Category: Financial Institutions and Banking

Categories
Financial Institutions and Banking

Maintaining Internal Controls in a Post-Pandemic Environment

Internal controls are the lifeblood of a bank’s risk management system. Weak or ineffective controls can lead to operational losses and expose a bank to a higher risk of fraud. As we continue to recover from the COVID-19 pandemic, banks need to assess the pandemic’s impact on their internal control systems and make appropriate adjustments.

Many banks continue to rely on remote workers, and it’s likely that many employees will continue to work remotely long after the pandemic is behind us. In addition, some banks are operating with reduced workforces. In this environment, maintaining key internal controls — segregation of duties, in particular — can be a challenge. In addition, as workers’ duties are adjusted to accommodate remote work and leaner staffs, these changes can inadvertently render some controls ineffective.

Evaluate the impact on segregation of duties

Segregation of duties is a simple yet powerful control that substantially reduces the risks of fraud and error. By assigning different people responsibility for authorizing or reviewing transactions, recording transactions and maintaining custody of assets, a bank makes it virtually impossible for a single employee to perpetrate a fraud or make an error and conceal it. If workforce changes reduce segregation of duties, they can significantly weaken a bank’s internal controls.

Consider this example: ABC Bank has been operating with a reduced staff since early in the pandemic. As lending activity has increased, its staff has struggled to keep up with the growing volume of loan applications. To avoid falling behind, the bank provides Jane Doe, its vice president for loan servicing, with the ability to record transactions on the bank’s loan system. Because Jane is also responsible for reviewing loan file maintenance changes, she now lacks independence with respect to her review of loan file maintenance reports. In other words, the duties associated with recording and reviewing transactions are no longer segregated.

How can your bank avoid this situation? When employees’ operational responsibilities change, it’s important to evaluate any potential conflicts of interest with employees’ existing review responsibilities.

Digital approvals: Handle with care

A byproduct of the remote work environment is that reviewers may sign off on transactions via email or by typing their initials on an electronic document. This can be risky, as virtually anyone can enter the reviewer’s initials.

One solution is to use a digital signature platform, which requires the reviewer to enter a username and password. It also incorporates other protections to verify the signer’s identity and otherwise ensure the integrity of the approval process.

Review your controls

These are just a few examples of how a changing work environment can affect a bank’s internal control systems. The consequences aren’t always obvious, so be sure to review your internal control policies and procedures and conduct a risk assessment to anticipate the full impact of contemplated changes. Also consider implementing or strengthening other types of controls — such as surprise audits, management or director oversight, mandatory vacations, job rotation, employee support programs and fraud training — to help compensate for a lack of segregation of duties and other internal control weaknesses.

©2021

Categories
Financial Institutions and Banking Financial News Henderson, KY Henderson, TN Jackson, TN Martin, TN Memphis, TN Milan, TN Murray, KY Nashville, TN Owensboro, KY Paris, TN Trenton, TN Tupelo, MS Union City, TN

Keep Your Customers Satisfied

Over the past few years, community banking has withstood rapid technological changes, unprecedented economic challenges during a pandemic and new demands from its customer base. To maintain profitability amidst all this turmoil, you need to ensure that your bank retains its existing customers. After all, studies show that attracting a new customer typically costs five times more than retaining an existing one.

Here are three fundamental questions to help improve customer satisfaction and, ultimately, retention.

  1. What’s your core deposit base?

A good first step is to identify your core deposits and develop an understanding of customer behaviors. Differentiate loyal, long-term customers from those motivated primarily by interest rates. A core deposit study can help you distinguish between the two types of depositors and predict the impact of fluctuating interest rates on customer retention. Banking regulators strongly encourage banks to conduct these studies as part of their overall asset-liability management efforts.

Core deposit studies assess how much of your bank’s deposit base is interest-rate-sensitive by examining past depositor behavior. They also look at factors that tend to predict depositor longevity. For example, customers may be less likely to switch banks if they have higher average deposit balances and use multiple banking products (such as checking and savings accounts, mortgages and auto loans).

  1. How can you get to know your customers better?

To build customer loyalty, it’s critical to ensure that customers are engaged. According to research by Gallup, engaged customers are more loyal, and they’re more likely to recommend the bank to family and friends. They also represent a bigger “share of wallet” (that is, the percentage of a customer’s banking business captured by the bank).

Recent retail banking studies show that fewer than half of customers at community banks and small regional banks (less than $40 billion in deposits) are actively engaged. The percentages are even smaller at large regional banks (over $90 billion in deposits) and nationwide banks (over $500 billion in deposits). That’s the good news. The bad news is that 50% of customers at online-only banks are fully engaged.

So, how can community banks do a better job of engaging their customers to compete with online banks? The answer lies in leveraging their “local touch” by knowing their customers, delivering superior service, and providing customized solutions and advice. To do that, banks must ensure that their front-line employees — tellers, loan officers, branch managers and call center representatives — are fully engaged in their jobs.

Encouraging employees to engage with customers has little to do with competitive salaries and benefits. Rather, it means providing employees with opportunities for challenging work, responsibility, recognition and personal growth.

  1. How can you develop your online presence?

An increasing number of customers — younger people in particular — use multiple channels and devices to interact with their banks. These include online banking, mobile banking applications and two-way texting.

To build loyalty, banks should enable customers to use their preferred channels and ensure that their experiences across channels are seamless. And don’t overlook the importance of social media platforms. Younger customers are more likely to use these platforms to recommend your bank to their friends and families.

Ask the right questions

Your customer retention strategies shouldn’t be based on guesswork. Consider periodically engaging with customers concerning their level of satisfaction with your current systems and processes. Ask what they’d like to see improved. A brief survey, or even a short conversation, can provide valuable input on ways to keep your customers satisfied with your bank’s services over the long term.

©2021

Categories
Financial Institutions and Banking Financial News

Is Your Bank in Compliance?

The Dodd-Frank Act gives the Consumer Financial Protection Bureau (CFPB) broad authority to prosecute unfair, deceptive or abusive acts or practices (UDAAP) by banks and other financial providers. Early last year, the CFPB announced a new policy that gave institutions a reprieve from UDAAP enforcement actions. But in March 2021, it rescinded this policy, signaling a return to more aggressive enforcement.

UDAAP refresher

During the COVID-19 pandemic, many banks have changed the way they do business — for example, by reducing lobby hours, closing branches, and relying more on mobile banking apps and online transactions — and many of these changes may be here to stay. So, given the CFPB’s more aggressive enforcement stance, it’s a good idea for banks to review their UDAAP compliance policies and update them to reflect current business practices.

One reason UDAAP might be problematic is that its restrictions are quite broad and, in some cases, vague. Generally, an act or practice is unfair if it causes, or is likely to cause, substantial injury to consumers and such injury isn’t reasonably avoidable. Deceptive acts or practices are those that mislead or are likely to mislead consumers, provided the consumer’s interpretation is reasonable under the circumstances and the act or practice is material.

An act or practice is abusive if it materially interferes with a consumer’s ability to understand a product or service’s terms or conditions. Alternatively, abusive acts or practices may take unreasonable advantage of consumers’ 1) lack of understanding, 2) inability to protect their interests, or 3) reasonable reliance on banks to act in their interests.

CFPB guidance provides a nonexhaustive list of examples of conduct that may, depending on the facts and circumstances, constitute UDAAPs. They include:

  • Collecting or assessing a debt or additional amounts in connection with a debt (for example, interest, fees or charges) not expressly authorized by the agreement or permitted by law,
  • Failing to credit a consumer’s account with timely submitted payments and then imposing late fees,
  • Taking possession of property without the legal right to do so,
  • Revealing the consumer’s debt, without consent, to the consumer’s employer or coworkers,
  • Falsely representing the character, amount or legal status of the debt, and
  • Threatening any action that isn’t intended or authorized, including false threats of lawsuits, arrest, prosecution or imprisonment for nonpayment of debt.

Certain misrepresentations also may qualify as UDAAPs. For instance, a bank can’t falsely claim that a debt collection communication is from an attorney or government-affilitated source. Banks also can’t lie about whether information about a payment or nonpayment would be furnished to a credit reporting agency — or falsely promise to waive or forgive debts if consumers accept a settlement offer.

COVID-related updates

The COVID-19 pandemic has caused most businesses, including banks, to change the way they do things — so now’s a good time for a review. For example, have you permitted borrowers to skip loan payments under certain circumstances? Will that policy continue even after the pandemic ends? If so, you need to ensure that your policy is designed and communicated in a manner that isn’t unfair, deceptive or abusive to your customers.

During the pandemic, many banks have relied more heavily on electronic transactions in light of social distancing guidelines, a practice that may continue post-pandemic. If your bank permits customers to receive disclosures and other documents electronically, be sure that your policies and practices are fair, clearly communicated and don’t negatively impact customers without access to the necessary technology.

Even physical access and security practices may raise UDAAP concerns. For example, could reducing branch hours be perceived as unfair or abusive to specific customers? And what about masks or other face coverings? Ordinarily, banks prohibit them. But by necessity, exceptions have been made pursuant to mask mandates during the pandemic. In the absence of a mandate, what will your bank’s policy be going forward? Will you require customers to remove their masks, even if they’re at higher risk or simply feel more comfortable wearing one? Whatever your policy, it should be carefully designed and communicated to avoid UDAAP issues.

Training is key

Any time a bank changes its business practices or establishes new ones, it’s important to evaluate whether those changes raise UDAAP concerns. Even if your policies are fair on paper, they can still trigger UDAAP liability if they’re not put into practice properly. So be sure that bank staff or other representatives are adequately trained.

To ensure that your bank is still compliant after all of the recent changes, contact one of our financial institution experts today.

 

CFPB renews focus on UDAAP enforcement

In January 2020, the Consumer Financial Protection Bureau (CFPB) issued a policy statement providing some relief to banks for unfair, deceptive, or abusive acts or practices (UDAAP). Pursuant to the statement, the CFPB said it wouldn’t challenge conduct as abusive unless the harm to consumers outweighed the benefits. It also pledged to end “dual pleading” — that is, charging a bank with both abusiveness and unfairness or deception based on the same conduct — and to refrain from seeking monetary relief when a bank made a good-faith effort to comply with the law.

In March 2021, the CFPB rescinded the policy statement, finding it inconsistent with the CFPB’s mission. Going forward, it will exercise the “full scope” of its enforcement authority, although it will consider good faith and other relevant factors in using its prosecutorial discretion.

©2021

Categories
Financial Institutions and Banking

ALTA Best Practices Certification Services

Banks and mortgage lenders are under increased pressure by regulators to protect their customers’ non-public personal information (NPI)—especially within the context of their relationships with third-party vendors, including title  companies  and  attorneys.  This  pressure  has  resulted  in  lenders conducting due diligence on title companies and attorneys. The means of approaching due diligence has been inconsistent within the industry, with some  lenders  asking  vendors  to  complete  questionnaires,  others  asking vendors to submit their policies and procedures and still others conducting interviews  and  on-site  visits.  Lenders  have  struggled  to  find  the  “right” solution to conduct this due diligence.

The American  Land  Title Association  (ALTA)  responded  to  this  industry concern by developing a Best Practices Framework (ALTA Best Practices or the Best Practices). By choosing to pursue ALTA Best Practices, a title company or attorney can demonstrate to its mortgage lenders, underwriters and customers that it is following the industry’s established practices. This demonstration extends  beyond just  the protection of NPI.  As lenders have learned about the Best Practices, this guidance has quickly become their preferred method of conducting CFPB due diligence.

The Best Practices include seven areas of guidance known as pillars:

  • Licensing
  • Escrow Accounting Procedures
  • Privacy & Information Security
  • Settlement Procedures
  • Title Policy Production & Delivery
  • Professional Liability Insurance Coverage
  • Consumer Complaints

When  a  company  elects  to  pursue  Best  Practices,  it  must  first  develop policies and procedures to address each of the seven pillars. Once an organization has fully implemented its ALTA-compliant policies and procedures, it can then elect to work toward becoming certified. The certification must be performed  by  a  qualified,  independent  third  party  that  evaluates  the  title company’s compliance with its Best Practices policies and procedures.

ATA assists clients with:

  • The development of policies and procedures consistent with ALTA Best Practices.
  • Evaluation of previously prepared policies and procedures for compliance with the seven pillars of the Best Practices Framework.
  • Certification by providing an independent assessment of your organization’s operational processes, written policies, & procedures.

 

Contact partner and financial institutions expert Jack Matthis, CPA, CBA today at jmatthis@atacpa.net or by calling (731) 686-8371.

Categories
Financial Institutions and Banking

Bank Wire

CAA provides COVID-19 relief for banks

The Consolidated Appropriations Act (CAA), passed in late December 2020, contains a variety of COVID-19 relief provisions, including a second round of stimulus payments to individuals, enhanced unemployment benefits, and expansion of the Paycheck Protection Program (PPP). The act also offers some bank-specific relief. For example, it:

  • Delays the compliance deadline for the current expected credit loss (CECL) accounting standard until the earlier of 1) the first day of the bank’s fiscal year that begins after termination of the COVID-19 public health emergency, or 2) January 1, 2022; and
  • Extends the time during which banks may elect to temporarily suspend troubled debt restructuring (TDR) accounting for certain COVID-19-related loan modifications until the earlier of 1) 60 days after the public health emergency ends, or 2) January 1, 2022.

It also establishes a $9 billion fund to provide low-cost, long-term capital investments to qualifying banks. To qualify, they need to be community development financial institutions or minority depository institutions.

SBA guidance on PPP loans

After the CAA authorized “second-draw” forgivable PPP loans, the Small Business Administration (SBA) and Treasury Department issued rules for these loans. Among other things, the rules clarify that: the SBA will guarantee 100% of second-draw loans; no collateral or personal guarantees will be required; the interest rate will be 1%, calculated on a noncompounding, nonadjustable basis; maturity will be five years; and all loans will be processed by lenders under delegated authority.

It may rely on borrower certifications to determine the borrower’s eligibility and use of loan proceeds. (Note: The borrower must substantiate compliance with eligibility requirements by the time they submit a forgiveness application.)

Simplified PPP forgiveness application

The CAA simplifies the forgiveness application for businesses that borrow less than $150,000. These borrowers will submit a one-page application that includes the total loan value, the estimated portion of the loan spent on payroll, and the number of employees retained as a result.

Fintech partnership guide

Community banks are increasingly partnering with “fintech” companies to offer their customers access to the latest banking technology tools. But these partnerships are fraught with practical and regulatory compliance challenges. Recently, a member of the Federal Reserve Board announced that the Fed would work with other banking agencies to develop a fintech vendor due diligence guide for community banks as well as enhanced interagency guidance for third-party risk management. This guidance is expected to “eliminate the need for community banks to navigate multiple supervisory guidance documents on the same issue” and “enhance clarity on supervisory expectations for community bank partnerships with fintech companies.”

 

©2021

 

Categories
Financial Institutions and Banking

Online Account Opening: Managing the Risk

In recent years, banking customers have increasingly relied on electronic banking tools to open accounts, make deposits, transfer funds and otherwise manage their money — and the COVID-19 pandemic has accelerated this trend. All of these activities increase an institution’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance risks, particularly the opening of online accounts. So, while offering these conveniences can be attractive to current and prospective customers, you’ll need to implement policies, procedures and controls to mitigate the risk.

Recognizing risk factors

In its BSA/AML Manual, the Federal Financial Institutions Examination Council (FFIEC) emphasizes that accounts opened online — that is, without face-to-face contact — pose a greater risk for money laundering and terrorist financing because:

  • It’s more difficult to positively verify the applicant’s identity,
  • The customer may be outside the bank’s targeted geographic area or country,
  • Customers — particularly those with ill intent — may view online transactions as less transparent,
  • Transactions are instantaneous, and
  • Online accounts may be used by a “front” company or unknown third party.

In light of this enhanced risk, the FFIEC cautions banks to consider how an account was opened as a factor in determining the appropriate level of account monitoring.

Minimizing risks

To reduce the risks associated with online account opening, banks should develop an effective customer identification program (CIP) and ongoing customer due diligence (CDD) processes as part of a robust, risk-based BSA/AML compliance strategy.

To comply with CIP requirements, an individual opening an account must provide, at a minimum, his or her name, date of birth, address and taxpayer identification number (or other acceptable identification number for non-U.S. persons). In addition, if an account is opened for a legal entity — such as a corporation, partnership or LLC — the bank must verify the identities of the entity’s beneficial owners.

Verifying applicants’ identities

A significant challenge in electronic banking is verifying the identity of someone opening an account online (including a person opening an account on behalf of a legal entity). For in-person transactions, bank personnel often examine identification documents, such as driver’s licenses or passports, but this may not be possible for accounts opened online.

For online transactions, banks should develop reliable nondocumentary methods of verifying an individual’s identity. These may include comparing the information provided at account opening with information from a credit reporting agency, public database or other source. They also may include contacting the person (for example, calling them at work or sending them a piece of mail they must respond to), checking references with other financial institutions, obtaining a financial statement, or asking “out of wallet” questions, such as previous addresses, former employers or mortgage loan amounts.

The bank should develop alternate or backup verification methods for situations in which one of these methods fails. For example, if there’s an identification mismatch, the applicant may be required to bring identification in person to a bank branch.

In addition, as with accounts opened in person, the bank should check the person’s name against lists of known or suspected terrorists or terrorist organizations maintained by the Office of Foreign Assets Control. It’s also a good idea, for ongoing monitoring and CDD purposes, to collect information about the purpose of the account, the occupations of the account owners and the source of funds.

Due diligence

After an account is opened online and the applicant’s identity is verified, you’ll want to conduct ongoing customer due diligence. That means, among other things, monitoring account activity for unusual or suspicious activities.

©2021

Categories
Financial Institutions and Banking

Should your bank use third-party vendors?

In the uncertain economy resulting from the COVID-19 pandemic, community banks continue to streamline operations, improve efficiency and eliminate waste so that they can survive — and thrive. To help in this process, they’re increasingly turning to outside vendors to provide specialized services beyond the bank’s usual offerings. If your bank uses third-party vendors, though, you need to be aware of the ins and outs.

Evaluate liability

Outsourcing to a third party doesn’t relieve a bank from responsibility and legal liability for compliance or consumer protection issues. And as banks and vendors increasingly rely on evolving technologies to deliver products and services, their exposure to ever-changing cybersecurity risks demands constant vigilance.

Even if you have a solid vendor risk management program in place, you’ll need to review it periodically. Banking regulators expect your program to be “risk-based” — that is, the level of oversight and controls should be commensurate with the level of risk an outsourcing activity entails. But here’s an important caveat: That risk can change over time. Some vendors, such as appraisal and loan collection companies, have traditionally been viewed as relatively low risk. But in today’s increasingly cloud-based world, any vendor with access to your IT network or sensitive nonpublic customer data poses a substantial risk.

Assess risk

Here are some ways to review your vendor risk management program:

Conduct a risk assessment. Determine whether outsourcing a particular activity is consistent with your strategic plan. Evaluate the benefits and risks of outsourcing that activity as well as the service provider risk. This assessment should be updated periodically.

Generally, examiners expect a bank’s vendor management policies to be appropriate in light of the institution’s size and complexity. They also expect more rigorous oversight of critical activities, such as payments, clearing, settlements, custody, IT or other activities that could have a significant impact on customers — or could cause significant harm to the bank if the vendor fails to perform.

Thoroughly vet your service providers. Review each provider’s business background, reputation and strategy, financial performance operations, and internal controls. The depth and formality of due diligence depends on the risks associated with the outsourcing relationship and your familiarity with the vendor. If your agreement allows the provider to outsource some or all of its services to subcontractors, be sure that the provider has properly vetted each subcontractor. The same contractual provisions must apply to subcontractors and the provider should be contractually accountable for the subcontractor’s services.

Diversify vendors. Using a single vendor may provide cost savings and simplify the oversight process, but diversification of vendors can significantly reduce your outsourcing risks, particularly if a vendor has an especially long disaster recovery timeframe.

Ensure contracts clearly define the parties’ rights and responsibilities. In addition to costs, deliverables, service levels, termination, dispute resolution and other terms of the outsourcing relationship, key provisions include compliance with applicable laws, regulations and regulatory guidance; information security; cybersecurity; ability to subcontract services; right to audit; establishment and monitoring of performance standards; confidentiality (in the case of access to sensitive information); ownership of intellectual property; insurance, indemnification and business continuity; and disaster recovery.

Review vendors’ disaster recovery and business continuity plans. Be sure that these plans align with your own and are reviewed at least annually, and that vendors have the ability to implement their plans if necessary.

Monitor vendor performance. Monitor vendors to ensure they’re delivering the expected quality and quantity of services and to assess their financial strength and security controls. It’s particularly important to closely monitor and control external network connections, given the potential cybersecurity risks.

Conduct independent reviews. Banking regulators recommend periodic independent reviews of your risk management processes to help you assess whether they align with the bank’s strategy and effectively manage risks posed by third-party relationships. The frequency of these reviews depends on the vendor’s risk-level assessment, and they may be conducted by the bank’s internal auditor or an independent third party. The results should be reported to the board of directors.

Stay aware

Having a robust vendor risk management program in place at your bank is the key to benefiting from vendors’ specialized skills and abilities while avoiding legal and regulatory problems. We can help you stay on top of the latest regulations and rules pertaining to third-party vendor use.

©2021

Categories
Financial Institutions and Banking

5 Tips for Fair Lending Compliance

Community banks need to develop and follow fair lending practices; providing customers with nondiscriminatory access to credit is, of course, the right thing to do. What’s more, violations of fair lending laws and regulations can result in costly litigation and enforcement actions, hefty monetary penalties and serious reputational damage.

What are the laws?

The two primary fair lending laws are the Fair Housing Act (FHA) and the Equal Credit Opportunity Act (ECOA). The FHA prohibits discrimination in residential real estate-related transactions based on race or color, national origin, religion, sex, familial status (for example, households with one or more children under 18, pregnant women, or people in the process of adopting or otherwise gaining custody of a child), or handicap.

Similarly, the ECOA prohibits discrimination in credit transactions based on race or color, national origin, religion, sex, marital status, age (assuming the applicant has the capacity to contract), an applicant’s receipt of income from a public assistance program, or an applicant’s good faith exercise of his or her rights under the Consumer Credit Protection Act.

The Home Mortgage Disclosure Act (HMDA) requires certain lenders to report information about mortgage loan activity, including the race, ethnicity and sex of applicants. Finally, the Community Reinvestment Act (CRA) provides incentives for banks to help meet their communities’ credit needs.

How can you comply?

Here are five tips for developing an effective compliance program:

  1. Conduct a risk assessment. Conduct a thorough assessment to identify your bank’s fair lending risks based on its size, location, customer demographics, product and service mix, and other factors. This assessment can pinpoint the bank’s most significant risks. It also can reveal weaknesses in the bank’s credit policies and procedures and other aspects of its credit operations. It’s particularly important to examine the bank’s management of risks associated with third parties, such as appraisers, aggregators, brokers and loan originators.
  2. Develop a written policy. A comprehensive written fair lending policy is key to help minimize your bank’s risks. And by demonstrating your commitment to fair lending, this document can go a long way toward mitigating the bank’s liability in the event of a violation. The policy should cover all of the bank’s products, services and credit operations and provide details about which practices are permissible and which aren’t.
  3. Analyze your data. Analyzing data about your lending and other credit decisions is important for two reasons: First, it’s the only way to determine whether disparities in access to credit exist for members of the various protected classes. These disparities don’t necessarily signal that unlawful discrimination is taking place — but gathering this data is the only way to make this determination.

Second, lending discrimination isn’t limited to disparate treatment of protected classes. Banks are potentially liable under the FHA and ECOA if their lending practices have a disparate impact on protected classes. For example, a policy of not making single-family mortgage loans under a specified dollar amount may disproportionately exclude certain low-income groups, even though the policy applies equally to all loan applicants. Banks can defend themselves against allegations of discrimination based on disparate impact by showing that the policy was justified by business necessity and that there was no alternative practice for achieving the same business objective without a disparate impact.

  1. Provide compliance training. Even the most thorough, well-designed policy won’t be worth the paper it’s printed on unless you provide fair lending compliance training for bank directors, management and all other relevant employees (and evaluate its effectiveness). Indeed, lack of training is a red flag for bank examiners. (See “Discrimination risk factors” at X.)
  2. Monitor compliance. You’ll need to monitor your bank’s compliance with fair lending laws and promptly address any violations or red flags you discover. You can do this by, among other things, performing regular data analysis, monitoring and managing consumer complaints, keeping an eye on third-party vendors, and conducting periodic independent audits of your compliance program (by your internal audit team or an outside consultant).

Reduce your risk

Fair lending laws are complex, and guidance can sometimes be ambiguous. Although a full discussion of the subject is beyond the scope of this article, the five tips outlined here are a good start in helping you evaluate the effectiveness of your fair lending compliance program.

Sidebar: Discrimination risk factors

A useful source of guidance on fair lending compliance is the Interagency Fair Lending Examination Procedures used by federal financial agencies. Among other things, the guidelines list the following compliance program discrimination risk factors:

  • Overall compliance record is weak,
  • Legally required monitoring information is nonexistent or incomplete,
  • Data or recordkeeping problems compromise the reliability of previous examination reviews,
  • Fair lending problems were previously found in one or more products or subsidiaries, and
  • The bank hasn’t updated compliance policies and procedures to reflect changes in law or in agency guidance.

If any of these problems are present in your institution, it’s important to rectify them as soon as possible. That way, you’ll avoid penalties and at the same time contribute to fair lending practices.

©2021

Categories
Dyersburg, TN Financial Institutions and Banking Henderson, KY Henderson, TN Jackson, TN Martin, TN Memphis, TN Milan, TN Murray, KY Nashville, TN Owensboro, KY Paris, TN Tupelo, MS Union City, TN

Paycheck Protection Program – CARES Act Small Business Administration Loans

FOR IMMEDIATE RELEASE
Mark Puckett, CPA
info@atacpa.net

 

Paycheck Protection Program – CARES Act Small Business Administration Loans (Update)
We are releasing an update to our previous email. Due to the changing nature of the loan initiative discussed below, please contact your lender for the most up-to-date information.  
(April 1, 2020 | 8:45 p.m.) 

 

 

The Coronavirus Aid, Relief and Economic Security (CARES) Act was enacted March 27, 2020 and provides an unprecedented level of national emergency assistance for individuals, families and businesses impacted by the Coronavirus pandemic. The Act provides for a loan program that will be administered by the Small Business Administration (SBA) and provides up to $349 billion in loans to eligible borrowers with the express intention of motivating employers to retain and re-hire employees.
The Loan Program

Among the economic relief provisions of the CARES Act, the Paycheck Protection Loan Program establishes a loan regime that allows qualifying businesses negatively impacted by the Coronavirus pandemic to obtain loans through the SBA to fund a variety of qualified costs including:

  • Payroll costs
  • Continuation of health care benefits
  • Employee salaries and commissions for U.S. based employees (up to $100,000 per person)
  • Mortgage interest obligations (but not loan principal)
  • Rent
  • Utilities
  • Interest on any other debt obligations incurred before the covered period

Qualifying businesses can apply through banks that are already authorized to make loans under the SBA’s existing 7(a) loan program. The SBA and the Secretary of the Treasury will also extend eligibility to additional qualified lenders that do not currently participate in such program. Repayment of a Paycheck Protection loan may be fully or partially guaranteed by the SBA. Neither the SBA nor any participating lenders will charge fees to the borrowers.
Eligibility

Borrowers with 500 or fewer employees (or a greater number based on the size standard applicable to the industry) may be eligible:
  • For-profit businesses of all types, including self-employed individuals, independent contractors and sole proprietorships
  • Nonprofit organizations exempt under Section 501(c)(3)
  • Veterans organizations
  • Tribal businesses

The Act contains exceptions to standard SBA rules that relax eligibility restrictions for certain covered entities such as businesses in the accommodation and food service industry (NAICS 72) that have less than 500 employees per physical location. Other exceptions include franchises assigned a franchise identifier code and businesses licensed under Section 301 of the Small Business Investment Act.
Loan Amount & Terms

The maximum loan amount permitted for an eligible borrower is equal to the lesser of 2.5 times the average monthly payroll costs incurred in the one-year period before the loan is made (except for seasonal employers and employers not in business between February 15, 2019 and July 30, 2019), or $10,000,000.

Loans are available for an amortizing term of up to 2 years at 0.5 percent interest.  The SBA will direct lenders to defer payment of both principal and interest for a minimum of 6 months and up to a maximum of 12 months.  Borrowers will not be required to pledge any collateral or provide personal guarantees to secure the loans.
Loan Forgiveness

Borrowers will be eligible for loan forgiveness equal to the amount spent by the borrower during an 8-week period following the loan disbursement actually spent on rent, payroll and benefit costs, utilities and mortgage interest.

The loan forgiveness amount is subject to reduction if the borrower terminates employees or reduces employee salaries and wages during the 8-week forgiveness period.  Reductions in workforce, salaries and wages that occur from February 15, 2020 to April 26, 2020 will be disregarded for purposes of reducing the forgiveness amount so long as the reductions are eliminated by June 30, 2020.

Borrowers who satisfy the requirements for loan forgiveness will be able to exclude the forgiveness amount from taxable income.
Continue to monitor ATA’s COVID-19 resource page for more information. Please know that we continue to be here to partner with you and amplify your business. 
Categories
Dyersburg, TN Financial Institutions and Banking Henderson, KY Henderson, TN Jackson, TN Martin, TN Memphis, TN Milan, TN Murray, KY Nashville, TN Owensboro, KY Paris, TN Trenton, TN Tupelo, MS Union City, TN

Six Key Cybersecurity Controls that are Critical to Banks

Cybersecurity risk heightened with bank wiring
The OCC and FDIC recently issued an interagency statement on heightened cybersecurity risks, prompted in part by a warning from the Department of Homeland Security of potential cyberattacks against U.S. targets because of increased geopolitical tension. The statement reminds banks not only to implement and maintain effective preventive controls, but also to prepare for a worst-case scenario by maintaining sufficient business continuity planning processes for the rapid recovery, resumption and maintenance of the institution’s operations.
The statement describes six key cybersecurity controls that are critical to protecting banks from malicious activity:
  1. Response, resilience and recovery capabilities,
  2. Identity and access management,
  3. Network configuration and system hardening (that is, modifying settings and eliminating unnecessary programs to minimize security risks),
  4. Employee training,
  5. Security tools and monitoring, and
  6. Data protection.
For a detailed discussion of these controls, you can read the statement at https://www.fdic.gov/news/news/financial/2020/fil20003.html.
OCC Annual Report emphasizes BSA/AML risk
The OCC recently issued its 2019 Annual Report. The report warned that compliance risk related to Bank Secrecy Act/anti-money laundering activities remained high last year. It encouraged banks to implement BSA/AML risk management systems commensurate with the risk associated with their products, services, customers and geographic footprint. Noting that BSA/AML compliance remains a priority, the OCC outlined recent guidance that embraces using innovative technologies to meet these compliance obligations. The agency also encourages community banks with lower BSA risk profiles to reduce costs and increase operational efficiency by sharing BSA compliance-related resources.
Debt collection: Handle with care
A recent federal court case, Hackler v. Tolteca Enterprises Inc., illustrates the importance of carefully following the Fair Debt Collection Practices Act (FDCPA). In that case, a collection agency sent a letter to a debtor attempting to collect a debt. It stated, “If you dispute the validity of this debt within 30 days, from receipt of this notice, we will mail verification of the debt to you. If you do not dispute the validity of this debt within 30 days, from receipt of this notice, we will assume it is valid. At your request, we will provide you with the name and address of the original creditor if different from the current creditor.”
Because the letter failed to specify that the debt must be disputed, and the request must be made “in writing,” as required under the statutory notice requirements, the U.S. District Court for the Western District of Texas found the defendant liable for violations of the FDCPA.
© 2020