Is Your Institution Prepared for 2020’s Most Pressing Banking Regulations?
Even though the heyday of the Dodd-Frank Act (DFA) is well behind us, and the Trump administration continues to espouse a deregulatory philosophy, financial institutions mustn’t stop prioritizing regulatory compliance. In fact, along with routine regulatory requirements, there are at least five noteworthy compliance issues on the 2020 horizon that both regulators and bankers agree will require significant attention this year.
1. Data Privacy and Uncertainty
In May 2017, The Economist declared that data had replaced oil as the world’s most valuable resource. Two ensuing events further emphasized this point: the September 2017 Equifax data breach exposing 147 million people and the Cambridge Analytica data scandal, which broke in March 2018 revealing that as many as 87 million Facebook profiles had been misappropriated.
Not surprisingly, the first data privacy laws—with any real teeth— became reality soon thereafter.
In May 2018, the General Data Protection Regulation (GDPR), which grants consumers in the European Union significant rights over their personal data, went into effect. The real kicker: It was not limited to European companies. U.S. firms who do business in the EU or have EU customers are subject to the GDPR.
One month later, in June 2018, California was the first state to pass a comprehensive data privacy law, the California Consumer Privacy Act (CCPA). It affords California residents the right to control key aspects of their personal data, and it applies to any firm—regardless of its physical location—doing business with those residents.
That was just the start. According to the National Conference of State Legislatures (NCSL), 26 states and Puerto Rico introduced 129 data privacy-related bills in 2019. While they varied in context and only a handful passed, the sheer volume underscores the growing concern for consumer data privacy among state legislatures.
Not to be outdone by their state counterparts, federal lawmakers inched closer to a national data privacy law with two proposals in late 2019. Although there is disagreement over three main aspects of such a law (the private right of action, preemption of state law and enforcement), both Republicans and Democrats agree “federal privacy legislation is urgently needed.”
Fast forward to 2020 and financial institutions can reasonably expect to see more states enact their own laws and possibly see Congress pass a federal law that may or may not preempt individual state laws. So, how best to navigate this challenging and quickly changing environment?
The ABA Banking Journal warns that dealing with such laws one at a time is not scalable. Instead, it advocates for an accountability approach to data privacy compliance. This means identifying your institution’s privacy framework so that it can “implement and embed relevant policies, procedures and other measures throughout the organization” in order to comply with competing privacy laws. The framework’s activities should be reviewed regularly to adjust for internal (new products, etc.) and external (new laws) developments that could affect data privacy.
As a sub issue of data privacy, institutions can also expect continued pressure in 2020 for their websites to meet Web Content Accessibility Guidelines (WCAG) 2.1.
2. Beneficial Ownership and Accountability
Financial institutions have had over a year and a half to perfect their compliance with the Financial Crimes Enforcement Network’s (FinCEN) Customer Due Diligence (CDD) Final Rule, which requires them to identify the beneficial ownership of legal entity customers. In 2020, institutions can expect an end to any initial grace period afforded them by regulators.
In fact, at least two federal regulatory agencies have said as much. In October, the Office of the Comptroller of the Currency (OCC) published its Fiscal Year 2020 Bank Supervision Operating Plan (OCC 2020 Plan), in which it announced customer due diligence and beneficial ownership compliance as an examination priority. And just this month, the National Credit Union Administration (NCUA) stated that, “An ongoing area of emphasis will be the customer due diligence and beneficial ownership requirements that became effective May 11, 2018.”
On the bright side, financial institutions may get some help from Congress. The House has passed the Corporate Transparency Act of 2019, which would require “new and existing small corporations and limited liability companies to disclose information about their beneficial owners” to FinCEN.
In addition, Sen. Mark Warner, D-VA, introduced the ILLICIT CASH Act. The Act “would create a secure beneficial ownership registry of legal entities, to be overseen by the Financial Crimes Enforcement Network or the Treasury Department.”
Should either of these bills become law, the onus of identifying beneficial ownership would shift toward business entities rather than financial institutions. Until that occurs, however, institutions must be pre-pared for mounting exam scrutiny of their beneficial ownership practices.
3. BSA/AML Compliance and Examinations
Several agencies have identified other areas of Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) compliance as top priorities for 2020. At the ABA/ABA Financial Crimes Enforcement Conference in December, “regulatory officials flagged deficiencies in risk assessments, a need for more maturity in compliance systems and processes and data integrity issues, particularly as a result of mergers.”
Specifically, Spencer Doak, Director for Bank Secrecy Act/Anti-Money Laundering Compliance at the OCC, repeated concerns outlined in the OCC 2020 Plan. He noted that risk assessments are sometimes “too narrowly focused or outdated,” resulting in “inadequate or incorrect customer risk identification or ratings,” and that some banks have outgrown their BSA/AML monitoring systems.
In addition, both the OCC and NCUA have publicly stated that they would continue to closely examine suspicious activity report (SAR) and currency transaction report (CTR) filings for timeliness and thoroughness.
There is a possible counterbalance to this intense scrutiny. Regulators hinted at the conference that BSA guidance may be clarified in 2020 as part of the first phase of the Federal Financial Institutions Examination Council’s (FFIEC) examination manual update, and as regulators work together to provide additional clarity on BSA/AML model risk management.
4. Reg CC and Inflation Adjustments
On July 1, 2020, The Availability of Funds and Collection of Checks (Regulation CC) Final Rule, one of the final outstanding DFA issues that adjusts for inflation, goes into effect. The big changes in the rule include the following:
- Next day availability increases from $200 to $225
- Exceptions increase from $400 to $450
- Exceptions subject to the $5,000 rule increase to $5,525
With less than six months until the implementation date, financial institutions should be working now on the following preparations in order to be compliant by July 1:
Update disclosures for consumer and commercial accounts
- Prepare change notices for customers and deliver them within 30 days after the rule’s implementation
- Adjust branch posters
- Incorporate and test system changes
- Revise training materials
- Train staff to handle the changes
Although all the items on this list are important, training front-line staff will be the most critical. Institutions need to make sure that tellers, once trained, have a sound understanding of the new thresholds along with the specifics of your updated funds availability policy in order to accurately place holds on deposits and be able to explain those holds to customers.
5. CECL and Delayed Implementation
The Current Expected Credit Loss (CECL) standard rounds out the major compliance priorities for 2020. Even though the Financial Accounting Standards Board (FASB) officially delayed CECL implementation for non-SEC public and private companies from January 2021 to January 2023, this should not stop or slow preparations for this massive change in how credit losses will be estimated.
Instead, institutions should use this borrowed time wisely. Accounting Today notes that the delay will provide them the opportunity to see how bigger banks implement CECL, as well as the regulatory response to their selected modeling approaches.
A final word of warning: Even with the delay, both the OCC and NCUA have indicated that they will still be assessing CECL preparations at exam time. Your institution will want something to show them in order to prove that work is in progress and to gain valuable feedback prior to the 2023 CECL implementation.
Bankers’ Expectations Are on Target
CSI’s 2020 banking priorities survey revealed that bankers are keenly aware that these five compliance issues need to be front and center this year. Four out of five of bankers who completed the survey ranked data privacy as the most important upcoming regulatory issue, while more than three out of five ranked BSA/AML compliance (3.5), Reg CC changes (3.4), beneficial ownership (3.3) and CECL (3.1) as most important.
Want to know what else bankers anticipate for our industry in 2020? Download the 2020 Banking Priorities Executive Report for a full breakdown of the data.