2017 regulatory review: a mixed bag

2017 began with a bang as hope permeated the banking industry.

A new administration promised to ease the compliance burden through deregulation, even commanded such through an Executive Order to revoke two existing regs for each new one issued.

Despite these attempts, the year went out with a whimper. The industry has yet to see any substantive change that could be considered burden reduction. While many changes remain bottlenecked inside the legislative process, agencies continued to finalize new regulatory requirements that had already been in the reg-writing pipeline before the reduction order took effect.

Because of this uncertainty, financial institutions have had to rethink their regulatory change management processes. In a climate rife with continuous and often complicated change, the industry turned to technology, which some call “regtech”—as well as hybrid solutions that combine expertise with technology—as a source of stability and to generate predictable outcomes.

Last year presented more “actionable items”—our term for a regulatory tweak that requires a financial institution to take some sort of action in response—than any time in recent banking history. There were more final rules issued (including one repeal); guidance documents published; updated booklets; and manuals updated—than ever before. Regulators issued a staggering 200-plus of these actionable items.

Against the backdrop of a desire for deregulation, other key themes rounded out the year:

• New exam criteria sharpened supervisory expectations for consumer compliance.

• Administrative controversy plagued the CFPB, as its authority (and existence) underwent review.

• Public sentiment turned against regulators in the wake of high-profile scandals and breaches.

• Controversial rules on payday lending and arbitration were delayed or modified.

• Mayhem prevailed in mortgage compliance with HMDA reporting and servicing rules seeing significant overhaul.

Let’s look at each of these developments in more detail.

New exam criteria

During this murky time, an element of clarity was the newly updated consumer compliance rating system. The first upgrade to this rating methodology in over 40 years offered meaningful and actionable guidance on how financial institutions can prepare for examinations across 12 assessment criteria.

The new criteria require examiners to assess four elements of board and management oversight (including how well institutions manage regulatory change), plus four elements of the compliance program in place. The last four criteria direct examiners how to evaluate violations of law, if found, and the extent of consumer harm such violations caused. Examinations taking place after March 31 applied the new rating system.

Confusion at CFPB

Since its inception, and well before Director Cordray’s resignation, CFPB has been a source of controversy. Legislators have sought to eliminate or modify the single-Director structure of the bureau, with several different bills proposing a panel structure or various advisory councils for governance. Talk also surfaced at various times about decommissioning or de-funding the bureau. Previously, the U.S. Appeals Court announced that a case deeming the CFPB unconstitutional in its nature would move forward in 2018.

Richard Cordray’s resignation, preceded by his nomination of Leandra English as his acting replacement, and President Trump’s appointment of Mick Mulvaney to the same acting post, has stoked ambiguity. The situation is still unfolding, in part because New York-based Lower East Side People’s Federal Credit Union has called on a federal court to remove Mulvaney and affirm English as the acting head of the bureau, citing the regulatory chaos that his appointment has caused. Meanwhile, English has been pursuing an injunction intended to install herself as acting head of the bureau.

While the fate and nature of CFPB remains uncertain, the silver lining is that even a shift in structure or leadership is unlikely to impact the methodology by which banks and credit unions are evaluated. The last methods were applied for four decades, so change in the short term is unlikely. Developing a solid compliance management system that adheres to the principles mandated in the assessment criteria was and will remain a sound strategy for years.

Changing public sentiment toward regulators

Two significant events impacted public sentiment toward regulatory bodies: Wells Fargo’s ongoing woes and the Equifax security breach.

In July, Wells Fargo’s forced placement of collision insurance on approximately 800,000 consumer auto loans resulted in thousands of wrongful delinquencies and repossessions. This public scandal came less than a year after CFPB fined Wells Fargo $185 million for wrongfully opening accounts for consumers without their.

During the first Wells Fargo scandal, there was speculation that CFPB would issue rules or guidelines on account opening incentives to discourage similar activity in the future. Although both events were widely discussed, consumers typically have a short memory for these types of controversies and public outcry quickly died down.

The Equifax data breach happened in March, and was publicly disclosed by the company in September. This breach had a more widespread impact on consumers, and heightened industry concerns around cybersecurity. Modest estimates placed the impact of the data breach at 143 million consumers, nearly half of the population of the U.S.

Experts were surprised and dismayed to learn of the vulnerabilities of a service provider as large and sophisticated as Equifax. Financial institutions reacted strongly, taking a renewed interest in how their third-party vendors manage cybersecurity risks.  

The number of affected consumers added to the industry’s concerns regarding cybersecurity, and underlined the need for more direct and specific regulatory oversight of this area at the federal level. Consumer-friendly states like New York led the charge on adopting enhanced regulations. Federal regulators have yet to follow suit, though in his first meeting with reporters new Comptroller Joseph Otting indicated concerns in this area.

Controversy around payday lending

One of the more controversial regulations of the year was the CFPB payday lending rule finalized in October. The new regulations place an emphasis on lenders determining a borrower’s ability to repay; enforce cutoffs that restrict how often lenders can attempt to debit a borrower’s account; and encourage smaller loan amounts with longer repayment timelines and less risky loan options for lenders.

The ruling becomes effective on Jan. 16, 2018, and has a mandatory compliance deadline of Aug. 19, 2019.

While traditional bankers see the rule as an overdue attempt to curtail predatory lending, many payday lenders have taken steps to sue CFPB over the new reg. And last December 2017, a bipartisan resolution to repeal the rule was introduced in the House. Supporters cited the importance of these loan types for consumers with short-term cash flow issues.

In addition to legislative threats, the rule is even more vulnerable thanks to the bureau’s leadership controversy. Acting Director Mulvaney lacks authority to repeal the rule, but he can extend its effective date or reopen the comment period. The drama unfolding around payday lending regulations showcases the divided perception of the role of regulatory requirements, especially in 2017, when this sharp rift has resulted in so many consecutive changes to the same regulations (i.e. HMDA and Mortgage Servicing).

Arbitration: perfect snapshot of 2017 regulatory environment

The finalization and subsequent congressional repeal of the CFPB arbitration agreements rules illustrates the confusion and uncertainty in the regulatory environment.

The original rule prevented financial services providers from forcing consumers into arbitration instead of enabling them to pursue lawsuits. Immediately following publication of the final rule, certain members of Congress and lobbyists called for its repeal.

That repeal, by way of a House-passed Congressional Review Act resolution, was approved by the Senate and signed by the President in November. The industry had never seen a regulation issued and then repealed so quickly.

HMDA amendments impacting lending, including CRA and ECOA

2017 saw amendments to amendments as well. This year’s changes to the 2015 HMDA Amendments had a profound impact on the industry upon their release in August organizations have scrambled to prepare for the Jan. 1, 2018, deadline.

In keeping with the tone of uncertainty, industry insiders believe bankers should brace for the possibility of even more HMDA changes in 2018. Congress may even attempt to extend the due date and revise the reporting criteria.

Amendments to the Community Reinvestment Act (CRA) and the Equal Credit Opportunity Act (ECOA) were also needed to align with the HMDA amendments.

The CRA amendments use definitions of "home mortgage loan" and "consumer loan" that are consistent with the revised HMDA reporting criteria. ECOA was amended to permit creditors to collect the expanded demographic information required by the new HMDA rules. Without these updates to CRA and ECOA, lenders would be forced to apply disparate definitions for the same loan types, and the different demographic data collection rules would also make reporting extremely challenging.

Guidance offered on TRID through amendments

CFPB finalized amendments to TRID in 2017 and proposed additional amendments. (TILA RESPA Integrated Disclosures) Some additional mortgage lending regulations that CFPB proposed this year focused on clarifying TRID, specifically offering guidance around common questions that lenders had raised over the last two years. Some of those updates include clarification around common construction lending questions and whether making changes to a loan a few days before closing requires a new statement. This represents one attempt of many in 2017 to clarify existing regulations.

Clarifying common mortgage servicing concerns

In July, CFPB published amendments to its 2016 Mortgage Servicing amendments, effective in October 2017 and April 2018. Early intervention notice requirements were amended effective Oct. 19, 2017, and proposed amendments to periodic statements will become law in April 2018.

The general rule established in 2016 states that once a borrower becomes delinquent, mortgage servicers must notify that consumer of available foreclosure prevention options every 45 days. At the same time, servicers are prohibited from sending the notices more than once in a 180-day period.

Lenders expressed concern about this 180-day window for providing a subsequent notice, observing that if the day fell on a weekend or holiday, it would be impossible to comply. In response to this concern, the amendment provides a ten-day extension period. CFPB also clarified timing requirements for modified statements for borrowers in bankruptcy.

In other important but less complicated developments:

• A revised Call Report template was introduced effective with the March 31 filing for use by financial institutions with no foreign branches and assets under $1 billion.

• Regulation CC was amended to modernize electronic check collection and return procedures. The new rules, effective July 1, 2018, establish warranties for electronic presentment.

Summing it up

In conclusion, 2017 presented the financial services industry with a challenging and confusing regulatory environment in a constant state of flux. Supervisory agencies and Congress seemed to have conflicting objectives at times, which manifested in startlingly swift responses or retractions of each other’s progress.

Regulatory change in all forms, whether new requirements or deregulation efforts, requires significant time and effort to implement.

Because of the incessant changes throughout this year, with more than 200 actionable items that financial institutions carefully implemented, the regulatory burden has been more strenuous than ever.

Part 2 of this series will offer insights for 2018 and strategies for managing regulatory change.

About the authors

Pam Perdue is chief regulatory officer and executive vice-president at Continuity. Donna Cameron is director of regulatory I/O, CRCM, CCBCO. Continuity is a provider of regulatory technology (regtech) solutions that automate compliance management for financial institutions of all sizes.