Posts

Triangle Background

While there has not been a recent significant change to escrow requirements, it is WBA’s understanding that many banks pay taxes from escrow by December 20 every year. Around this time, many questions arise as to State and Federal requirements regarding escrow accounts. Furthermore, given the lingering impacts of the COVID-19 pandemic, many borrowers may have been, or currently are, in deferral or forbearance, resulting in insufficient escrow balances. This article presents several questions and answers to refresh banks on relevant requirements, and important considerations, regarding escrow accounts both with respect to the pandemic, and more generally.

Q1: Does Wisconsin have rules regarding disbursements from tax escrows?

A1: Yes. Wis. Stat. section 138.052(5m) governs escrow accounts required to be maintained to pay taxes or insurance in connection with consumer-purpose loans secured by a first lien real estate mortgage or equivalent security interest in the borrower’s principal dwelling. For example, the requirement applies to covered purchase money, refinance, and home equity transactions but does not apply to loans that are business or agricultural purpose, or manufactured home transactions. It also does not apply to voluntary escrow accounts. If a bank maintains a voluntary escrow account, it should ensure it has adequate documentation to evidence that fact. 

For covered loans, banks must provide an escrow notice before closing giving the borrower options regarding how the bank will make payments from the amount escrowed: 

Escrow agent sends a check by December 20 to the borrower for the amount held in escrow for the payment of property taxes made payable to the borrower or to the borrower and the taxing authority. 

  1. Escrow agent pays the property taxes by December 31 if the escrow agent has received a tax statement for the property by December 20.  
  1. Escrow agent pays the property taxes when due.  

This notice is not required under section 138.052(5m) if the escrow agent’s practice is to pay the borrower the amount held in escrow for the payment of property taxes by December 20, or to send a check in the amount of the funds held in escrow for the payment of property taxes, made payable to the borrower and taxing authority. 

Regardless of whether a notice under state law may not be required, banks are reminded that a voluntary agreement is still required under the Real Estate Settlement Procedures Act (RESPA) to pay property taxes annually as permitted under Wis. Stat. section 138.052(5m). See the discussion below regarding the interconnection between state and federal law.  

Q2: Does RESPA have rules regarding disbursements from tax escrows? 

A2: Yes. RESPA section 1024.17(k) prescribes rules that apply to escrow accounts established in connection with RESPA-covered loans to pay taxes, insurance, or other charges. If the terms of the loan require the borrower to make payments to an escrow account, the bank must make disbursements in a timely manner. A timely manner means payment by the disbursement date, so long as the loan account is not more than 30 days overdue. 

If a taxing authority offers a bank a choice between annual and installment disbursements, RESPA includes additional requirements. Generally, disbursements must be made on an installment basis depending on whether the taxing authority offers a discount, or charges additional fees, for installment disbursements.  In Wisconsin, where taxes may be paid in annual or installment payments, and the taxing authority does not offer a discount for payments on an annual basis nor does it impose any additional charge or fee for installment payments, the bank must make disbursements on an installment basis, unless the bank and borrower agree to another disbursement alternative. 

Most property taxes in Wisconsin may be payable in two installments. If the first installment is paid by January 31, the second installment may be paid by July 31. Because no discount is available for making annual payments, and no penalty is imposed for making installment payments, RESPA requires property taxes payable in this manner to be disbursed on an installment basis, unless the borrower voluntarily agrees, in writing, to an annual disbursement.

Q3: How do the requirements under Wis. Stat section 138.052(5m) and RESPA section 1024.17 work together?

A3: RESPA preempts State law only to the extent of any inconsistency. Generally, escrows governed by section 138.052(5m) must also comply with RESPA, and banks must disburse tax escrows in installments, or as otherwise agreed to by the borrower. Thus, banks will want to consider their written agreement as to the borrower’s choice of disbursement methods, and as discussed in Q1 above, a bank may pay by December 20 by check.  

As RESPA requires taxes to be disbursed in installments, and State law allows more flexibility in how taxes are paid, in order for bank to disburse money from a required escrow account, annually under the section 138.052(5m) December 20 method, RESPA requires the customer’s voluntary agreement of that option. And, while notice under section 138.052(5m) may not be required, RESPA still requires the customer’s voluntary agreement to pay by December 20; see the discussion in Q2. FIPCO’s WBA Tax Escrow Option Election form meets the requirements under Wis. Stat. 138.052(5m) and also serves as the voluntary agreement to disburse property taxes out of escrow in any method other than installments to comply with RESPA.  

Q4: What if a deficiency occurs before disbursement?

A4: As discussed in Q2, RESPA generally requires the bank to disburse funds in a timely manner. If a deficiency exists, the bank must still cover the amount due. Upon advancing the funds, the bank may seek repayment from the borrower after performing an escrow account analysis.  

If the deficiency is less than one month’s escrow account payment, then the bank: 

  1. May allow the deficiency to exist and do nothing to change it; 
  1. May require the borrower to repay the deficiency within 30 days; or 
  1. May require the borrower to repay the deficiency in 2 or more equal monthly payments. 

If the deficiency is greater than or equal to 1 month’s escrow payment, the bank may allow the deficiency to exist and do nothing to change it or may require the borrower to repay the deficiency in two or more equal monthly payments. 

If the borrower is not current, then the bank may recover the deficiency pursuant to the terms of the mortgage loan documents. For example, language within the WBA 428 Real Estate Mortgage states that if the escrowed funds held by bank are not sufficient to pay the escrow account items when due, bank may notify consumer in writing, and consumer shall pay bank the amount necessary to make up the deficiency in a manner described by bank or as otherwise required by applicable law.  

Furthermore, for loans that are not covered by RESPA (i.e., the escrow account is not required), the bank will need to determine how the deficiency will be covered, either by the borrower, or the bank, pursuant to the terms of its agreement. 

Q5: How does a payment deferral or forbearance affect escrow considerations? 

A5: As a result of the pandemic, bank may have deferred or forborne payments for some of its borrowers. Bank should consider its deferral and forbearance agreements to confirm whether this deferral or forbearance included escrow payments. Even if it did not, financial distress caused by the pandemic may have resulted in more escrow shortages and deficiencies than typical. Banks should consider how they are monitoring loans for payments, and accounting for expected, and unexpected shortages. Specific attention may need to be paid to escrow balances for loans in deferral, forbearance, or modification. Banks should identify loans that will be short, and determine how the deficiency will be handled, with the above considerations in mind.

Q6: What is the escrow rate for 2022, as set by 138.052? 

A6: At time of this release, the Wisconsin Department of Financial Institutions, Division of Banking, has not yet released the 2022 interest rate required to be paid on escrow accounts for residential mortgage loans subject to Wisconsin Statute Section 138.052(5). WBA will continue to monitor and will report the 2022 rate once released. Once set, the 2022 interest rate shall remain in effect through December 31, 2022.

Q7: Does 138.052 require Wisconsin banks to pay interest on escrow accounts?  

A7: Not for loans originated after April 18, 2018. 2017 Wisconsin Act 340 eliminated the requirement that a financial institution pay interest on escrow accounts for residential mortgage loans originated on or after the effective date of the Act. Thus, a Wisconsin financial institution is not required by law to pay interest on any escrow account maintained in association with a loan originated on or after April 18, 2018. 

Wisconsin Section 138.052 previously required financial institutions to pay interest on the balance on any required escrow accounts. As discussed above, 138.052 applies to consumer-purpose loans secured by a first lien or first lien equivalent in a 1-4 family dwelling that is used as the borrower’s principal residence. Banks must continue to pay interest on escrow accounts they required prior to the effective date of Act 340. However, for any escrow account associated with a loan originated after the effective date of Act 340, 138.052 no longer requires payment of interest. A bank should also consider the terms of its contract as to whether any payment of interest is part of the agreement.

Q8: Bank is closing loan in December for which bank will require escrow for the payment of taxes. The first mortgage payment will be February. Can bank escrow for 2020 taxes to be paid in 2021? 

A8. No. RESPA’s escrow collection rules are prospective in nature. Bank should only collect for 2021 taxes to be paid either in December 2021 in a lump sum (with borrower’s permission as outlined above) or in installments. Bank should not collect for anything between December 1 and 31 because nothing is owing during that time as the bank should only be collecting for 2021 taxes. Bank should not be collecting for 2020 taxes for payment in 2021. Borrower should be on his/her own to pay 2020 taxes.  

WBA Legal has prepared a new toolkit to help senior management, commercial lenders, loan processors, compliance officers, and others involved with small business lending to better understand the impact of CFPB’s recently proposed small business rule on the bank. Once finalized, the requirement to collect and report certain data about small business credit applicants will have a dramatic impact on current application and processing operations and record retention.  

A PowerPoint summarizing CFPB’s proposed rule has been created for use by staff who seek to present the main components of the proposal to lending and processing staff. The PowerPoint provides a background, proposed compliance dates, information regarding covered financial institutions, definition of small business, minority-owned and women-owned business, definition of covered application and covered credit transaction, what data must be collected, and reporting information.  

In addition to the PowerPoint, the toolkit also includes a complete outline of the proposed rule, including the proposed commentary and several appendices. CFPB’s proposed rule summary and a data point chart are also included.  

CFPB is accepting comments regarding its proposal. WBA hopes each bank will take into consideration the information provided in this toolkit, assess the proposal’s impact on the bank, and provide comment to CFPB regarding such impact.  

WBA Legal will be creating a draft comment letter for use by members to reply to CFPB regarding concerns and impact of the proposal on banks. WBA encourages each bank to consider submitting its own letter reflecting bank-specific information.  

Feel free to contact WBA Legal at wbalegal@wisbank.com regarding CFPB’s proposal.

Triangle Background

The White House has just released the Occupational Safety and Health Administration’s (OSHA’s) emergency temporary standard (ETS) meant to protect unvaccinated employees of large employers (100 or more employees) from the risk of contracting COVID-19 by strongly encouraging vaccination. Under the ETS, covered employers must develop, implement, and enforce a mandatory COVID-19 vaccination policy, with an exception for employers that instead adopt a policy requiring employees to either get vaccinated or elect to undergo regular COVID-19 testing and wear a face covering at work in lieu of vaccination.

Under the ETS, employees of covered employers must receive the vaccine or be required to produce a negative test on “at least a weekly basis.” Employers “must remove from the workplace any employee who receives a positive COVID-19 test or is diagnosed with COVID-19 by a licensed healthcare provider.”

Highlights from the ETS:

Explanation of Who is Included in the 100-Employee Threshold:  

The applicability of the ETS is based on the size of an employer, in terms of number of employees, rather than on the type or number of workplaces. Part-time employees do count towards the company total, but independent contractors do not. For a single corporate entity with multiple locations, all employees at all locations are counted for purposes of the 100-employee threshold for coverage under the ETS. The determination as to whether a particular employer is covered by the standard should be made separately from whether individual employees are covered by the standard’s requirements. For example,

  • If an employer has 75 part-time employees and 25 full-time employees, the employer would be within the scope of the ETS because it has 100 employees.
  • If an employer has 150 employees,100 of whom work from their homes full-time and  50 of whom work in the office at least part of the time, the employer would be within the scope of the ETS because it has more than 100 employees. (NOTE: See the  information below regarding mandatory vaccination not being applicable to some employees.)
  • If an employer has 102 employees and only 3 ever report to an office location, that employer would be covered.

January4 Deadline to Begin Weekly Testing of Unvaccinated Employees: 

Employees of covered employers have until January 4 to become fully vaccinated (either two doses of Pfizer or Moderna, or one dose of Johnson & Johnson). After that date, employers must ensure that any employees who have not received the necessary shots begin producing a verified negative test to their employer on at least a weekly basis. Therefore, employers with unvaccinated workers need to have a testing regime in place by January 4, unless the ETS is enjoined.

Paid Time Off to Get Vaccinated:

Covered employers must provide four hours of paid time off for employees to get vaccinated.

Unvaccinated Employees Must be Masked: 

Unvaccinated employees of covered employers must wear a face mask while in the workplace.

Proof of Vaccination Status and Record Retention:

Covered employers must require employees to provide proof of vaccination status, which can take the form of immunization record, COVID-19 vaccination record card, or other official medical record documenting the vaccine. The employer must maintain a “record” of that  vaccination and a roster of each employee’s vaccination status. There is no suggestion that the employer must copy the vaccination document presented by the employee to show proof of vaccination.

Mandatory Vaccination Not Applicable to Certain Employees: 

Employers are not required to mandate vaccination by employees for whom a vaccine is  medically contraindicated, for whom medical necessity requires a delay in vaccination (e.g., the  vaccine is in conflict with other medical treatment received by the employee), or those legally entitled to a reasonable accommodation under the Americans with Disabilities Act or other federal civil rights law because the employee has a disability or sincerely-held religious belief, practice, or observance that conflicts with the vaccination requirement.

The vaccination requirement also does not apply to employees who do not report to a workplace where other individuals (such as coworkers or customers) are present, employees while they are working from home, or employees who work exclusively outdoors. An employee who switches back and forth from teleworking from home to working from the office is covered by the ETS.

ETS Not Applicable to Workplaces Subject to E.O. 14042:

The ETS does not apply to workplaces covered by Executive Order 14042, which requires federal  contractors to have employees whose work relates to a federal contract be vaccinated against COVID-19. (This provision differs from the administration’s prior suggestion that employers subject to both the ETS and executive order would need to comply with both actions.)

The requirement to test unvaccinated employees weekly begins on January 4. Compliance with all other requirements of the ETS is required by December 5. It is WBA’s understanding that several state attorneys general and private entities are expected to file lawsuits in the coming days that seek to enjoin the ETS from taking effect.

View the full ETS here.

By WBA Legal

In late August, the Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) issued a new resource titled, Conducting Due Diligence on Financial Technology Companies, A Guide for Community Banks (Guide), which was intended to help community banks in conducting due diligence when considering relationships with fintech companies.

Use of the Guide is voluntary, and it does not anticipate all types of third-party relationships and risks. Therefore, a community bank can tailor how it uses relevant information in the Guide, based on its specific circumstances, the risks posed by each third-party relationship, and the related product, service, or activity (herein, activities) offered by the fintech company.

While the Guide is written from a community bank perspective, the fundamental concepts may be useful for banks of varying size and for other types of third-party relationships. Due diligence is an important component of an effective third-party risk management process, as highlighted in the federal banking agencies’ respective guidance; which, for FRB-regulated banks is SR Letter 13-19, for FDIC-regulated banks is FIL-44-2008, and for OCC banks is Bulletin-2013-29.

During due diligence, a community bank collects and analyzes information to determine whether third-party relationships would support its strategic and financial goals and whether the relationship can be implemented in a safe and sound manner, consistent with applicable legal and regulatory requirements. The scope and depth of due diligence performed by a community bank will depend on the risk to the bank from the nature and criticality of the prospective activity. Banks may also choose to supplement or augment their due diligence efforts with other resources as appropriate, such as use of industry utilities or consortiums that focus on third-party oversight.

The Guide focuses on six key due diligence topics, including relevant considerations and a list of potential sources of information. The following is a summary of the key due diligence topics within the Guide.

Business Experience and Qualifications

The agencies have identified that by evaluating a fintech company’s business experience, strategic goals, and overall qualifications, a community bank can better consider a fintech company’s experience in conducting the activity and its ability to meet the bank’s needs. Review of operational history will provide insight into a fintech company’s ability to meet a community bank’s needs, including, for example, the ability to adequately provide the activities being considered in a manner that enables a community bank to comply with regulatory requirements and meet customer needs.

Review of client references and complaints about a fintech company may provide useful information when considering, among other things, whether a fintech company has adequate experience and expertise to meet a community bank’s needs and resolve issues, including experience with other community banking clients. Review of legal or regulatory actions against a fintech company can be indicators of the company’s track record in providing activities.

When a community bank is considering a third-party relationship, discussing a fintech company’s strategic plans can provide insight on key decisions it is considering, such as plans to launch new products or pursue new arrangements (such as acquisitions, joint ventures, or joint marketing initiatives). A community bank may subsequently consider whether the fintech company’s strategies or any planned initiatives would affect the prospective activity. Further, inquiring about a fintech company’s strategies and management style may help a community bank assess whether a fintech company’s culture, values, and business style fit those of the community bank.

The agencies further instruct that understanding the background and expertise of a fintech company’s directors and executive leadership may provide a community bank useful information on the fintech company’s board and management knowledge and experience related to the activity sought by the community bank. A community bank may also consider whether the company has sufficient management and staff with appropriate expertise to handle the prospective activity.

For example, imagine that a fintech company, its directors, or its management have varying levels of expertise conducting activities similar to what a community bank is seeking. A fintech company’s historical experience also may not include engaging in relationships with community banks. As part of due diligence, a community bank may therefore consider how a fintech company’s particular experiences could affect the success of the proposed activity and overall relationship. Understanding a fintech company’s qualifications and strategic direction will help a community bank assess the fintech company’s ability to meet the community bank’s expectations and support a community bank’s objectives. When evaluating the potential relationship, a community bank may consider a fintech company’s willingness and ability to align the proposed activity with the community bank’s needs, its plans to adapt activities for the community bank’s regulatory environment, and whether there is a need to address any integration challenges with community bank systems and operations.

Financial Condition

Another step the agencies identified is for a bank to evaluate a fintech company’s financial condition to help the bank assess the company’s ability to remain in business and fulfill any obligations created by the relationship. Review of financial reports provide useful information when evaluating a fintech company’s capacity to provide the activity under consideration, remain a going concern, and fulfill any of its obligations, including its obligations to the community bank. Understanding funding sources provide useful information in assessing a fintech company’s financial condition. A fintech company may be able to fund operations and growth through cash flow and profitability or it may rely on other sources, such as loans, capital injections, venture capital, or planned public offerings.

Additionally, information about a fintech company’s competitive environment may provide additional insight on the company’s viability. Review of information on a fintech company’s client base can shed insight into any reliance a fintech company may have on a few significant clients. A few critical clients may provide key sources of operating cash flow and support growth but may also demand much of a fintech company’s resources. Loss of a critical client may negatively affect revenue and hinder a fintech company’s ability to fulfill its obligations with a community bank. A community bank may also consider a fintech company’s susceptibility to external risks, such as geopolitical events that may affect the company’s financial condition.

For example, some fintech companies, such as those in an early or expansion stage, have yet to achieve profitability or may not possess financial stability comparable to more established companies. Some newer fintech companies may also be unable to provide several years of financial reporting, which may impact a community bank’s ability to apply its traditional financial analysis processes. When audited financial statements are not available, a community bank may want to seek other financial information to gain confidence that a fintech company can continue to operate, provide the activity satisfactorily, and fulfill its obligations. For example, a community bank may consider a fintech company’s access to funds, its funding sources, earnings, net cash flow, expected growth, projected borrowing capacity, and other factors that may affect a fintech company’s overall financial performance.

Legal and Regulatory Compliance

The Guide further outlines how in evaluating a fintech company’s legal standing, its knowledge about legal and regulatory requirements applicable to the proposed activity, and its experience working within the legal and regulatory framework, better enables a community bank to verify a fintech company’s ability to comply with applicable laws and regulations.

A bank may want to consider reviewing organizational documents and business licenses, charters, and registrations as such documentation provides information on where a fintech company is domiciled and authorized to operate (for example, domestically or internationally) and legally permissible activities under governing laws and regulations. Reviewing the nature of the proposed relationship, including roles and responsibilities of each party involved, may also help a community bank identify legal considerations. Assessing any outstanding legal or regulatory issues may provide insight into a fintech company’s management, its operating environment, and its ability to provide certain activities.

A bank could also consider reviewing a fintech company’s risk and compliance processes to help assess the fintech company’s ability to support the community bank’s legal and regulatory requirements, including privacy, consumer protection, fair lending, anti-money-laundering, and other matters. A fintech company’s experience working with other community banks may provide insight into the fintech company’s familiarity with the community bank’s regulatory environment. Reviewing information surrounding any consumer-facing applications, delivery channels, disclosures, and marketing materials for community bank customers can assist a community bank to anticipate and address potential consumer compliance issues. Considering industry ratings (for example, Better Business Bureau) and the nature of any complaints against a fintech company may provide insight into potential customer service and compliance issues or other consumer protection matters.

For example, some fintech companies may have limited experience working within the legal and regulatory framework in which a community bank operates. To protect its interests, community banks may consider including contract terms requiring (a) compliance with relevant legal and regulatory requirements, including federal consumer protection laws and regulations, as applicable; (b) authorization for a community bank and the bank’s primary supervisory agency to access a fintech company’s records; or (c) authorization for a community bank to monitor and periodically review or audit a fintech company for compliance with the agreed-upon terms. Other approaches could include (1) instituting approval mechanisms (for example, community bank signs off on any changes to marketing materials related to the activity), or (2) periodically reviewing customer complaints, if available, related to the activity.

Risk Management and Controls

The agencies have also identified that by banks evaluating the effectiveness of a fintech company’s risk management policies, processes, and controls, such review helps a community bank to assess the company’s ability to conduct the activity in a safe and sound manner, consistent with the community bank’s risk appetite and in compliance with relevant legal and regulatory requirements.

Banks should consider reviewing a fintech company’s policies and procedures governing the applicable activity as it will provide insight into how the fintech company outlines risk management responsibilities and reporting processes, and how the fintech company’s employees are responsible for complying with policies and procedures. A community bank may also use the information to assess whether a fintech company’s processes are in line with its own risk appetite, policies, and procedures. Information about the nature, scope, and frequency of control reviews, especially those related to the prospective activity, provides a community bank with insight into the quality of the fintech company’s risk management and control environment. A community bank may also want to consider the relative independence and qualifications of those involved in testing. A fintech company may employ an audit function (either in-house or outsourced). In these cases, evaluating the scope and results of relevant audit work may help a community bank determine how a fintech company ensures that its risk management and internal control processes are effective.

Banks should also consider the findings, conclusions, and any related action plans from recent control reviews and audits as the information may provide insight into the effectiveness of a fintech company’s program and the appropriateness and timeliness of any related action plans. Evaluating a fintech company’s reporting helps a community bank to consider how the fintech company monitors key risk, performance, and control indicators; how those indicators relate to the community bank’s desired service-level agreements; and how the fintech company’s reporting processes identify and escalate risk issues and control testing results. A community bank may also consider how it would incorporate such reporting into the bank’s own issue management processes. Review of information on a fintech company’s staffing and expertise, including for risk and compliance, provide a means to assess the overall adequacy of the fintech company’s risk and control processes for the proposed activity.

Information on a fintech company’s training program also assists in considering how the fintech company ensures that its staff remains knowledgeable about regulatory requirements, risks, technology, and other factors that may affect the quality of the activities provided to a community bank.

For example, a fintech company’s audit, risk, and compliance functions will vary with the maturity of the company and the nature and complexity of activities offered. As a result, a fintech company may not have supporting information that responds in full to a community bank’s typical due diligence questionnaires. In other cases, a fintech company may be hesitant to provide certain information that is considered proprietary or a trade secret (for example, their development methodology or model components). In these situations, a community bank may take other steps to identify and manage risks in the third-party relationship and gain confidence that the fintech company can provide the activity satisfactorily.

For example, a community bank may consider on-site visits to help evaluate a fintech company’s operations and control environment, or a community bank’s auditors (or another independent party) may evaluate a fintech company’s operations as part of due diligence. Other approaches could include (a) accepting due diligence limitations, with any necessary approvals and/or exception reporting, compared to the community bank’s normal processes, commensurate with the criticality of the arrangement and in line with the bank’s risk appetite and applicable third-party risk management procedures; (b) incorporating contract provisions that establish the right to audit, conduct on-site visits, monitor performance, and require remediation when issues are identified; (c) establishing a community bank’s right to terminate a third-party relationship, based on a fintech company’s failure to meet specified technical and operational requirements or performance standards. Contract provisions may also provide for a smooth transition to another party (for example, ownership of records and data by the community bank and reasonable termination fees); or (d) outlining risk and performance expectations and related metrics within the contract to address a community bank’s requirements

Information Security

In understanding a fintech company’s operations infrastructure and the security measures for managing operational risk, a community bank may better evaluate whether the measures are appropriate for the prospective activity. A community bank may evaluate whether the proposed activity can be performed using existing systems, or if additional IT investment would be needed at the community bank or at the fintech company to successfully perform the activity. For example, a community bank may evaluate whether the fintech company’s systems can support the bank’s business, customers, and transaction volumes (current and projected). A fintech company’s procedures for deploying new hardware or software, and its policy toward patching and using unsupported (end-of-life) hardware or software, will provide a community bank with information on the prospective third party’s potential security and business impacts to the community bank.

For example, fintech companies’ information security processes may vary, particularly for fintech companies in an early or expansion stage. Community banks may evaluate whether a fintech company’s information security processes are appropriate and commensurate with the risk of the proposed activity. Depending on the activity provided, community banks may also seek to understand a fintech company’s oversight of its subcontractors, including data and information security risks and controls.

For a fintech company that provides transaction processing or that accesses customer data, for example, community banks may request information about how the fintech company restricts access to its systems and data, identifies and corrects vulnerabilities, and updates and replaces hardware or software. The bank may also consider risks and related controls pertaining to its customers’ data, in the event of the fintech company’s security failure. Also, contractual terms that authorize a community bank to access fintech company records can better enable the bank to validate compliance with the laws and regulations related to information security and customer privacy.

Operational Resilience

A community bank may evaluate a fintech company’s ability to continue operations through a disruption. Depending on the activity, a community bank may look to the fintech company’s processes to identify, respond to, and protect itself and customers from threats and potential failures, as well as recover and learn from disruptive events. It is important that third-party continuity and resilience planning be commensurate with the nature and criticality of activities performed for the bank.

Evaluating a fintech company’s business continuity plan, incident response plan, disaster recovery plan and related testing can help a community bank determine the fintech company’s ability to continue operations in the event of a disruption. Also, evaluating a fintech company’s recovery objectives, such as any established recovery time objectives and recovery point objectives, helps to ascertain whether the company’s tolerances for downtime and data loss align with a community bank’s expectations. A community bank that contemplates how a fintech company considers changing operational resilience processes to account for changing conditions, threats, or incidents, as well as how the company handles threat detection (both in-house and outsourced) may provide a community bank with additional information on incident preparation. Discussions with a fintech company, as well as online research, could provide insights into how the company responded to any actual cyber events or operational outages and any impact they had on other clients or customers.

Understanding where a fintech company’s data centers are or will reside, domestically or internationally, helps a community bank to consider which laws or regulations would apply to the community bank’s business and customer data. Another matter for a community bank to consider is whether a fintech company has appropriate insurance policies (for example, hazard insurance or cyber insurance) and whether the fintech company has the financial ability to make the community bank whole in the event of loss.

Service level agreements between a community bank and a fintech company set forth the rights and responsibilities of each party with regard to expected activities and functions. A community bank may consider the reasonableness of the proposed service level agreement and incorporate performance standards to ensure key obligations are met, including activity uptime. A community bank may also consider whether to define default triggers and recourse in the event that a fintech company fails to meet performance standards.

A fintech company’s monitoring of its subcontractors (if used) may offer insight into the company’s own operational resilience. For example, a community bank may inquire as to whether the fintech company depends on a small number of subcontractors for operations, what activities they provide, and how the fintech company will address a subcontractors’ inability to perform. A community bank may assess a fintech company’s processes for conducting background checks on subcontractors, particularly if subcontractors have access to critical systems related to the proposed activity.

For example, as with previous due diligence scenarios, fintech companies may exhibit a range of resiliency and continuity processes, depending on the activities offered. Community banks may evaluate whether a fintech company’s planning and related processes are commensurate with the nature and criticality of activities performed for the bank. For example, community banks may evaluate a fintech company’s ability to meet the community bank’s recovery expectations and identify any subcontractors the fintech company relies upon for recovery operations. A fintech company may have recovery time objectives for the proposed activity that exceed the desired recovery time objectives of a community bank. If a fintech company can meet the community bank’s desired recovery time objectives, the bank may consider including related contractual terms, such as a contract stipulation that the community bank can participate in business continuity testing exercises and that provides appropriate recourse if the recovery time objective is missed in the event of an actual service disruption.

A community bank may also consider appropriate contingency plans, such as the availability of substitutable service providers, in case the fintech company experiences a business interruption, fails, or declares bankruptcy and is unable to perform the agreed-upon activities. In addition to potential contractual clauses and requirements, a community bank’s management may also consider how it would wind down or transfer the activity in the event the fintech company fails to recover in a timely manner.

Conclusion

The agencies have outlined a number of relevant considerations, non-exhaustive lists of potential sources of information, and illustrative examples to assist community banks with identifying strengths and potential risks when considering relationships with fintech companies. The voluntary Guide helps provide a starting point for banks with their due diligence efforts. The Guide may be viewed here.

Highlighted Special Focus From the October 2021 Compliance Journal

By Scott Birrenkott

WBA filed comments this week with FRB, FDIC, and OCC (agencies) on their proposed guidance on managing risks associated with third-party relationships (proposal).

Over the years, the agencies have issued guidance on third-party management for their respective supervised institutions. The agencies have issued the proposal in an effort to promote consistency in their third-party risk management guidance and to clearly articulate risk-based principles on third-party risk management. The proposal is based on the OCC’s existing third-party risk management guidance from 2013.

WBA commented that the proposal presents a welcome opportunity to consolidate and update each agency’s individual existing guidance, and generally supported the effort. In addition to general comments reflecting member experiences in third-party management, WBA did recommend that the agencies consider specific examination procedures in accordance with the guidance, and provide banks with sufficient time to adapt to any final guidance.

Click here to view the letter.

Triangle Background

By Scott Birrenkott

Q: Does RESPA Prohibit Kickbacks for Referrals Related to Settlement Services?

A: Yes. WBA has received a few inquiries recently regarding Real Estate Settlement Procedures Act’s prohibition against kickbacks and unearned fees, and has created this summary as a quick refresher.

RESPA Section 8 prohibits certain actions related to federally related mortgage loans, including a prohibition against giving or accepting a fee, kickback, or thing of value pursuant to an agreement or understanding (oral or otherwise), for referrals of business incident to or part of a settlement service involving a federally related mortgage loan. There are definitions within that prohibition which help determine what might be covered.

“Thing of value” is defined broadly and can include a number of arrangements. “Settlement service” is also defined broadly and includes any service provided in connection with a real estate settlement. Referrals include oral or written action directed to a person that has the effect of affirmatively influencing a person’s selection of a provider of a settlement service or business incident to or part of a settlement service. For example, if a settlement service provider gives referral sources tickets to attend professional sporting events in exchange for referrals as part of an agreement or understanding, such conduct violates RESPA Section 8.

Certain arrangements, such as affiliated business arrangements and marketing services agreements are not violations of RESPA Section 8. Such determinations are fact-specific, however, and may require discussion with a bank’s legal counsel.

Further resources are available in CFPB’s helpful Real Estate Settlement Procedures Act FAQs.

If you have any questions on this topic or other matters of compliance, contact WBA’s legal call program at 608-441-1200 or wbalegal@wisbank.com.

Note: The above information is not intended to provide legal advice; rather, it is intended to provide general information about banking issues. Consult your institution’s attorney for special legal advice or assistance. 

Vaccination Card

By Jennifer Mirus, Boardman Clark, a WBA Gold Associate Member

On September 24, 2021, the Biden Administration released guidance regarding the scope of Executive Order 14042 which mandates that employees of covered federal contractors demonstrate proof of full vaccination against COVID-19 by December 8, 2021That guidance is available here.

The guidance lists several categories which, if applicable to an employer, will trigger its obligation to ensure its employees have been fully vaccinated. The guidance defines “contract” broadly to include: “all contracts and any subcontracts of any tier thereunder, whether negotiated or advertised, including any procurement actions, lease agreements, cooperative agreements, provider agreements, intergovernmental service agreements, service agreements, licenses, permits, or any other type of agreement, regardless of nomenclature, type, or particular form, and whether entered into verbally or in writing.” 

This broad guidance left certain questions unanswered regarding which entities qualify as a covered federal contractor. Notably, it is unclear whether banks are considered federal contractors due to their FDIC relationship with the federal government. Because the guidance is written in broad terms, it could be construed to mean that banks are considered federal contractors because they obtain a “service” from the federal government in the form of FDIC insurance and thus have a “service agreement” for the purposes of the vaccination requirement. However, this is a very literal reading of the guidance which may not be how the Executive Order and guidance are intended to be interpreted. Additionally, an earlier executive order regarding minimum wage used a similar definition of “contract,” and there is no clear guidance or rulings that banks were subject to that order.  

Thus, at this time, it is a reasonable conclusion that banking institutions are not covered federal contractors that must comply with the vaccination mandate. More guidance and clarification will be needed before it is clear whether banks are considered federal contractors under the Executive Order.  Banks that have explicit contracts with the federal government likely do qualify as federal contractors, even if they are not federal contractors by virtue of FDIC programs.  

Banks with 100 or more employees might be subject to the anticipated emergency temporary standard under the Occupational Health and Safety Administration (OSHA) that will require COVID-19 testing or vaccination. Details on OSHA’s standard are anticipated in the near future. 

The long awaited proposed rule regarding the collection and reporting of small business lending data as required by Section 1071 of the Dodd-Frank Act has finally been released by the Bureau of Consumer Financial Protection (CFPB). Unfortunately, the proposed rule is as broad and onerous as the industry expected it to be as it will be costly to train, implement, and monitor. The proposal would revise Regulation B, which implements the Equal Credit Opportunity Act (ECOA), to require the collection and reporting to CFPB certain data on applications for credit by small businesses. The proposal is substantial; however, below is a brief summary of the proposed rule.

Who Must Collect Data

The first step of analysis for any proposal is to identify whether it will apply to the bank. In this case, the proposal is broad and will very likely apply to all banks in Wisconsin. As proposed, if a bank originates at least 25 credit transactions that are considered “covered credit transactions” to “small businesses” in each of the two preceding years, the proposed rule will apply to the bank. Generally, a “small business” under the proposal is a business that had $5 million or less in gross annual revenue for its preceding fiscal year.

What CFPB has proposed be considered a “covered credit transaction” is a bit trickier an analysis but is generally the same as what is considered an application under the existing Regulation B definition of “application.” The proposed term does; however, exclude reevaluation requests, extension requests, or renewal requests on an existing business credit account, unless the request seeks additional credit amounts; also excluded is an inquiry or prequalification request.

What Data is to be Collected

Next, the data to be collected. Dodd-Frank Act Section 1071 identified certain data that must be collected by CFPB; the law also gave CFPB discretion to collect additional data. CFPB has incorporated all Dodd-Frank Act required data and several discretional data into its proposal. In particular, banks must collect a unique identifier of each application, application date, application method, application recipient, action taken by bank on the application, date action taken, denial reasons, amount applied for, amount originated or approved, and pricing information including interest rate, total origination charges, broker fees, initial annual charges, additional cost for merchant cash advances or other sales-based financing, and prepayment penalties.

Banks must also collect credit type, credit purpose, information related to the applicant’s business such as census tract, NAICS code and gross annual revenue for applicant’s preceding fiscal year, number of applicant’s non-owner workers, applicant’s time in business, and number of applicant’s principal owners.

There is also demographic information about the applicant’s principal owners to collect. These data points include minority- and women-owned business status, and the ethnicity, race, and sex of the applicant’s principal owners. The proposal also requires banks to maintain procedures to collect applicant-provided data at a time and in a manner that is reasonably designed to obtain a response, addresses how banks are to report certain data if data are not obtainable from an applicant, when banks are permitted to rely on statements made by an applicant, when banks must verify applicant’s responses to certain data collected, and when banks may reuse certain data collected in certain circumstances such as when data was collected within the same calendar year as a current covered application and when the bank has no reason to believe the data are inaccurate.

When and How Data Must be Reported

Banks would be required to collect data on a calendar-year basis and report the data to CFPB by June 1 of the following year. CFPB has proposed to provide technical instructions for the submission of data in a Filing Instructions Guide and related materials.

The submitted data is also to be made available to the public on an annual basis. Banks would be required to make the reported data available on their website, or otherwise upon request, or must provide a statement that the bank’s small business lending application register is available on CFPB’s website. Model language for such statement has been proposed by CFPB.

Limit of Certain Bank Personnel’s Access to Certain Data

The proposed rule implements a requirement under Section 1071 that banks limit certain employees’ and officers’ access to certain data. CFPB refers to this as the “firewall.” Pursuant to the proposed rule, an employee or officer of a bank or bank’s affiliate who are involved in making any determination concerning the applicant’s covered application would be prohibited from accessing an applicant’s responses to inquiries that the bank made regarding whether the applicant is a minority- or woman-owned business. Such employees are also restricted from information about an applicant’s ethnicity, race, and sex of the applicant’s principal owners.

There are exceptions to the requirement if it is not feasible to limit such access, as that factor is further set forth in the proposal. If an exception is permissible under the proposal, notice must be given to the application regarding such access. Again, CFPB has created model language for such notice.

Recordkeeping and Enforcement

The proposal establishes certain recordkeeping requirements, including a three year retention period for small business lending application registers. The proposal also includes a requirement to maintain an applicant’s responses to Section 1071 inquiries regarding whether an applicant is a minority- or women-owned business, and responses regarding the ethnicity, race, and sex of the applicant’s principal owners, separate from the rest of the application and accompanying information.

The proposal does include enforcement for violations of the new rules, addresses bona fide errors, and provides for a safe harbor.

Learn More and Get Involved

The proposal and additional information, including a chart of the proposed data collection points, may be viewed at: https://www.consumerfinance.gov/rules-policy/rules-under-development/small-businesslending-data-collection-under-equal-credit-opportunity-act-regulation-b/

WBA will comment on the proposal and will create a template letter for bankers to use in providing their own comments to CFPB regarding the impact the proposal will have on the bank. Comments are due 90 days from publication of the proposed rule in the Federal Register. At time of publication of the article, the proposal had not yet been published. CFPB has proposed mandatory compliance of a final rule be eighteen months after its effective date. WBA Legal is creating a working group to collect data and concerns from Wisconsin’s bankers on the proposal. If you wish to be part of the working group, please contact WBA Legal at wbalegal@wisbank.com.

This article originally ran in the September 2021 edition of the WBA Compliance Journal, to view the entire publication, click here.

Person holding Covid 19 Vaccination card

As was first reported in the September 10 WBA Wisconsin Banker Daily, President Biden released a plan on September 9 meant to reduce the number of unvaccinated Americans.

By way of background, to implement the plan, Department of Labor’s Occupational Safety and Health Administration (OSHA) is developing a rule that will require all employers with 100 or more employees to ensure their workforce is fully vaccinated or require any workers who remain unvaccinated to produce a negative test result on at least a weekly basis before coming to work. OSHA will issue an Emergency Temporary Standard (ETS) to implement the requirement.

OSHA is also developing a rule that will require employers with more than 100 employees to provide paid time off for the time to takes for workers to get vaccinated or to recover if they are under the weather post-vaccination. This requirement will also be implemented through an ETS.

President Biden executed a second order to take similar steps to require vaccinations for all federal workers and federal contractors that do business with the federal government. The Safer Federal Workforce Task Force had until this past Friday to describe new safety protocols, per the order.

Guidance was released last Friday; however, it unfortunately did not clarify whether banks are considered federal contractors under the vaccine mandate. WBA will continue to closely monitor the developing law and update the membership once coverage of the order is clarified.

Safer Federal Workforce Task Force COVID-19 Workplace Safety: Guidance for Federal Contractors and Subcontractors

Path Out of the Pandemic Order

Order of COVID Safety for Federal Contractors

 

By Heather MacKinnon

By Scott Birrenkott

Q: Are Banks Required To Provide Notice When Changing Lobby Hours?

A: Not by rule or law, but some form of notification is recommended.

There exists no specific requirement to notify bank customers, or its regulators, when changing its hours of operation. This includes branch hours, lobby hours, drive up hours, or other times of access, such as whether a location is open on a Saturday.

However, specific requirements do exist for closure of branch banks, requiring notice in writing to the Wisconsin Department of Financial Institution (DFI) at least 30 days in advance of the closure, along with notices in the bank’s lobby which is to be closed. While such notice is not required for a change of hours, bank might consider following that procedure as a matter of courtesy and update to DFI, even though it is not closing a branch.

Additionally, while no specific notice requirement to customers exists, some form of communication would be prudent. For example: a posting in lobbies, through mail, or online via the bank’s website, social media, or other applications, would likely be beneficial and appreciated by those customers who use the affected lobbies, drive-ups, deposit box, etc.

Lastly, the bank should also consider the implications of its change of hours. While there might not be specific notice requirements related to the shift in hours alone, if the shift in hours affect other areas, additional requirements may apply. For example, if cutoff times are changing, or funds availability, stop payment, or other time-sensitive matters are changing, the bank may need to update its disclosures and any associated deposit account rules.

If you have any questions on this topic or other matters of compliance, contact WBA’s legal call program at 608-441-1200 or wbalegal@wisbank.com.

Note: The above information is not intended to provide legal advice; rather, it is intended to provide general information about banking issues. Consult your institution’s attorney for special legal advice or assistance. 

Events

Don’t let a TRID mistake cost you a citation — or worse. This is your chance to get the goods on TRID, including loan estimates and closing disclosures. Improve your accuracy (and customer service) with this detail-driven webinar.

After This Webinar You’ll Be Able To:

  • Define which loans are covered by TRID rules
  • Describe the requirements for each section of the Loan Estimate (LE) and closing disclosure (CD)
  • Distinguish between a loan’s “purpose” under TRID versus HMDA versus URLA
  • Explain when a revised LE is necessary
  • Understand requirements for both single- and separate-close construction loans and permanent-phase closings
  • Review the accuracy of projected payments and other calculations
  • Test charges subject to tolerance standards
  • Recognize when a corrected CD is required

Webinar Details
TRID continues to top the list of examiners’ most-cited violations. The issue may be as small as a missed checkbox or as large as a fee increase that results in a tolerance cure to the borrower. Compliance efforts over the last several years have been devoted to implementing TRID and ensuring disclosures are provided to borrowers in a timely, accurate manner. But TRID rules continue to grow and evolve — and examiners are diving deeper into disclosures and processes to ensure you are providing accurate documents to applicants and borrowers. This session will review sample disclosures for fixed-rate, adjustable-rate, and construction loans. As the documents are reviewed, the speaker will address regulatory requirements, dive into the guidance, and review common errors when completing the LE and CD.

Who Should Attend?
This informative session is directed to loan officers, mortgage officers, loan processors, loan operations staff, compliance officers, and internal audit staff.

Take-Away Toolkit

  • TRID tolerance chart
  • Formulas to test TRID calculations
  • Sample completed forms
  • Employee training log
  • Interactive quiz
  • PDF of slides and speaker’s contact info for follow-up questions
  • Attendance certificate provided to self-report CE credits

NOTE: All materials are subject to copyright. Transmission, retransmission, or republishing of any webinar to other institutions or those not employed by your agency is prohibited. Print materials may be copied for eligible participants only.

Presenter Bio

Dawn Kincaid – Brode Consulting Services Inc.
Dawn Kincaid began her banking career while attending The Ohio State University. She has over 20 years’ experience in client service, operations, information technology, administrative and board relations, marketing, and compliance. Most recently Kincaid served as the Senior Vice President of Operations for a central-Ohio-based community bank, where she created and refined policies and procedures, conducted self-audits and risk assessments, and organized implementation of new products and services. Kincaid has served in the roles of Compliance, BSA/AML, CRA, Privacy, and Security Officer. She has led training initiatives, prepared due diligence information, completed a variety of regulatory applications, coordinated internal and external audits and exams, and presented for numerous state associations.

Registration Options

  • $245 – Live Webinar Access
  • $245 – OnDemand Access + Digital Download
  • $350 – Both Live & On-Demand Access + Digital Download

Many financial institutions have unwittingly established unlawful online banking programs in violation of E-SIGN. If caught operating a noncompliant program, every e-statement you’ve ever sent could be deemed legally invalid. Regulatory fines and legal costs could far exceed the potential savings e-statements provide. Join us to learn more about E-SIGN, e-statement, and e-disclosure compliance, and avoid “e-jeopardy.”

After This Webinar You’ll Be Able To:

  • Understand and adhere to federal E-SIGN and state UETA requirements
  • Adhere to — and disclose — E-SIGN’s mandatory six-step consent process
  • Comply with E-SIGN consumer consent provisions and processes
  • Create lawful, clear e-disclosures that can be understood and acted upon by any consumer
  • Prove accountholders have demonstrated the technological competence to receive e-statements
  • Preserve, protect, and produce e-records of accountholders’ affirmative consent
  • Respond to the E-SIGN Modernization Act
  • Avoid potentially costly consequences of noncompliance
  • Train employees to answer consumer questions about E-SIGN, e-statements, e-disclosures
  • Implement best practices, expert advice, and compliance tips immediately

Webinar Details
Where does your financial institution stand when it comes to E-SIGN, e-statement, and e-disclosure compliance? Are you confident your e-statement program adheres to federal and state laws and industry and government regulations? Do you obey E-SIGN and UETA rules? Is your enrollment process lawful, or are you signing up accountholders in a noncompliant (illegal) fashion? Do you allow accountholders to sign up for e-statements in your lobby? Do your e-disclosures contain the required information, including mandatory technology guidelines? Could you provide evidence of affirmative consent if your e-statement program triggered a lawsuit or regulatory audit?

With this insightful program, you will learn how to recognize and avoid common legal and compliance mistakes in e-statement programs. It will answer the most common and pressing questions about E-SIGN, UETA, e-statements, e-disclosures, affirmative electronic consent, and e-records retention among other important issues. You’ll learn strategies and gain tools to help ensure your E-SIGN, e-statement, e-disclosure program is well managed and complies with legal, regulatory, and organizational guidelines. Don’t miss it!

Who Should Attend?
This informative session is a must to ensure legally compliant online banking. Legal professionals, compliance officers, risk managers, records managers, online banking personnel, operations managers, business development managers, and others charged with managing electronic banking, E-SIGN, e-statements, e-disclosures, and electronic records will benefit from this program.

Take-Away Toolkit

  • Tip Sheet: Managing E-SIGN, E-Statements & E-Disclosures: Dos & Don’ts to Help Ensure Compliance
  • Sample Policy: Record Retention Policy for the Financial Industry
  • Whitepaper: Record Retention Rules for the Financial Industry
  • Guidelines: Record Retention Guidelines for the Financial Industry
  • Sample Policy: Confidential & Sensitive Information Policy for the Financial Industry
  • Employee training log
  • Interactive quiz
  • PDF of slides and speaker’s contact info for follow-up questions
  • Attendance certificate provided to self-report CE credits

NOTE: All materials are subject to copyright. Transmission, retransmission, or republishing of any webinar to other institutions or those not employed by your agency is prohibited. Print materials may be copied for eligible participants only.

Presenter Bio

Nancy Flynn – ePolicy Institute™
A recognized expert on workplace policy, communication, and compliance, Nancy Flynn is the founder and executive director of The ePolicy Institute, Business Writing Institute, and Marijuana Policy Institute. She provides training, writing, and consulting services to clients seeking to minimize compliance risks and maximize communication skills.

Flynn is the author of 13 books, including Writing Effective E-Mail, The ePolicy Toolkit, and The Social Media Handbook. An in-demand trainer, she conducts seminars, webinars, and one-on-one coaching for financial institutions, financial services firms, and other clients worldwide. She also serves as an expert witness in litigation related to electronic and workplace policies and procedures.

Registration Options

  • $245 – Live Webinar Access
  • $245 – OnDemand Access + Digital Download
  • $350 – Both Live & On-Demand Access + Digital Download

The federal E-Sign Act encourages use of electronic signatures, contracts, and document retention — if you follow the rules. Are your documents and delivery procedures “legally correct”? This webinar will teach you about electronic documents, delivery, disclosures, record retention, and more.

After This Webinar You’ll Be Able To:

  • Explain the Electronic Signatures in Global and National Commerce Act (federal E-Sign Act)
  • Determine when it is permissible to deliver disclosures, documents, and statements electronically
  • Understand the restrictions imposed on the use of electronic signature pads
  • Decide when the original document can be destroyed after it has been saved electronically
  • Determine when your institution can require the use of electronic documents

Webinar Details
Although the electronic age can make loan transactions more convenient, it can also cause complications. Before your institution can benefit from the federal E-Sign Act and use electronic signatures and electronic documents, you must deliver the proper disclosures to your borrowers and obtain their consent. You must ensure that your electronic documents and delivery system are “legally correct.” In addition, the regulatory agencies expect financial institutions to understand how their electronic loan document system operates and how it satisfies the legal requirements for using electronic signatures, electronic contracts, and electronic document retention.

Who Should Attend?
This informative session is designed for all staff involved on the loan side, such as loan operations personnel, loan officers, technology staff, attorneys, compliance officers, and managers.

Take-Away Toolkit

  • Sample language to obtain borrowers’ consent to use and receive electronic signatures, electronic disclosures, and electronic documents
  • Employee training log
  • Interactive quiz
  • PDF of slides and speaker’s contact info for follow-up questions
  • Attendance certificate provided to self-report CE credits

NOTE: All materials are subject to copyright. Transmission, retransmission, or republishing of any webinar to other institutions or those not employed by your agency is prohibited. Print materials may be copied for eligible participants only.

Presenter Bio

Elizabeth Fast JD, CPA – Spencer Fane LLP

Elizabeth Fast is a partner with Spencer Fane Britt & Browne LLP where she specializes in the representation of financial institutions. Fast is the head of the firm’s training division. She received her law degree from the University of Kansas and her undergraduate degree from Pittsburg State University. In addition, she has a Master of Business Administration degree and she is a Certified Public Accountant. Before joining Spencer Fane, she was General Counsel, Senior Vice President, and Corporate Secretary of a $9 billion bank with more than 130 branches, where she managed all legal, regulatory, and compliance functions.

Registration Options

  • $245 – Live Webinar Access
  • $245 – OnDemand Access + Digital Download
  • $350 – Both Live & On-Demand Access + Digital Download

Strategic-focused financial institutions endeavor to manage the perfect amount of risk-no more, no less. Learn more about “optimal risk-taking” with this detail-driven webinar.

Webinar Highlights

  • Overall view of enterprise risk management (ERM) and its three phases
  • Key steps to strengthen existing risk assessments
  • Characteristics and goals of risk assessments based on industry best practices
  • How to identify and assess your institution’s risks enterprise-wide
  • What is a risk assessment system (RAS) and its relationship to CAMELS rating?
  • The top eight risks and other important ones
  • How to conduct an ERM Risk Assessment using a matrix – the core of risk assessments
  • The various types of risk assessments based on the area of risk and what they consist of
  • Examples of ongoing monitoring and reporting tools and how to use them

Webinar Details
Financial institutions provide great value to the American economy. But that value comes with risks. Strategic-minded institutions do not strive to eliminate risk or even to minimize it — they strive to manage risk enterprise-wide so that just enough of the right kind of risk is incurred to effectively pursue their strategic goals. This is referred to as “optimal risk-taking.” This webinar will explore the characteristics of strong risk assessments so participants can address key areas in their own institutions. The presenter will share her experience in developing an enterprise-wide process and explain how to conduct risk assessments in a pragmatic, easy-to-understand way. Practical tools and examples will be provided that can be implemented immediately. Learn how to strengthen your existing risk assessments and create new ones for other areas as needed.

Who Should Attend?
This informative session is designed for risk managers/leaders, chief risk officers, compliance officers, internal auditors, chief operating officers, chief credit officers, and the entire risk management team.

Take-Away Toolkit

  • Enterprise risk management risk assessment matrix
  • Employee training log
  • Interactive quiz
  • PDF of slides and speaker’s contact info for follow-up questions
  • Attendance certificate provided to self-report CE credits

NOTE: All materials are subject to copyright. Transmission, retransmission, or republishing of any webinar to other institutions or those not employed by your agency is prohibited. Print materials may be copied for eligible participants only.

Presenter Bio

Marcia Malzahn – Malzahn Strategic

Marcia “Marci” Malzahn is the founder and keynote speaker at Crowning Achievements International — inspiring and educating emerging leaders in the financial industry. She is also president and founder of Malzahn Strategic, which provides management consulting to community financial institutions. Malzahn has 30 years of banking experience, with 10 years as the EVP/CFO/COO of a community bank she co-founded.

Malzahn speaks frequently at industry conferences, association events, and leadership and women’s conferences. She has published five books and received several professional awards. As a Certified Virtual Presenter, Malzahn provides online and onsite training for financial institutions. Malzahn is a certified life coach and a certified community bank director. She holds a bachelor’s in business management from Bethel University and is a graduate and faculty of the Graduate School of Banking in Madison, Wisconsin.

Registration Options

  • $245 – Live Webinar Access
  • $245 – OnDemand Access + Digital Download
  • $350 – Both Live & On-Demand Access + Digital Download

Love them or hate them… loan agreements can protect your financial institution, especially with business loans. Learn the details and objectives of these important agreements.

After This Webinar You’ll Be Able To:

  • Define the loan agreement
  • Know when a loan agreement is required to monitor a borrower’s activities
  • Understand the rights afforded by the loan agreement
  • Identify the key covenants to insert to monitor a borrower’s financial condition
  • Discern the relationship of the loan agreement to other loan documents

Webinar Details
All loans have loan agreements, although some are more tangible than others. Many financial institutions posit that loan agreements are simply too complicated and often attempt to avoid using them. However, loan agreements can benefit both the lender and the borrower. While the borrower must have sufficient latitude to operate the company, they must also agree to certain constraints to limit the institution’s credit exposure. Provisions in the loan agreement must be drafted to guarantee adequate cash is conserved by the borrower to ensure continued financial viability and to repay the loan.

This webinar will address formal loan agreements that are used in large or workout loans. It will define what this very formal and specific type of loan agreement is and what purposes it serves. A loan agreement is a legally binding document with the following objectives:

  • Set forth the agreement between the financial institution and the borrower by clearly and concisely defining the duties and responsibilities of both parties
  • Establish restrictions and qualifications on the borrower’s activities and financial condition, which are set out by affirmative and negative covenants
  • Prepare an alternative plan of action that both parties agree to abide by should various contingencies make the original plan inoperable
  • Serve as a communication tool and monitoring device by requiring the borrower to submit certain documents at specified times and notify the lender about certain plans (e.g., periodic financial statements and financial projections)

Who Should Attend?
This beneficial webinar is designed for senior credit officers, senior loan officers, credit administration officers, loan review personnel, compliance auditors, commercial loan officers, consumer loan officers, branch managers, and credit analysts.

Take-Away Toolkit

  • Loan covenant matrix that will recommend certain financial covenants to control various financial factors of the borrower
  • Employee training log
  • Interactive quiz
  • PDF of slides and speaker’s contact info for follow-up questions
  • Attendance certificate provided to self-report CE credits

NOTE: All materials are subject to copyright. Transmission, retransmission, or republishing of any webinar to other institutions or those not employed by your agency is prohibited. Print materials may be copied for eligible participants only.

Presenter Bio

Jeffery W. Johnson, MBA – Bankers Insight Group

Jeffery Johnson has been in financial services more than 40 years. He has been VP and senior lender for a large regional bank and SVP and commercial banking division manager for a community financial institution. Most of his career has been spent in credit administration, lending, business development, loan review, management, and training and development. Over the last 17 years, Johnson has provided training for several banking associations and individual financial institutions nationwide.

Johnson holds a bachelors in accounting from Morehouse College in Atlanta, an MBA in finance from John Carroll University in Cleveland, a Diploma of Graduation from the Prochnow School of Banking at the University of Wisconsin-Madison, and a Graduate Certificate in Bank Management from the First American Management Institute at the University of Pennsylvania’s Wharton School of Business.

Registration Options

  • $245 – Live Webinar Access
  • $245 – OnDemand Access + Digital Download
  • $350 – Both Live & On-Demand Access + Digital Download

CDD is a crucial aspect of BSA — but there’s much more to the fifth pillar than that! This informative program will cover all the aspects, challenges, and requirements. Join us to get the keys to the BSA kingdom for customer due diligence, beneficial ownership, risk profiles, and monitoring.

After This Webinar You’ll Be Able To:

  • Navigate the gray areas of identifying beneficial owners
  • Get the information you need without sacrificing the accountholder experience
  • Initiate event-triggered account reviews to ensure beneficial ownership and risk profile information is current and conforms to regulatory standards
  • Audit your CDD program to prepare for the next exam
  • Review the new SSN verification (eCBSV) service to determine if your institution should enroll
  • Understand the impact of the AML Act of 2020 on the future of CDD requirements

Webinar Details
When you think of CDD, you probably go right to the beneficial ownership requirements. But BSA’s fifth pillar is comprised of four core elements:

  • Customer identification and verification
  • Beneficial ownership identification and verification
  • Development of a customer risk profile
  • Ongoing monitoring

These regulatory essentials significantly impact the account opening process, adding additional steps and affecting the due diligence required. This session will provide effective ways to gather and verify beneficial owner information and present best practices for obtaining information to establish the account’s purpose and anticipated activity. Acquiring this data is just part of the process. What is done with the information once you have it? How do you know when something is outside the “norm”? What triggers require an update to the information on file? Join this jam-packed session to learn solutions to the hurdles encountered in meeting the CDD rule requirements.

Who Should Attend?
This informative session will benefit new accounts staff, branch managers, loan officers, loan processors, BSA/AML officers, and compliance officers.

Take-Away Toolkit

  • Beneficial ownership calculator
  • Sample CDD policy language
  • Sample accountholder risk profile
  • Sample business accountholder questionnaire
  • Sample high-risk accountholder review form
  • Employee training log
  • Interactive quiz
  • PDF of slides and speaker’s contact info for follow-up questions
  • Attendance certificate provided to self-report CE credits

NOTE: All materials are subject to copyright. Transmission, retransmission, or republishing of any webinar to other institutions or those not employed by your agency is prohibited. Print materials may be copied for eligible participants only.

Presenter Bio

Dawn Kincaid – Brode Consulting Services Inc

Dawn Kincaid began her banking career while attending The Ohio State University. She has over 20 years’ experience in client service, operations, information technology, administrative and board relations, marketing, and compliance. Most recently Kincaid served as the senior vice president of operations for a central-Ohio-based community bank, where she created and refined policies and procedures, conducted self-audits and risk assessments, and organized implementation of new products and services. Kincaid has served in the roles of compliance, BSA/AML, CRA, privacy, and security officer. She has led training initiatives, prepared due diligence information, completed a variety of regulatory applications, coordinated internal and external audits and exams, and presented for numerous state associations.

Registration Options

  • $245 – Live Webinar Access
  • $245 – OnDemand Access + Digital Download
  • $350 – Both Live & On-Demand Access + Digital Download

Perfecting your security interest in collateral must be done perfectly! Learn how to avoid losses and properly complete (or correct) the UCC-1 and UCC-3 forms. All lending staff will benefit from this detail-oriented webinar.

After This Webinar You’ll Be Able To:

  • Properly complete every section of the UCC-1 Financing Statement and the UCC-3 Financing Statement Amendment
  • Distinguish between the need for the UCC-1 Addendum and the need for the UCC-3 Addendum
  • Determine when a termination versus an amendment or assignment of an existing UCC filing is required
  • Correct an inaccurate or improperly filed UCC-1 Financing Statement
  • Know how to handle a situation where a debtor changes name or address

Webinar Details
Filing a UCC-1 Financing Statement is the most frequently used method to perfect your institution’s security interest in collateral. The completion of the UCC-1 form and the determination of the appropriate filing office can be tricky. An improperly completed or improperly filed UCC-1 will result in loss of your institution’s perfected security interest. This webinar will explain how to properly complete each section of the UCC-1 and where to file the UCC-1 in every type of consumer and commercial situation. Furthermore, filing a UCC-3 Financing Statement Amendment is required in various situations, such as when your institution needs to extend, amend, assign, or terminate an existing UCC filing. This webinar will explain the situations when your institution must file the UCC-3 and how to properly complete it.

Who Should Attend?
This informative session will benefit any personnel involved in the credit process, including loan operations personnel, loan officers, compliance personnel, auditors, attorneys, and managers.

Take-Away Toolkit

  • UCC-1 Financing Statement and Addendum, including instructions
  • UCC-3 Financing Statement Amendment and Addendum, including instructions
  • Employee training log
  • Interactive quiz
  • PDF of slides and speaker’s contact info for follow-up questions
  • Attendance certificate provided to self-report CE credits

NOTE: All materials are subject to copyright. Transmission, retransmission, or republishing of any webinar to other institutions or those not employed by your agency is prohibited. Print materials may be copied for eligible participants only.

Presenter Bio

Elizabeth Fast JD, CPA –  Spencer Fane LLP

Elizabeth Fast is a partner with Spencer Fane Britt & Browne LLP where she specializes in the representation of financial institutions. Fastis the head of the firm’s training division. She received her law degree from the University of Kansas and her undergraduate degree from Pittsburg State University. In addition, she has a master of business administration degree and she is a Certified Public Accountant. Before joining Spencer Fane, she was general counsel, senior vice president, and corporate secretary of a $9 billion bank with more than 130 branches, where she managed all legal, regulatory, and compliance functions.

Registration Options

  • $245 – Live Webinar Access
  • $245 – OnDemand Access + Digital Download
  • $350 – Both Live & On-Demand Access + Digital Download

If ACH is a product that you are selling or want to sell, and ACH is new to you, you’ll want to join us for this webinar. We’ll help you understand what ACH is and how it works. You have the responsibility to choose wisely when offering ACH Origination services to your customers. Within the ACH Rules, the Originator and Originating Bank carry most of the risk. Know what your responsibilities are and how to manage your risk.

What You’ll Learn

  • What is ACH
  • Good customers for ACH
  • Most used ACH products
  • ACH Rules around the products
  • Managing your ACH Risk

Who Should Attend
This course is designed for lenders, senior staff, cash managers, operations staff with limited knowledge of ACH, and those that are interested in gaining knowledge on ACH origination and risk.

Presenter Bio
Mary Kate Cole, AAP, CAE, principal of MK Cole Consulting, has nearly two decades of bank operations experience. Cole is an experienced ACH Auditor as well as speaker on payments related topics. She was VP of the Upper Midwest ACH Association for over 15 years. At that time, she was responsible for member education, ACH Audits and problem solving as well as ACH Development projects. Cole has been active in several National ACH Association Rules Work Groups over her career. She is a popular speaker at both local and national conferences on electronic payments related topics.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person

Your financial institution is full of customers who require many types of services. The BSA exam identifies many services and customers as high-risk for money laundering. We will cover the high-risk customers and services listed in the BSA exam manual and begin to see their impact on our AML program. We will look at what makes a customer or service high risk. What extra due diligence is required when the customer is high risk? And can the high-risk customers and services impact your bank’s BSA risk rating?

Covered Topics

  • Nonresident Aliens and Foreign Individuals (NRA)
  • Politically Exposed Persons (PEP)
  • Embassy and Foreign Consulate Accounts
  • Nonbank Financial Institutions and MSBs
  • Professional Service Providers
  • Nongovernmental Organizations and Charities
  • Cash Intensive Business
  • Bulk Shipments of Currency
  • Electronic Banking
  • Funds Transfers
  • ACH
  • Electronic Cash
  • Monetary Instruments
  • Cannabis related businesses (MRBS and HRP)
  • Third Party Payment Processors (TPPPs)

Who Should Attend
This webinar is designed for BSA Officers, BSA Coordinators, Compliance Officers, and Security Officers.

Presenter Bio
Deborah Crawford is the president of Gettechnical Inc., a Virginia based training company. She specializes in the deposit side of the financial institution and is an instructor on IRAs, BSA, Deposit Regulations and opening account procedures. She was formerly with Hibernia National Bank (now Capital One) and has bachelor’s and master’s degrees from Louisiana State University. She has 30+ years of combined teaching and banking experience.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person

Law enforcement officials and financial institution examiners often say that Suspicious Activity Report (SAR) narratives are inadequate. The narrative portion of a SAR is critical to understanding the nature and circumstances of the suspicious activity. The care with which the narrative is completed may determine whether the described activity and its possible criminal nature are clearly understood by investigators. Filers must provide a clear, complete, and concise description of the activity, including what was unusual or irregular that caused suspicion.

This session will explain what information should be included in the narrative, the level of information needed and how the information should be presented. We’ll also discuss some tips from law enforcement officials to help craft narratives that provide the most effective snapshots of the activity and transactions being reported.

What You Will Learn

  • Thresholds for Filing SARs
  • The Importance of the SAR Narrative
  • Answering the 5 W’s (and the How’s)
  • What to Leave In, What to Leave Out
  • Using Descriptive Terms
  • Documentation
  • Tips from Law Enforcement
  • Confidentiality of SARs

Who Should Attend
This session will be beneficial for Bank Secrecy Act Compliance Officers, Compliance Officers, CEOs, and staff responsible for reporting suspicious activity.

Presenter Bio
Kristen Tatlock is a nationally-known speaker and compliance consultant with over 30 years of experience in the credit union compliance arena. Tatlock assists credit unions with issues ranging from advertising rules to bylaws, from social media compliance matters to Regulation Z, and just about every regulation and compliance concern in between.

Tatlock has earned Compliance and Bank Secrecy Act certifications from the two national credit union trade associations. She regularly presents compliance training programs for CUNA, NAFCU, and many state Leagues around the country. She has also edited and revised numerous compliance training courses and modules for CUNA CPD and has authored several articles for various CUNA publications.

Registration Options

Live Access, 30 Days OnDemand Playback, Presenter Materials and Handouts $279

  • Available Upgrades:
    • 12 Months OnDemand Playback + $110
    • 12 Months OnDemand Playback + CD + $140
    • Additional Live Access + $75 per person