Compliance priorities on the horizon for 2022

by Carl Pry, CRCM, CRP

Predicting the new year’s compliance developments is easier in some years than others. In some years, a large piece of legislation (such as Dodd-Frank) must be implemented by regulators and the year (or in Dodd-Frank’s case, several years) will be dominated by new proposals and regulations to sort out. We’re not in that situation in 2022, although that’s not to say there aren’t new regulations to look forward to (implementing the AML Act, for example). Trying to predict 2022 is more an act of speculation than usual for a variety of reasons, but there are a number of crystal balls and tea leaves out there to provide us with a fairly good idea what the year will hold. And 2022 promises to be a grab-bag of issues, priorities and developments.

New agency leadership

This article originally appeared as the cover story in the March/April 2022 issue of ABA Bank Compliance magazine.
Chief among the reasons 2022 promises to be a dynamic year in compliance is the new administration (although it’s not so new anymore after a year-plus) and new leadership at the agencies. Rohit Chopra has finally been confirmed as the permanent director of the CFPB, and he’s jumped in with both feet. Each of the prudential regulators is also in some stage of a leadership change. This means there will be new priorities and directions the agencies will take, some yet unknown, but a few themes have been clear and consistent:

  • Equity and fairness. These terms appear again and again when Director Chopra speaks and writes about the bureau’s goals. Its recently-issued “Strategic Plan for Fiscal Years 2022-2026” mentions addressing outcomes for households and communities, “many of which reference the concept of equity,” and that the bureau will “embed a racial equity lens” in all its activities. But these concepts are not exclusive to the bureau; the FTC, for example, states the FTC seeks to “[a]dvance racial equity, and all forms of equity, and support underserved and marginalized communities through the FTC’s consumer protection mission.” Even though the FTC is not (directly) a bank regulator, it is indicative of a “whole-of-government approach” that has been mentioned by various agencies as a more unifying means to accomplish such wide-ranging objectives. The concepts of equity and fairness will pervade many issues impacting banks, and certainly those dealing with consumer protection, fair lending, and unfair or deceptive acts or practices (UDAP).
  • Pandemic recovery. The bureau has again been outspoken in this regard. Its Strategic Plan mentions equitable recovery from the pandemic as one of the bureau’s priorities, citing rising housing insecurity as a concern. It also stated that small businesses, especially women- and minority-owned business, have faced more severe economic consequences due to the pandemic. Concerns about pandemic recovery are also seen in the regulators’ focus on servicing of mortgage and student loans, and access to credit in general (evidenced by a series of reports the bureau issued in 2021). Banks can expect further scrutiny in 2022 regarding trends observed during and (hopefully and finally) coming out of the pandemic.

Fair lending

Perhaps no topic has been mentioned more often, or in stronger terms, than fair lending. This has been a consistent theme from the agencies for some time now. Even before Chopra was confirmed, his predecessor, Dave Uejio, said “it is crucial that the bureau apply a racial equity lens and to find practical ways to make freedom from racial prejudice and pursuit of racial equity a priority in the full breadth of the bureau’s work.” Chopra is fully on-board with this view, and banks can expect robust and increasingly broad and comprehensive fair lending examinations and enforcement proceedings.

  • Redlining. The most commonly-articulated area of focus is redlining, as evidenced by the Department of Justice’s new “Combatting Redlining Initiative,” which will involve an “aggressive and coordinated enforcement effort to address redlining.” The DOJ states it “will seek to address fair lending concerns on a broader geographic scale than the Justice Department has ever done before.” This will be a coordinated effort among agencies, as evidenced by comments from officials from the DOJ, CFPB and the Department of Housing and Urban Development at a fair lending conference held in late 2021. Assistant Attorney General Kristen Clarke said that fair lending is “one of most significant issues of our time”; CFPB Fair Lending Director Patrice Ficklin stated the bureau would take “fresh approaches” when examining redlining, and David Enzel, HUD’s general deputy assistant secretary for fair lending, discussed a dedicated team at HUD in Washington that had been established to focus on redlining. A “whole-of-government” approach was emphasized again, with cooperation among the DOJ, CFPB, HUD and also the prudential regulators, U.S. attorneys, and state attorneys general.
  • Racial bias in appraisals. This is a developing issue, and it will be interesting to see what the regulatory approach will be and its effect on banks and other lenders. A report commissioned by the Appraisal Subcommittee of the Federal Financial Institutions Examination Council issued in January 2022 showed pervasive evidence of racial discrimination in home appraisals. Congress has expressed interest in this issue as well. The bureau has announced prioritization of resources to focus on racial bias in home appraisals, and CFPB Fair Lending Director Ficklin has mentioned the bureau’s desire to understand human judgment and discretion in the appraisal process.A home appraisal bias roundtable was held in mid-2021, where the CFPB, OCC, National Credit Union Administration and HUD discussed the role of racial bias in home appraisals and how to eliminate it. In addition, the Federal Housing Finance Authority (the federal regulator of Fannie Mae and Freddie Mac) in December 2021 announced it has found “overt references to race, ethnicity and other prohibited bases under federal fair lending laws” in thousands of appraisal reports. This is certainly an area to watch as we go through 2022.
  • Digital redlining and related technology issues. “Digital redlining” is a term that did not exist in the compliance lexicon not too many years ago but it is a primary concern of the agencies today. The term describes banks’ use of technology and related tools, whether artificial intelligence, so-called “big data,” credit and marketing models, and algorithms, that result in decisions and outcomes in violation of fair lending laws and regulations. Chopra has warned that the bureau will be “closely watching for digital redlining disguised through so-called neutral algorithms that may reinforce the biases that have long existed.” Banks must have a thorough understanding of the models and technologies they utilize, and analyze whether the decisions rendered by them are fair and equitable across protected classes and all consumers.

Unfair, deceptive, or abusive acts or practices (UDAAP)

Closely related to fair lending on the consumer protection priority spectrum is UDAAP. The Bureau has explicitly stated its goal of strictly enforcing UDAAP, evidenced by Chopra discussing the bureau’s “huge aspirations to create durable jurisprudence” regarding the definition of what would constitute abusive conduct.

He stated “it could be a mix” of judicial decisions and “how the CFPB may use rules and guidance to help articulate those standards.” Seeing such guidance would be welcome news to banks who have long sought clarity on how abusive conduct (and UDAAP as a whole) is defined and enforced, but if nothing else, this clearly demonstrates the bureau’s focus on UDAAP in general. Unfair or deceptive practices have also shown up repeatedly in the agencies’ reports on their supervisory activities, particularly around servicing, debt collection, advertising, assessment of fees and communications, among others.

Mortgage servicing

Closely related to pandemic recovery, servicers should expect intense scrutiny around their practices in 2022. A popular term in regulatory circles is preventing “avoidable foreclosures,” which involves focusing on compliance with Regulation Z’s and especially RESPA’s servicing rules. This was the focus of a joint statement from the agencies in November 2021 announcing the end to temporary supervisory and enforcement flexibility due to the pandemic. That Statement clarified the agencies “will apply their respective supervisory and enforcement authorities, when appropriate, to address any noncompliance or violations of the Regulation X mortgage servicing rules that occur,” although it also stated the agencies will take “the specific impact of servicers’ challenges that arise due to the COVID-19 pandemic … [into]account when considering any supervisory and enforcement actions.”

There are several components to this larger issue, including:

  • Collections. The CFPB’s new Regulation F is now fully in effect, and although it applies only to third-party debt collection efforts, it is a clear indicator of conduct that could be viewed unfavorably (read: potential UDAAP) in an examiner’s eyes.
  • Foreclosure communication and distressed borrower outcomes. Even though a June 2021 RESPA final rule from the CFPB applied only to foreclosures initiated before January 1, 2022, it contained clues to how servicers should treat distressed and foreclosed borrowers overall, including ensuring that loss mitigation applications be thoroughly evaluated before foreclosure is initiated and dealing with an unresponsive borrower.

Paired with the fair lending focus on outcomes (and processes) of dealing with distressed borrowers, and the challenges servicers are facing with the end of many foreclosure and eviction mandates in late 2021 and early 2022, it is clear that this will be a major area of concern during 2022.

Climate change risk

This is a relatively new addition to the compliance professional’s list of issues to monitor. A May 2021 Presidential Executive Order directed financial regulators to take steps to mitigate climate-related risks to the financial system. Later in the year the Financial Stability Oversight Council (FSOC) issued a report with more than 30 recommendations for the agencies, including defining, identifying, measuring, assessing, and reporting on climate-related risks and their effects on the stability of the financial system. This will involve “investments in staffing, training, expertise, data, analytic and modeling methodologies, and monitoring.” The report also asked the agencies to assess whether revised or new regulations or guidance is necessary to clarify expectations to financial institutions.

In November 2021, the OCC, Federal Reserve and Treasury Department released statements expressing support for these initiatives, and a White House-issued fact sheet promised yet another “whole-of-government strategy” to tackle the issue. The OCC has solicited academic papers and research from the public, and in December 2021 issued a draft version of their “Principles for Climate-Related Financial Risk Management for Large Banks.” While this may be an issue only the largest banks must address directly in 2022, it seems inevitable that climate risk management will be a regulatory focus for all banks in the years to come.

Cybersecurity

After two-plus years of a work-from-home environment, along with remote and digital banking becoming even more commonplace, cybersecurity and threat management has become even more prominent, if that is possible. Cyber-related issues are repeatedly listed as focus areas by the agencies in their supervision plans and risk reports, and the OCC, Federal Reserve, and FDIC in November 2021 issued a final rule requiring banks to notify their primary federal regulator within 36 hours after a significant computer-security incident. Compliance with the new rule is required by May 1.

In August 2021, the FFIEC issued updated guidance to provide banks with examples of effective authentication and access risk management principles and practices for those accessing digital banking services and information systems. Compliance with the new guidelines will surely be part of information security examinations in 2022.

Efforts to combat ransomware have also been announced by the Treasury Department, FinCEN, as the OCC has called attention to “increasingly complex cyberattacks” across the financial sector. The expectations are clear. From the OCC: “Risk management and control environments should keep pace with innovation and emerging trends, and a comprehensive understanding of risk should be achieved to preserve effective controls. Examiners will continue to assess how banks are managing risks related to changes in operating environments driven by innovative products, services and delivery channels.”

Diversity, equity, and inclusion (DEI)

A concept similar in principle to fair lending, DEI is another term becoming more familiar to compliance professionals, and bankers in general, in 2022. Many banks have already established DEI initiatives, statements, or even officers, but as of yet there are no definitive DEI-related laws or regulations in the banking sector. This may soon change, however. In an October 2021 speech, Acting Comptroller Michael Hsu stated the OCC is exploring several options to improve bank board diversity and inclusion.

The OCC is “encouraging banks to make it a practice to nominate or consider a diverse range of candidates or requiring institutions to either diversify their boards or explain why they have not,” Hsu said.

The diversity topic in financial services is not new: Section 342 of the Dodd-Frank Act requires each regulatory agency to create an office of minority and women inclusion to be responsible for developing standards for assessing the diversity policies and practices of each agency. While this does not require regulated institutions to establish such offices or any policies, over the intervening years the agencies have introduced various diversity-related initiatives, including encouraging banks to conduct voluntary diversity self-assessments. 2022 is shaping up to be a year diversity and DEI-related issues become more top-of-mind.

Digital models and machine learning

Fair lending-related decisions and outcomes are not the only risks of utilizing new technology. In March 2021, the agencies issued a request for information on the use of artificial intelligence, including tools and models used for credit underwriting, risk management, personalization of customer services and fraud prevention. The RFI sought information on challenges banks face when adopting these new technologies, as well as governance, risk management and controls. It also asked whether it would be helpful to provide clarification on using AI in a safe and sound manner and in compliance with applicable rules and regulations. (It would!) With the rise of fintech firms within the financial services industry and their use of innovative technologies, it’s clear that as banks adopt these new tools, examiners will be asking about how risks are managed. After all, we’re in a “data-driven economy” now.

Expected regulatory developments

Even though we didn’t have a Dodd-Frank type legislative event in 2021 (or even 2020), there are still a number of regulatory developments we are awaiting. The rules are always changing, and 2022 will be no exception:

  • 1071 finalization. This is the big event we are waiting for in 2022. The CFPB at some point this year will finalize the Dodd-Frank required amendments to Regulation B that will require lenders to collect and submit data for small business loan applications. The proposal for this very HMDA-like rule was issued by the CFPB in September 2021, and a final rule is expected sometime in mid-2022. It is expected that there will be an 18-month implementation period before compliance is required (although some alternative timeframes were proposed), meaning banks won’t have to report data under this rule in 2022 (or even 2023) But the time should be spent wisely preparing for the required collection and submission of the data. Advance preparation is always a good idea so that banks can understand the story of what the data tells.

There are a number of clarifications that must be addressed in the final rule, including:

    • Which lenders will be covered (the threshold in the proposal was quite low and would cover almost all banks that offer small business credit).
    • What constitutes a “small business.”
    • Required data points (including how ethnicity, race, and sex information will be collected).
    • Timing.
  • BSA/AML changes. The AML Act of 2020 included several important changes to the Bank Secrecy Act. One, implemented by the Corporate Transparency Act (a provision of the AML Act) involves changes to the BSA’s beneficial ownership rules that became effective in 2018. The changes include the creation of a federal database for beneficial ownership information, leading to questions regarding whether the burden of collecting such information will be shifted away from banks. In April of 2021, FinCEN issued a proposal addressing reporting standards for entities (meaning entities that are bank customers, not banks themselves) to provide information to the federal government about their beneficial owners. FinCEN has said full implementation of the AML Act will occur “in a phased process” with “multiple rulemakings.” It is apparent that this will be a slow process. In the meantime, while we await these further rulemakings, the existing beneficial owner rules have not gone away. Banks must continue to comply with the rules in BSA as they appear now (meaning continue to collect beneficial owner information) until told otherwise via final rule.

A second provision of the AML Act will require banks to incorporate federal government-wide AML/CFT priorities into their own AML/BSA compliance programs. In June 2021, FinCEN published these priorities. On the same day, the regulatory agencies, along with FinCEN, issued a joint interagency statement emphasizing that banks will not be required to incorporate the priorities into their programs until the effective date of final revised BSA regulations. We are likely to see some sort of regulatory activity in 2022 around this requirement, and banks must be ready to amend their programs with the appropriate information by a final rule’s effective date.

  • Consumer access to financial records. Dodd-Frank Act section 1033 addresses the portability of a consumer’s financial information, meaning banks “must make available to a consumer information in the control or possession of the provider concerning the consumer financial product or service that the consumer obtained from the provider.” But how this will happen and in what form awaits rulemaking from the CFPB. In November 2020, the CFPB issued an advanced notice of proposed rulemaking, soliciting comments from the public on how the bureau may formulate such rules. We should expect some sort of proposal by mid-2022.
  • Automated valuation method (AVM) rules. Dodd-Frank Act amendments to the Financial Institutions Reform, Recovery and Enforcement Act of 1989 mandated rules be put into place addressing quality control standards for AVMs, which utilize databases to produce reports that estimate the value of a property based on historical data and projections of property values. The new rules will be meant to “ensure a high level of confidence in the estimates produced by the valuation models, protect against the manipulation of data, seek to avoid conflicts of interest, require random sample testing and reviews.” A proposed rule is expected in mid-2022, so real estate lenders utilizing AVMs will need to prepare for changes to their processes to incorporate the new standards.
  • Third-party relationship guidance. In July 2021, the OCC, the Federal Reserve and FDIC issued a proposal to update and unify their guidance to help banks manage risks related to third-party relationships, including relationships with financial technology-focused entities. The guidance covers planning, due diligence and third-party selection, contract negotiation, oversight and accountability, ongoing monitoring and termination provisions. Finalization of the proposal is expected sometime this year.
  • Deposit insurance changes. The FDIC deposit insurance rules are notoriously complex, especially when trying to calculate how much coverage exists when trust accounts are involved since there are separate rules when it comes to revocable and irrevocable trusts. In January, the FDIC finalized their rule “merging these two deposit insurance categories and applying a simpler, common calculation to determine coverage.” While “the FDIC expects that the vast majority of trust depositors will experience no change in the coverage for their deposits when the final rule takes effect,” it will be a change (welcome as it is) that compliance professionals must implement into their processes early in 2022.

Before the pandemic, the FDIC had also discussed modernizing its signage and advertising rules (the ones mandating the “Member FDIC” sign at places deposits are taken and stated in any promotional message for an insured depository product) “to better reflect how banks and savings associations are transforming their business models to take deposits via physical branches, digital and mobile banking channels.” However, this effort was postponed in mid-2020 due to the pandemic. 2022 may be the year we see some progress on this one as well, although to date we have not heard anything from the FDIC. Hope springs eternal.

Potential regulatory developments

In addition to the above, although not certain, we may see some regulatory changes to the following:

  • Community Reinvestment Act reform. After the OCC rescinded its version of a new CRA rule in December 2021, it’s back to the drawing board for CRA modernization. Hopefully this time will be different, as there are signs the OCC, Federal Reserve, and FDIC plan to collectively develop new rules. As the OCC put it, there is “ongoing interagency work to modernize the CRA regulatory framework and promote consistency for all insured depository institutions.” Perhaps in 2022 we see progress toward what a new CRA may eventually look like.
  • Changes to the Qualified Mortgage definition. 2021 saw the replacement of the QM rule’s debt-to-income ratio test with a new pricing test, but due to the pandemic, the DTI test will not sunset until October (meaning until then either standard can be used). A new “seasoned QM” rule was also introduced and became effective in March 2021, providing that certain closed-end, fixed-rate, first-lien loans made on March 1, 2021, or after may become qualified mortgages if the borrower demonstrates three years of good payment history.

However, in February 2021, the CFPB announced it is “considering whether to initiate a rulemaking to revisit the Seasoned QM Final Rule,” meaning the rule may be revised or even revoked. In Chopra’s testimony to the House Financial Services Committee in late 2021, he pointed out regarding the rule that he is eager “to hear of places where it needs to changed,” and he wants “to make sure he understands the full basis of it.” We’ll await commentary from the bureau to see if yet more changes will be made to the QM rules.

  • Overdraft reform. Even though the CFPB listed overdraft services as “inactive” in its December 2021 rulemaking agenda, there has been quite a bit of attention around overdraft reform lately, and more can be expected in 2022. The OCC in particular has been quite vocal about overdrafts, with Hsu stating at a conference in December of 2021, a desire for “responsible overdraft programs that benefit financially vulnerable consumers” and that “improve customers’ financial capabilities and are priced to be low to no cost.” An OCC review identified product features “that could be modified or recalibrated to support financial health” including (among others):
    • Expanded opt-ins for overdrafts.
    • Grace periods before fees may be assessed.
    • Allowing negative balances without triggering an overdraft fee.
    • Collecting overdraft or non-sufficient funds fees from a consumer’s next deposit only after other items have been posted or cleared.
    • Not charging separate and multiple overdraft fees for multiple items in a single day.

Again, there is no indication that any of the above will be embedded into any sort of regulation But it is clear that overdrafts are a hot topic in the supervisory and enforcement environment. Many banks, large and small, have recently announced a reduction or even elimination of overdraft fees, partially in response to this scrutiny. No matter the form (whether rule, guidance or otherwise), overdrafts are a topic to watch in 2022.

  • Mobile device disclosures. When you combine the fact that consumer deposit account and lending disclosures are lengthy (multiple pages long with a lot of fine print) with the reality of many consumers (especially the younger ones that don’t need reading glasses) conducting their entire lives on six-inch cell phone screens, it becomes apparent some sort of accommodation is needed. In August 2021, the CFPB issued a Notice and Request for Comment on Electronic Disclosure on Mobile Devices, stating it will “conduct several studies using methodologies rooted in psychology and behavioral economics to understand electronic disclosure on mobile devices,” including how consumers engage with their finances on different types of devices. It seems necessary and inevitable that something will happen here, and this is something to watch for 2022.
  • Military Lending Act (MLA). In the “much less likely but still possible” category, a Department of Defense and Treasury Department report to the House Committee on Armed Services in May 2021 addressed the effects of potentially lowering the MLA’s current military annual percentage rate cap from 36to 30 percent, or even 28 percent. The report found that the MLA was generally effective in deterring unfair credit practices, and that MLA-covered credit cards, auto loans and personal loans made to active-duty servicemembers and their dependents are generally available at risk-based rates below the current MAPR limitation. The report also found that an “MAPR limit as low as 28 percent would likely have no impact on access to credit cards.” We may see some pressure on the DOD to lower the MAPR limit.
  • Crypto- and digital currency. Many of us are trying just to understand what bitcoin and digital currencies are all about and how they work, much less figure out how they fit into the compliance environment. But as banks start to dip their toes into the digital currency waters, a regulatory framework will become essential, especially as the Federal Reserve contemplates how a central bank digital currency would function. Perhaps 2022 is the year we start to see activity in this area.
  • Excessive “junk fees.” In January, the CFPB announced it has “launched an initiative to save households billions of dollars a year by reducing exploitative junk fees charged by banks and financial companies.” The CFPB announced it will use its authority to “craft rules, issue industry guidance and focus supervision and enforcement resources to achieve this goal.” It issued a request for information on how fees for various types of products (including deposit account, credit card, remittances and payments, prepaid accounts, mortgage and other loans) have “impacted peoples’ lives” and asks “what oversight and/or policy tools the CFPB should use.” We’ll wait and see what type of rules and guidance potentially come from this effort.

In the end, even though we don’t have a Dodd-Frank Act to dominate compliance developments in 2022, there is certainly quite a bit to follow, monitor and implement this year. We’re in an especially dynamic environment. So, as usual, there is never a dull moment in compliance.

Carl Pry, CRCM, CRP, is managing director for Treliant LLC in Washington, D.C., where he advises clients on a wide variety of compliance, fair lending, corporate treasury, and risk management issues. He also serves on the ABA Bank Compliance magazine editorial advisory board. Reach him via email at cpry@treliant.com or by telephone at (440) 320-4662.

Share.