Dealing with CFPB growing pains
Kate Larson, Regulatory Counsel, Consumer Bankers Association
2015 will solidify what the leading banks already know: Compliance is key. With the Consumer Financial Protection Bureau paving the way, banking regulators are expected continue to seek out the CFPB-designated Four Ds: deceptive marketing, debt traps, dead ends, and discrimination. Given this focus, banks must ensure they (and their vendors) comply with regulations. Also, given the ever-present retailer data breaches, lawmakers will likely explore how to strengthen protections in the payment system, which may include a focus on mobile banking and emerging technologies.
Since Dodd-Frank, there is never a dull moment in the office. The CFPB is very much still in its adolescence and, as with any teenager, it is figuring out its role. Much of our time is spent trying to anticipate what product or service the CFPB will concentrate on next. Over the past couple months, we have been focused specifically on their complaint database proposal, Home Mortgage Database (HMDA) proposed rule, overdraft studies, and prepaid proposal.
We expect the CFPB to tackle overdraft, debt collection, payday lending, and arbitration in the first half of next year, and finalize the HMDA rule during the summer. In 2015, vendor management is going to be the name of the game. From data breaches to system implementation, to fair lending, all eyes are going to be on the vendors.
TILA/RESPA integrated disclosure implementation is going to be a headache in 2015. Despite their diligent efforts, many of our members are concerned their systems will not be ready by the August 2015 deadline because of the limited number of vendors in the market. We have voiced these concerns to CFPB Director Cordray, who said he is looking into the issue.
Once TILA/RESPA systems are installed, work will almost immediately need to begin on HMDA implementation. The magnitude of these changes is yet to be seen, but the addition of commercial loans and/or HELOCs will create an immense strain on the industry. This is not even mentioning the Dodd-Frank-mandated small business data collection process that is slated to begin the end of 2015. Last year, we sent the CFPB a whitepaper explaining the impact on the industry, and are actively engaging with the Bureau as they begin the rulemaking process.
Banks should try to stay one step ahead of deadlines and plan for regulatory changes before they occur. Although the August 2015 deadline seemed far off when the final TILA/ RESPA rule was released, implementation takes longer than expected and complications are bound to arise. This is why strong compliance departments are critical -- only then can banks stay ahead of the game and avoid last-minute stress.
Data: Common currency of the regulatory reform agenda
David Wright, Managing Director, Banking & Securities Regulatory Practice, Deloitte & Touche LLP
For financial institutions, 2015 promises to be yet another challenging year of ongoing financial reform implementation. Rather than facing new items on the regulatory agenda, institutions will focus on the continued build-out of the IT and risk-management infrastructure needed to meet the heightened expectations surrounding capital, liquidity, resolution plans, and compliance. At the same time, regulators will be placing even greater emphasis on improved governance that has adequate checks and balances and that reinforces an ethical and compliant culture. Institutions will also be expected to continue to upgrade their cyber security infrastructure and ensure that their financial reporting is accurate and true.
As financial reform efforts more fully mature, institutions are recognizing that the quick fixes and ad hoc approaches in the early years of reform implementation are in need of rationalization and automation for them to be sustainable on a business-as-usual basis. As regulators push for attestations on accurate and true reporting of regulatory reports and stress-test results, for example, institutions are recognizing that reducing the amount of manual processes and other areas prone to human error can save costs and improve accuracy and reliability over the long run.
Indeed, the common currency of the vast majority of the regulatory reform agenda is the availability and delivery of accurate data. For example, high-quality granular data is needed to deliver daily liquidity information and analytical reports that cover all of a firm's legal entities for both internal and regulatory purposes. The appropriate data feeds, often at the transaction level, are needed for the flexibility of aggregating credit risk exposures across the firm in myriad ways for the consumption of corporate risk, the board's risk committee, and regulatory bodies. Clearly, data and the related analytics are the essential ingredients to risk management and broader governance of 21st century financial institutions.
As firms enter the latter phase of reform implementation, they should reflect on whether their IT infrastructure and their data governance process are sufficiently robust to address the ever-escalating demands of risk professionals and the firm's regulators. Ultimately firms will need to shift their focus from just getting through the next 12 months to investing in infrastructure that can get them though the next five to ten years in a more sustainable, cost-effective, and reliable way.
There’s a huge price for non-compliance
Edward Kramer, Executive Vice President of Regulatory Affairs, Wolters Kluwer Financial Services
Implementing the new Truth-in-Lending Act and Real Estate Settlement Procedures Act (TILA-RESPA) integrated disclosure requirements that take effect August 1, 2015, represents one of the major compliance challenges for banks. The new rules extend far beyond mere cosmetic changes to two loan disclosure documents -- and at 1,888 pages, present unprecedented changes that will impact banks’ entire mortgage operations, including business processes, technology, policies and procedures, vendor relationships, employee readiness, and customer service. Failure to comply could result in significant fines and penalties costing thousands of dollars each day, as well as regulatory and reputational risks.
We will continue to see heightened regulatory focus on a number of fronts in 2015, ranging from increased scrutiny around mortgage-servicing rules and bank examinations, to the introduction of new HMDA data-collection requirements, to efforts to tamp down on discriminatory pricing in the indirect lending market, to the use of proxy methodology in adjudicating banks’ lending practices. Disparate impact is under review and being challenged in the courts. Cyber security will continue to be a contentious issue as banks contend that ultimate responsibility should rest with those companies where breaches occurred, rather than banks bearing the burden.
The public comment period around the CFPB’s new Home Mortgage Disclosure Act data collection requirements ended in late October 2014. Although 2015 will bring promulgation of the new rules, we don’t yet know the details or the amount of time banks have to prepare before requirements go into effect. What we do know is that the extent and breadth of additional data collection fields required will be significant, imposing added challenges on banks.
Regarding bank examinations, we anticipate heightened regulatory scrutiny with increased attention on the role a bank’s board of directors plays in overseeing compliance. Increasingly, examiners are monitoring to ensure that boards are fully involved, not only in the establishment, but also in the oversight of an organization’s compliance programs. For many the answer lies in automated compliance-management systems that deliver consistency, centralization, and visibility to compliance efforts, benefits that are as fully realized at the board level as they are by bank compliance officers.
Heightened emphasis on mortgage servicing and sub-servicing rules will continue -- the CFPB has been very demonstrative about its intent in this area. During 2015 we can expect continued changes in mortgage-servicing rules that will include new protections for surviving family members and other homeowners. Regulation in this area is an evolutionary process. Non-bank mortgage servicers are bracing for an onslaught of new capital recommendations from the Conference of State Bank Supervisors that could go beyond servicing to impact originations.
From the challenges of implementing the new TILA-RESPA disclosure rules to capturing new HMDA data requirements, growing compliance burdens will put new, additional pressures on banks’ operations and systems. The reality is that financial institutions today cannot adequately monitor, track, and report to regulators on their lending activities without sophisticated technological systems.
Only a few years ago, the compliance officer was on the hot seat when examination findings found gaps or other problems with a bank’s activities. Today, the chief information officer is every bit as accountable to and involved in ensuring the integrity and comprehensiveness of a bank’s array of lending programs. Either you must build the technology competency in-house to meet today’s regulatory requirements, or hire vendors or consultants to do it on behalf of your organization.
Given the Aug. 1, 2015, deadline for TILA-RESPA compliance, not only should you have a game plan at this point, but you should be well down the track in working with your in-house teams and vendors/consultants to implement the changes necessary to ensure readiness. We recommend that banks test their systems no later than May 1 to ensure readiness for the August deadline.
Finally, we encourage banks to build a thoughtful and comprehensive compliance strategy for 2015. The old mantra “an ounce of prevention …” will be fully relevant, as non-compliance increasingly is leading to severe monetary consequences that range from fines and penalties to harsh reputational and regulatory consequences.
Implications of a Republican Congress?
Paul Schaus, President and CEO, CCG Catalyst
Among the key regulatory issues banks will face in the coming year are Capital Planning, and what’s new on the regulatory front includes the January 1, 2015, final rule on Basel III Capital Framework and Standardized Approach for Risk-Weighted Assets, which is effective for all banks.
Republicans will control both the House and Senate in 2015, but with a Republican majority and a Democratic President in the White House, major changes to Dodd-Frank won’t happen, but some small changes are expected. For example, the Dodd-Frank provisions that require the Fed to establish standards for a bank holding company with at least $50 billion in assets might be raised to $100 billion or even $250 billion. This would help banks reduce burden since the banks under $250 billion are not as complex as the much larger national banks. The cost of compliance goes up by drastically when the current $50 billion limit is crossed.
The regulatory agencies are looking at consumer complaints as an indicator of bank compliance, to such things as the Dodd-Frank Act, the Consumer Financial Protection Bureau (CFPB), and Unfair Deceptive Abusive Acts and Practices (UDAAP) that are enforcing consumer protection with severe penalties and costly remediation. Banks are implementing technology to manage controls -- for example, in new product onboarding and sales practices.
To prepare for the new and changed regulations, I suggest that banks continue to stay on top of new regulation and its impact to the institution.
Peggy Bresnick Kendler has been a writer for 30 years. She has worked as an editor, publicist and school district technology coordinator. During the past decade, Bresnick Kendler has worked for UBM TechWeb on special financialservices technology-centered ... View Full Bio