Pub. 8 2020 Issue 2

8 The Community Banker www.mibonline.org COMPLIANCE Q&A — SUMMER 2020 By Bill Showalter, Senior Consultant, Young & Associates, Inc. Compliance Q&A Credit Practices Rule. Q: Regulation AA was rescinded some time ago, but is a Notice to Cosigner still required when we are doing a loan that has a cosigner? A: Since the repeal of FRB Regulation AA (and similar rules by the Office of Thrift Supervision and National Credit Union Administration), there has not been an explicit requirement for banks, thrifts, and cred- it unions to give cosigners the Notice to Cosigner. Lenders under the enforcement authority of the Federal Trade Commission are subject to the FTC ’ s Credit Practices Rule, which requires such a notice (among other provisions). However, at the time the Federal Reserve Board (and other agencies) proposed the repeal of its Regulation AA, the agencies issued Interagency Guidance Regarding Unfair or Deceptive Practices (8/22/2014). In this document is a footnote (#11) that states: “ The Agencies note that the FTC ’ s Credit Practices Rule requires — and the former credit practices rules applicable to banks, savings as- sociations, and Federal credit unions required — creditors to provide a ‘ Notice to Cosigner ’ explaining the cosigner ’ s obligations and his or her liability if the borrower fails to pay. The Agencies believe that cred- itors have properly disclosed a cosigner ’ s liability if, prior to obligation, they continue to provide a ‘ Notice to Cosigner. ’” So, providing the Notice to Cosigner continues to be the best way to document that the bank has properly disclosed the liability that a cosigner is taking on when signing on to someone else ’ s loan. Red Flags. Q: Regarding an Identity Theft Prevention Program, what are the requirements for reporting to the bank’s board of directors? A: There is nothing in the regulation about how you accomplish the board reporting or how often you do it. That is left up to the bank. The requirements in the rule are that the board (or appropriate committee) approves the “ red flags ” program initially and that they (or a designated senior management employee) be involved in the oversight, implementation and administration of the program. If the board (or committee) is involved in this latter role, periodic reporting will be needed to keep them current on what is happening in the outside world and inside the bank ’ s walls/systems regarding identity theft issues since things change constantly. BSA. Q: I have filed a Suspicious Activity Report and need to report this to our board. How much should I disclose or need to disclose to them? Also, should the actual SAR filing be included in the board package? A: There is nothing in the BSA rules that spells out what must be communicated to the board, just that the board is to be notified of a SAR filing. Of course, if a board member is the subject of the SAR, the fact that one was filed about them must not be communicated to that person (as with any other subject of a SAR). We see a variety of how SAR filings are reported to the board (or ap- plicable board committee). A common method seems to be to report that a SAR was filed about a person(s) structuring or regarding elder Young & Associates provides banks and thrifts with support for their compliance programs, independent reviews and in-bank training, as well as a full menu of management consulting, loan review, IT consulting and policy systems.