Compliance Insights - August 2016 - Protiviti

0 downloads 158 Views 85KB Size Report
institutions under the Bank Secrecy Act (BSA) and are subject to Financial Crimes ... Service (IRS) is designated by Fin
Compliance Insights Your monthly compliance news round-up August 2016

CFPB Considers Proposal to Overhaul Third-Party Debt Collections Requirements According to the Consumer Financial Protection Bureau (CFPB), debt collection is a $13.7 billion dollar industry that affects approximately 70 million consumers and employs more than 130,000 people across approximately 6,000 debt collection firms in the U.S. The debt collection industry is among the more controversial sectors of the financial services industry – according to the latest CFPB complaint report, the CFPB and other federal, state, and local government authorities continue to receive more complaints on debt collection than any other financial product or service. In July 2016, the CFPB issued an outline of provisions it is considering as part of planned rulemaking related to the Fair Debt Collection Practices Act (FDCPA). The outline was issued for purposes of review by a Small Business Review Panel required to be convened as part of the rulemaking process. Based on the outline, the proposed rule would significantly increase consumer protection-related requirements on third-party debt collectors and other persons (e.g., debt buyers) through new rules that would implement the FDCPA. The FDCPA, a long-standing law enacted by Congress in 1977 to prohibit debt collectors from harassing or abusing consumers, has historically been enforced by the Federal Trade Commission through regulatory actions and interpretations, as well as years of litigation. In 2010, the Dodd-Frank Act empowered the CFPB with the authority to issue comprehensive and substantive federal rules under the statute. The proposal is the first such action by the CFPB and will specifically affect third-party debt collectors, which are defined as those firms that collect consumer debts in their names but on the behalf of creditors (which have “placed” collection with these firms on an outsourced basis), or that collect on delinquent or defaulted debts that they themselves have acquired from an original creditor or other third party. Based on the outline, the key provisions of the anticipated rulemaking are likely to include: •

Debt collectors would be prohibited from collecting on a debt that is not owed by the consumer. Debt collectors would be required to review their files and substantiate the existence and amount of all debts before they attempt collection from a consumer. Collectors would also be required to confirm that they have sufficient information to begin the collections process, including full name, last known address/telephone number, account number, date of default, amount owed at default, and the date/amount of any payment/credit applied after default;



Debt collectors would be prohibited from engaging in excessive or disruptive communication with consumers. The proposed rules would limit communication attempts – including attempts made to any point of contact before reaching the consumer – to six per week. In addition, the proposal would provide consumers the ability to restrict debt collectors from using certain methods of communication (e.g., the use of a particular phone number while at work, during certain hours, etc.). Finally, debt

www.protiviti.com

Page | 1

Compliance Insights Your monthly compliance news round-up August 2016

collectors would also be required to wait at least 30 days after a consumer has passed away before communicating with certain parties (e.g., surviving spouses); and •

Debt collectors would be required to make it easier for consumers to pursue disputes and would be barred from collecting on disputed debt without appropriate or adequate documentation. Specifically, debt collectors would be required to: o

Provide specific information about the debt in the initial collection notices sent to consumers, including consumer’s federal rights or whether the debt has aged beyond litigation (i.e., expired statute of limitations). The initial notice would also include a “tearoff” section to allow consumers to respond easily to the debt collector, dispute the debt, or pay the amount due;

o

Provide a written debt report (information substantiating the debt) to the consumer within 30 days of receipt of any request from the consumer;

o

Cease collections until necessary documentation is obtained and verified whenever a consumer disputes the validity of the debt. Collectors would be required to identify specific “warning signs” that may indicate that the information is inaccurate or incomplete with respect to portfolios of debts being collected, such as high rates of consumer disputes or requests for supporting documentation to respond to specific disputes; and

o

Refrain from collecting on purchased debt if the previous debt owner did not respond to the consumer’s dispute. Debt collectors that sell debts would be required to provide to the new debt collector certain minimum information so that consumers would not have to resubmit a dispute to the new debt collector.

Although the current proposal only addresses third-party debt collectors, the CFPB has indicated that it expects to convene a second Small Business Review Panel during the next several months to address anticipated rulemaking applicable to so-called “first-party” debt collectors (which are owners of debt that use their own collectors to recover in their own names on defaulted debt) at a later date. As such, first-party collectors should also take steps to understand the fundamental principles outlined in the CFPB’s proposed changes and begin to evaluate the potential impacts to their current-state consumer debt collections processes. Third-party debt collectors should familiarize themselves with these proposed rules and begin reviewing their collection practices to assess what changes may be necessary.

www.protiviti.com

Page | 2

Compliance Insights Your monthly compliance news round-up August 2016

Agencies Update Community Reinvestment Act Q&As Enacted in 1977, the Community Reinvestment Act (CRA) is intended to encourage depository institutions to meet the credit needs of their communities, especially those of low- and moderate-income neighborhoods. Under the CRA, depository institutions are subject to periodic performance evaluations by their prudential banking regulators (the Office of the Comptroller of the Currency, or OCC; the Federal Deposit Insurance Corporation, or FDIC; or the Board of Governors of the Federal Reserve System, or FRB; collectively, the agencies) regarding their community development lending, investment and service activities. The CRA does not prescribe specific standards for exactly how institutions must meet the needs of underserved communities, so to assist institutions, the agencies have, over time, published interagency guidance on CRA compliance. In July 2016, the agencies published updates to their CRA-related Interagency Questions & Answers (Q&As). In the Q&A revision, the agencies clarified nine of ten previously-proposed Q&As, revised four existing Q&As, and adopted two new Q&As in response to suggestions from commenters to a previous proposal issued in September 2014. Highlights of the changes to the Q&As include: •

The agencies provide additional guidance for activities that could be viewed as promoting economic development, including certain loans or investments to small business development agencies or taxcredit eligible community development entities, as well as activities that support job creation/improvement such as collaboration with workforce development programs. Additionally, the agencies provide additional examples of community development activities, which include rehabilitating communications infrastructure in low- and moderate income communities and making community development loans related to renewable energy;



The agencies clarified how they will evaluate the availability and effectiveness of “alternative delivery methods” for retail banking and products (for example, the availability of automated teller machines, or ATMs), as well as products and services that are tailored to meet the needs of the community (such as banking hours, availability of information in languages other than English, etc.). In addition, the agencies identify factors for examiners to assess technologically-advanced systems for the delivery of retail banking, including the adoption and use by customers, ease of access, and relative cost as compared to other bank delivery systems;



The agencies provide additional examples of innovative and flexible lending programs, including small-dollar loan programs offered in conjunction with outreach initiatives and mortgage programs that leverage alternative credit histories. Of note, the agencies clarify that such lending practices are not necessarily required to obtain a specific CRA rating if institutions can demonstrate that they are meeting the needs of the community otherwise; and

www.protiviti.com

Page | 3

Compliance Insights Your monthly compliance news round-up August 2016



While commenters requested that the agencies include more concrete examples and metrics of qualitative and quantitative CRA assessment factors and clarification on the types of supporting documentation institutions should maintain to demonstrate their CRA performance, the agencies reiterated their position that institutions should instead think strategically about how they can best meet the needs of the communities in which they operate and that examples in the Q&As could be seen as requirements and create an undue burden on institutions. The agencies clarify that they will review, in their examinations of an institution’s CRA compliance, any documentation provided and emphasized that an institution’s overall “responsiveness” to meeting the needs of low- or moderateincome individuals and geographies is their primary consideration in determining an institution’s CRA rating.

The updates to the Q&As provide additional guidance to institutions to comply with the principles of the CRA and help meet the needs of underserved communities. Covered institutions should seek to understand the implications of the revisions to the interagency Q&As on their CRA programs and activities.

Card Clubs Subject to Increased Regulatory Scrutiny Card clubs are a type of popular gambling establishment offering only card games where the card players face only each other rather than the “house.” Similar to casinos, card clubs are defined as financial institutions under the Bank Secrecy Act (BSA) and are subject to Financial Crimes Enforcement Network (FinCEN) rules. The Internal Revenue Service (IRS) is designated by FinCEN to examine card clubs for BSA compliance. Card clubs have recently caught the attention of FinCEN, which levied its first money laundering penalty in December 2015 against a club in California for violating BSA reporting and program requirements. Among other violations, this card club reportedly provided notices to patrons when they were near the $10,000 limit on cash transactions which, once reached, would require it to file a currency transaction report (CTR). This unlawful practice may have assisted the card club’s patrons in structuring transactions, a money laundering technique that includes breaking up transactions to evade CTR requirements. In April 2016, the oldest operating card club in California closed as a result of apparent violations of the BSA whereby the club operators were accused by FinCEN of protecting “high roller” customers from federal reporting requirements related to large-scale transactions. Most recently, FinCEN announced in July 2016 the assessment of a $2.8 million civil money penalty (CMP) against another California card club for repeatedly and knowingly violating the BSA and reporting requirements. In this most recent case, FinCEN noted the following:

www.protiviti.com

Page | 4

Compliance Insights Your monthly compliance news round-up August 2016



The card club reported numerous currency transactions with inaccurate or missing customer information. The inaccurate and lack of customer-related information allowed for anonymous transactions and disrupted recordkeeping practices critical to identifying suspicious activity;



An employee of the card club was found to have repeatedly assisted customers with structuring transactions, a money laundering technique that includes breaking up transactions to evade CTR requirements;



The card club failed to conclude on suspicious transactions or patterns of transactions which warranted suspicious activity reporting (SAR) filing. Many of these findings were repeat findings which went unaddressed, signaling a severely weak culture of compliance; and



In 2011 and 2014, the IRS identified several significant BSA violations that went unresolved for years, even though the card club engaged an independent consultant to review its compliance with BSA and found similar issues in that review.

Ultimately, FinCEN found that the card club failed to: 1) implement an effective AML program; 2) report large cash transactions; 3) report suspicious activity on its premises; and 4) meet recordkeeping requirements. In addition to the CMP, FinCEN required the card club to perform a risk assessment and to engage an external independent third party to examine its BSA compliance program. These regulatory actions against card clubs highlight the impact of FinCEN’s recently expanded enforcement focus. To beat the regulatory odds, card clubs should consider “upping” their own game by enhancing their AML compliance programs and instilling a strong culture of compliance. Card clubs should take note of the recent trend and be vigilant to maintain and effect robust internal controls including identifying and reporting on red flags and complying with CTRs, SAR filing and recordkeeping requirements. Similarly, financial services institutions onboarding and maintaining card clubs as clients should include consideration of a card club’s AML program as part of its customer due diligence.

However Bitcoin Is Defined, Miami Judge Decides It Is Not Money Bitcoin is a virtual currency created from computer code that allows users to make purchases and transfer funds to other users, often related to online transactions. Virtual currencies offer users the benefits of increased efficiency and lower transaction costs associated with purchases and payments, and can offer alternatives for customers that do not have access to regular banking services. That said, there are inherent money laundering risks associated with virtual currencies, particularly given the anonymity provided when trading the virtual currencies on the internet, the limited identification and verification required by participants, the lack of a centralized oversight body, and the lack of clarity around compliance, supervision and enforcement of virtual currency transactions across multiple countries. Bitcoins are virtually untraceable, can be bought and sold on exchanges using U.S. dollars, among other currencies, and are increasingly accepted

www.protiviti.com

Page | 5

Compliance Insights Your monthly compliance news round-up August 2016

by many merchants and financial institutions. Not surprisingly, bitcoins are subject to misuse by criminals seeking to launder money. In a July 2016 money-laundering case involving bitcoin, a Florida judge concluded that the money laundering charges brought against a man by the state for illegally selling bitcoins to undercover detectives were invalid on the basis that bitcoins do not constitute “money.” In the ruling, which may well be appealed, the MiamiDade Circuit Court dismissed all charges against the defendant, arguing that Florida’s statute on money laundering and money transmission “is so vaguely written that even legal professionals have difficulty finding a singular meaning,” and that the charges could not be applied to bitcoin without further legislative clarification. To arrive at the ruling, the judge compared the attributes of bitcoin to traditional currency, finding that bitcoin and what is commonly referred to as “money” differ in many aspects. Among the differences the judge noted were the high volatility of bitcoin due to insufficient liquidity associated with bitcoins, the uncertainty of the value assigned to an individual bitcoin and the absence of a centralized authority regulating bitcoins. As such, the judge determined that bitcoin did not meet the definitions of either a “monetary instrument” or “financial transaction” under relevant Florida statutes, and therefore was not subject to Floridaspecific money laundering and money transmitter requirements. This case highlights the difficulties that regulators and law enforcement are faced with in defining and regulating virtual currencies. While the applicability of current money laundering and money transmitter requirements to bitcoin, and by association other virtual currencies, continues to be debated, financial institutions should continue to evaluate carefully virtual currencies and related anti-money laundering risks, including managing risks associated with any customers found to be using or accepting virtual currencies.

Upcoming Changes to Military Lending Act Requirements Impact Consumer Lending The Military Lending Act (MLA) was enacted in 2006 to provide consumers on active military duty and their dependents certain protections related to consumer credit. The Department of Defense (DoD) implemented regulations that prohibited creditors from: 1) originating a consumer unsecured loan or line of credit with fees and interest that would result in a “Military Annual Percentage Rate” (MAPR) in excess of 36 percent to covered borrowers, 2) requiring borrowers to submit to mandatory arbitration in the case of a dispute, or 3) requiring borrowers to pay a penalty in the case of prepayment on consumer credit. In July 2015, the DoD issued final rules revising its MLA regulation. The date of first compliance with the new rules is October 3, 2016, generally, and October 3, 2017, for provisions related to credit cards. Significant new, or changes to existing, requirements impacting creditors include:

www.protiviti.com

Page | 6

Compliance Insights Your monthly compliance news round-up August 2016



An alignment of the definition of credit for purposes of the MLA with that set forth in the Truth in Lending Act (TILA), as implemented by the CFPB’s Regulation Z, which defines credit as that offered or extended to a covered borrower primarily for personal, family or household purposes and that is subject to a finance charge or payable by a written agreement in more than four installments. This represents an expansion of loans covered by the rule, including credit cards; currently, the DoD’s rules apply only to closed-end payday, auto title, and tax refund anticipation loans. Of note, the new rules continue to exempt residential mortgages and vehicle-secured purchase loans;



A modification of how the MAPR is to be calculated by creditors. Under the new rules, the MAPR is to include fees for credit-related ancillary products, finance charges associated with consumer credit and certain application and participation fees, subject to certain exceptions for credit cards. Previously, the rule did not require the inclusion of ancillary fees into the MAPR determination. Creditors will also be required to disclose the MAPR on periodic statements provided to borrowers, and include the total dollar amount of all charges that were included in the MAPR, as well as on all disclosures required by Regulation Z; and



The establishment of a new “safe harbor” provision that permits creditors to determine whether a borrower is covered under the MLA by obtaining information from the DoD’s Defense Manpower Data Center (DMDC) database or from a consumer credit report issued by a nationwide consumer reporting agency or reseller. Creditors will be allowed to rely on the information obtained from these searches for the initial verification as long as the consumer responds to an offer of credit within 60 days, and must retain records of the information obtained by the search.

Creditors who violate MLA requirements can be held responsible for civil liability penalties paid to the borrower. This can include actual damages sustained by a borrower, punitive damages, and any other relief provided by law. As the first date of compliance is fast approaching, financial institutions should validate that they have taken appropriate steps to implement these requirements soon, including updates necessary to relevant policies, procedures, training, processes and systems.

It is important to note that this newsletter is provided for general information purposes only and is not intended to serve as legal analysis or advice. Companies should seek the advice of legal counsel or other appropriate advisers on specific questions and practices as they relate to their unique circumstances.

©2016 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Veterans. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.

www.protiviti.com

Page | 7