Abstract: This summary of recent developments in banking looks at how the Consumer Financial Protection Bureau has been cracking down on banking practices it views as unlawful under the Dodd-Frank Act’s regulations on unfair, deceptive or abusive acts or practices. In addition, the article cites the evidence supporting use of a fraud hotline and explains updated OCC guidance on corporate and risk governance.
Beware of UDAAP
The Consumer Financial Protection Bureau (CFPB) continues to exercise its authority to crack down on banking practices it views as unlawful under the Dodd-Frank Act’s regulations on unfair, deceptive or abusive acts or practices (UDAAP). In one recent enforcement action, for example, the agency entered into a $28.5 million settlement with the Navy Federal Credit Union for alleged UDAAP violations related to its collection of delinquent accounts.
The institution’s unfair, deceptive or abusive practices included:
• Threatening legal action it didn’t intend to take or lacked the authority to take, including wage garnishment,
• Making false threats to contact service members’ commanding officers (the CFPB found that an account agreement provision permitting the credit union to do so wasn’t consented to, as required, because the clause was “buried in fine print, non-negotiable and not bargained for by consumers”), and
• Misrepresenting the impact of loan delinquencies on customers’ credit ratings.
The institution also unfairly froze customers’ electronic account access and disabled some electronic services after the accounts became delinquent.
Should your bank have a fraud hotline?
The evidence suggests that the answer is a resounding “yes” — your bank should have a fraud hotline. Employee fraud is a problem for most organizations, but it’s particularly prevalent among banks and other financial institutions. According to the Association of Certified Fraud Examiners (ACFE), banking and financial services was the most-represented sector in its 2016 Report to the Nations on Occupational Fraud and Abuse.
According to the report, the most common method of detecting fraud was via tips from employees, customers, vendors and others. In fact, the report found that fraud is more likely to be detected through a tip than as a result of an internal audit or management review. The ACFE also found that organizations with reporting hotlines are nearly twice as likely to detect fraud through tips than those without hotlines.
Telephone hotlines (used by 39.5% of organizations with formal fraud reporting mechanisms) are the most common source of tips, followed by tips submitted via email (34.1%) and tips submitted via Web-based or online forms (23.5%).
OCC guidance on corporate and risk governance
Recently, the OCC revised its Corporate and Risk Governance booklet, which is part of its Comptroller’s Handbook. Among other things, the updated booklet:
• Outlines management and board responsibilities for governing a bank’s structure, operations and risks,
• Explains enterprise risk management (ERM) and the importance of viewing risk in a comprehensive, integrated manner,
• Discusses the benefits of a risk governance framework — and the role of risk culture and risk appetite within that framework, and
• Provides guidance on strategic, capital and operational planning.
You can find the booklet at https://www.occ.treas.gov/publications/publications-by-type/comptrollers-handbook/index-comptrollers-handbook.html.