Banks today face many risks – credit risk, operational risk, liquidity risk – many of which are managed by well-trained individuals specializing in a given area of concern. The same is true of compliance risk, which is generally the responsibility of the bank’s compliance manager and which may involve the bank’s legal counsel or a third-party provider. But achieving consistent satisfactory compliance results requires that all bank personnel have a basic understanding of the main consumer protection statutes and the related “alphabet” regs that are the foundation of regulatory compliance. Some of the primary consumer regulatory laws – and the issues we often see – are discussed below by Davenport Evans lawyer Dixie K. Hieb.
The Truth in Lending Act (TILA) is intended to ensure that credit terms are disclosed to consumers in an understandable way. Regulation Z, its implementing regulation, serves as the basis for consumer disclosures for open-end and closed-end loan products, such as credit cards, home equity lines of credit, student loans, and residential mortgage loans. Regulation Z also includes restrictions and requirements in connection with advertising consumer credit.
- Compliance Concerns: Correctly characterizing open-end versus closed-end credit products, meeting the technical timing requirements for disclosures, accurately calculating APR disclosures, and ensuring advertising of all kinds meets the requirements.
The Equal Credit Opportunity Act (ECOA) prohibits discrimination on the basis of race, color, religion, national origin, sex, marital status, age, or receipt of public assistance. Its implementing regulation, Regulation B, details the prohibitions on lending discrimination and lays out the parameters for responding to inquiries regarding loan eligibility, evaluating loan applications, and providing loan decisions and denials.
- Compliance Concerns: Documenting joint loan intent, requiring a guarantor, and obtaining a spouse’s signature. Two of the primary concerns under the ECOA and Regulation B are judgmental underwriting systems and the use of “secret sauce” algorithms in underwriting, each of which may lead to the denial of a loan application on a prohibited basis.
The Electronic Fund Transfer Act (EFTA) establishes the rights and responsibilities of consumers and banks in connection with electronic fund transfers, which include ACH transfers but do not include wires or checks. Regulation E, which implements the EFTA, provides disclosure requirements for recurring automated transfers from a consumer’s deposit account and for overdraft protection services.
- Compliance Concerns: Requiring payment by electronic fund transfer and failure to obtain consumer opt-in to overdraft protection services.
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to inform customers how they share customer information and to provide customers with certain opt-out rights. Regulation P, which implements the privacy provisions of the GLBA, sets forth the applicable disclosures in connection with obtaining, sharing, and retaining a customer’s nonpublic personal information.
- Compliance Concerns: Restricting in-house access to customer information, limiting and monitoring third-party use of customer information, updating privacy notices to reflect changes in information sharing, and an increased focus on international and state privacy laws.
The Fair Credit Reporting Act (FCRA) imposes requirements on credit reporting agencies and regulates the collection of consumer credit information and access to credit reports. Regulation V, which implements the FCRA, covers the use of consumer information for affiliate marketing, the duties of furnishers of information to credit reporting agencies and of users of consumer reports, and the disclosure requirements in connection with risk-based pricing.
- Compliance Concerns: Accurate reporting to consumer reporting agencies, permissible uses of consumer reports, and responses to consumer claims of inaccurate reports or identity theft.
Other key compliance laws and regulations include the Telephone Consumer Protection Act (TCPA), which restricts the use of autodialers and prerecorded messages in calling consumers; the Sailors Civil Relief Act (SCRA) and the Military Lending Act (MLA), which add both substantive and disclosure requirements for lending to servicemembers; and (when you think you have it all covered) the FTC Act and the Dodd-Frank Act, both of which address unfair, deceptive, or abusive acts or practices (UDAAP).
Between statutory acronyms and issued regulations, almost no letter of the compliance alphabet is left behind. Ongoing training and the support of a bank’s board and its management are keys to achieving regulatory compliance success. The banking attorneys at Davenport Evans have expertise in all areas of regulatory compliance and stand ready to help you with compliance training and the technical compliance issues your bank may face.