Written by Lynne Farrell and Catherine Rayman
aWe’re thinking about the new year, and we’re looking again at regulatory compliance trends and how compliance departments should think about setting priorities for 2022. Some of the priorities we mentioned earlier have increased, sometimes with a new development; But here we highlight new, related elements that you should watch out for:
Compliance departments must continue to focus on fair lending through a variety of lenses, as banking regulators, the Department of Justice, and the White House have emphasized activities that undermine the goal of financial inclusion — closely related to the “S” in the ESG (see below). The Justice Department’s recently announced re-planning initiative, joined by the CFPB and OCC, puts enforcement of fair lending high on its priority list.
While the traditional red line remains a focus, it is worth noting that CFPB Director Rohit Chopra, in announcing a more traditional redline enforcement issue, cautioned that the CFPB would “closely monitor disguised digital red lines through so-called neutral algorithms that may Reinforce prejudices that have long been held.” Chopra noted that the “contemporary red line” – in which the use of algorithms to make lending and advertising decisions can lead to discrimination – creates the risk that families have “fallen victim to the bot-signing scandals of the recent crisis”, and discrimination “should not be allowed” to breed in a new crisis. “.
Therefore, it is important to ensure that compliance justice reviews include the creation, operation, and results of computational decision models. The consent order in this matter also emphasizes that when a lender’s HMDA data shows that its lending record in the majority black and/or Hispanic population tracks well behind its market peers, this statistical discrepancy may lead to fair lending enforcement without the need for Demonstrate intentional acts of discrimination.
The extent to which fair lending protects small businesses has been a topic on our minds for a number of years. The confluence of several events causes this issue to be invoked as an element of a compliance action for 2022. First, the CFPB initiated the process of requesting and reporting Dodd-Frank-mandated small business loan data collection and reporting. Additionally, passing or proposing legislation protecting small businesses in at least six states—California and more recently New York, has enacted legislation—along with the proposal in Congress for the Small Business Lending Disclosure Act, making getting your own business a fair program Lending is a necessity.
Technology and Consumer Protection
In addition to being concerned about the use of the algorithm, CFPB reinforces the focus on the technology that characterized it in its early days. Is your bank ready to take on the CFPB’s new technology test unit? Moreover, what lessons lie in the orders issued by the CFPB to tech companies – which all have banking partners – regarding the payment products and consumer data they issue? Several areas of questioning should be considered while reviewing activities within your banks: How do you collect and use consumer data? Are you investing that data? Do consumers have adequate transparency and choice about what they do and with whom they may share data? These are not new questions. But as regulatory and technology environments continue to change, and regulators have clearly expressed concerns about the role of “big tech” in the payments process, it is worthwhile to reconsider your risk assessments in this area.
Finally, don’t make the mistake of thinking that the crypto and stablecoin space is not in the job description of a consumer compliance officer. The CFPB is among the regulators of these products – and it places special emphasis on consumer protection as consumers themselves turn to these digital means to make payments.
Digital Marketing for Consumer Products
With the risk of duplicating ourselves from previous priorities, the issue of marketing compliance and UDAAP will always be on the list. The pandemic has only accelerated the use of digital banking services across the country so that the majority of consumers’ communications with their banks are now online. Remember to make sure that all essential aspects of the product are accurately disclosed and that decisions to be made by the consumer are fairly presented. (See Farrell’s previous article on deceptive marketing practices here.)
Banking agencies remain concerned that their component banks are providing “banking as a service” to small fintech companies with little or no consumer protection hardware. Small and large banks across the country now act as banking sellers for fintech companies. It is important to establish controls to ensure that a bank does not inadvertently assist a company that misleads consumers, fails to provide appropriate disclosures, or treats consumers unfairly. If you provide banking services to fintech companies, you should have a compliance review process in place for them not only initially but also periodically throughout the life of the relationship.
Market power and consumer choice
The CFPB’s first approval order under Chopra resulted in JPay LLC being punished for “offending[ing]Its market power generated through single-source government contracts even if customers did not want to transact with JPay.” The customers in this case were formerly imprisoned citizens and could get money from the government only with a JPay prepaid card. While the facts in this Being quite specific, Chopra cautioned that her principles are more broadly applicable to ‘payments companies’ [which]They are networked companies and can gain massive scale and market power that are likely to pose new risks and undermine fair competition.” At your bank, think about fairness when considering the choices you offer consumers, whether there are competitive products to your offerings, and how you define consumers with third parties in situations where they do not have a choice about the service provider (such as service providers of insurance or loan providers).
The new director of the CFPB made it clear that the practice of overdrafts will be the focus of the office going forward. The Currency’s Acting Comptroller recently said that the current overdraft system is “retroactive,” meaning that it has a greater impact for low-income clients. Therefore, reviewing banks’ overdraft programs should be a priority in the coming year. If your bank does not include these features, consider the following: setting minimum amounts for which overdraft fees are not assessed; Allowing the customer additional time to deposit funds into the account before assessing the fee; Provide alternatives to overdrafts such as transferring money from savings; or using credit cards. The amount of the overdraft fee is often the subject of criticism. The organizers tend to consider this fee excessive in relation to the service provided. Consider whether your bank’s fees are high or low compared to the fees of other banks in your market. There will likely be another push to the overdraft rules, particularly by the CFPB. Whether such a rule will be successfully implemented is another matter, but cautious risk managers will want to make sure their banks’ practices are easy to understand and fully disclosed to the consumer.
While it is necessary to address all three aspects of environmental, social and governance issues, financial regulators globally have raised their focus on the environment, or climate in particular, as a newly recognized systemic risk. Even as standards remained unconsolidated, banks responded voluntarily in a variety of ways that included adding or expanding senior roles and resources to focus on the ESG and its various subcategories. In the case of climate risk, banks are exploring the use of relevant financing instruments to influence customer behaviour, develop green products and make voluntary commitments, including with respect to their carbon footprint.
Banks have made various choices regarding where and how the ESG roles, resources, and decision-making power will lie. Climate risk management in particular has the implications of compliance, reputation, and regulatory risk that lead to the “three lines of defense” approach. How will the climate risk assessment fit into your existing risk assessment systems? What data will your bank develop and use to measure, control and report its risk as well as to comply with its voluntary and regulatory obligations in this area? How will compliance determine and support the accuracy of the relevant disclosures and the marketing data that may result from them? How will banks ensure that their individual lending and transaction policies comply with the principles publicly espoused by the bank, and ensure that those principles are applied fairly? Are anti-money laundering monitoring and reporting processes equipped to deal with activities that refer to environmental crimes? These and other questions need to be answered in a highly scrutinized and rapidly evolving but still ambiguous regulatory environment.
Stewardship in a WFH world
Just as we were working to make regulators and others comfortable with developing in a “flexible” environment, the work-from-home scenario was added to the mix. Compliance chiefs, as individual managers of their own groups, and in their broader roles as risk managers, need to deal with the risks associated with understaffing caused by “significant quits,” changes in how employees work, and in their expectations, as WFH and hybrid models for in-office work evolve.
Employees who deal with customers, both in branches and over the phone, work under changing conditions, but they are still key to meeting customer expectations and escalating issues. New or modified risks should be recorded in your risk assessment, and controls should be reviewed in the context of changes that were necessary to accommodate the new information and process flow. Policies and procedures may require updating to reflect how banks actually operate now. In addition, it is important to consider the employees involved: are their historical job descriptions, training and tools adequate? And what steps are needed to continue to maintain your bank’s culture as well as your credibility and organizational relationships—particularly when we see employee turnover on both sides of the scale?
Finally, while the initial deadlines for issuing regulations to implement significant changes to the Anti-Money Laundering Act 2020 have come and gone, banks, their compliance staff and the AML must remain ready to respond when the time comes.
Lynne Farrell is an attorney and consultant with over 40 years in banking compliance. She currently works as an organizational strategy advisor at Hummingbird, a Regtech company. Katherine Wyman is a regulatory advisor at Hummingbird and a senior advisor to Oliver Wyman, with over 25 years of experience leading compliance functions in public companies, most recently as Chief Compliance Officer at Citibank, NA and Citi Global Consumer Bank.