The New Year in Regulation and Compliance
We expect to see a lot of changes due to the Consumer Financial Protection Bureau’s mortgage regulations coming in 2014, such as qualified mortgage rules, servicing requirements, appraisal requirements, and escrow exceptions. With many changes coming up in the next year, banks will have to review underwriting policies and look at what changes must be made to comply. They will also have to review and likely make changes
to their vendor contracts and policies for dealing with third-party partners.
The qualified mortgage rule in particular will be a major change because it will require more than just a simple adjustment to operations. The actual way that banks have been doing business will have to change. It’s definitely a big task in a short amount of time [the rule will go into effect in January]. We have asked the CFPB to extend deadlines for the requirements, but we have not received any feedback on that.
We will see more changes as the CFPB begins to look at other areas of lending. The hope is that there won’t be too many changes all at once, which can be hard for a smaller bank to absorb. When so many resources are dedicated to compliance, banks can’t direct those resources into their products and services, and it affects their day-to-day business.
In terms of how technology is evolving in compliance, there are two directions we’re seeing. Two years ago, regulators offered a supplemental guidance on data security that advised banks to treat business accounts differently from consumer accounts. The guidance said there needs to be multilayered security in place, with the ability to analyze behaviors and anomalies sitting behind the authentication capabilities.
The other direction is in dealing with third parties, which really hits close to home for community banks. Many of them rely heavily on third-party software and systems. We expect to see more regulatory scrutiny in this area. Community banks have traditionally used off-the-shelf compliance tools. That can ease the pain, but it is important that banks evaluate those solutions closely now.
Another trend we’re seeing is that regulators are seeking earlier input from stakeholders during the rule-making process. The development of the CFPB’s TILA-RESPA disclosure rules is a good example of that. The CFPB sought industry input throughout the rule-making process rather than waiting until the rule was imposed to get comments, so that extended outreach is a positive we hope will continue in the future.
Elizabeth Eugubrian and Cary Whaley, ICBA.
Lately I’ve been most focused on resolution planning [required by Dodd-Frank]. Guidance was issued in April [by the Federal Reserve and the Federal Deposit Insurance Corp.] for 2014 for plans around interconnectedness. Banks are trying to figure out what to do around that so they can maintain access to data and technology assets in case of a catastrophe. They’re going to have to look at their technology and data infrastructures to comply around operational interconnectedness.
Some banks are going to create additional regional entities to share data assets. Credit Suisse created two subsidiaries, one Swiss and one American, with shared servers. Banks will need to know where their critical data is and who owns the proprietary data. They need to figure out how to map all of the technology and data. Among top-tier banks, that will be a big challenge with organizational silos across borders and across different lines of business.
As resolution plans progress and grow well defined, these issues are going to come out. I don’t think regulators fully understood the complexity of the task outlined in the bill. If you can’t map the technology through the silos in your organization and how they service each other, you’re going to have a difficult time with compliance. Lehman [Brothers] couldn’t unwind because it gave away its technology and data assets. Banks have been doing things a certain way for a long time, and they’re going to have to look at themselves differently now organizationally.
FATCA (the Foreign Account Tax Compliance Act) will also be a big issue in the coming year. Some banks took some time off from dealing with FATCA as the rules were being finalized, but now they have six months to comply with the final deadline by July 1. That isn’t a lot of time for the necessary software development and figuring out where reporting will be going. There are a lot of details that still need to be sifted out.
Unfortunately there has been a trend in the regulatory sphere of regulators not working with each other at times. For instance, there have been competing priorities between US and UK regulators. The April guidance on resolution planning was a joint effort by the Fed and the FDIC, and we’re hoping to see more of that cooperation. That will help banks with the challenge of trying to stay ahead of the regulations.
Michael Bertran, Capco.
Many banks are setting aside all available spend to deal with compliance — we see that with a number of our large banking clients. There will be more coming from the CFPB, such as rules regarding unfair, deceptive, or abusive acts or practices, which cover everything from sales and marketing to disclosure practices. Responding to UDAAPs will be a big focus in 2014 and the years ahead because it’s so broad. Banks will have to put more controls
in the front office in selling, marketing, and the call center.
Compliance is no longer just a back-office function. Over the next three years banks will have to extend controls from the back office to the front office, with executive controls for higher-risk actions. It’s going to require a review of compliance functions and a revamp of operations from sales and marketing back to compliance.
It will be key to automate technology and controls to make compliance business as usual. Banks can’t just add compliance staff for each new regulation. They need rules that are driven by a system that can drive processes, so if they see a problem they take actions like setting limits or generating reports.
Banks are also starting to implement systems for FATCA. Along with “know your customer” requirements, FATCA’s rules will require banks to use technology in their onboarding process for compliance. We’re seeing big banks look at how they can use KYC and FATCA for a competitive advantage by collecting data during the onboarding process to build a 360-degree view of their customers. FATCA gives them the opportunity to look at their onboarding processes on a global scale. They can put in front-office controls that send disclosures in real time and improve both compliance and customer experience.
Executives are also going to need better controls going forward. When you look at the front-page headlines, more executives are being blamed for failures. They need greater levels of transparency to know what’s going on at the firm. They need to have a view of the potentially high-risk items and be able to take actions on those through dashboards. That will let them better manage the institution’s reputational risk.
Reetu Khosla, Pegasystems.
We have our eyes on a few things in the upcoming year. With FATCA coming up, tax evasion is going to be a big focus. The bad guys are going to continue to try to evade taxes and will have a strong connection to money laundering, which will still be pervasive. The EU is starting a tax-evasion initiative that piggybacks on FATCA and its requirements, so we expect more focus on regulations in this area.
Taxes are a new topic for banks to deal with in compliance. A lot of education needs to be done within organizations and between different teams on what’s required to comply. The tax departments and compliance teams need to communicate and share information. The tax departments need to put pressure on the relationship managers to provide tax ID numbers and passport numbers, and cross-check those with compliance teams for the new requirements.
We’re also looking at trade-based money laundering through shipments of goods. We’ve seen issues raised around chemical goods shipped to Syria. The UK has a list of more than 600 controlled goods; the US has a similar list. Banks need to understand those goods and the regulations around them when looking at trade finance opportunities. And they need to look out for trade-based money laundering.
If there’s a shipment of goods from China to the UK, does it have any illegal goods? Does it have additional goods dropped off in Iran? We have clients telling us they have a sanctions program in place, but they need advice on dealing with trade finance. Traditionally banks just ensured that documents were in place to issue credit, but now they have to be vigilant about these things. They need the ability to check against lists and understand who the shipper is, which relates to KYC. That will require consolidation of multiple systems that deal with multiple regulations.
Digital currency will also be a growing issue in 2014. There hasn’t been a lot of guidance issued yet. The number of Bitcoin transactions is still pretty infinitesimal, but it’s something to keep monitoring. More digital currencies are coming along, and we don’t know what impact they’ll have. The exchanges should be subject to anti-money-laundering laws.
Henry Balani, Accuity.
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio