The following is a brief, and by no means complete, list of the major topics preoccupying compliance officers at financial institutions, large and small. While these regulations include those that affect all companies and those that only affect certain lines of business in banks, they all have one thing in common-the IT department will have to get involved.
USA PATRIOT ACT
Starting Oct.1, 2003, banks will have to implement Customer Identification Programs (CIP) that use "reasonable procedures" to defend against the use of the financial system by terrorist organizations. Banks must now verify new accountholders, maintain records of the information used to verify identity at the time, and screen new customers against a watch list of known and suspected terrorists.
EQUAL CREDIT OPPORTUNITY ACT (REGULATION B)
An amendment would permit non-mortgage lenders to collect information about the personal characteristics of their borrowers (e.g., national origin, marital status, religion, race, age, etc.) in order to perform self-assessments of their compliance with the Equal Credit Opportunity Act. The information so gathered must be kept confidential and used strictly for this purpose.
HOME MORTGAGE DISCLOSURE ACT (REGULATION C)
Most lenders must report detailed data about the loan applications, originations and refinancing business that they conduct. HMDA requires lenders to report information about the borrower, the property, the application and the outcome of the transaction. Starting next year, most lenders will also have to report the difference between the Annual Percentage Rate (APR) of each loan and the rate of a comparable Treasury security. Loans exceeding a certain threshold fall under the Home Ownership and Equity Protection Act.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACT ACT)
The bill would establish national, uniform standards for credit, along with required practices to cope with the growing problem of identity theft. What's more, the FACT Act would remove the uncertainty involved with the sunset provisions of the Fair Credit Reporting Act (FCRA). If FCRA were allowed to expire, banks would face the burden of having to comply with privacy laws on a state-by-state basis. That would jeopardize the ability for a financial holding company to share information about its customers among its subsidiaries.
SECURITY BREACH DISCLOSURES
California SB 1386, a state law with national implications, requires companies with even a single California customer to report any breach of personal data to the affected parties, or be subject to civil penalties. Moreover, Sen. Dianne Feinstein (D-CA) has proposed similar legislation in Congress.
Officers at all public companies, including financial institutions, have to provide increased disclosure to shareholders as a result of the Sarbanes-Oxley Act. The first stage was certification of annual reports. Coming soon: Section 404, an "internal control report" that certifies the procedures used to ensure effective financial reporting. While there's some overlap with what's already required of banks, there are some new wrinkles.
BASEL II ACCORD
The ability to manage operational risk will soon have a reward: lower reserve requirements. Under the proposed Basel II Accord, banks that can justify their operational risk management practices to national regulators will be able to gain an advantage over institutions that cannot meet a similar hurdle. That's a solid incentive to come up with ways to measure and manage the risks involved with doing business.