Top 5 Regulatory Priorities for 2010Banking Institutions Should Prepare for 'The Year of Consumer Protection'
With regulatory reform and consumer protection high on the agenda, financial institutions should face new pressures on several fronts, say industry observers.
Here are the top five regulatory issues for banking institutions to consider in 2010:
1. Real Regulatory Reform
The House passed the Wall Street Reform and Consumer Protection Act of 2009 on December 11. The bill's many provisions affect securities and banking regulation. The sweeping reforms include the Financial Stability Improvement Act, creating a systemic risk regulator; strengthening regulation of depository institutions and bank holding companies; improving the asset-backed securitization process; and providing for an enhanced dissolution authority. The legislation also would create a Consumer Financial Protection Agency (CFPA), reform the over-the-counter derivatives market, subject hedge funds to stricter scrutiny, impose new corporate governance mandates, adopt heightened requirements for credit rating agencies and expand regulatory enforcement powers. Among other measures, the legislation features expansive consumer mortgage protections and creates a Federal Insurance Office. "If enacted, this legislation would provide a sweeping overhaul of U.S. financial services and markets," says CCH Principal Securities Analyst Jim Hamilton. "It addresses a wide range of securities and corporate governance issues, realigns regulatory agencies and would subject entities such as credit rating agencies and hedge funds to a level of scrutiny they have never known before."
But if the proposed regulatory reform doesn't happen early in 2010, says Christie Sciacca, a former regulator at the FDIC and an executive at consultancy LECG, it may not happen at all. "I think history shows that the longer it takes for something to happen, the harder it will be to get it done," Sciacca says. "Large banks are showing recovery in profits, even though there are still large loan loss provisions and perhaps more to come. That said, at some point, Congress and the Administration will get on to something else."
2. BSA/AML Enforcement to Rebound
While 2009 was primarily focused on safety and soundness by banking regulators, the pendulum is poised to swing back to core compliance issues including Bank Secrecy Act/Anti-Money Laundering (BSA/AML) issues, says Sai Huda, CEO of Compliance Coach, a California-based industry risk management firm. "Nearly 70 percent of all enforcement actions year to date in 2009 against banks were related to safety and soundness," Huda notes. The questions regulators wanted to know included "is the bank well capitalized, is its loan loss allowance adequate, does it have sufficient liquidity to survive the economic downturn, is it making safe and sound loans?"
BSA/AML issues will increase in 2010. predicts Huda, "since banks had taken their eye off this risk issue in 2009, and the money launderers know it." The pendulum will swing to consumer protection risk issues. and this topic will dominate. "Once Congress completes passage of the Consumer Financial Protection Agency (CFPA), it will be focused exclusively on consumer protection risk issues," he says.
3. 2010: The Year of Consumer Protection
When it is up and running, the CFPA will examine banks and non-banks for consumer protection compliance. The intensity will increase on consumer risk issues such as compliance with ECOA (Equal Credit Opportunity Act), FHA (Federal Housing Administration) HMDA (Home Mortgage Disclosure Act), RESPA (Real Estate Settlement Procedures Act), FCRA (Fair Credit Reporting Act), FDPA (Flood Disaster Protection Act), SAFE Act (Secure and Fair Enforcement for Mortgage Licensing Act), TILA (Truth In Lending Act) and UDAP (Unfair and Deceptive Practices Act).
The CFPA will be powerful regulator, predicts Huda. "They will exclusively examine banks over $10 billion for consumer compliance. The primary regulator will examine banks with $10 billion or less in assets for consumer compliance, however, the CFPA can monitor these exams, participate in exams or completely remove a bank's primary regulator and take over consumer compliance exams," he adds. The CFPA will also have full enforcement powers.
The CFPA will create a consumer complaint system and use it to trigger examinations or prosecutions. "Is the bank discriminating in its lending? Or is the bank lending unfairly or deceptively?" Huda says. "There will be several fair and responsible lending enforcement actions and lawsuits." He also recommends institutions begin now to clean up their lending practices in advance of this agency's scrutiny, or be ready for some enforcement actions.
On the credit union front, the National Credit Union Administration (NCUA) also has made consumer protection a top-line issue, establishing a new Consumer Protection Office. In an interview earlier this year, Michael Fryzel, then chair of the NCUA, outlined this new office's core mission.
4. ID Theft Red Flags Exams: Year Two
Despite regulators stating that examinations have taken place as scheduled in 2009, Compliance Coach's Huda asserts that federal banking regulators are lagging in examining for Identity Theft Red Flags Rule compliance. "They are also taking a very high level, top-down approach, due to resource constraints and need to focus on safety and soundness, so issues will not surface until late 2010 and 2011," he adds. One other reason for the lagging examinations is the Federal Trade Commission's fourth delay of enforcement for state-chartered credit unions and creditors, which Huda says "will de-motivate bank regulators to prioritize, so the other risk issues will dominate." In an interview earlier this year, Deborah Matz, chair of the National Credit Union Administration (NCUA), said 55 credit unions had been found in Red Flags non-compliance. Meanwhile, in a new interview, Jeff Kopchik of the FDIC predicts that examiners will take a more exacting approach toward red flags compliance in 2010, focusing on key deficiencies uncovered during the first round of examinations.
5. Federal Data Breach Notification Bill
In December, the House of Representatives passed a version of a federal data breach notification bill. The Senate will probably not get around to its version until sometime in 2010. But the question isn't if, but when a final bill is passed, say industry experts. There are several measures that, when passed, would preempt existing state regulations. The three leading proposals, including the bill passed by the House and the two measures passed by the Senate Judiciary Committee in November, would require notification only when data stored electronically is lost or stolen.
For insights on breach notification/privacy trends, see this recent interview with J. Trevor Hughes, Executive Director of the International Association of Privacy Professionals (IAPP).