Author: Andrew Howard

On March 3, 2025, the FDIC announced the postponement of the compliance date for 12 CFR 328.4 and 328.5 rules that were set to go into effect on May 1st of this year. These requirements related to the display of the FDIC official sign on insured depository institution’s digital channels, as well as the requirement related to the institution’s ATMs and like devices. This postponement goes into effect as certain requirements for the digital pages continue to generate questions about the implementation and may result in customer confusing. With this in mind, the FDIC has decided to delay the implementation of these parts to develop proposed changes to the regulation to address the implementation problem and possible sources of confusion.

This delay does not apply to the other requirements stated under subpart A, which still have a required compliance date of May 1, 2025. Sections of Part 328, with changes still effective May 1, 2025, are noted below:

• 328.3 - Signs within institution premises and offering of non-deposit products within institution premises.
• 328.6 - Official advertising statement requirements
• 328.8 - Policies and procedures

A foot note to the recent Federal Register update states that written policies and procedures need not address section 328.4 and 328.5 changes until the full compliance date for these sections which is noted as March 1, 2026.  So, it appears that March 1, 2026, will be the effective date for these sections (328.4 and 328.5) once updates occur. Do note that your financial institution will need written policy and procedures to generally comply with Part 328 by May 1, 2025. We will keep you posted on any updates as they evolve.

FIL-5-2025
FIL-65-2023
12 CFR 328

We are excited to announce that three of the faculty members at GBA Compliance school are our very own.  Stewart Thigpen, CPA, Brad Washburn, CRCM, CAMS, and James Moore, CRCM are teaching classes this year.  This is a great way to learn the ins and outs of bank compliance requirements!  We hope to see you there!

Click here for registration:
Summary - GBA Compliance School (2025 Session)

Authors: Jeremy Clifton CRCM, CAMS & Nick Milcarek, CAMS

On July 22, 2024, the Office of Foreign Assets Control released guidance on the extension of the statute of limitations specifically involving OFAC record keeping requirements. Beginning March 12, 2025, the interim final rule will extend recordkeeping requirements from 5 to 10 years. This comes after the prior administration signed into law the 21st Century Peace Through Strength Act. Section 3111 of the law specifically states that the statute of limitations on sanctions violations be extended to 10 years under the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TEA).

Section 501.601 of the Department of Treasury’s rules now reads:

“Records and recordkeeping requirements.

Except as otherwise provided, every person engaging in any transaction subject to the provisions of this chapter shall keep a full and accurate record of each such transaction engaged in, regardless of whether such transaction is effected pursuant to license or otherwise, and such record shall be available for examination for at least 10 years after the date of such transaction. Except as otherwise provided, every person holding property blocked pursuant to the provisions of this chapter or funds transfers retained pursuant to § 596.504(b) of this chapter shall keep a full and accurate record of such property, and such record shall be available for examination for the period of time that such property is blocked and for at least 10 years after the date such property is unblocked.”

What does this mean for financial institutions? It clearly indicates that any transaction subject to sanctions blocking or rejecting will now need to be retained for a minimum of 10 years. Most community financial institutions have historically had little if any experience or need to block or reject transactions as true sanctions matches are very rare.

What does this mean for non-match OFAC or sanctions documentation? This is not as clear as we would have hoped at this time; keep in mind this is an interim final rule with comments and a final rule to come.  With the statute of limitations being 10 years and with the ambiguity of the section “every person engaging in any transaction subject to the provisions of this chapter shall keep a full and accurate record of each such transaction engaged in, regardless of whether such transaction is effected pursuant to license or otherwise, and such record shall be available for examination for at least 10 years”, we are recommending a wait and see approach at this time. If your institution has non-match OFAC records after April 24, 2019, we recommend that they continue to be maintained for the interim.  We will keep you updated on any changes.

For more information and guidance on the new OFAC requirements, please see the below links.

Guidance from OFAC: extension_statute_of_limitations_guidance_20240722.pdf

Federal Register Mentioning OFAC Changes:
ttps://www.federalregister.gov/documents/2024/09/13/2024-20674/reporting-procedures-and-penalties
 

Author: Nick Milcarek, CAMS

With the recent decision by the U.S District court of the Eastern District of Texas in Smith v. U.S. Department of the Treasury, the beneficial ownership requirements enacted by the Corporate Transparency Act (CTA) are once again back in effect. The original deadline for this ruling was February 19, 2025, for businesses, but has been extended to March 21, 2025. FinCEN noted that it will consider extending the deadline for entities that do not pose a significant national security risk. Many local, small businesses across the U.S. are likely to fall into this category.

As a best practice, banks should remind their customers of these deadlines to file, though banks are not required to file for them.
 
Please see the attached 2/18/2025 FinCEN release below:
FinCEN-BOI-Notice-Deadline-Extension-508FINAL.pdf

By James M. Moore, CRCM
 
One more year has passed, and we are faced with the new challenges of 2025.  Anyone with a compliance background understands there is no such thing as a fresh start for a new year.  The following is a list of reminders and updates to make sure you are heading in the right direction for the New Year. 
 
Deposit Compliance:

• Regulation CC training should have been provided during 2024 and make plans to provide Reg. CC training during 2025.
• Regulation CC hold thresholds remain at $225 (next day) and $5,525 (exception) until July 1, 2025. On July 1, 2025, the “next day” hold threshold will be $275 and the exception threshold will be $6,725.
• Consider providing annual privacy training to all employees and directors.
• Ensure annual privacy disclosures will be mailed during 2025 or verify the institution’s exemption status for 2025.   
• Determine the number of remittance transfers under Regulation E from the previous calendar year to ensure the institution has not exceeded the threshold for “normal course of business” of 500 consumer transfers.
• Ensure the ID Theft Program administrator has reported to the Board annually on the status of the ID Theft Program.
• The mandatory compliance date for the new Advertisement of Membership rule is May 1, 2025.  Make sure the final preparations are made to meet the deadline.

 Loan Compliance:

• The 2024 HMDA LAR for all institutions and CRA LAR for large institutions must be submitted by March 3, 2025.
• Check the historic examples for HELOC and ARM application disclosures to ensure the most recent 15 years are used in the examples.
• The CRA Public File should be updated by April 1, 2025.
• Check the accuracy of the affiliated business disclosures to ensure all affiliated businesses are disclosed along with the current range of fees and the current ownership interest of each affiliated business.
• The 2025 HOEPA points and fees test will use the following:
  • 5% of loan amounts of $26,968 or more
  • For a loan amount less than $26,968, the lesser of 8% or $1,348
• The 2025 QM points and fees test will use the following:
  • For a loan amount greater than or equal to $134.841: 3% of the total loan amount
  • For a loan amount greater than or equal to $80,905 but less than $134,831: $4,045
  • For a loan amount greater than or equal to $26,968 but less than $80,905: 5% of the total loan amount
  • For a loan amount greater than or equal to $16,855 but less than $26,968: $1,348
  • For a loan amount less than $16,855: 8% of the total loan amount
• The 2025 General QM threshold will use the following:
  • 2.25 or more percentage points for a first lien covered transaction with a loan amount greater than or equal to $134,841
  • 3.5 or more percentage points for a first lien covered transaction with a loan amount greater than or equal to $80,905 but less than $134,841
  • 6.5 or more percentage points for a first lien covered transaction with a loan amount less than $80,905
  • 6.5 or more percentage points for a first lien covered transaction secured by a manufactured home with a loan amount less than $134,841
  • 3.5 or more percentage points for a subordinate-lien covered transaction with a loan amount greater than or equal to $80,905 and
  • 6.5 or more percentage points for a subordinate-lien covered transaction with a loan amount less than $80,905.
• The 2025 Truth In Lending threshold is $71,900 for loans not secured by real property, not secured by personal property expected to be used as a primary dwelling, and are not private education loans.
• The 2025 “small creditors that operate predominantly in rural or underserved areas” asset threshold is $2.717 billion as of December 31, 2024.
• The 2025 “insured creditor” asset threshold is $12.179 billion as of December 31, 2024.
• The 2025 “small loan” exemption for HPML appraisal rules is $33,500.
• Until further notice, the safe harbor credit card penalty fee is $30 for the first and $41 for subsequent late fees.  This remains unchanged from 2022.  The CFPB has not announced the inflation update for 2023-2025. There is currently a court freeze on this.
• If the creditor allows borrowers to shop for any required services for TRID loans, it should update (as necessary) the written list provided with the Loan Estimate to identify at least one available provider for each settlement service for which the consumer is permitted to shop. 
• Ensure that employees and Directors have received fair lending and CRA training for 2024.  Training should be planned for 2025.
• Review the CRA asset size thresholds for 2025:
  • CRA asset size thresholds as of December 31, 2024, are under $402 million for small bank (based on both of the last two calendar years), at least $402 million up to $1.609 billion for intermediate small bank (based on either of the two last calendar years), and $1.609 billion and over for large bank (based on both of the last two calendar years).
• The HMDA asset size threshold for depository institutions for 2025 is $58 million.
• Ensure a review of 2023 and 2024 transaction data is conducted for 2025 reporting requirements.  In addition to meeting the above HMDA asset threshold:
  • An institution must have in each of the two preceding calendar years, originated at least 25 or more covered closed-end dwelling secured loans to report closed-end loans. 
  • Dwelling secured open-end lines of credit must be reported if a covered institution originated 200 or more covered dwelling secured open-end lines of credit in each of the previous two calendar years. 
• Review HMDA small filer exemption for reduced field reporting criteria for 2025:
  • Originated less than 500 closed-end mortgages in each of the two preceding calendar years and received a “Satisfactory” or better CRA rating.
  • Originated less than 500 open-end mortgages in each of the two preceding calendar years and received a “Satisfactory” or better CRA rating.
• Ensure procedures are in place for performing escrow account analyses and that the financial institution has implemented procedures for providing annual escrow account notices.
• Ensure loan officers completed S.A.F.E. Act license renewal procedures.
• Ensure an annual independent S.A.F.E. Act audit has been performed.
• Ensure lenders who receive compensation based on insurance sales (credit life/disability) complete license renewal procedures.
• Ensure the financial institution has documented whether they meet the definition of a small servicer, and that documentation of the determination is retained for record retention.
• Ensure the financial institution has documented whether they meet the definition of a small creditor, and that documentation of the determination is retained for record retention.
• Review the final list or rural or underserved counties for 2024, calculate rural or underserved status by address on the CFPB’s website for covered loans, and ensure the financial institution has documented whether it qualifies for the rural / underserved TILA exemption by originating at least one covered loan in a rural or underserved area and that documentation of the determination is retained for record retention.

 BSA Compliance:

• Schedule a Board review and approval of current BSA/AML/CFT and OFAC program policies.
• Update the BSA/AML/CFT and OFAC Risk Assessments.
• Ensure annual training was conducted for all employees during 2024 and is scheduled for 2025.  Furthermore, the Board of Directors should also receive annual BSA training, which should be documented in the Board minutes.
• Annual reviews should be conducted of all CTR exempt customers for suspicious activity and continued eligibility.
• Ensure any annual due diligence is completed for MSBs, MRBs, remote deposit capture, private ATM customers, coin operated amusement customers, etc. in accordance with the financial institution’s BSA/AML/CFT program.
• Review 314(a) contact information transmitted with the call report for accuracy.
• For institutions that voluntarily share information, ensure 314(b) registration is completed annually.

Author: Andrew Howard

On September 17, 2024, the CFPB released Circular 2024-05 entitled “Improper Overdraft Opt-In Practices.” The main topic of the Circular was a question presented to the CFPB concerning whether a financial institution can violate the law if there is no proof that it has obtained a consumer’s affirmative consent before levying overdraft fees for ATM and one-time debit card transactions.  In response to this question, the CFPB released this Circular explaining that institutions would be in violation of 1005.17(b)(1) of Regulation E by not proving that the institution has obtained the consumer’s affirmative consent.

The Circular provides an analysis of the CFPB’s supervisory work in relation to the retention of proof that the consumer affirmatively opted into the overdraft program. In these examinations, the CFPB found that some institutions have been unable to provide evidence that consumers had opted into overdraft coverage before they were charged fees for ATM and one-time debit transactions as well as numerous violations of Regulation E’s overdraft opt-in requirements. In response to the mounting violations and record retention problems, the CFPB has provided some examples of ways that the institution can record a consumer’s affirmative opt-in.

Form of records evidencing opt-in:

• For consumers who opt into covered overdraft services in person or by postal mail, a copy of a form signed or initialed by the consumer indicating the consumer’s affirmative consent to opting into covered overdraft services would constitute evidence of consumer consent to enrollment.
• For consumers who opt into covered overdraft services over the phone, a recording of the phone call in which the consumer elected to opt into covered overdraft services would constitute evidence of consumer consent to enrollment.
• For consumers who opt into covered overdraft services online or through a mobile app, a securely stored and unalterable “electronic signature” as defined in the E-Sign Act (15 U.S.C. 7006(5)) conclusively demonstrating the specific consumer’s action to affirmatively opt in and the date that the consumer opted in would constitute evidence of consumer consent to enrollment.

We find that most financial institutions do retain copies of signed opt-in forms (Model A-9) to evidence the customer’s affirmative consent at account opening when it is an in-person account opening. However, documentation concerns may present themselves when the opt-in is offered via telephone or verbally; this could be at account opening or later in the account life cycle. If your institution cannot comply with the guidance by having recordings in place, it would be wise to only accept the opt in via signature.

Another issue that can arise is retaining the confirmation notice which is a separate step after opt-in that must be completed before charging an overdraft fee for ATM and one-time debit transactions. Financial institutions must retain evidence that the confirmation was delivered to the customer. This is customarily a separate system-generated form or built into the opt-in form, but financial institutions must retain documentation evidencing that the customer received a copy of the confirmation before charging an overdraft fee for ATM and one-time debit transactions.
​
Circular 2024-05

We are excited to announce the date for our 4th quarter clients-only webinar which will be Tuesday, December 10th, at 9:30 am. Brad Washburn will be leading a Fair Lending and CRA focused webinar where we discuss recent fair lending hot topics, as well as provide an update and refresher on the new CRA rules effective January 1, 2026. We will send out more details about sign-up closer to the webinar date, but we wanted to announce this to ensure you all have time to save it on your calendar. If you have not participated in any of the previous webinars this year nor received communication about them, you are more than likely not on the webinar invitee list. If you are a Powell & Co. client in any fashion and are unsure if you are on the mailing list for the webinars, please reach out to us and we will make sure to get your information. You can email Jeremy Clifton at [email protected]. We look forward to seeing you all there.

Author: Andrew Howard

On October 17, 2024, the FDIC published a press release to inform financial institutions of an extension of the January 1, 2025, compliance date with the new Part 328 advertising rule. This extension moves the mandatory compliance date for subpart A of Part 328 to May 1, 2025. Subpart A of the new rule, which was approved in December of 2023, applies to provisions requiring the use of the FDIC official sign, official digital sign and other signs differentiating deposit and non-deposit products across all banking channels, including physical premises, ATMs and digital channels. Subpart A of the new rule also covers the establishment and maintenance of written policies and procedures to achieve compliance with this new rule. After receiving feedback from banks and industry participants, the FDIC understands that additional time to implement these new requirements would be beneficial. The time extension provided will only apply to subpart A of Part 328. Subpart B, the section which governs misrepresentations of deposit insurance coverage, will continue to have a mandatory compliance date of January 1, 2025.
 
Press Release
Part 328 Questions & Answers
Part 328 Final Rule

Author: Steve Shepherd, CRCM

On June 26, 2024, the CFPB (Consumer Financial Protection Bureau) issued a fair lending report to Congress describing actions the agency took in 2023 for unlawful discrimination.  The report contains regulatory enforcement and supervision actions, rulemaking and guidance, stakeholder engagement, interagency engagement, amicus program and other litigation, interagency reporting, and future initiatives for fair lending.

A review of the report can help identify trends or areas of focus from the CFPB and other regulatory agencies. 

Enforcement Actions
In 2023 the CFPB issued two enforcement actions of illegal discrimination and violations of ECOA (Equal Credit Opportunity Act).  The first enforcement action was against Citibank, N.A. for discrimination against Armenian applicants from 2015 to 2021.  The discrimination targeted applicants with last names that had properties consistent with Armenian names, as well as applicants located in Glendale California, which has a significant Armenian population.  Additionally, Citibank conspired with bank employees to hide the discrimination.

The CFPB also issued an enforcement action against Colony Ridge, a developer and lender in Texas, which sold properties in flood prone areas that did not have access to water, sewer, or electrical infrastructure.  One-in-four loans originated by Colony Ridge to the subject location ended in foreclosure.  In Liberty County, Texas, 92% of all foreclosures between the years 2017 and 2022 were sold or originated by Colony Ridge.

In 2023 the CFPB also issued two enforcement actions related to repeated HMDA (Home Mortgage Disclosure Act) data integrity violations.  One of the enforcement actions was against Freedom Mortgage, the Country’s third largest mortgage originator.  The CFPB indicated that there was not a specific field or fields that were in error, but that the HMDA LAR (Loan Application Report) contained excessive amounts of overall errors.

The second enforcement action related to HMDA data was issued to Bank of America.  The CFPB found that from 2016 to 2020 Bank of America lenders did not request consumer demographic information but were instead documenting that the applicant chose not to provide that information.

The CFPB also issued 18 Department of Justice referrals on individuals who the CFPB believed were acting in a discriminatory manner with respect to lending.

Fair Lending Examinations
In 2023 the CFPB initiated twenty-eight targeted fair lending examinations.  From these examinations, the CFPB noted the two most common risks identified with respect to fair lending were inaccurate HMDA data and the granting of pricing exceptions.  The CFPB also directed mortgage lenders to correct and remediate fair lending issues with respect to redlining. 

The CFPB also directed institutions to enhance their compliance management systems with targeted guidance on dealing with credit scoring models.  The guidance encourages financial institutions to evaluate the credit scoring models against the intended business need, as well as evaluate the credit scoring models for disparities against prohibited basis groups.   The financial institution should compare the results of their testing to the intended goal of the model.

Lastly the CFPB encouraged financial institutions to implement policies, procedures, and controls for effective HMDA data integrity and data collection requirements.

Rulemaking
The CFPB also detailed their rulemaking in 2023.  Items of note included the updates to the 1071 Small Business lending and data collection requirements, as well as updates to the Automated Valuations Model.  The delay of 1071 implementation requirements were updated in a prior blog post by Steve H Powell & Company published on July 9th, 2024.

The comment period for the proposed Automated Valuation Model closed on August 21, 2023.  The rulemaking proposed quality control standards for users of automated real estate valuation models in valuing real estate for secondary market originators and financial institutions acting as mortgage originators. 

For additional information included in the CFPB’s fair lending report to congress, please see the CFPB summary at: https://www.consumerfinance.gov/about-us/blog/the-cfpbs-2023-fair-lending-annual-report-to-congress/

Author: ​Steve Shepherd, CRCM
 
On July 18, 2024, the collective joint agencies issued notice of final interagency guidance for ROV (Reconsiderations of Value).  This joint agency guidance is designed to help financial institutions develop a process to reconsider third party valuations for some properties.  The ROV guidance is effective as of the July 18, 2024, issuance date.

A reconsideration of value request is a request made by the financial institution to the appraiser or other preparer of the valuation report to reassess the report based on deficiencies or information that may affect the value of the conclusion.  During the process of reviewing the appraisal by the financial institution, the consumer may inquire or issue a complaint regarding the valuation.  The consumer may provide additional information that may not have been available or considered during the initial evaluation process.  The complaint can be resolved through the bank’s appraisal review process or through other processes.

The guidance provides methods the financial institution could utilize to help mitigate any valuation disputes.  The guidance also encourages the development of policies and procedures to address any complaints and what may constitute a request for ROV from the financial institution.

Some important policy and procedure highlights include:

1. Considering ROV as possible resolutions for complaints or inquiries regarding real estate valuations
2. Removing barriers that limit the consumers ability to request a ROV.
3. Establish a process that helps initiate ROV requests.
4. Establish a process to help consumers raise concerns about valuations.
5. Identify stakeholders for every business unit.
6. Established a standardized process to increase consistency for considerations of ROV.
7. Evaluate staff and third parties that are part of the valuation process.

For more information on the ROV guidance, please visit: https://www.fdic.gov/news/financial-institution-letters/2024/agencies-finalize-interagency-guidance-reconsiderations?source=govdelivery&utm_medium=email&utm_source=govdelivery