There were four noteworthy regulatory and compliance updates for banks and credit unions in August of 2022. Below are the details on these changes and how they affect you and your institution.
FHFA: Servicers to Maintain Fair Lending Data
On August 10, 2022, the FHFA announced that Fannie Mae and Freddie Mac will require servicers to obtain and maintain fair lending data on their loans, and for this data to transfer with servicing throughout the mortgage term.
The fair lending data to be maintained includes borrowers’ age, race, ethnicity, gender, and preferred language. Servicers will be required to implement this change starting on March 1, 2023. This update follows a May 2022 announcement, which requires lenders to collect borrowers’ language preference data.
Why Is This Important to Me?
This may require procedural updates for changes taking effect early 2023.
CFPB: Financial Companies on Data Security
The CFPB announced on August 11, 2022 that it has issued Consumer Financial Protection Circular 2022-04, Insufficient data protection or security for sensitive consumer information, confirming that financial companies may violate federal consumer financial protection law when they fail to safeguard consumer data. The circular provides guidance to consumer protection enforcers, including examples of when firms can be held liable for lax data security protocols.
In its news release, the CFPB states, “Past data security incidents, including the 2017 Equifax data breach, have led to the harvesting of the sensitive personal data of hundreds of millions of Americans. In some cases, these incidents violated the Consumer Financial Protection Act, in addition to other laws. For example, in 2019, the CFPB charged Equifax with violating the Consumer Financial Protection Act (CFPA) to address misconduct related to data security.”
The circular provides examples of widely implemented data security practices but does not suggest that particular practices are specifically required under the CFPA. There are also examples given where the failure to implement a data security measure might increase the risk that a firm might sustain liability under the CFPA. Some of the security practices listed include multi-factor authentication, adequate password management, and timely software updates.
Why Is This Important to Me?
Data security is an extremely important aspect of building and maintaining a strong, trustworthy reputation for you brand and losses are extremely costly.
FATF: Risk-based Approach for Real Estate Sector
The Financial Action Task Force published on July 27, 2022 updated “Guidance for a Risk-Based Approach — Real Estate Sector.” FATF assessments show that the real estate sector often has poor understanding of the risks that criminals may use real estate in their illicit activities or to launder their criminal profits, and regularly fails to mitigate them. The revised “Risk-Based Approach Guidance for the Real Estate Sector” highlights the importance for the sector to increase its understanding of the money laundering and terrorist financing risks it faces. Vulnerabilities include exploitation by politically exposed persons, the purchase of luxury real estate, the use of virtual assets, the use of anonymous companies and gatekeepers as instruments to launder the proceeds of crime.
Why Is This Important to Me?
Assessments show that the real estate sector often has poor understanding of the risks that criminals may use real estate in their illicit activities or to launder their criminal profits, and regularly fails to mitigate them.
CFPB: Debt Collection Rule FAQs Updated
On July 27, 2022, the CFPB updated its Debt Collection Rule FAQs. Updated sections include questions related to:
· Prohibitions on Third-Party Communications
· Electronic Communication
· Electronic Communication: Opt-out Notice
· Unusual or Inconvenient Times or Places
Why Is This Important to Me?
Time to review your debt collection procedures.
About the Author
Rachel Davis
Product Manager at OnCourse Learning
Rachel Davis is the Product Manager of GRC and professional education for banks, credit unions, and non-bank financial services at OnCourse Learning. Rachel has worked in the financial services industry for 12 years and keeps up to date on financial industry hot topics. Rachel received her Bachelor of Arts in English Literature from Saint Louis University.
About the Author
Rachel Davis
Product Manager at OnCourse Learning
Rachel Davis is the Product Manager of GRC and professional education for banks, credit unions, and non-bank financial services at OnCourse Learning. Rachel has worked in the financial services industry for 12 years and keeps up to date on financial industry hot topics. Rachel received her Bachelor of Arts in English Literature from Saint Louis University.