WA DCU Issues Bulletin Regarding Website Compliance Exams
December 5, 2016
December 5, 2016
The Washington State Department of Financial Institutions Division of Credit Unions (DCU) issued DCU Bulletin B-16-21 which announces that the DCU will restart its program of performing offsite exams to review credit union websites for compliance with various consumer regulations and guidance.
The scope of the exam will focus on compliance with selected regulations and guidance including:
- Accuracy of Advertising and Notice of Insured Deposit Status (12 CFR 740);
- Equal Credit Opportunity Act (ECOA – Regulation B);
- Fair Housing Act (FHA);
- Children’s Online Privacy Protection Act (COPPA – NCUA Regulatory Alert 01-RA-07);
- Electronic Funds Transfer Act (Regulation E);
- Privacy of Consumer Financial Information Act (Regulation P and 12 CFR 716);
- Truth in Lending Act (Regulation Z);
- Availability of Funds and Collections of Checks (Regulation CC);
- Truth in Saving Act (Regulation DD and 12 CFR 707);
- Bank Secrecy Act (BSA);
- USA Patriot Act;
- Phishing Prevention (NCUA Letter to Credit Unions 05-CU-20);
- Hyperlink Accuracy and Disclosure;
- Bounce Protection Disclosures and Marketing (NCUA Letter to CUs 05-CU-03);
- Equal Employment Opportunity Act (EEOA);
- Electronic Signatures in Global and National Commerce Act (E-SIGN Act); and
- Secure and Fair Enforcement for Mortgage Licensing Act of 2018 (SAFE Act – 12 CFR 761).
The website compliance exams will not be performed as part of the regular safety and soundness exams and there will not be a separate website compliance rating. The Examiner’s concerns and findings will be included in a separate website compliance exam report which will be brief and in the form of a letter. The report letter will state the following:
- The scope of the exam work that was performed;
- Who performed the exam and their contact information;
- List the concerns and findings found during the exam review, and an explanation for the concern/finding; and
- State what must be done to correct the concerns/findings.
The credit union will receive a pre-exam notification letter in advance of an offsite website compliance examination. The pre-exam letter will not request that any documentation be prepared by the credit union. It will list general information about the exam, disclose what compliance regulations and/or guidance will be reviewed during the exam, and request a credit union contact person, if examiners have questions.
Compliance Question of the Week
What policies are we required to have, and which ones need to be approved by the board of directors?
The listed policies should be board approved and reviewed once a year with documentation in the board minutes.
Required Policies – Per NCUA AIRES checklists:
- Bank Secrecy Act
- General Lending – Real Estate Lending (including appraisals), Indirect Lending, Business Lending, Agricultural Lending, Construction Lending, Credit Cards
- Member Business Lending
- Loan Participations
- Allowance for Loan and Lease Loss
- Liquidity Management
- Office of Foreign Asset Controls (OFAC)
- Fair Housing Act
- Truth in Savings Act (TISA)
- Consumer Reports – Address Discrepancies, Records Disposal
- General Information Systems and Technology
- Personnel – the only mention of this is in the IT Policy requirements
- Plans, Programs, Other
- Disaster Recovery Plan
- Security Program
- Records Preservation
- Vendor Due Diligence
- Unlawful Internet Gambling Enforcement Act
- Risk Based Pricing Notices
- Red Flags
- Interest Rate Risk (for credit union’s over $50 million, or those between $10 and $50 million with exposure to IRR)
- Loan Workout
- Loan Non-accrual
The other policies that you have may not need annual board review, but it is a best practice to regularly review your policies and procedures to ensure that they are current.
National Credit Union Administration (NCUA)
The NCUA announced the release of a new video series on its YouTube channel. The new series focuses on educating viewers on the balance sheet and income statement, key line items in each and the relationship between the documents.
The October 2016 NCUA Board Meeting and Budget Briefing videos are now available. In the October board meeting, the NCUA approved a final field of membership rule and approved a new proposed field of membership rule that would provide more community charter options for federal credit unions.
Consumer Financial Protection Bureau (CFPB)
The CFPB announced the availability of its Fall 2016 Rulemaking Agenda. The agenda includes proposed rulemaking to clarify the TRID rules, rulemaking to further the CFPB’s nonbank supervisory authority, and finalizing the short term loan rule.
The CFPB announced that the fifth annual report of the CFPB Ombudsman’s Office is now available.
The CFPB released its monthly complaint snapshot. This month’s report provides information on debt settlement and check cashing complaints.
The CFPB issued a bulletin that warns against the pitfalls of creating incentives for employees of financial institutions to meet sales and other goals. The CFPB wants companies to ensure that incentives at financial institutions do not lead to abuse of consumers.
Federal Reserve Board (FRB)
The December issue of FedFocus is now available. This issue features an article on malware.
The FRB published its 2015 debit card transactions report which focuses on the interchange fee revenue, issuer costs, fraud losses, and the volume and value of debit card transactions.
The November 2016 issue of the Beige Book is now available.
The FRB released the minutes from its November Federal Open Market Committee.
U.S. Department of the Treasury (Treasury)
The Treasury issued a notice of proposed rulemaking that would amend its regulation governing the use of the ACH network by federal agencies.
Federal Housing Administration (FHA)
FHA announced that the loan limits will see a slight increase on January 1, 2017. The FHA ceiling will increase to $636,150 and the floor will be increased to $275,665.
Office of Foreign Assets Control (OFAC)
OFAC has updated the SDN list as of December 2, 2016. The last update prior to this was November 22, 2016.
Questions? Contact 7*the Compliance Hotline: 1.800.546.4465, email@example.com