December has arrived, and with it, a new episode of Ncontracts’ Regulatory Brief, where we cover the latest regulatory news, trends, and updates from the past month.
This month we have a 1071 update, several fraud warnings, and a bunch of enforcement actions to discuss.
Looking for even more insights? Log into Ncomply for plain-English breakdowns of state and federal regulations, along with step-by-step implementation guides to keep your compliance program on track.
Implementation dates for the Consumer Financial Protection Bureau’s (CFPB) small business lending rule (Section 1071) remain on track. The U.S. Fifth Circuit Court granted an expedited appeal challenging 1071, it refused to temporarily stay the final rule’s compliance dates. Oral arguments are scheduled for February 2025.
Meanwhile, the CFPB released a study that found significant disparities in how lenders treat Black and White small business owners seeking loans. The research found that Black entrepreneurs received less encouragement to apply for a loan and were more frequently steered toward alternative loan products compared to White shoppers with similar or weaker business credit profiles.
What does this mean? Consider it a preview of what examiners and others will be looking for in 1071. The CFPB and Justice Department sent in secret shoppers to gather data and then analyzed it using the Matched-pair testing method that’s been used on residential mortgage loans data for years. Make sure you’re analyzing your 1071 data.
FinCEN warned it’s been seeing increased reports of fraud conducted with the aid of deepfakes (fake content created by generative AI). This includes fake drivers’ licenses, passports, photos and videos. The alert highlights red flags and tips for identifying AI-generated documents.
FIs often detect GenAI and synthetic content by conducting re-reviews of a customer’s account opening documents. FIs can also do reverse image searches to reveal faces created with GenAI. There are some third parties that can offer more advanced tech to identify deepfakes.
In related news, the California Department of Financial Institutions released an alert about a hacking technique that allows undetected intrusions into critical infrastructure. Make sure your CISO is aware of the “Volt Typhoon” Cybersecurity Threat Warning for Financial Institutions.
HUD extended the compliance date for the Modernization of Engagement with Mortgagors in Default final rule requiring mortgagees to conduct meetings with all mortgagors in default to July 1, 2025. Mortgagees must make two verifiable attempts to meet with a defaulted borrower.
Banking regulators won’t be releasing any new final rules until after the Trump administration begins in January. This will delay BASEL III Endgame and pause reviews of long-term debt and third-party deposit recordkeeping requirements. Regulators will continue to monitor risks related to commercial real estate, cybersecurity, and bank-fintech relationships.
The CFPB fined a large credit union $15 million and ordered it to pay $80 million in restitution for charging members surprise overdraft fees from 2017 to 2022. The problem stemmed from its use of account positive, settlement negative (APSN) transactions and not making it clear to consumers when transactions from P2P systems like PayPal and Zelle would be available.
The Federal Reserve Board issued enforcement actions against two state-chartered banks. One bank was found to have a severely deficient BSA/AML program. The other bank had broader issues, including inadequate board oversight to risk management, including liquidity, interest rate, capital planning, cash flow, and strategic planning. The banks were subject to cease and desist letters but there were no fines.
The SEC fined a firm $17.5 million for misleading statements about the percentage of assets it invests in environmental, social, and governance (ESG).
The FTC fined a cash advance company more than $17 million for falsely promising instant cash advances and then making it difficult for users to cancel memberships.
Want to learn more about the most common regulatory findings and how to prevent them?
Download our free 2024 Compliance Exam Findings Summary.