5 minutes
2015 culminated with one of the biggest changes to ever impact mortgage lending, the disclosure integration of Truth in Lending and the Real Estate Settlement Procedures Act. Full compliance with the new rule is something many credit unions are still working on and that will continue to be the case in 2016. Beyond that, though, three areas stand out as compliance hotspots for 2016: the implications of money service businesses on your Bank Secrecy Act program, compliance management expectations, and the complaint management process.
MSBs and Your BSA Program
MSBs are entities that generally provide products and services involving money orders, traveler’s checks, currency exchange, check cashing, and the like. These products and services often involve cash and currency and can correspond to a greater risk of fraud and money laundering. Consequently, more due diligence is required to manage that risk and avoid BSA violations.
A phenomenon among mega-banks known as “derisking” increases the likelihood MSBs will approach credit unions to establish account relationships. When mega-banks “derisk” an MSB, they decide the BSA risk is too great to provide account services to that MSB. Further, instead of spending the time and resources necessary to conduct initial and ongoing due diligence on individual MSBs and manage the risk, mega-banks may decide to not work with any MSBs and avoid the due diligence and BSA risk all together.
Knowing the excellent fee potential that MSBs represent, credit unions can benefit from responding positively when MSBs reach out, so long as CUs appropriately manage the BSA risk. Notably, not all MSBs pose the same BSA risk. Higher-risk MSBs include those that have other MSBs as customers, lack ongoing customer relationships, have poor customer identification procedures, or specialize in cross-border transactions. If you establish up front that the MSB is higher risk, know that your costs of setting up and maintaining that account relationship will be more time-consuming and expensive.
Compliance Management Expectations
We anticipate examiners will continue to increase their focus in 2016 on the process by which credit unions manage regulatory compliance. Given all the compliance changes that have taken place recently and that will take place in the coming years, examiners do not feel credit unions can manage these changes and accompanying risk without a formal process for doing so.
The formal process examiners expect to see is consistent with what the Consumer Financial Protection Bureau states are the four components to an effective compliance management system: board and management oversight; a compliance program; a consumer complaint management system (more on that soon); and a compliance audit program.
Credit unions should have written evidence of all four components. We often see examiners conduct more extensive testing of Regulations Z and E if they detect a weak compliance management process.
One area examiners find lacking is the compliance audit program. Does your credit union have written evidence of compliance testing in each functional area of the credit union? Do you have proof of periodic testing of your social media, website and advertising? After the testing is completed and the results are shared with management, does the credit union also have written evidence of corrective action for each violation detected?
While finding a compliance violation before your examiners do is an important step, it should not be the last step. Fix each compliance violation detected and use it to show that the credit union makes a good faith effort at improving regulatory compliance.
Complaint Management Process
Were you surprised to see a consumer complaint management system as one of the four components to an effective overall compliance system? You are not alone.
Many credit unions do not realize how important it is for them to formalize the complaint management process. Complaints are one of the leading causes of Unfair Deceptive or Abusive Acts and Practices violations.
If a member feels like the credit union was unfair in how a particular transaction was conducted, and notifies the credit union of the circumstance, the credit union should have a written process it follows to handle the complaint. Failing to do so can lead to UDAAP violations UDAAP and eventually an enforcement action, as some financial institutions have discovered.
Complaints can also serve to warn you of compliance breakdowns or violations of specific compliance requirements. Compliance officers should certainly be kept in the loop regarding member complaints as it can help them target specific areas for additional compliance testing and monitoring. For example, if you are receiving a lot of complaints about your error resolution procedures for debit cards, it is probably time for the compliance officer to perform another round of Regulation E testing.
According to the National Credit Union Administration, the complaint management process should include a written policy and procedures to record, categorize, analyze, investigate, resolve and respond to each complaint appropriately and in a timely fashion. All staff should know the appropriate internal channels to work through, should they receive a complaint. For each complaint received, there should be a corresponding written response provided to the member.
Verify that your written policy and procedures also cover verbal complaints. Verbal complaints can often involve more emotion and immediacy. Those are not to be ignored.
Finally, do not make the same mistake other financial institutions have made and just address the complaint itself, without also looking into the root cause of the complaint. Are there other members also impacted by the root cause of the complaint? If so, you will need to identify each member impacted and determine how to fix the issue. Searching for the root cause of the complaint can greatly mitigate your risk of wholesale compliance breakdowns leading to expensive remedial actions.
John Zasada is principal with CliftonLarsonAllen, Minneapolis.
