 – Cross-border Remittance Transfers (Version 2.0, October 2012).A partnership initiative

between The Clearing House Association, L.L.C. and the PMPG. http://www.swift.com/resources/documents/PMPG_Dodd_Frank_1073_Whitepaper_v2.0.pdf

4

• Consumer protection laws, regulations, or standards

• The organization’s own policies, procedures, codes of conduct, and ethical

standards

• Principles of integrity and fair dealing applicable to the organization’s

business activities and functions3

An institution’s failure to manage compliance risk effectively can elevate the risk

level or manifest itself as other types of key risks: Legal, Reputational or

Operational Risk. More specifically, noncompliance may expose the organization to

fines, civil money penalties, legal damages, voided or unenforceable contracts,

reduced franchise value, or rejected expansionary activities, mergers, and

acquisitions.

Activities regulated by Regulation E

Scope: Remittance Transfer under Regulation E includes (a) all electronic transfers of

funds to (b) designated recipients (consumer or business) (c) located in foreign country

that are (d) initiated by a remittance transfer provider (e) upon request of consumers

(individual) (f) in the US (g) for personal, family or household purpose.

Business-to-business or business-to-consumer transactions are not covered, but

consumer-to-business transactions (for personal, family or household purposes) are

covered, including international bill payment services.

The rules do not apply to “small value transactions” which are transfer

amounts of $15 or less, as measured by the currency in which the remittance

transfer is initially funded. Examiners should consider the volume of remittance

transfers that an entity provides before proceeding further.

The definition of “remittance transfer provider” includes a safe harbor that means

that if a person provided 100 or fewer remittance transfers in the previous calendar

3 COMMUNITY BANK- RISK - FOCUSED CONSUMER COMPLIANCE SUPERVISION PROGRAM.

Effective January 1, 2014. Board of Governors of Federal Reserve System http://www.federalreserve.gov/bankinforeg/caletters/Attac hment__CA_13-19__Risk-focused_Supervision_Program_Document.pdf

5

year and provides 100 or fewer such transfers in the current calendar year, it is

deemed not to be provided remittance transfers for a consumer in the normal

course of its business, and is thus not a remittance transfer provider, and is thus not

subject to the requirements of Subpart B of Regulation E. A person that surpasses

100 in any given year is permitted a reasonable time period, not to exceed 6 months,

for compliance.

Examination Procedures

Failure to comply with the “remittance transfer” regulatory requirements may have

serious consequences for financial institution and can lead to regulatory sanctions,

financial losses, and reputational damage. New additions to our audit procedures for

consumer to consumer money transfers will conform to the new regulations imposed

under Regulation E. Therefore, it is essential that auditor give significant weight to how

effectively the institution’s compliance management program manages the inherent

risks associated with its consumer-related activities.

Objective:

Access the adequacy and quality of the RTP’s system to manage the risk of

violations related to not complying with disclosure information and format

established by Regulation E;

Adhere to the timing and notice requirements for error resolutions,

cancellations and refunds; and

Identify acts or practices that materially increase the risk of violations of federal

consumer financial law and associated harm to consumers in connection with

remittance transfers.

RTPs must provide, among other things:

a) List of remittance transfer products offered

b) List of Departments involved providing remittance transfers (e.g. retail, prepaid

cards, bill payment, online transactions, and foreign exchange)

c) Process flowcharts

d) Policies and operating procedures that govern its remittance transfer operations

6

e) Board minutes

f) Transaction documentation;

g) Management and monitoring reports;

h) Sample of the provider’s disclosure forms in all languages (as applicable) as

provided for various products;

i) List of foreign countries to which the provider sends remittance transfers;

j) List of all foreign currencies in which remittance transfers are sent and where

there are limitations on such currencies;

k) Identification of the currencies in which the provider controls the exchange rate;

l) List of all third-party service providers or business partners involved in

remittance transfers: payment networks, payment processors, software

providers, foreign currency providers, etc.;

m) List of U.S. and foreign agents;

n) Agent/correspondent agreements;

o) Advertising and marketing material including any produced in foreign languages

p) Documentation regarding calculation or estimates of fees, taxes, exchange rates,

and dates included on disclosures;

q) Error resolution files;

r) Consumer complaint files;

s) Form letters used in case of errors or questions concerning a remittance transfer

(including any provided in foreign languages);

The 10 key aspects to evaluate

1) Determine if the Board has adopted a written Dodd-Frank policy and procedures

that ensure compliance with Dodd Frank and statement that the entity’s internal

controls are adequate to ensure compliance with respect to the Regulation E. In

assessing the quality of board of directors and senior management oversight,

auditor should consider whether the institution follows policies and practices such

as those described below:

• The board and senior management have identified and have established a

clear understanding of the types of consumer risks inherent to money

7

transfer’s activities and have reviewed and approved appropriate policies to

limit risks inherent in the institution’s business line or products, including

ensuring effective oversight of any third-party providers that provide

products and services for the institution.

• The board and senior management ensure that businesses lines are

managed and staffed by personnel with knowledge, experience, and expertise

consistent with the nature and scope of the money transmitter activities.

• The board and senior management at all levels provide adequate

supervision of the day-to-day activities of officers and employees, including

management supervision of senior officers or heads of business lines. 4

Comprehensive and fully implemented policies help to communicate management’s

commitment and expectations related to compliance. Procedures should provide

personnel with guidance that enables them to complete transactions or other

processes in accordance with applicable laws and regulations. Such information

may include appropriate regulatory references and definitions, sample forms,

instructions, and where appropriate, directions for routing, reviewing, and retaining

transaction documents.

2) Conduct Transaction Testing and determined if the disclosures use the terms

required by Regulation E and address:

a) Pre-payment Disclosures

Transfer amount

Taxes or fees imposed by direct correspondent. Information about fees

impose and all taxes collected on the remittance transfer by the provider’s

payout agent should be readily available or obtainable by the RTP (or

provider can control such fees) base on the terms of the contract between the

provider and such agent

Total

4 Rating the Adequacy of Risk Management Processes and Internal Controls at State Member Banks and Bank Holding Companies. November

14, 1995. BOARD OF GOVERNORS OF THEFEDERAL RESERVE SYSTEM TO THE OFFICER IN CHARGE OF SUPERVISION AT EACH FEDERAL RESERVE BANK. http://www.federalreserve.gov/boarddocs/srletters/1995/sr9551.htm

8

Exchange rate

Total amount in the currency in which the funds will be received by the

designated recipient

Total to recipient (transfer amount less any covered third party fee)

b) Receipt or Combine Disclosures: Include all information require for the pre-

payments disclosure plus all directly related information:

Date

Company name and logo

Sender’s/Recipient’s name and contact

information

Location in which recipient may pick up the

funds

Optional disclosure of non-covered third

party fees and taxes collected by a person

other than the provider

Identification code

Statement when the funds will be available

Signatures

Instructions of retrieval of the funds such a

number of days the funds will be available to the recipient before they are

returned to the sender

Statement that the provider makes money from foreign currency exchange.

In addition to the transfer fee, money transfer companies may make money

when it changes the dollars sent amount into foreign currency

Disclosure of privacy of consumer information. Examiners should consider

whether a remittance provider has complied with privacy provisions enacted

as part of the Gramm-Leach-Bliley Act (GLBA) and implemented through

Regulation P. These provisions impose limitations on when financial

institutions can share nonpublic personal information with third parties.

They also require under certain circumstances that financial institutions

Tips

*If the provider provides combined

disclosure, what changes to the

procedure they made in order to

provide the sender with combine

disclosure prior to payment?

* After payments is made, how RTP

is providing the proof of payment?

*If changes were made to

disclosures and receipts, does the

RTP have the state regulatory

approval, where applicable?

9

disclose their privacy policies and permit customers to opt out of certain

sharing practices with unaffiliated entities

Statement about sender’s right to resolve errors and cancel transactions

For any remittance transfer schedule by the sender at least three business

days before the transfer, the statement about the rights of the sender

regarding cancellations must state that the sender must request the

cancellation at least three business days before the next schedule transfer.

The statement must also note that the request must enable the provider to

identify the sender’s contact information and the particular transfer to be

cancelled

Information of the applicable state regulatory agency and the CFPB

information. If RTP is licensed in multiple States may not disclosure contact

information for agencies in other States but should make the determination

as to the State in which the sender is located base on the information that is

provided by the sender and on any record associated with the sender

3) Determine if adopted disclosures are produced in the format established by

Regulation E. Obtain and review a sample of the provider’s disclosure and copies of

scripts for oral disclosures.

Disclosures must be made in English and, if applicable, in either (i) the foreign

language principally used by the RTP for advertising, soliciting, and marketing

remittance transfer services at the office at which the sender conducts a transaction,

or (ii) the foreign language primarily used by the sender with the RTP to conduct

the transaction (provided it is one of the principal languages used by the RTP). Oral

disclosures for transactions conducted entirely by telephone must be made in the

language primarily used by the sender with the RTP to conduct the transaction

There are specific formatting standards that include: size (in a minimum eight-point

font), prominence (on the front of the page, on which the disclosure is printed,),

grouping and proximity (sender information, designated recipients, etc.). The

10

information required by the Final Rules must be segregated from all other

information on disclosures.

4) Determine if the RTP’s has developed and maintains adequate written policies and

procedures designed to ensure compliance with Regulation E for:

a) Error resolution

a. Sender has 180 days from stated delivery date of transfer to assert

error no matter the status of the transaction

b. RTPs has 90 days after receiving the sender’s notice to promptly

investigate a notice of error to determine whether an error occurred

c. Where an error is found on documentation sender previously

requested, sender have to provide notice of error to RTP by the latter

of: 180 days after disclosed date of availability; or 60 days after

provider sent the additional documentation that was requested

d. RTPs will report to the agent and sender the results within three days

of completing the investigation

e. RTPs should correct an error within one business day or “as soon as

reasonably practicable after” receiving the sender’s preferred choice of

remedy

b) Cancellations

The Final Rule generally gives consumers the right to cancel a transfer within 30

minutes of making payment for the transfer. The two conditions on this right set

forth in the Final Rule are (i) the sender’s oral or written request to cancel must

enable the provider to identify the sender and the particular transfer to be

cancelled and (ii) the transferred funds must not have been picked up by or

deposited into the account of the designated recipient.

Dodd Frank imposes to providers once it receives a valid cancellation request,

(3) three business days to refund the total amount of funds, including fees and

taxes (unless prohibited by law). The provider cannot impose fees for cancelling

the transaction.

11

5) Determine if management has implemented internal controls to minimize the risk

of the most common violations and adhere to the timing and notice requirements of

the rule. Review claim and cancellation documentation. Identify if the RTP complies

with timing period and remedies:

a) Review samples of claims and cancellations reports to evaluate the

timelines

b) Uniform method for documenting received claims−whether the notice was

oral or in writing

c) Procedures that ensure the prompt submission of claims to the

appropriate department upon receiving a notice of an alleged error

d) System that ensures the prompt investigation of these claims

e) Adequate documentation and tracking of steps and status of the

investigation

f) A tickler system that prompts the appropriate personnel of approaching

timeframes

g) Review samples to determine if the RTP uses the language set forth in

Model Form A-36

h) Determine the provider’s policy for providing long form error resolution

and cancellation notice

i) For error resolutions, review the remedies adopted and determine if the

RTP effectively comply with Regulation E

j) If the remedy is a refund, determine if the provider refunds the total

amount within one business day or as soon as reasonably practicable

thereafter; or

k) If the provider makes available to the designated recipient the amount

appropriate to resolve the error without additional cost to the sender or

the designated recipient, and refund to the sender any fees and taxes if

applied, collected on the remittance transfer

l) Escalating issues identified as not solved at least 48 to 72 hours before

timing expiration

12

6) Determine that the provider is maintaining records of compliance for a period of

not less than 2 years from the date a notice of error was submitted to the provider or

action was required to be taken by the provider.

RTPs must retain records of senders’ claims, error notices, cancellation request and

the provider’s responses for at least 2 years.

7) Review the provider’s agreements with agents − correspondents used for

remittance transfer to determine whether they are appropriate for the activities

delegated.

Because remittance transfers involve multiple parties and countries, Congress was

concerned about the consumer’s ability to redress errors caused by parties acting on

behalf of a provider. The final rule implements this requirement under which a

provider is liable for any violation of subpart B of Regulation E when an agent or

authorized delegate acts on behalf of the provider.

8) Determine if the entity provides appropriate training to employees and other

persons responsible for Regulation E compliance and operational procedures,

including, to the extent appropriate, third-party service providers or other business

partners.

Review the training program to determine if the following elements are adequately

addressed:

a) All employees involved in the Regulation E- claim and cancellation

process should receive ample training in order to comply with the

requirements of Dodd Frank in an effort to cut losses and minimize the

risk of wrong handling of claims

b) All agent training materials are adequate and include regulations,

procedures and processes around Dodd Frank requirements

13

c) All agents have been retrained and include regulations, procedures and

processes around Dodd Frank requirements

9) Review and assess the adequacy of the provider’s policies and procedures

regarding transfers scheduled before the date of transfer.

For one time transfers scheduled five or more business days in advance or for the

first in a series of preauthorized remittance transfers, does the provider provide

either pre-payment disclosures and a receipt of a combined disclosure at the time

the sender requests the transfer but prior to the payment?

10) Determine if the entity’s privacy and information sharing practices are consistent

with the requirements of section 502 to 509 of the Gramm Leach Bliley Act to the

extent that they have applied and are using the examination procedures that

address unfair, deceptive or abusive acts or practices and consider if any aspect of

the provider remittances practices and operations constitute UDAAPs

Conclusions

The Final Rule is replete with challenges for any institution that provides international

remittance transfer services. The CFPB anticipates that most businesses that qualify as

“remittance transfer providers” will have to make some changes to their processes,

software, contracts, or other aspects of their practices. Among other things, an RTP

must identify (a) products (b) departments and staff that are affected by the rule, (c)

business processes and operational (d) systems technology used to enter, implement,

and record remittance transfers, and for auditors this will be a new challenge.

Auditors will find many MSBs unable to totally comply with all the requirements

imposed by the Dodd Frank- Regulation E because of the cost of the implementation.

Significant information technology and operational developments, revised compliance

policies and training materials will require a phased in approach to implementation,

which likely will result in an audit finding.