by Amy Kleinschmit, Chief Compliance Officer
FREE Cybersecurity Services and Tools
The Cybersecurity & Infrastructure Security Agency (CISA) is offering a free Cyber Hygiene Vulnerability Scanning tool. Once initiated, this service is mostly automated and requires little direct interaction. CISA performs the vulnerability scans and delivers a weekly report. After CISA receives the required paperwork, scanning will start within 72 hours and organizations will begin receiving reports within two weeks.
CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. CISA strengthens the security and resilience of cyberspace, an important homeland security mission. CISA offers a range of cybersecurity services and resources focused on operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework. CISA helps individuals and organizations communicate current cyber trends and attacks, manage cyber risks, strengthen defenses, and implement preventative measures. Every mitigated risk or prevented attack strengthens the cybersecurity of the nation.
Learning Session - Field of Membership Conversion and Expansion
DakCU is pleased to host CUCollaborate for a learning session to discuss Field of Membership conversion and expansion issues. CUCollaborate consultants will be exploring the processes involved in converting from a state charter credit union to a federally chartered credit union. Additionally, they will discuss options for FCU expansion opportunities including special rules for low income designated credit unions. A Q&A session will follow the presentation. Join us on Tuesday, June 27 at 10 AM (Central Time) for this discussion. The event is free, but registration is required and can be found here.
Spring Rulemaking Agendas Released
The Consumer Financial Protection Bureau, National Credit Union Administration, and several other regulatory agencies have recently issued their Spring 2023 rulemaking agenda. A review of the agencies’ rulemaking agendas can provide the credit union with insight on what potential compliance changes are on the horizon which can assist with strategic planning for compliance resources as well as products and services that the credit union offers or plans to offer in the future. While obviously it is just an agenda and subject to change, it is still a good idea to take an opportunity to review what may be coming later this year.
Consumer Financial Protection Bureau (CFPB)
While it says “spring rulemaking”, these are the items that the CFPB reasonably anticipates will be considered during the period from June 1, 2023 to May 31, 2024.
In the “prerule stage” of rulemaking, CFPB identifies three items – overdraft fees, fair credit reporting act, and fees for insufficient funds. With regard to fees for insufficient funds, prerule activity isn’t expected until November 2023. The CFPB explains this potential activity as – “Consumers using deposit accounts sometimes engage in transactions that exceed their accounts’ balances. Sometimes the depository institution will pay that transaction, resulting in an overdraft, but in many situations the depository institution will decline to pay the transaction and charge the consumer a "non-sufficient fund" (NSF) fee. Until recently, NSF fees were a significant source of fee revenue from deposit accounts for depository institutions; lately some financial institutions have voluntarily stopped charging such fees. The Bureau is considering new rules regarding NSF fees.” Pre-rule activity for overdraft fees is also expected in November – “Financial institutions offer various types of overdraft services, some of which are subject to Regulation Z and some of which are not. Whether Regulation Z applies depends on whether fees imposed in connection with those services (overdraft fees) are considered finance charges. When the Federal Reserve Board first adopted Regulation Z in 1969, it created special rules for determining whether overdraft fees are considered finance charges. While the nature of overdraft services, including how accounts can be overdrawn and how financial institutions determine whether to advance funds to pay the overdrawn amount, has significantly changed since 1969, the special rules remain largely unchanged. The CFPB is considering whether to propose amendments to Regulation Z with respect to these special rules.”
Moving to the final rule category and staying with the theme of fees – the CFPB’s agenda includes final rulemaking for credit card penalty fees, estimated for October 2023. Currently, under Regulation Z, section 1026.52(b)(1), a card issuer must not impose a fee for violating the terms or other requirements of a credit card account, including a late payment, unless the issuer has determined that the dollar amount of the fee represents a reasonable proportion of the total costs incurred by the issuer for that type of violation consistent with section 1026.52(b)(1)(i) or complies with the safe harbor amounts consistent with section 1026.52(b)(1)(ii). Earlier this year, the CFPB proposed to (1) adjust the safe harbor dollar amount for late fees to $8 and eliminate a higher safe harbor dollar amount for late fees for subsequent violations of the same type; (2) provide that the current provision that provides for annual inflation adjustments for the safe harbor dollar amounts would not apply to the late fee safe harbor amount; and (3) provide that late fee amounts must not exceed 25 percent of the required payment.
In addition to the proposed rulemaking recently issued on Property Assessed Clean Energy (PACE) financing and the interagency rulemaking concerning automated valuation models, the CFPB is also looking at issuing a proposed rule concerning personal financial data rights. This is actually another Dodd-Frank requirement – Section 1033 of the Dodd-Frank Act provides that a covered entity (for example, a bank) must make available to consumers, upon request, transaction data and other information concerning a consumer financial product or service that the consumer obtains from the covered entity. Section 1033 also states that the CFPB must prescribe by rule standards to promote the development and use of standardized formats for information made available to consumers.
National Credit Union Administration (NCUA)
The NCUA has a number of items in the final rule stage under its Spring Rulemaking Agenda (all subject to change of course), including Federal Credit Union Bylaw (member expulsion); Fintech; ACCESS initiative – Chartering and FOM regulations; subordinated debt; Bank Secrecy Act; and Overdraft policy – to name a few. With regard to BSA, this follows the proposed rule previously issued that sought to modify the requirements for federally insured credit unions (FICUs) to file Suspicious Activity Reports (SARs). The proposed rule would amend the NCUA’s SARs regulation to allow the Board to issue exemptions from the requirements of that regulation in order to grant relief to FICUs that develop innovative solutions to meet the requirements of the Bank Secrecy Act.
The Overdraft Policy related to a proposed rule from 2021, in it the NCUA proposed to amend one of the requirements that a federal credit union (FCU) must adopt as a part of their written overdraft policy. Specifically, the proposed rule would modify the requirement that an FCU’s written overdraft policy establish a time limit, not to exceed 45 calendar days, for a member to either deposit funds or obtain an approved loan from the FCU to cover each overdraft. The proposed rule would remove the 45-day limit and replace it with a requirement that the written policy must establish a specific time limit that is both reasonable and applicable to all members, for a member either to deposit funds or obtain an approved loan from the credit union to cover each overdraft. Consistent with U.S. generally accepted accounting principles, overdraft balances should generally be charged off when considered uncollectible.
While the rulemaking agenda says June for a final rule on member expulsion for FCUs, as noted above, this agenda is subject to change. The meeting agenda for the NCUA’s next board meeting, which is June 22, does not include this final rule so we will have to wait a little longer for this one.
A number of items are listed in the proposed rulemaking phase including – incorporation of existing statement of policy regarding exceptions to employment restrictions under Section 205(d) of the FCU Act; simplification of share insurance rules; procedures for monitoring BSA compliance; digital assets and related technology; and investment and deposit activities. With regard to investment proposed rulemaking, the NCUA is considering issuing a proposed rule to amend part 703 to modernize and improve the NCUA’s investment rule. The NCUA believes there may be certain provisions in part 703 that are overly restrictive and unnecessary from a safety and soundness perspective. A revised part 703 would provide federal credit unions with more flexible investment options.
Another proposed rulemaking the NCUA is considering relates to Exceptions to Employment Restrictions Under Section 205(d) of the Federal Credit Union Act. Per the spring rulemaking agenda, the NCUA is considering issuing a proposed rule to incorporate Interpretive Ruling and Policy Statement 19-1 (IRPS 19-1) regarding statutory prohibitions imposed by Section 205(d) of the Federal Credit Union Act into its regulations. Section 205(d) prohibits, except with the prior written consent of the Board, any person who has been convicted of any criminal offense involving dishonesty or breach of trust, or who has entered into a pretrial diversion or similar program in connection with a prosecution for such offense, from participating in the affairs of an insured credit union. The Board is also considering amendments to IRPS 19-1 to reflect recent statutory changes to Section 205(d) of the Federal Credit Union Act and increase consistency with comparable Federal Deposit Insurance Corporation regulations.
Financial Crimes Enforcement Network (FinCEN)
Several items are anticipated to be proposed by FinCEN, including Revisions to Customer Due Diligence Requirements for Financial Institutions, but this isn’t planned until November. This proposed rulemaking relates to section 6403(d) of the Corporate Transparency Act (CTA). Section 6403(d) of the CTA requires FinCEN to revise its customer due diligence (CDD) requirements for financial institutions to account for the changes created by the two other rulemakings FinCEN is required to issue pursuant to the CTA, specifically - Beneficial Ownership Information Reporting Requirements and rulemaking for access by authorized recipients to beneficial ownership information (BOI) that will be reported to FinCEN and the use of FinCEN identifiers.
FinCEN is also looking a proposed rulemaking for residential real estate transaction reports and records, in which FinCEN intends to address money laundering threats in the U.S. residential real estate sector. Not sure the impact at this time, but definitely something to keep an eye on.
Another proposed rulemaking of interest will be - Establishment of National Exam and Supervision Priorities. Section 6101(b) of the Anti-Money Laundering Act of 2020 (AML Act) requires rules for financial institutions to carry out the government-wide anti-money laundering and countering the financing of terrorism priorities (AML/CFT Priorities). The proposed rule: (i) incorporates a risk assessment requirement for financial institutions; (ii) requires financial institutions to incorporate AML/CFT Priorities into risk-based programs; and (iii) provides for certain technical changes. Once finalized, this proposed rule will affect all financial institutions subject to regulations under the Bank Secrecy Act and have AML/CFT program obligations.
As always, DakCU members may contact Amy Kleinschmit with any compliance related questions.
The Memo is DakCU's newsletter that keeps
Want the Memo delivered straight to your inbox?