OFFICIAL PUBLICATION OF THE VIRGINIA ASSOCIATION OF COMMUNITY BANKS

Pub. 12 2023 Issue 2

Navigating the Potential Impact of Recent Regulatory Guidance

Banks are facing unprecedented risk management challenges amid rapid technological and competitive changes. Federal and state authorities have recently issued guidance to address paradigm-altering shifts such as climate change, artificial intelligence (AI), cryptocurrency, digital and mobile banking, credit models, data security, and more. Financial institutions should understand how these changes could affect their operating model and strategy. Below are highlights of recent select regulatory guidance:

Climate Risk

Large financial institutions are impacted first. The Federal Reserve Board will conduct a pilot to analyze climate-related financial risk involving the six largest U.S. banks in early 2023.

Small Business Lending Data Collection

Most U.S. financial institutions will be impacted when implemented in 2023. Lenders will be required to annually report small business credit application data, including credit purpose, loan amount, business info and location, gross annual revenue, NAICS code and more.

Expansion of UDAAP Standards

The expansion broadens the scope of consumer activities subject to UDAAP beyond lending to include advertising, pricing, servicing, reporting, payments, and collections. However, a lawsuit by several banking trade associations seeks to prevent the expansion of CFPB’s UDAAP role beyond its Dodd-Frank Act statutory authority.

Reporting Credit Decisions Using Complex
Models/Algorithms

Lenders using AI, machine learning, and/or complex credit models must disclose the precise reason(s) for Adverse Action Notices as required by the Equal Credit Opportunity Act.

Enhanced Consumer Privacy Laws

Five states have already enacted enhanced regulations: CA, CO, CT, VA and UT. CA has already placed them into effect; CO, CT, VA and UT state requirements became effective in 2023. Six other states have active legislation pending: MA, MI, NJ, NC, OH and PA.

Oversight of Bank Third-Party Risk Management (TPRM)

Vendor/third-party relationships are generating renewed regulatory scrutiny, especially fintech partnerships. Ineffective TPRM could be cited as unsafe or unsound practice. Banks must demonstrate TPRM through documentation of third-party relationships, conduct audit and performance reviews, and require third parties to provide data that confirms the quality and sustainability of controls to meet service agreements.

What’s an Appropriate Change Management Strategy for Community Banks?

Each regulatory scenario described above warrants a course of action specific to that issue. For example, regarding the enhanced consumer privacy laws, banks should revisit privacy disclosures, notices, and policies within the states they operate. More holistically, banks can manage all the impending regulatory changes following these three steps:

  1. Monitor regulatory proposals and changes through industry groups and trade associations.
    Seek clarification and/or assistance from trusted partners outside of your organization. In addition, involve your operations, technology, and compliance staff to gain a comprehensive view of any potential changes. It is also prudent to communicate with your board and senior staff and to document your regulatory discussions in board minutes.
  2. Designate an internal stakeholder to implement/monitor regulatory changes.
    This stakeholder can also conduct testing after implementation to ensure the process and related controls are operated as intended and document your bank’s change management efforts for subsequent review by external parties.
  3. Partner with an external regulatory expert.
    Staying current with newly implemented and/or potential regulations requires time, expertise, and deep industry knowledge. An external overseer can advise on necessary regulation and compliance issues, giving banks the freedom to focus on serving their communities.

Click the link for more information about compliance and regulatory solutions.
https://lp.bhgandbanks.com/bank-network/?bhgid=21983

As Chief Regulatory Relations Officer (SBA), Gale Simons-Poole expertly navigates regulatory and compliance matters for BHG lending programs and supports BHG’s risk management and reporting. Gale’s three decades in bank supervision include 23 years with the FDIC, most recently as Deputy Regional Director, Risk Management Supervision. Before joining BHG, she spent seven years as Director for Promontory Financial Group, advising clients from large insured national banks to community banks.