ABA Bank Compliance
Carl G. Pry
Among the first thoughts of many in the banking industry once President Donald Trump was elected was something along the lines of, “finally this intense compliance burden can lighten up!” Much has been made in the press of the new President’s statements regarding eliminating regulations and promoting business and job growth.
But what will that mean for those of us in the compliance trenches? Will this mean we won’t have to worry about Reg. Z and BSA anymore? No one thinks change will be that drastic, but will some rules go away? Will there be a sea change in the enforcement attitudes of the federal agencies? How to respond to questions from Boards and senior management around the future of the regulatory compliance function in banks?
A look at the tea leaves guarantees just this: there will be changes, but no one knows for certain what they will be. But there are important clues hidden within the sea of rhetoric, opinion, and reports that provide some guidance when attempting to determine how the compliance industry will be affected.
The following are some thoughts to keep in mind:
The knee-jerk reaction from some management teams will be to cut back on compliance, meaning staffing, resources, automation, and so forth.
This would not be wise, however, certainly not right away. A reduction in compliance department staff or capabilities could hurt the effectiveness of the bank’s Compliance Management System, or CMS. A look at any number of recent enforcement actions demonstrates that deficiencies in entities’ CMSs were a contributing cause of regulatory problems.
The adequacy and effectiveness of your CMS is still a primary responsibility, and regulators have been looking closely at this now more than ever before. Overdoing any cuts risks your bank’s compliance credibility, which is a dangerous place to be.
Changes to a bank’s compliance department, whether in staffing, resources, or otherwise, should be made for normal business reasons rather than due to anticipated (and as yet unrealized) reductions in regulatory attention or enforcement.
Why might stories of regulatory enforcement easing be overblown?
States and community groups are pledging to “fill the gap” if federal enforcement is perceived as tailing off.
If in fact we do see a decrease in Federal enforcement, other regulators are ready to step up. The New York State Department of Financial Services, as well as Attorneys General (AGs) in states including California and Illinois, are among those pledging to up their enforcement of consumer protection laws and regulations if they feel federal enforcement is lacking. Section 1042 of the Dodd-Frank Act authorizes state AGs and regulators to bring civil actions to enforce Dodd-Frank’s UDAAP provisions, and TILA, RESPA, and the FCRA specifically grant enforcement authority to state AGs. Some will not be shy in using their power.
There are many state laws to enforce as well (meaning national banks may find themselves in some preemption battles in the years to come).
Attention will come not just from regulators. Consumer groups are reporting record contributions in response to these same worries of less enforcement. They promise to be much more active in their efforts to hold banks accountable for their perceived shortcomings.
Examiners still have a job to do even if enforcement lightens up.
Again no one can predict whether the Federal enforcement mechanism will in fact decrease. But whether it does or not, compliance, fair lending, CRA, safety and soundness, and all the other varieties of examinations certainly aren’t disappearing. Problems will still be identified, Matters Requiring Attention (MRAs) will issued, and violations dealt with.
Think of this another way: more attention will be placed on “bad actors,” so certainly don’t be one. But more importantly, don’t look like one. If it appears your bank is cutting back on compliance because it believes it isn’t important anymore, the credibility of your bank will surely suffer in the eyes of examiners. It will be noticed.
The real risk is one of perception. Management or others may wish to cut back on compliance due to what they’re hearing in the press or due to other preconceived political notions, but it can easily be overdone.
There is still plenty to pay attention to: dealing with new and changing rules.
Rare is the bank that would say it has too many compliance staff or resources. The years following passage of Dodd-Frank have been quite intense, with implementation of the Ability-to-Repay/Qualified Mortgage (ATR/QM), Remittance Transfer, and TILA-RESPA Integrated Disclosure (TRID or Know Before You Owe Mortgage) rules, to name just a few. The mortgage industry is still adjusting to TRID, and the CFPB has promised clarifications to assist compliance efforts.
This year, mortgage lenders are busy implementing the upcoming changes to HMDA, another monumental labor- and technology-intensive effort. It’s worth noting that there have been no rumblings that these new rules might be scrapped.
There is much attention now on cybersecurity and regulatory change management efforts, as well as cultural aspects of consumer banking, such as sales practices and other UDAP/UDAAP hot spots. The CFPB has announced reviews of the QM and remittance transfer rules, so there may be changes and/or additions to these in the years to come. There is still plenty going on.
Will there be some rules that go away? Very likely, although we don’t know which ones yet. Initial impressions are that rules targeted for rollback include liquidity and stress test rules rather than consumer protection regulations. There is also a push toward easing rules for smaller banks, but again first impressions are that these will be capital rules, not traditional compliance regulations.
Certainly much depends on what happens at the CFPB. This promises to continue throughout 2017 or longer, but from a practical perspective what might go away? Most likely rules that have not been finalized yet, such as the payday lending and arbitration rules, are at high risk. The prepaid rule looks like it will be delayed. The previously-issued Advance Notice or
Proposed Rulemaking on a new debt collection rule may never come to fruition.
It will be interesting to see what happens to regulations required by Dodd-Frank but not yet published in any form, such as the commercial data collection rule. It may be quite a while before any action is taken on that. We’ll have to see.
Much was made of the President’s Executive Order mandating that two regulations be removed for every one added. However, the CFPB and prudential regulators are exempt (at least for now) from this “2 out for 1 in” mandate as they are independent agencies.
AML isn’t going anywhere.
The past few years have seen a big increase in Bank Secrecy, OFAC, and other financial crimes attention and enforcement. This isn’t expected to change; in fact, it may even increase further. The relaxation of restrictions against Cuba may be reversed, and ongoing difficulties with Russia, North Korea, and elsewhere promise to keep BSA and OFAC Officers and staff busy.
The concept of consumer protection also isn’t going anywhere.
New administrations are always unpredictable, and this one certainly fits that bill. For all the publicity around easing the regulatory climate to promote business, many feel the new President is still very much a populist at heart. It would be politically difficult to do away with a large chunk of rules and regulations seen as protecting ordinary Americans.
It’s a virtual certainty that the structure, and perhaps the leadership, of the CFPB will change at some point. But that type of change will not reduce the day-to-day need for banks to do right by their customers, meaning comply with the laws and regulations already on the books.
Over the long haul there will always be changes in the regulatory and enforcement environment. It’s like a pendulum swinging back and forth between extremes. The key is not to overreact to what people “think” will happen, but to stay steady in doing what is right for your bank.