Regulatory Compliance Updates for Banks & Credit Unions – August 2022 Recap

There were four noteworthy regulatory and compliance updates for banks and credit unions in August of 2022. Below are the details on these changes and how they affect you and your institution.

July Regulatory Compliance Updates for Banks and Credit Unions

FHFA: Servicers to Maintain Fair Lending Data

On August 10, 2022, the FHFA announced that Fannie Mae and Freddie Mac will require servicers to obtain and maintain fair lending data on their loans, and for this data to transfer with servicing throughout the mortgage term.

The fair lending data to be maintained includes borrowers’ age, race, ethnicity, gender, and preferred language. Servicers will be required to implement this change starting on March 1, 2023. This update follows a May 2022 announcement, which requires lenders to collect borrowers’ language preference data.

Why Is This Important to Me?

This may require procedural updates for changes taking effect early 2023.

CFPB: Financial Companies on Data Security

The CFPB announced on August 11, 2022 that it has issued Consumer Financial Protection Circular 2022-04, Insufficient data protection or security for sensitive consumer information, confirming that financial companies may violate federal consumer financial protection law when they fail to safeguard consumer data. The circular provides guidance to consumer protection enforcers, including examples of when firms can be held liable for lax data security protocols.

In its news release, the CFPB states, “Past data security incidents, including the 2017 Equifax data breach, have led to the harvesting of the sensitive personal data of hundreds of millions of Americans. In some cases, these incidents violated the Consumer Financial Protection Act, in addition to other laws. For example, in 2019, the CFPB charged Equifax with violating the Consumer Financial Protection Act (CFPA) to address misconduct related to data security.”

The circular provides examples of widely implemented data security practices but does not suggest that particular practices are specifically required under the CFPA. There are also examples given where the failure to implement a data security measure might increase the risk that a firm might sustain liability under the CFPA. Some of the security practices listed include multi-factor authentication, adequate password management, and timely software updates.

Why Is This Important to Me?

Data security is an extremely important aspect of building and maintaining a strong, trustworthy reputation for you brand and losses are extremely costly.

FATF: Risk-based Approach for Real Estate Sector  

The Financial Action Task Force published on July 27, 2022 updated “Guidance for a Risk-Based Approach — Real Estate Sector.” FATF assessments show that the real estate sector often has poor understanding of the risks that criminals may use real estate in their illicit activities or to launder their criminal profits, and regularly fails to mitigate them. The revised “Risk-Based Approach Guidance for the Real Estate Sector” highlights the importance for the sector to increase its understanding of the money laundering and terrorist financing risks it faces. Vulnerabilities include exploitation by politically exposed persons, the purchase of luxury real estate, the use of virtual assets, the use of anonymous companies and gatekeepers as instruments to launder the proceeds of crime.

 Why Is This Important to Me? 

Assessments show that the real estate sector often has poor understanding of the risks that criminals may use real estate in their illicit activities or to launder their criminal profits, and regularly fails to mitigate them. 

CFPB: Debt Collection Rule FAQs Updated

On July 27, 2022, the CFPB updated its Debt Collection Rule FAQs. Updated sections include questions related to:

· Prohibitions on Third-Party Communications

· Electronic Communication

· Electronic Communication: Opt-out Notice

· Unusual or Inconvenient Times or Places

Why Is This Important to Me? 

Time to review your debt collection procedures.

Rachel Davis - Product Manager at OCL

About the Author

Rachel Davis

Product Manager at OnCourse Learning

Rachel Davis is the Product Manager of GRC and professional education for banks, credit unions, and non-bank financial services at OnCourse Learning. Rachel has worked in the financial services industry for 12 years and keeps up to date on financial industry hot topics. Rachel received her Bachelor of Arts in English Literature from Saint Louis University.

Rachel Davis - Product Manager at OCL

About the Author

Rachel Davis

Product Manager at OnCourse Learning

Rachel Davis is the Product Manager of GRC and professional education for banks, credit unions, and non-bank financial services at OnCourse Learning. Rachel has worked in the financial services industry for 12 years and keeps up to date on financial industry hot topics. Rachel received her Bachelor of Arts in English Literature from Saint Louis University.

By |2022-09-02T14:30:05-06:00September 2nd, 2022|Bank, Credit Union, Financial Services|Comments Off on Regulatory Compliance Updates for Banks & Credit Unions – August 2022 Recap