A new year, and many things old are new again, including the Dodd-Frank Act (DFA); data privacy; Community Reinvestment Act (CRA); Unfair, Deceptive, or Abusive Acts or Practices Act (UDAAP); and beneficial ownership disclosure. There’s new activity, too, including calculating, disclosing and implementing fees on accounts.
In late 2023, the Federal Reserve, Federal Deposit Insurance Corporation (FDIC) and Office of the Comptroller of the Currency (OCC) announced a final CRA rule. While it was a long time in the making and compliance dates are staggered, banks will be challenged in 2024 to analyze the changes made to the framework and begin preparations for the final rule’s implementation.
“In many areas of regulation, we are seeing changes and uncertainty around data collection,” says Jenna Burke, ICBA executive vice president, general counsel, government relations and public policy. “The CRA requires banks to collect a lot of data, and with the new interagency rule now finalized, banks will be subject to a new framework for the first time in decades.
“The CFPB’s final rule implementing Section 1071 of the DFA is on the horizon but subject to uncertainty and legal changes,” she adds. “We may see the Supreme Court publish an opinion in 2024 on the constitutionality of the CFPB’s funding structure that could have a far-reaching effect on the 1071 and other CFPB rulemakings.”
Responsibilities for banks in 2024
Proposed rulemaking on Dodd-Frank Section 1033 for a customer’s access to their financial data is in play. Comments are due at the end of January, and the regulators will review the feedback to develop a data collection framework going into 2024.
“It’s important to remember that community banks must continue beneficial ownership data collection as it stands unless rules are published that would change requirements.”
—Rhonda Thomas-Whitley, ICBA
The Corporate Transparency Act requires businesses to report ownership data directly to FinCEN, notes Rhonda Thomas-Whitley, ICBA senior vice president and senior regulatory counsel. “It’s important to remember that community banks must continue beneficial ownership data collection as it stands unless rules are published that would change requirements.
“We do have concerns that FinCEN will require banks to help fulfill FinCEN’s statutory duties,” she adds.
A continued focus on fees is likely in 2024, and community banks should watch how the regulatory agencies are treating them. Banks must remain attentive to that and be prepared to respond with comments, especially once proposed rulemaking on overdrafts has been announced.
“We’ve seen evidence that UDAAP/UDAP is being used by regulators to cite banks for assessing legally and clearly disclosed fees on consumer-demanded products and services,” says Thomas-Whitley.
“Disclosures may be timely, accurate and complete, but regulators have made clear that UDAAP/UDAP violations may be cited because it’s perceived that the consumer did not have the opportunity to reasonably avoid harm.”
The community bank view
Community bankers are staying nimble to address the evolving regulatory landscape. “I had three main compliance issues for 2024,” says Tim Grooms, vice president and chief risk officer for $922 million-asset First State Bank headquartered in Winchester, Ohio.
“One is Section 1071. We worked with our vendor for HMDA and CRA data collection, scrubbing and reporting,” he says. “We feel ready to turn on the module to begin testing when the time comes, and we’ve begun working on loan operations systems. We’ve already done some training and combined it with CRA training to help prepare our staff.”
Some of the federal regulators have had UDAAP findings due to nonsufficient funds (NSF) fees, and Grooms is closely watching the issue of those and “junk” fees. “We’ve had an overdraft program for some time,” he says. “We’ve now re-disclosed the fee schedule to all our customers and added language in bold font that we would charge a fee on a represented item; however, disclosure alone may not now be sufficient to protect the bank from UDAAP violations.
“We feel confident about our compliance with the beneficial ownership rule from FinCEN so far,” he adds. “What is still in question is FinCEN’s database development, having businesses submit registrations to them directly after Jan. 1 of 2024 and then the bank’s responsibilities.”
Jamie Santistevan, senior vice president of risk and compliance for $273 million-asset Native American Bank, N.A., is staying alert to support risk management and compliance. “First, we’re watching changes to the beneficial ownership reporting rules from FinCEN,” he says. “We’re concerned about a lack of specific guidance to both banks and businesses clarifying data collection and reporting requirements.”
The Denver-based community bank is staying focused on cybersecurity and third-party risk management. “We also strive to smoothly orchestrate change management,” he adds, “whether that would be changes to our management team, operations, the risk management framework or business activities.”
Santistevan notes there’s concern surrounding the uncertainty about data collection for Section 1071 implementation. “We’re geared up and ready from the application and software standpoints for what we know now,” he says.
“Section 1033 to require banks to provide customers with their financial data in a specific digital format could be a challenge to operational capabilities and cost management. Larger institutions may be able to absorb those changes and costs much more easily than smaller institutions.”