As of September 22, 2023, FinCEN released new guidance regarding beneficial ownership information (BOI) reporting which will take effect January 1, 2024. All covered entities must report BOI directly to FinCEN by January 1, 2025, if the entity was created before January 1, 2024. When it comes to reporting companies created after January 1, 2024, they currently will have 30 days after creation to report BOI to FinCEN. However, FinCEN just released a Notice of Proposed Rulemaking to extend the deadline for entities created after January 1, 2024, from 30 days to 90 days.   

What Beneficial Ownership Changes Should Financial Institutions Focus On
At this point financial institutions and BSA Departments specifically should familiarize themselves with the BOI rules as they apply to entities. Financial institutions should consider how much assistance will be provided to reporting companies with the new BOI reporting process. FinCEN’s website can be utilized as a great reference for entity customers looking for guidance on complying with the BOI rule. However, it’s important to remember that the beneficial ownership rules as they currently apply to financial institutions have not changed and will most likely not change until January 2025.  In other words, financial institutions should continue to obtain beneficial ownership information as they have since May 2018 until the new Customer Due Diligence (CDD) rules are effective.

There are two additional rules that have to become final before we all know how the rules will fully apply to financial institutions. First, the Access Rule is expected to be final in late September or October 2023 based on FinCEN’s rulemaking agenda.  This rule will hopefully spell out who can access FinCEN’s BOI records and how that process works. Second is the CDD Rule which will restructure the requirements for financial institutions relative to beneficial ownership.  The CDD Rule is expected to be proposed in November 2023 with an expected final rule effective date of January 2025. The CDD Rule will have to work out the differences between the current beneficial ownership rule for financial institutions and the entity requirements under the new beneficial ownership information (BOI) reporting rule as differences currently exist with the definition of “control” and numerous other areas.

For more information about reporting BOI, if a company is exempt or not exempt, how to get the FinCEN identifier, and more information, please visit the links below.

News Release: https://www.fincen.gov/news/news-releases/fincen-issues-compliance-guide-help-small-businesses-report-beneficial-ownership
​
Small Entity Compliance Guide:
https://www.fincen.gov/sites/default/files/shared/BOI_Small_Compliance_Guide_FINAL_Sept_508C.pdf

FAQs: https://www.fincen.gov/boi-faqs

FinCEN’s BOI Webpage: https://www.fincen.gov/boi

Authors: Jeremy Clifton CRCM CAMS, Nick Milcarek

Authors: Jeremy Clifton, CRCM, CAMS and Nick Milcarek 

On September 8, 2023, FinCEN issued an alert regarding the fraud scheme known as “pig butchering”. Pig butchering is a form of fraud that involves victims (the pigs) giving money to foreign actors who operate under the guise of a successful money manager involved in crypto currency (virtual currency) trading. Once the perpetrator is satisfied with the amount the victim has given, they drain the entire “account” of funds from that victim (the butchering). Many of these scammers are victims of labor trafficking directed by large crime syndicates in Southeast Asia who reach out to millions of people around the world. These scammers usually reach out to the victims through social media, email, or text to persuade them into buying into this supposed “high return investment”. The fraudster will leverage high pressure sales tactics such as them missing out on a potential lucrative opportunity to further convince them into action. Once the victim begins to trust the supposed “investor”, they are directed to use a fraudulent website most likely controlled by the scammer. Note that this can also include trusted third-party applications. The aggressor may also demand remote access to the victim’s devices to create accounts via virtual asset service providers (VASP). Many victims are also asked to purchase multiple pre-paid cards or make large wire transfers to unknown entities. Unfortunately, victims have been known to take out money from tax advantage accounts, take on a second mortgage, or a home equity line just to put money into the scheme. Recent incidents have shown more successful scammers even inviting whole families and friend groups to join in. After the victim starts to buy in, the perpetrator must maintain legitimacy by fabricating high returns and even allowing the victim to take small amounts out of the “fund”. This builds confidence and reassures the victim that the investment is real. If the fraudster starts to believe that the victim is losing confidence in them and the investment, they become more aggressive by developing reasons to stay in and pressuring them to not miss out on the opportunity. If that does not work, the perpetrator pulls out all the money from the account and eliminates any contact with the victim(s).

One more interesting comment that FinCEN noted in this FIN is that financial institutions should “When requested to provide supporting documentation, financial institutions should take special care to verify that a requestor of information is, in fact, a representative of FinCEN or an appropriate law enforcement or supervisory agency. A financial institution should incorporate procedures for such verification into its BSA compliance or AML program. These procedures may include, for example, independent employment verification with the requestor’s field office or face-to-face review of the requestor’s credentials.” If your bank does not already have such a procedure in your written BSA program, it’s a good idea to do so now.
​
There are many red flags that can indicate a possible pig butchering scheme. Financial institutions should analyze multiple factors associated with historical financial activity, transactions in line with business practices, and whether the customer shows signs of multiple red flags. Red flags, and the formal alert by FinCEN can be found here: FinCEN_Alert_Pig_Butchering_FINAL_508c.pdf

Authors: Jeremy Clifton, CRCM, CAMS and Nick Milcarek

On March 30, 2023, FinCEN issued an alert regarding a concerning increase in business email compromise (BEC) in the real estate sector and how the Rapid Response Program (RRP) can help combat this issue. Recent analysis of data has shown that homebuyers have been disproportionately affected by fraudsters gaining unauthorized access into supposedly secure networks and stealing important information from home buyers, title agents, attorneys, and/or others involved in the loan closing processes. According to FinCEN, about 88% of the fraudsters initially transfer the stolen money into a domestic U.S account first before it is transferred elsewhere which may involve foreign transfers and/or cryptocurrency.

How RRP Works
Problems like these highlight the importance of FinCEN’s Rapid Response Program, (RRP) which works in tandem with federal and local law enforcement agencies to help victims identify losses and freeze compromised accounts. Since inception in 2014, the program has aided victims in identifying and freezing over $1.3 billion. To begin the RRP, law enforcement must be contacted immediately. The FBI’s Internet Crime Complaint Center (IC3) or the nearest secret service office are the best avenues for this approach (Secret Service contact information below). It is important to note that while recovery of the stolen amount is not guaranteed, reporting the crime within 72 hours gives FinCEN and law enforcement the greatest chance of financial recovery for the victim. After consent is given to law enforcement for access, FinCEN may freeze all related accounts to stop any other fraudulent transactions. If the fraudster’s account is domestic, FinCEN and law enforcement work quickly to contact the beneficiary’s financial institution and pinpoint the stolen funds. If stolen funds were found to be transferred to an international account, FinCEN reaches out to that jurisdiction to initiate the financial fraud kill chain (FFCK) and assist the foreign government with the status and information gathering regarding the stolen money.  There are some identification factors that are crucial for financial institutions to relay when reporting theft via the RRP; however, time is of the essence to recover funds so institutions should not delay in activating the RRP.

It is a good idea to establish a relationship with your local FBI office and Secret Service office before you need them in an emergency situation as that may help speed up the process.  Also, if your institution ends up filing a SAR after utilizing the RRP, that information would need to be included on your SAR form along with the RRP case number if provided.
For more information and guidance on BEC and RRP, see the links below.

BEC in Real Estate Financial Trend Analysis from FinCEN: Financial_Trend_Analysis_BEC_FINAL.pdf (fincen.gov)

BEC FinCEN alert: FinCEN Analysis of Business Email Compromise in the Real Estate Sector Reveals Threat Patterns and Trends | FinCEN.gov

Rapid Response Program FACT SHEET: RRP Fact Sheet Notice FINAL 508.pdf (fincen.gov)

Secret Service Offices: http://www.secretservice.gov/field_offices.shtml

Author: R. Matthew Waters, CRCM

On August 31, 2023, the FDIC announced an update to the Equal Housing Lender (EHL) poster requirements that were previously addressed in April 2023. This update clarifies the specific name, physical address, and web address that should be used for all FDIC institution’s EHL posters with an effective date of June 23, 2023.  The EHL posters should provide the following contact information:

National Center for Consumer and Depositor Assistance
Federal Deposit Insurance Corporation
1100 Walnut Street, Box #11
Kansas City, MO 64106
https://ask.fdic.gov/fdicinformationandsupportcenter

FDIC institutions should review EHL posters at all branches to ensure compliance with this update. As provided in the Financial Institution Letter, “Institutions are expected to make good-faith efforts to update the EHL posters as soon as reasonably practicable.” FDIC institutions may, but are not required to, request compliant EHL posters through https://www.fdicconnect.gov/index.asp.

To see the full article, click the following link: https://www.fdic.gov/news/financial-institution-letters/2023/fil23047.html. 

Author: Jeremy Clifton, CRCM, CAMS

The CFPB has recently highlighted its publications that are available to help inform seniors and others about current fraud scams that may be facing your clients. You can visit cfpb.gov/order to find these publications that include charity scams, romance scams, IRS scams, social security scams, and grandparent scams to name a few. You can use the search function on the CFPB website mentioned above using the word “fraud” to find these handouts. You can order the handouts in bulk or download them from the CFPB website. Convincing the customer that they have been or are being duped by a fraudster is often the hardest part of these types of scams.  We think these handouts will be very helpful to convince seniors and others that they are in fact being scammed.  

Author: Jeremy Clifton, CRCM, CAMS

The FDIC reissued the FIL on multiple re-presentment NSF fees on June 16, 2023. The update was “to clarify its supervisory approach for corrective action when a violation of law is identified.” However, the guidance document has remained unchanged for the most part with one possibly significant change noting that the “on-going and extensive challenges in accurately identifying harmed parties” has led the FDIC to seemingly soften its stance on requiring a lookback review.  Noting that “based on this additional data and experience, the FDIC is updating and reissuing its Supervisory Guidance on Multiple Re-Presentment NSF Fees (FIL-40-2022) to reflect our current supervisory approach to not request an institution to conduct a lookback review absent a likelihood of substantial consumer harm.” While a reprieve from the prior guidance is welcomed, this new guidance leaves more questions than answers for banks that have yet to complete a lookback.  As the revised guidance still ends with the statement, “If examiners identify violations of law due to re-presentment NSF fee practices that have not been self-identified and fully corrected prior to a consumer compliance examination, the FDIC will evaluate appropriate supervisory or enforcement actions, including civil money penalties and restitution, where appropriate.” If you have questions on this matter, please give us a call. We would love an opportunity to advise our clients on an individual basis to ensure the risks in your individual situation are properly accounted for.  

Revised FIL-32-2023

Author: Andrew Howard

On April 26, 2023, the FDIC published a new FIL concerning “Supervisory Guidance on Charging Overdraft Fees for Authorize Positive, Settle Negative Transactions” or APSN transactions. As noted in our November blog post, these occur when a transaction authorizes on a positive balance and settles on a negative balance. This new FIL highlights the heighted risks associated with APSN transactions and violations of Section 1036(a)(1)(B) of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 as well as Section 5 of the Federal Trade Commission Act. Both of the aforementioned sections relate to UDAAP findings or unfair, deceptive, or abusive acts or practices. Potential violations of both Dodd-Frank UDAAP and FTC UDAP are present on both the available balance and ledger balance but institutions who use the available balance can see a greater risk in violations. Considering the general statements of the new FIL, banks should continue to review both account agreements and disclosures to ensure practices are communicated correctly, review their third-party agreements to ensure that the agreements are compliant, review any agreements to understand any risks associated with APSN transactions, and look for any enhancements that can be made to reduce those risks. Most core processors now have “good funds” flags on overdraft reports or other “good funds” reporting that allows banks to quickly identify when transactions which were authorized positive on good funds have later settled negative. Also, some core processors have parameter settings which do not allow for overdraft charges on APSN transactions. Implementing such enhancements can greatly reduce UDAAP risk with APSN transactions.

Similarly, the OCC also published a bulletin to address “Overdraft Protection Programs: Risk Management Practices” on April 26, 2023. This bulletin primarily discusses practices that may present risk of violating UDAAP guidelines as well as practices that can assist in managing overdraft program risk. Two practices that are specifically mentioned by the OCC are APSN transactions and Representment fees. APSN transactions are considered by the OCC to be unfair for the purposes of Section 5 even when disclosures described the circumstances under which a customer may incur fees. With concerns on representment fees, the OCC has identified that a bank’s assessment of an additional fee on a represented transaction can result in findings of an unfair or deceptive practice. The charging of a representment fee may be considered unfair or deceptive, with regards to Section 5, even if the disclosures clearly state that a single check or ACH can result in multiple fees charged. Alongside APSN transactions and representment fees, the OCC bulletin identifies two other practices that may carry heightened risk with them. Those include high limits or lack of limits on the number of fees charged and sustained overdraft fees.  In conjunction with the risks that are highlighted in this bulletin, the OCC also provided some risk-mitigating or management practices for banks to comply with Section 5 of the Federal Trade Commission Act. Considering the nature of the information provided, banks should assess and analyze the risks posed by overdraft program activities, adjust their management practices to decrease risk, incorporate oversight into their overdraft program, and review their overdraft program for Section 5 compliance. Much like the FDIC, the OCC declines to issue clear requirements on these APSN transactions and representment fees.

For more information, please visit the following links:

FIL-19-2023

OCC Bulletin 2023-12

We are excited to announce two compliance webinar opportunities that will be available in the coming weeks focusing on recent regulatory developments. The first webinar will cover the Regulation B (1071) - Small Business Lending Rule, while the second webinar will focus on current regulatory hot topics.  The webinars will be presented by Steve H. Powell and Company President Brad Washburn and are designed for compliance, audit, operations, and lending professionals with responsibilities for completing or reviewing the Bank’s regulatory compliance related processes. In addition to compliance staff the Regulation B (1071) webinar would be a great introduction to the rule for Senior Lenders, commercial loan staff and Senior Management. Already have questions? If you or your management team have questions you can send them in ahead of the presentation with your registration form to be addressed during the webinar. Time permitting, questions received during the webinar will be addressed live. Any questions received before and during the presentation will be addressed in a written Q&A document provided to all registrants.
 
May 31st, 2023: 1:00 – 3:30 pm EDT
Regulation B (1071) - Small Business Lending Rule
​
On March 30, 2023, the CFPB issued the final rule for the small business lending rule, which was mandated under Section 1071 of the Dodd Frank Act over a decade ago. This is the most significant fair lending collection effort by the CFPB to date by requiring financial institutions to compile data regarding certain business credit applications and report that data to the CFPB to aid in its fair lending enforcement. In addition, the final rule provides other technical requirements including those requiring safeguarding of data, shielding of data from certain lending personnel, and recordkeeping. Compliance with this new rule is going to take a lot of planning, policy and procedure updates, and staff training within your institution. This session will break down the final rules and provide guidance to help compliance officers to begin preparing their institution for implementation.
Topics will include:

• Institutional coverage
• Transactional coverage
• Requirements to Collect and Report Data
• Sample Data Collection form
• Provisions Regarding Availability of Data and Publication of Data
• Requirements to Limit Access to Certain Data (Firewall)
• Recordkeeping
• Effective Date and Compliance Date Tiers
• Transitional provisions and Safe Harbors
• Other Resources and Best Practices

 
June 1st, 2023: 1:00 – 3:30 pm EDT
Current Regulatory Compliance Hot Topics

Financial institutions continue to face challenges while working to keep up with the changes, demands, and challenges presented by an evolving regulatory landscape. With these challenges continuing to limit staffing and other resources, it is critical for management to be prepared with actionable intelligence, risk perspective, and best practices to successfully navigate regulatory examination and audit processes. This session will present current regulatory compliance hot topics management should consider in preparing for upcoming regulatory examinations or audits, including fair lending, UDAAP, and other timely compliance issues. 
Topics will include:

• Commonly cited violations
• Other Supervisory observations
  • Section 8 – Referral arrangements
  • FCRA - Trigger Leads
  • SCRA - Payment Adjustments
  • Fair Lending / Appraisal Bias
  • Junk Fees Guidance / APSN Guidance

​Cost

Client Pricing for each webinar is $250 per registration or you can register for both webinars for a discounted $400 per registration. Non-Client Pricing for each webinar is $275 per registration or you can register for both webinars for a discounted $500 per registration. To register for the webinars, please click the link below. Please contact Jeremy Clifton at jclifton@shpco.net or 912-682-3097 if you have any questions. We will register the training with the ABA and would expect to receive 2.5 hours of continuing education credits for CRCMs for each webinar.
 
Click here to register.

​About the Speaker

​
​Brad began his career at Steve H. Powell & Company in 2002 specializing in regulatory compliance review, consulting, and training for a wide range of financial institutions. In 2011 Brad was named a director where he was responsible for leading the Company’s Compliance Division, as well as assisting with strategic planning, business development and client relations. In 2022, he became a shareholder and President of the Company.

Brad has served as a featured speaker and panel member for numerous banking trade group sponsored seminars and events related to regulatory compliance matters throughout the Southeast. He has served as an instructor for the Georgia Banking Association sponsored Georgia Banking School and Compliance School at the University of Georgia, and he has contributed to banking programs with the Department of Finance at Georgia Southern University. Brad has also been quoted in national publications as a subject matter expert regarding regulatory compliance matters.
​
Brad has a BBA in Finance from Georgia Southern University, Statesboro, Georgia, is a Certified Anti-Money Laundering Specialist (CAMS) and is a Certified Regulatory Compliance Manager (CRCM). Brad is originally from Macon, Georgia and currently resides in Statesboro, Georgia with his wife, son, and daughters. Brad is a member of First Baptist Church Statesboro where he has served on the Finance Committee. During his free time, he enjoys spending time with his family, going to concerts, and keeping up with Georgia Southern University sports.

Author: James M. Moore, CRCM

On March 30, 2023, the CFPB issued the final rule for the small business lending rule. This is the most significant fair lending collection effort by the CFPB to date. It requires financial institutions to compile data regarding certain business credit applications and report that data to the CFPB to aid in its fair lending enforcement.

Details of the final rule and implementation resources are published by the CFPB at the following link:
Small business lending collection and reporting requirements | Consumer Financial Protection Bureau (consumerfinance.gov)

The rule provides implementation dates based on the number of covered transactions each financial institution originated during 2022 and 2023 as follows:

• A financial institution must begin collecting data and otherwise complying with the final rule on October 1, 2024, if it originated at least 2,500 covered originations in both 2022 and 2023.
• A financial institution must begin collecting data and otherwise complying with the final rule on April 1, 2025, if it:
  • Originated at least 500 covered originations in both 2022 and 2023;
  • Did not originate 2,500 or more covered originations in both 2022 and 2023; and
  • Originated at least 100 covered originations in 2024.
• A financial institution must begin collecting data and otherwise complying with the final rule on January 1, 2026, if it originated at least 100 covered originations in both 2024 and 2025.

When determining whether a transaction is a covered financial institution and what compliance date tier applies to it, a financial institution must count covered originations, which are certain covered credit transactions that it originated to small businesses. Similarly, a covered financial institution must collect and report data about an application if the application is from a small business and is for a covered credit transaction. A “small business” is a business that had $5 million or less in gross annual revenue for its preceding fiscal year.

A covered credit transaction is an extension of business credit under Regulation B. Covered credit transactions can include loans, lines of credit, credit cards, merchant cash advances, and credit products used for agricultural purposes.

The following transactions are excluded from coverage:

• Trade credit, which is a financing arrangement wherein a business acquires goods or services from another business without making immediate payment in full to the business providing the goods or services;
• HMDA-reportable transactions;
• Insurance premium financing, which generally is a financing arrangement wherein a business agrees to repay a financial institution the proceeds advanced to an insurer for payment of the premium on the business’s insurance contract and wherein the business assigns to the financial institution certain rights, obligations, and/or considerations in its insurance contract to secure repayment of the advanced proceeds;
• Public utilities credit as defined in Regulation B, 12 CFR 1002.3(a)(1);
• Securities credit as defined in Regulation B, 12 CFR 1002.3(b)(1); and
• Incidental credit as defined in Regulation B, 12 CFR 1002.3(c)(1), but without regard to whether the credit is consumer credit, is extended by a creditor, or is extended to a consumer.

The following steps are a great start for implementation:

1. Inform the Board, executive management, and loan department of the new rule and upcoming compliance dates.
2. Begin counting small business loans from 2022.
3. Ensure the loan department begins documenting gross annual income for business loan applicants for 2023 forward. This information is necessary for determining small business status. It is also a good idea to begin collecting NAICS codes.
4. Review current commercial loan applications and make adjustments to ensure needed information is obtained. If commercial loan applications aren’t used, it is a great time to start.

​Steve H. Powell & Company will be offering training webinars and in-person seminars throughout the year to assist with implementation. Announcements of such offerings will be made at a later date. This will be a huge undertaking and we are here to help!

Author: Steve Shepherd, CRCM

On March 17, 2023, the CFPB (Consumer Financial Protection Bureau) issued corrective technical revisions to several regulations.  These rules generally go into effect on April 19, 2023.  However, the corrections made to Regulation V (Fair Credit Reporting Act) go into effect March 20, 2024.  A summary of changes is made below.

• Regulation B (ECOA) – The CFPB is amending appendix A which contains the listed addresses of the Federal Agencies listed on adverse action notifications.  Each of the primary regulators’ addresses have been modified and adverse action notifications should reflect the corrected addresses.
• Regulation E (EFT) – The CFPB has revised its address with respect to the requests for official interpretations.
• Regulation V (FCRA) – The regulation has been amended to change the addresses and contact information of agencies with respect to the “Summary of Consumer Rights”.  The Bureau has amended Appendix K to correct the contact information of the Federal Agencies: OCC, FDIC, NCUA, DOT, STB, USDA-AMS, and SBA.  This disclosure most commonly affects financial institutions when providing the “Summary of Consumer Rights” when credit reports are utilized as part of the new employee screening processes.
• Regulation X (RESPA) – The CFPB has made modifications to RESPA for the mailing address of the CFPB for obtaining certain “Public Guidance Documents” found in 1024.2 that are printed in the Federal Register.
• Regulation Z (TILA) – Amendments were made to Appendix A, Appendix B, and Appendix C to amend the zip codes of the CFPB in all three sections.  Additionally in Appendix C, the name of the contact information has been changed to “Division of Research, Monitoring, and Regulations”.
• Regulation DD (TISA) – Amendments were made to Appendix J and Appendix C to correct the CFPB zip code.

You can read the final rule here for full detail.