Compliance Blog

Written by Brandy Bruyere, Vice President of Regulatory Compliance, NAFCU

Since the passage of S.2155 this past May, NAFCU’s compliance team continues to receive questions about a particular provision – section 213, titled “making online banking initiation legal and easy.” We blogged several weeks ago about the topic so check that out for a more in-depth discussion of the general issue. The short story is that the wording of this law seems to indicate that, when opening accounts online, it is a requirement to delete a copy or image of a member’s identification card after using that copy for one of the following:

1. Verifying the person’s identity;
2. Verifying that the identification card is authentic; or
3. Complying with a legal requirement to record, retain or transmit personal information in connection with opening an account (e.g. the Bank Secrecy Act’s customer identification program requirements).

Many credit unions have asked to what extent this might actually disrupt their processes, and what the penalty would be for being deemed non-compliant because an ID was kept on record.

As a starting point, section 213 is a freestanding provision meaning it does not amend a pre-existing statute or framework – it is not clearly incorporated into  an existing part of the US Code that addresses issues like civil liability, regulatory authority and enforcement. This may be because, from our discussions with staffers on Capitol Hill who worked on this particular section, the aim was to make online account opening easier. In other words, it does not seem to be a statute with stand-alone penalties. Section 213 also does not specifically require any regulator to exam or enforce the bill. We would hope that regulators may provide clarification, such as FinCEN perhaps addressing how section 213 interplays with a customer identification program (CIP). However, the BSA rules do not mandate keeping copies, just recording a description of the documents relied upon when using documentary methods.

Military Lending Act – DC Rumors on Pending Guidance, Bureau Supervision

Over the past week, a few news outlets reported on pending MLA guidance and changes to the way the Bureau of Consumer Financial Protection (bureau) plans to examine and supervise for compliance. This generated questions from members so it seemed worth discussing. In case you missed it, an NPR report stated it reviewed documents showing, in part, that in terms of the MLA and guaranteed auto protection (GAP) insurance, changes to the rules “would give car dealers what they want.” It is unclear what “documents” the news outlet received. Some have wondered if the story is referencing the rule submitted to the Office of Management and Budget back in May 2018. If so, the report indicates the pending rulemaking might resolve some of the issues presented by the December 2017 interpretative rule issued by the Department of Defense (more information here and here on this topic). However, there is no formal publication at this time, just DC rumors. Time will tell, and we will keep monitoring for publication of the pending rulemaking.

The same NPR report along with other outlets also stated that, in internal agency documents, the bureau has determined it does not have the statutory authority to examine for MLA compliance. While the bureau has not issued a formal public statement with regard to these reports, this kind of position may hinge in part on section 232.10 of the MLA rule, which addresses administrative enforcement. Specifically, the MLA says the rule is to be enforced by agencies listed a particular section of the Truth in Lending Act, in “the manner set forth in that section or any other applicable authorities available to such agencies by law.” Some reports indicate this would mean enforcement authority would continue, such as seeking a consent order for rule violations, but the MLA would not be part of bureau exams. Meanwhile, a group of lawmakers have already expressed their concerns with the bureau’s oversight of MLA compliance.

What about exams performed by the National Credit Union Administration (NCUA)? NCUA also has not formally commented on these news reports. We reached out to the agency for clarification on whether or not there will be a consistent approach in how federal regulators address this issue.