Compliance Center: CFPB Releases Winter Supervisory Highlights

The Consumer Financial Protection Bureau (CFPB) released its Winter 2016 Supervisory Highlights. In this tenth edition of the Supervisory Highlights, the CFPB shares findings from recent examinations in the areas of student loan servicing, remittances, mortgage origination, debt collection, and consumer reporting. This issue also shares important updates to past fair lending settlements.

Consumer Reporting:

The CFPB examiners conducted compliance with the furnisher obligations under the Fair Credit Reporting Act and found several areas of violations.  In several cases furnishers failed to have reasonable policies and procedures regarding information furnished to credit reporting agencies.  Some furnishers were found not to have promptly updated outdated information.  This is potentially significant because not updating an account to paid-in-full or settled-in-full status could adversely affect a consumer’s attempt to establish new deposit accounts.

Debt Collection:

The CFPB looked into debt collection practices and violations of the Fair Debt Collection Practices Act.  Examiners found instances of debt collectors failing to honor consumers written requests to cease communications, and in other cases where debt collectors used false, deceptive, or misleading representations regarding garnishment.

Mortgage Origination – The CFPB examiners focused on the Dodd-Frank Mortgage rules during the examinations. Some of the findings included failure to maintain written policies and procedures required by the loan originator rule.  In addition, there were deficiencies noted in the compliance management systems.  For example, one or more supervised entities failed to allocate sufficient resources to ensure compliance with Federal consumer financial law.

Remittance Transfers

The CFPB began examining large banks for compliance with the Remittance Transfer Rule.  Examiners noted various violations of the Remittance Transfer Rule including:

  • Providing incomplete, and in some instances, inaccurate disclosures;
  • Failing to adhere to the regulatory timeframes (typically three business days) for refunding cancelled transactions;
  • Failing to communicate the results of error investigations at all or within the required timeframes, or communicating the results to an unauthorized party instead of the sender; and
  • Failing to promptly credit consumers’ accounts (for amounts transferred and fees) when errors occurred.

Student Loan Servicing

Examiners found unfair practices in several areas of student loan servicing including private student loan servicers engaged in unfair auto-defaults, failure to disclose the impact of forbearance on co-signor release eligibility, servicing conversion errors costing borrowers money and insufficient policies and procedures to satisfy the furnisher obligations imposed by Fair Credit Reporting Act.

Fair Lending

The Supervisory Highlight also reviewed the fair lending enforcement actions against Ally Bank, Synchrony Bank, Fifth Third, and M&T.  In each case millions in damages were paid to harmed minority borrowers based on findings of discriminatory lending practices.

Compliance Question of the Week

Is there a requirement that the credit union match the names on a tax refund received through direct deposit to the name(s) on the account?

NACHA does not require financial institutions to match names on incoming ACHs. It is important that credit unions do not try to change the intended destination if they do discover the names don’t match, because this could put them on the hook for any losses associated with the transaction. However, if the credit union becomes aware of a situation where a tax return has gone to the wrong account, they should try to return the funds to the IRS if they are still available.

FinCEN has released some guidance that can help financial institutions detect tax return fraud. FinCEN recognizes that there is a growing issue of tax refund scams that often are a result of identity theft. FinCEN put together a list of red flags that credit unions should carefully review to determine if any of their account holders might actually be attempting to commit fraud.

Red Flags:

  • Multiple direct deposit tax refund payments, directed to different individuals, from the United States Department of the Treasury (Treasury) or state or local revenue offices are made to a demand deposit or prepaid access account held in the name of a single accountholder.
  • Suspicious or authorized account opening at a depository institution, on behalf of individuals who are not present, with the absent individuals being accorded signatory authority over the account. The subsequent deposits are comprised solely of tax refund payments. This activity often occurs with fraudulent returns for the elderly, minors, prisoners, the disabled, or recently deceased.
  • A single individual opening multiple prepaid card accounts in different names, using valid TINs for each of the supplied names and having the cards mailed to the same address. Shortly after card activation, Automated Clearing House (ACH) credit(s) from Treasury, state or local revenue offices, representing tax refunds, occur. This is followed quickly by ATM cash withdrawals and/or point-of-sale purchases.
  • Business accountholders processing third-party tax refund checks in a manner inconsistent with their stated business model or at a volume inconsistent with expected activity. Similarly, individuals processing third-party tax refund checks through a personal account with no business or apparent lawful purpose.
  • Business accountholders processing third-party tax refund checks and conducting transactions inconsistent with normal business practices, which may include:
    • A large volume of Treasury refund checks or bank checks being deposited, in contrast to other checks, such as payroll checks;
    • A large volume of refund checks bearing addresses of customers who reside in another state;
    • Multiple refund checks for the same or almost the same dollar amount;
    • Treasury refund checks or bank checks representing electronic refunds with sequential or close to sequential numbers;
    • The dollar amount of checks being deposited is not commensurate with the amount of currency being withdrawn to cover the cashing of these refund checks.
  • Multiple prepaid cards that are associated with 1) the same physical address [individuals involved in criminal activity may also contact the customer service department requesting to change their address for their permanent prepaid card shortly after opening their temporary prepaid card account on-line]; 2) the same telephone number; 3) the same e-mail address; or 4) the same Internet Protocol (IP) address, which receive tax refunds as the primary or sole source of funds.
  • The opening of a business account for a check cashing business at a financial institution, which subsequently processed a high volume of tax refund checks issued to individuals from other states.
  • A sudden increase in volume involving the cashing of tax refund checks issued to individuals from across the United States, moving through the account of an existing check cashing service.
  • Individuals using bank accounts where the majority of the transactions are ACH federal tax refunds or refund anticipation loans.
  • Individuals attempting to negotiate double endorsed Treasury tax refund checks with questionable identification.
  • Individuals accompanying multiple parties to the bank to negotiate Treasury tax refund checks. Such items may or may not be double endorsed checks.
  • The freezing or closure of a personal or business account due to suspicious activity involving either Treasury tax refund checks or ACH Treasury deposits.
  • The signature/endorsement on the back of the check(s) does not match the identification of the individual conducting the transaction.
  • The same signature/endorsement is used on multiple checks, with multiple names.
  • Employees of financial institutions may also facilitate tax refund fraud by conducting transactions inconsistent with normal activity through the following practices:
  • Tellers who regularly process large quantities of Treasury tax refund checks. This may include one or more tellers during a specific time frame.
  • Bank employees who open multiple bank accounts that received a large quantity of Treasury tax refund checks.
  • Bank employees who did not follow proper identification procedures or accepted apparent fraudulent identification when opening an account.

Additionally, if a credit union does suspect tax return fraud, they should look to FinCEN’s guidance on how to prepare a SAR (link below).

Related Links:

Legal Briefs

National Credit Union Administration (NCUA)

NCUA Chairman Debbie Matz announced that she will step down on April 30, 2016.Matz has served as chairman since August 2009. Vice Chairman Metsger issued a statement praising Matz’s leadership over the last seven years.

The NCUA announced that loans and deposits grew in all 50 states during 2015. The report from the NCUA highlights the states where the highest growth rates occurred. Washington State saw the highest median growth rate for loans in 2015.

The NCUA created a new video that discusses the advantages and elements of an effective member business lending program.

The NCUA released the video from its February 2016 Board Meeting. 

Consumer Financial Protection Bureau (CFPB)

CFPB Director Cordray delivered prepared remarks at the Consumer Bankers Association. Cordray’s remarks focused on the progress the agency has seen, the benefit of the mortgage rules, and the future rulemaking for the agency.

The CFPB released its tenth issue of Supervisory Highlights. This issue focuses on student loan servicing, remittances, and mortgage origination.

The CFPB announced that it will hold its Credit Union Advisory Council meeting on Thursday, March 24, 2016.  A recording of the event will be made available after the meeting.

Federal Trade Commission (FTC)

The FTC announced that it has issued orders to nine companies requiring them to provide the FTC with information on how they assess PCI DSS compliance.

The FTC released a new video as part of its “Fraud Affects Every Community” series. The new video focuses on imposter scams.

Financial Crimes Enforcement Network (FinCEN)

FinCEN issued FIN-2016-G001 which provides guidance on existing AML program rule compliance obligations for MSB principals with respect to agent monitoring.

Federal Deposit Insurance Corporation (FDIC)

The FDIC has released the agenda of its upcoming Board Meeting, scheduled for Tuesday, March 15, 2016.

The FDIC has published its Winter 2016 Edition of FDIC Consumer News. This edition focuses on cybersecurity and how consumers can help protect themselves.

The FDIC announced the update of its flood insurance videos that offer technical assistance aimed at helping institutions better understand flood insurance laws, regulations, and compliance responsibilities.

U.S. Department of the Treasury (Treasury)

The Treasury released a summary of its most recent Financial Stability Oversight Council Meeting.

Office of Foreign Assets Control (OFAC)

OFAC has updated the SDN list as of March 10, 2016. The last update prior to this was March 09, 2016.

Questions? Contact the Compliance Hotline: 1.800.546.4465,

Posted in Compliance News.