Bank Insurance Agency Management
Community Banks and Insurance
Compliance and Risk Management
Wealth Management
Insurance Product Marketing

Thursday, October 20, 2016

ABA Comments on Proposed TRID Revisions

In a joint comment letter with the Consumer Bankers Association on Tuesday, ABA responded to a proposal by the Consumer Financial Protection Bureau to amend the TILA-RESPA integrated disclosure rule. The proposed changes would codify informal guidance and clarifications that the bureau has issued since the rule was originally finalized.

Lack of clarity about liability for unintentional mistakes and technical noncompliance with TRID remains a major concern among lenders and investors, the associations said. To help address these concerns, they urged the bureau to take several steps, which include publishing the specific statutory provisions relied upon to implement TRID’s disclosure provisions and granting a “safe harbor” for model forms issued by the bureau, which lenders can use to guide their formatting and calculation for the disclosures. They also called for an extension of the “good faith” compliance examination policy -- which has been in place since TRID was first issued -- until the compliance deadlines for the proposed rules. Finally, they recommended that the CFPB establish a formal process to address ongoing compliance and legal issues related to TRID as they arise.

The groups expressed support for a number of proposed fixes in the rule, including those allowing creditors to use corrected closing disclosures to reset applicable good faith tolerances when there are fewer than four business days remaining before consummation or when the closing disclosure has already been issued. They called for further clarification on several specific provisions as the rulemaking moves forward, and importantly, asked that temporary financing, such as construction loans, be entirely excluded from TRID coverage.

“[T]he associations are very appreciative of the numerous amendments offered in this proposal, and our preliminary analysis reflects that this proposed rule will resolve multiple ambiguities that banks deem significant,” the groups wrote. “[We] would urge that the bureau explicitly allow that any tolerance or cure provisions enacted in this rulemaking be made available for loans that predate this proposal. This step would allow for the correction of previous non-compliance caused by the interpretive ambiguity that the bureau is now fixing.”

Read the comment letter.

Private Flood Insurance Proposal Aims to Ease Compliance

The FDIC, OCC, Federal Reserve, Farm Credit Administration and National Credit Union Administration yesterday issued a proposed rule implementing the 2012 Biggert-Waters flood insurance reform law’s efforts to stimulate a robust marketplace for private flood insurance that would offer a competitive alternative to the National Flood Insurance Program.

The proposal, which revisits a proposed rule issued three years ago, includes several provisions responsive to concerns ABA raised in its comment letter. Among them are an expansion of the compliance safe harbor included in the original proposal and granting discretion for lenders to accept, under certain conditions, policies that do not meet the statutory definition of private flood insurance.

The proposal also includes a carve-out for insurance-like coverage provided by mutual aid societies. Comments on the proposal are due 60 days after it is published in the Federal Register

Read the proposed rule.

Agencies Seek Comment on Large Bank Cyber Standards

The Federal Reserve, FDIC and OCC yesterday issued an advance notice of proposed rulemaking seeking comments on a set of enforceable cybersecurity standards for banks with more than $50 billion in assets. The new standards would be designed to supplement, not replace, existing interagency requirements and guidance for cyber resilience.

The agencies said they are considering three main approaches to implementing the standards: proposing minimum requirements for a cyber risk governance framework, similar to previous interagency supervisory guidelines; proposing regulations containing specific cyber risk management standards in five categories (cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience and situational awareness); and, most prescriptively, proposing standards that include specific objectives in each category.

Possible objectives in the aforementioned categories would include a written, board-approved, enterprise-wide cyber risk management strategy and risk appetite; “adequate” board expertise in cybersecurity; senior cybersecurity managers who report independently to the board; assessments of cybersecurity risk management at the business unit level; cyber risk built into an independent risk management function; inventories of all internal and external assets that affect cyber risk management; real-time monitoring of external dependencies; and transition and backup plans in the event of a successful cyber attack.

Along with bank members of the Financial Services Information Sharing and Analysis Center, ABA has been leading cooperative, private-sector efforts to improve the cyber-resilience of the financial system. ABA will carefully review the proposal and provide comments by Jan. 17, 2017.

Read the proposal.

Tuesday, October 18, 2016

OCC FAQ on the FFIEC Cybersecurity Assessment Tool

On June 30, 2015, the Federal Financial Institutions Examination Council (FFIEC),1 on behalf of its members, issued a Cybersecurity Assessment Tool (Assessment) that financial institutions may use to evaluate their risks and cybersecurity preparedness. At the same time, the Office of the Comptroller of the Currency (OCC) announced that examiners will gradually incorporate the Assessment into examinations of national banks, federal savings associations, and federal branches and agencies (collectively, banks) of all sizes. Appendix A of this bulletin contains answers to frequently asked questions (FAQ) that bankers have posed to OCC examiners and policy staff members. Separately, this bulletin includes additional answers to FAQs that the FFIEC recently issued on behalf of its members. The OCC and FFIEC answers are designed to foster further industry and examiner understanding of the Assessment.

Read the full FFIEC FFIEC Cybersecurity Assessment Tool FAQ.

Thursday, October 13, 2016

CFPB Updates TRID Compliance Guide

The Consumer Financial Protection Bureau yesterday issued an updated small entity compliance guide to the TILA-RESPA integrated disclosures. The guide incorporates guidance from recent compliance webinars on records retention; construction loans; disclosures of seller-paid costs; and form completion, formatting, revision and delivery, among other topics. The bureau also issued a revised guide to the Loan Estimate and Closing Disclosure forms.

Download the compliance guide.

Download the updated guide to forms.