It’s no secret that keeping your financial institution up-to-date and compliant with all laws, regulations and policies is an important piece of a successful business model.
From facing common compliance issues to deciding which documents to keep—and making sure you’re following all rules and regulations—there are many items that require close attention to ensure you remain compliant.
Common Compliance Issues
While there are many compliance issues banks must pay attention to, below are some common issues we wanted to point out. While this list is not exhaustive, it does include important items to keep in mind to keep your bank compliant.
Not sure where to start on your journey to compliance? Our compliance helpline is here for you.
Privately Owned ATMs
You may be wondering why you need to worry about an ATM your bank doesn’t own. However, there are risks that come with privately owned ATMS and your bank may need to make enhancements to address these increased risk areas.
Privately owned ATMs are usually found in restaurants, bars, gas stations and more. These ATMs link to an ATM transaction network that debits the customer’s account and credits the ATM owner’s account, or the Independent Sales Organization’s (ISO) account, which can be located anywhere. The reason these ATMs have been deemed higher risk is that many of them have been involved in fraudulent activity, identity theft and money laundering.
Security enhancements should be made to the bank’s systems and customer identification program (more info on that later) to manage associated risks. At a minimum, these policies, procedures and processes should include:
Before you begin your review, ask yourself the following questions:
Consumer Identity and Prepaid Cards
The Financial Crimes Enforcement Network (FinCEN), has begun to regulate the issuance of reloadable cards issued by financial institutions via the USA PATRIOT Act.
The customer identification program, or CIP, is a provision that deems that all accounts must be opened only after obtaining the customer’s name, address, date of birth and identification number. They must also follow identity verification procedures similar to all other deposit or credit accounts, and specific account recordkeeping and notice requirements must be followed.
What Is Considered an Account?
An account is defined by the CIP rule as a “formal banking relationship established to provide or engage in services, dealings or other financial transactions, including a deposit account, transaction or asset account, a credit account or other credit extension.” So, which prepaid cards are accounts, and which are not? It all boils down to whether the card is reloadable or not. If the card is not reloadable, the transaction is considered a one-time transaction that doesn’t need an ongoing relationship. When the card is reloadable, it is considered an account and the CIP rule must be followed.
Who Is the Customer?
Reloadable cards can be issued within a branch, sold online or issued via mail. Some financial institutions that provide merchant services to small businesses also provide a gift card or reloadable card service to the business. This makes that business an agent for the bank, but each customer of that agent would still be considered the bank’s customer.
So how does the financial institution ensure the CIP rule is being followed when a business issues a reloadable card to its customers? For the smaller institution, a closed-loop non-reloadable card is usually desired. This can help forgo the need to record and verify each individual customer. Another example is that of businesses who issue prepaid cards to employees or agents of that business. In the past, the business was considered the customer, whereas now, each individual cardholder operating on behalf of the business would need to be identified via the CIP rule.
These changes help minimize many threats. The limits on reloadable prepaid cards, as well as the CIP rule, can help fight the funding of terrorism, money laundering and other financial crimes.
Consumer Compliance Rating System
The new Consumer Compliance Rating System (CC Rating System), which was applied March 31, 2017, was designed with an emphasis on evaluating a financial institution’s Compliance Management System (CMS). It creates a comprehensive, consistent framework for all member agencies to apply, focusing on consumer protection, self-identification and proactively addressing compliance issues.
The rating system is based on a five-point scale, with “1” being the highest/best rating and “5” reflecting a critically deficient program. The rating system focuses less on transactional testing and more on the financial institution’s CMS, paying particular attention to practices that may cause consumer harm.
Guiding Principles
The CC Rating System was designed based on four key principles:
Categories and Assessment Factors
The CC Rating System is split into three categories and includes assessment factors in each category:
Consumer harm, self-identification and corrective action are common themes in the CC Rating System. If you have a strong CMS that includes board and management oversight, policies and procedures, training and monitoring with corrective action, your next compliance exam should go well.
Banking Marijuana
The world of marijuana banking has been filled with compliance risks for years. While marijuana is still illegal federally, many states have legalized it for medical and recreational use. Financial institutions must weigh the pros, cons and risks of providing services to businesses that sell marijuana products.
Legal Hemp Growing
The passing of the 2018 Farm Bill provided new opportunities for financial institutions to legally serve certain marijuana-related businesses. The Farm Bill changed the classification of hemp to an agriculture product, which allows the use of hemp fiber as well as CBD oil. The legalization of these types of cannabis enables banks to provide services without fear of legal ramifications.
Each state is responsible for following guidelines for what constitutes legal growing and use of hemp when creating their regulatory framework. The framework must:
Bank Secrecy Act Compliance
The Bank Secrecy Act is a very important regulation that financial institutions will adhere to when offering services to hemp-related businesses. There are three main areas that institutions must address in their policies and procedures.
Suspicious Activity Reports
Due to the illegality of marijuana federally, if a financial institution chooses to service marijuana-related businesses, they must file Suspicious Activity Reports (SARs) on a continual basis. After filing the initial SAR, they must conduct continuous 90-day monitoring and file the SAR within the required timeframes.
There are three types of SARs that must be filed based on the situation.
It’s important that financial institutions implement policies and procedures to outline what the institution must do and ensure that they are compliant. It’s imperative that the institution’s employees understand the difference between true marijuana and hemp or CBD as well as the different requirements for each. With proper policies, procedures and training in place, providing services to these types of businesses may be a lucrative opportunity for financial institutions.
MERS Requirements
Any financial institution that is a member of the Mortgage Electronic Registration System, Inc. (MERS) and is named the servicer for an active mortgage identification number (MIN) must meet certain quality assurance requirements.
Reconciliation is important to ensure the data on the MERS system matches the institution’s data. This requirement can sometimes be overlooked if an institution is registering mortgages through MERS for secondary market loans and not servicing the loans but had to buy-back a loan. You would then be servicing a mortgage with a MIN and would need to meet the reconciliation requirements. Depending on the type of MERS membership, an institution may need to complete an annual report and quality assurance plan as well as the data reconciliations.
To ensure compliance, institutions should review their membership agreement with MERS and determine if any MIN-registered mortgages are being serviced by the institution, which would require data reconciliations.
Rules & Regulations: Keeping Your Bank Up to Date
Financial institutions operate with some of the most complex rules and regulations, and keeping up with them can be challenging. Below are some common regulations and updates your financial institution should pay attention to in order to ensure your bank is protected.
UDAAP
The term UDAAP (Unfair, Deceptive and Abusive Acts or Practices) is a common term in daily conversation within the financial institution industry. But what exactly do these terms mean?
Unfair
Deceptive
Abusive
Targeted Products
Any consumer product or service has potential of being criticized for violations, but some of the most common include:
Managing Your UDAAP Risk
As UDAAP continues to challenge the industry, it is essential for financial institutions to evaluate their risks and do what they can to diminish the impact of violations on the organization. But with careful review, you can reduce the risk of potential violations and long-term impacts on your organization. A few proactive steps your bank can take include:
Ensure your controls and systems are properly designed and your clients’ data is safe.
Learn more about Service Organization Control (SOC)
Tax Exempt Instruments
Financial institutions have historically been one of the largest purchasers of tax-exempt debt instruments. One of the most frequent questions that arises regarding tax-exempt debt instruments is: what exactly qualifies for tax exempt treatment?
Tax-Exempt Notes Versus Bonds
The statutory exemption provided in IRC §103 applies to interest on any state or local bond. However, a state or local bond is defined as an obligation of a state or political subdivision of the state. An obligation must be documented or embodied in writing and executed by the state or political subdivision thereof in the exercise of its borrowing power. For tax purposes, there is no distinction between tax-exempt notes and tax-exempt bonds.
Role of Sovereign Power
The first question a financial institution must determine is whether the issuer is a political subdivision of a state. Political subdivision denotes any division of a state or local governmental unit which is a municipal corporation or which has been delegated the right to exercise part of the sovereign power of the unit.
The three generally acknowledged sovereign powers of states are the power to tax, the power of eminent domain and the power to police. It isn’t necessary that all three of these be delegated; however, possession of only an insubstantial amount of any or all sovereign powers is insufficient. All of the facts and circumstances must be taken into consideration, including the public purposes of the entity and its control by the government.
Nonprofits and Churches
One common misconception is that a loan made to a nonprofit would be considered tax-exempt. However, loans made to these organizations are not tax-exempt, and the interest earned on these is taxable.
Impact of Discounts
Knowing if a bond or loan is tax-exempt is vital when weighing the benefits of each instrument against other options. It is also important to know the impact of discounts on municipal securities. If securities are purchased at a discount on the issue date, the difference between the purchase price and par value is accreted into income and is treated as tax-exempt income. On the other hand, if municipal securities are purchased at a discount subsequent to the issue date, the discount accretion is taxed as ordinary income.
The taxation complexities that financial institutions face can be daunting. Our professionals can help you develop the perfect tax plan for your institution.
Documentation: Why it’s Important
When it comes to documentation and record keeping for banks, it can be overwhelming to make sure your institution is including the correct information on certain documents. Form 1099-K is one of those documents that needs special attention.
Not sure where to begin with number crunching and documentation?
1099-K Filing Requirements
Regulations require payment settlement entities to report the gross amount of merchant card payments and third-party network payments to recipients on IRS Form 1099-K. So, which entities are subject to these filing requirements? The Internal Revenue Code requires Payment Settlement Entities (PSEs) to file form 1099-K. PSEs can be defined as:
A participating payee is defined as any domestic person/organization who accepts payments via payment cards or from third-party settlement organizations. Payment card transactions can include the use of gift cards, prepaid phone cards and various other cards. These transactions should be reviewed to determine if they are subject to Form 1099-K reporting requirements.
Third-party network transactions can include a customer's purchase of goods from a merchant over the internet using an internet payment service provider (e.g. PayPal). As long as the internet payment service provider is unrelated to the parties of the transaction, the internet payment service provider will be considered to be a PSE/third party settlement organization for Form 1099-K reporting requirements. Organizations that don’t have contractual agreements to use the payment network and who operate a network which only processes electronic payments are not subject to the Form 1099-K reporting requirements.
Every entity considered a PSE that makes one or more payments in settlement of reportable transactions must file Form 1099-K with respect to each participating payee for that calendar year. However, third-party settlement organizations are only required to file Form 1099-K with respect to each participating payee if both the gross amount of total reportable payment transactions to that payee exceeds $20,000 and the total number of reportable payment transactions exceeds 200.
The gross amount of reportable payment transactions must be reported on Form 1099-K along with the payee’s name, address and tax ID number. The following transactions are not required to be reported on Form 1099-K:
Other Details to Be Aware Of
If an entity receives payments from a PSE on behalf of one or more participating payees and subsequently distributes these payments to one or more participating payees, then the entity is a participating payee with respect to the original PSE and a PSE with respect to the payees to whom the payments were subsequently distributed.
Over the past few years, there have been many new accounting standards. Get familiar with the revenue recognition standard, new lease standard, credit loss standard and impacts of ASU 2016-01.
Pulling It All Together
In order to keep your bank compliant, there are many rules and regulations you need to pay attention to. Whether it’s new accounting standards, legal provisions or monitoring for deceptive acts, financial institutions have many steps to compliance. But you don’t have to do it alone. A trusted advisor can help make sure your bank is in compliance with all rules and regulations.
Your financial institution deserves the top level of service.
Stay current on your favorite topics
Learn More
See what more we can bring to organizations just like yours.
Financial Institutions Regulatory ConsultingTake a deeper dive into this Insight’s subject matter.
Financial Institutions Regulatory Consulting