What is on your plate? If you are the CFPB, you are busy trying to make a happy-go-lucky financial products and services industry. If you are the OCC, you are trying to ensure bankers understand BSA requirements; the Fed, well, you are trying to understand the impact of the repeal of its Regulation AA; FDIC, you are looking at ongoing education efforts on the criticality of third party relationships; and finally, and deserving of a gold star, if you are the NCUA, you have taken the first stand in responding to the FAST Act privacy notice delivery reprieve.
NCUA has notified its credit unions (CU-16-03) that NCUA examiners will only expect annual privacy notices to be provided if the credit union does not meet the new requirements provided under the Fixing America’s Surface Transportation Act (FAST Act), which amended certain GLBA requirements related to the delivery of annual privacy notices. As noted in prior Temenos articles, the annual privacy notice exception is available to certain financial institutions that have not changed their policies and practices for disclosing nonpublic personal information since they last provided an annual disclosure to consumers, provided that:
- The institution’s policies and practices have not changed since it provided its most recent privacy notice to consumers; and
- The institution does share nonpublic personal information with nonaffiliated third parties only in accordance with requirements for certain existing GLBA exceptions, including those related to:
- performing services for, or functions on behalf of, the institution, pursuant to a joint marketing agreement;
- administering, servicing, or processing a transaction a consumer requests or authorizes; maintaining or servicing certain consumer accounts; or performing securitizations, secondary market sales, or similar transactions; or
- other specified operational and legal purposes, including disclosure with the consumer’s consent or at the consumer’s direction and disclosure to protect the confidentiality and security of records related to the consumer, service, product, or transaction.
NCUA is working closely with the CFPB as the CFPB prepares amendments to the privacy regulations such as Regulation P and Regulation V. However, NCUA is acknowledging the statutory precedence during examinations beginning 2016, which, in turn, will alleviate both financial and personnel strains on its member institutions. Let’s hope the CFPB and other regulatory agencies offer such quick relief for all to partake.
The OCC’s recent bulletin, Process for Administrative Enforcement Actions Based on Noncompliance With BSA Compliance Program Requirements or Repeat or Uncorrected BSA Compliance Problems (OCC Bulletin 16-6), is also refreshing. Often BSA Officers have to battle with explaining the enforcement action process BSA deficiencies. The OCC has now provided guidance setting forth the general process to be followed in enforcement cases based on noncompliance with BSA compliance program requirements or repeat or uncorrected BSA compliance problems. The process in not cast in stone as situations may arise requiring immediate action, other when unusual or exigent circumstances are present, or there are intervening developments that require a different course of action. But now, institutions have a reference point, and the BSA Officer is no longer crazy.
The FDIC, Federal Reserve Board and OCC teamed up to issue a final rule increasing the number of small banks and savings associations eligible for an 18-month examination cycle rather than a 12-month cycle. The changes are intended to reduce regulatory compliance costs for smaller institutions, while still maintaining safety and soundness protections. Whew! Truly the kind of great news you want to hear when you are tackling HMDA, TRID, etc.
The good news is that a few things are now off your plate…HMDA is filed, TRID is trekking along, annual privacy notice may not have to be provided… So, keep getting those ducks in a row as we prepare for the next round of regulatory changes.