Articles
Compliance Management System
Risk Assessments: Qualitative vs. Quantitative Data – April 2025
New Year – New Priorities – January 2025
Modifying Terms and Conditions to Reduce Fraud – August 2024
6 Common Challenges of Community Bank Compliance Officers – July 2023
Measuring Your Bank’s Fee Risk – October 2022
Third Party Oversight – How Much is Enough? – December 2021
Learning from Other’s Mistakes – October 2021
Change Management Program: How effective is your institution’s process? – April 2021
Making the Most of Your Complaint Program – November 2020
Compliance & Your Board – A Partnership – September 2020
Enhancing Your Compliance Training Program – January 2020
DIY Policies & Procedures – July 2019
Cleaning Up the Mess: How to Take Corrective Action – April 2019
Keys to Compliance Success -January 2018
The Care and Feeding of Examiners – May 2017
How Will Your CMS Rate – March 2017
The Impact of Consumer Harm – January 2016
Cyber-security
New Computer Security Incident Notification Requirements – January 2022
The Risk is Real: Cyberattacks – July 2021
The Growing Risk of Business Email Compromise – October 2020
10 Tips for Educating Employees About Cybersecurity – October 2017
Combatting Cybercrimes – April 2017
E-sign/Electronic Banking
Moving from paper to Electronics: Consumer Compliance Under the E-Sign Act – July 2010
Is Your Website Accessible to the Visually Impaired – February 2017
Fraud/Financial Crimes
Combat Fraud: Move from a Victim to a Warrior Mentality – December 2020
Defend Against Consumer Fraud – November 2018
Managing Your Wire Transfer Fraud Risk – August 2018
Marketing
Advertising in Today’s Growing Digital World – June 2024
Calls and Texts – What Banks Should Know About TCPA Compliance – January 2024
To Dial or Not to Dial: A review of TCPA Requirements – November 2021
Tips for Compliant Email Marketing Campaigns – September 2021
Ensuring Compliant Tweets, Posts and Feeds – June 2018
UDAAP
Reopening Deposit Accounts – Is it Worth the Risk? – August 2023
The Ever-Expanding UDAAP Umbrella – June 2022
One Wild Ride – Overdraft and NSF Fee – May 2022
UDAAP: Time to Revisit your Compliance Program – May 2021
FAQs
GENERAL COMPLIANCE MANAGEMENT
Question: If we want to close our bank early on isolated occasions (like the day before a holiday or due to the death of a bank employee), do we have to notify or our state or federal regulator to get their permission? Are there any other rules we have to follow?
Answer: Your hours of operation are not regulated by state or federal law, thus you can change them without any compliance issues. If you want to change your hours of operation for a day or a short period of time, it is not a compliance issue but rather a customer relations issue. You will want to alert your customers to the change, but how you go about that is left up to you. Keep in mind, you cannot shorten your cutoff hour without 30 days prior written notice to your customers and the earliest cut-off hour that you can have is 2:00 p.m. If your bank is open, you must accept all deposits that you receive before your cut-off hour as that day’s business. For example, let’s assume your cut-off hour is 2:00 and you want to close at noon. You cannot change your cut-off hour to 11:00. All deposits made up until the time that you close at noon are that day’s business and must be processed accordingly.
BANK BRIBERY ACT
Question: Are we required to have a written internal Code of Conduct?
Answer: The Bank Bribery Amendments Act of 1985 required that the financial institution regulatory agencies publish guidelines to assist employees, officers, directors, agents and attorneys of financial institutions in complying with the law. Accordingly, the banking agencies strongly encourage their supervised institutions to adopt internal codes of conduct or written policies to include provisions that explain the general prohibitions of the bank bribery law. To that end, the bank’s code of conduct should prohibit any employee, officer, director, agent or attorney of the bank (“bank officials”) from:
- Soliciting for themselves or for a third party (other than the bank itself) anything of value from anyone in return for any business, service or confidential information of the bank, and
- Accepting anything of value (other than bona fide salary, wages and fees) from anyone in connection with the business of the bank, either before or after a transaction is discussed or consummated.
The bank’s code of conduct may, however, specify appropriate exceptions to the general prohibition of accepting something of value in connection with bank business. There are a number of instances where a bank official, without risk of corruption or breach of trust, may accept something of value from one doing or seeking to do business with the bank. The most common examples are the business luncheon or the special occasion gift from a customer. In general, there is no threat of a violation of the statute if the acceptance is based on family or personal relationship existing independent of any business of the institution; if the benefit is available to the general public under the same conditions on which it is available to the bank official; or if the benefit would be paid for by the bank as a reasonable business expense if not paid for by another party.
Other exceptions may include:
- Acceptance of loans from other banks or financial institutions on customary terms to finance proper and usual activities of bank officials, such as home mortgage loans, except where prohibited by law;
- Acceptance of advertising or promotional material of reasonable value, such as pens, pencils, note pads, key chains, calendars and similar items;
- Acceptance of discounts or rebates on merchandise or services that do not exceed those available to other customers;
- Acceptance of gifts of reasonable value that are related to commonly recognized events or occasions, such as a promotion, new job, wedding, retirement, holiday or birthday (the bank may establish a specific dollar limit for such an occasion); or
- Acceptance of civic, charitable, educational or religious organization awards for recognition of service and accomplishment (the bank may establish a specific dollar limit for such an occasion).
The code of conduct should provide that, if a bank official is offered or receives something of value from a customer beyond what is authorized in the bank’s code of conduct, the bank official must disclose that fact to an appropriately designated official of the bank. The bank should keep records of such disclosures. An effective reporting and review process will serve to prevent situations that might otherwise lead to implications of corrupt intent or breach of trust and will enable the bank to better protect it from self-dealing. It is advisable for the bank to obtain from its employees, officers, directors, agents and attorneys written acknowledgement that they have received a copy of the bank’s code of conduct and agree to comply with it.
E-SIGN ACT
Question: We have made a management decision to begin sending disclosures electronically. What are the required steps to ensure compliance with the E-Sign Act?
Answer: First, it’s important to understand each regulation (e.g., Reg. DD, E or Z) provides specific disclosure requirements, including whether or not disclosures can be provided electronically; and then, whether or not the consumer first has to go through the E-Sign compliance process. Also, the E-Sign Act only applies to disclosures to consumers, it does not apply to commercial relationships.
The first step is to provide the consumer certain required information about electronic records. Before obtaining the consumer’s consent, the Bank must inform the consumer, in a clear and conspicuous statement of:
- The consumer’s right or option to have the record provided on paper;
- The consumer’s right to withdraw consent;
- The consequences of withdrawing consent and any fees imposed in the event of withdrawal;
- The consumer’s right to request a paper copy of any electronic record and any fee for such copy; and
- Whether, if the consumer consents, the consent only relates to a particular transaction or whether it relates to identified categories of records that may be provided or made available during the course of the parties’ relationship.
Next, the disclosure must advise the customer how to withdraw consent at a later date and how to update the Bank if the consumer’s contact information, such as an email address should change. Finally, the disclosure must provide a description of the hardware and software requirements to access and retain electronic records.
After the consumer has been provided all of the required disclosures, the consumer must consent to receiving disclosures electronically. To assure a consumer can communicate electronically with the Bank, the E-Sign Act requires the method in which the consumer provides consent must reasonably demonstrate the consumer can access the information in the electronic form that will be used to provide the information subject to consent. There are many ways to demonstrate the ability to access the information, but it will come down to verifying the consumer’s ability based on how you are going to delivering the disclosures. The Bank should then retain any paper copy of the consent as well as well as evidence of the affirmative consent process.
After consent is obtained, the Bank may send electronic disclosures to their consumer customers in one of two ways; the push method or the pull method. Whichever method is used, the Bank has no responsibility to monitor whether the customer has opened the email or visited the location of the information. The Bank’s responsibility is to provide the information, but no more as the consumer has already demonstrated his/her ability to access the information through the consent process.
If, after obtaining a customer’s consent, there is a change in either the hardware or software requirements that create a material risk consumers will not be able to access or retain electronic records, the Bank is required to notify the consumer of the change in the new hardware and software requirements, the right to withdraw consent without the imposition of any condition, consequence or fee; and obtain a new consent from the consumer. (February 2019)
Question: If a consumer has agreed to receive electronic delivery of periodic statements, yet wants to receive a duplicate, hard copy statement, may we charge a fee for the duplicate statement?
Answer: There is no prohibition in Reg. E or any other regulation to charge a customer a fee for delivery of a paper statement if the consumer has agreed to electronic delivery of the statement. However, there is an assumption in the regulatory discussion related to the interim rule that financial institutions will accommodate a consumer’s request for a paper copy, understanding that consumers who receive disclosures by electronic communication could experience computer or printer malfunctions. Keep in mind, if the bank chooses to impose a fee for paper copies of statements when customers have elected electronic delivery, Reg. DD requires such a fee to be disclosed in the Truth in Savings disclosures (see Reg. DD, Section 1030.4(b)(4)).
Question: Must the E-Sign agreement be delivered electronically (such as by viewing and accepting on a webpage) or can it also be agreed upon using a paper document?
Answer: The agreement can be delivered in paper format but the E-Sign Act requires the consumer to consent electronically in a manner in which the consumer can demonstrate their successful use of your e-delivery system. The consumer has to demonstrate that he/she can get the disclosures and display or print them in legible form.