Compliance Priorities for 2021

By Lyn Farrell and Kathryn Reimann

Surely 2020 has been the strangest year in our communal lives in the U.S. But as always, compliance responsibilities continue. As we begin a hopeful 2021, in our estimation, the following issues should be the priorities for compliance professionals focused on consumer regulation and COVID-related regulatory and supervisory risks:

1. Fair lending

With a new administration in Washington, there will be changes in the regulatory agencies. Most certainly, there will be a new CFPB director. Given the Supreme Court’s June 2020 ruling enabling the President to fire the director of the bureau at will, we would expect that the Biden administration will install a new director quickly. One of the areas that received less attention over the last four years, as CFPB enforcement activity dropped overall, was fair lending. We expect that this area will receive some renewed attention with a new director in place. While fair lending management should be a steady state operation in compliance departments in every bank, we suggest that compliance professionals begin the new year with a thorough review of this area. It will take the bureau some time to gear back up to full speed, so 2021 is a good time to refresh your program, examine your lending data and see if any outliers pop out in your programs. Make sure that you stay up to speed on the potential for bias in data analytics or artificial intelligence tools your bank may employ, and stay tuned in to the evolution of alternative treatments for those with thin or no credit files.


There have been far fewer UDAAP enforcement actions against banks during the last four years, so this may be an area where the bureau once again gears up for supervision under new leadership. Take a look at how you advertise and present your products to your customers and compare that to exactly what is delivered. Analyze complaint data to see what might be lurking under the surface. Kick the tires on the controls around fees, ACH debits and accountholder access to funds. While the COVID crisis has slowed the introduction of new financial services (other than related relief programs), once things get back to normal, the creative forces in your institutions will be anxious to offer new, innovative products, as well as add-ons or changes to existing products.

This may be particularly true given the changing competitive landscape. While product innovation can be a boon to consumers, there are invariably glitches in how the products are operationalized and these can spawn UDAAP issues. Make sure your infrastructure for UDAAP compliance is in good shape. And make sure you are working with your AML partners as new rules impact account opening processes.

3. CARES Act review and other COVID risks

The 2021 Congress already appears to be interested in how the CARES Act PPP Loans were administered, and journalists have publicized some of their more incongruous observations about recipients and lenders, as well as frauds. Several news organizations have a FOIA lawsuit pending to obtain specific information on who received the loans, and in what amounts. Compliance departments should take a careful look (if they have not already) at how the loan decisions were made and documented, including whether applicants that were not already customers of the bank received the loans, what processes were put in place to prevent fraud, how any fraudulent activity (or suspicious activity) was handled—including whether SARs were filed—and how the forgiveness mechanisms are working. Note also that, as highlighted by the OCC in its most recent Semi-Annual Risk Perspective, operational risks have been heightened as banks have modified their processes to include third party providers and technologies that have made “work from home” possible. This situation, as well as the legislative relief programs we mentioned, have elevated compliance risk generally.

4. Fair Credit Reporting Act compliance

With the CFPB expected to take a more aggressive approach in general, and with credit playing a vital role in helping millions of small business owners and individuals to recover from the effects of COVID-19, as well as the potential for continued debate on some type of relief for student borrowers, FCRA is likely to be a potential area of supervisory review. Like fair lending, FCRA compliance programs warrant a current “health check.” In January 2020, the Senate received the Comprehensive Credit Act of 2020 from the House—and this was only one of at least a dozen bills to amend FCRA introduced during the 2019-2020 legislative session. Among other things, the CCA focused on the removal of information from borrowers’ credit files under certain circumstances. In 2019, a 10-year study of consumer protection litigation revealed that while other types of litigation had decreased, the number of lawsuits brought under FCRA had increased 100 percent. Large scale furnishing, adverse action letters, and related dispute resolution activities often come with operational challenges. We don’t think interest in this area will wane.

If you have enough time and resources, we suggest that you also make sure that you have your finger on the pulse of all collections activities and related complaint activity at your bank. In light of the high levels of unemployment and financial distress, you want to ensure that your interactions with your borrowers are above reproach. While you are at it, revisit your oversight of any third-party collectors and debt servicers, especially any third-party mortgage servicers.

Lyn Farrell is a regulatory strategy advisor for Hummingbird RegTech. She is a regulatory attorney with 40 years of experience in banking regulation.. She can be contacted at [email protected]

Kathryn Reimann is a regulatory advisor to Hummingbird Regtech and other institutions and has more than 25 years of experience leading compliance functions at public companies, most recently as the chief compliance officer for Citibank, N.A. and the Citi Global Consumer Bank.