Purpose

Assigns specific responsibilities to banks to know their customers, and to detect and report large cash transactions and suspicious activities. These responsibilities are important to ensure banks are not used as intermediaries for transferring funds obtained from criminal activities. Because of this, you may hear the term anti-money laundering (AML) in the context of BSA.

Compliance Reminders

Banks must have a written BSA/AML compliance program that includes these four components:

1. internal controls to assure ongoing program compliance;
   
2. periodic independent testing for BSA/AML compliance (A sound practice is to do this every 12-18 months, depending on the bank’s level of risk);
   
3. a designated individual responsible for coordinating and monitoring day-to-day compliance; and
4. training for appropriate personnel.

A Customer Identification Program (CIP) must be included as part of the BSA/AML compliance program.

The board of directors must approve the BSA/AML program, with the approval noted in board minutes.

Currency Transaction Reports (CTRs) are required for cash transactions (deposit, withdrawal, exchange or other payment or transfer) greater than $10,000. Customers meeting certain criteria may be exempted from such reporting.

The board of directors must be notified of Suspicious Activity Reports (SAR) filings.

Information in SARs is confidential and may not be divulged to people outside of the bank, or to people who may be the subject of a SAR.

SARs are required with respect to transactions that are inconsistent with what is known about a customer and that have no identifiable business purpose or support.

Account opening procedures, also known as customer due diligence, are critical to a bank’s ability to identify suspicious activity. Those procedures should be designed to obtain necessary information by which to effectively and efficiently serve the customer, while giving you the ability to know when a transaction doesn’t make business sense for the customer.

Purpose

Prohibits common directors and management officials among unaffiliated institutions in the same community in order to maintain competition among institutions.

Compliance Reminders

There are limits on your service as a director or management official at other unaffiliated financial institutions and bank holding companies, particularly if:

• your bank has assets greater than $2.5 billion,
  
• any office of your bank is located within the same large metropolitan area as the other institution or one of its offices, or
  
• any office of your bank is located within 10 miles of an office of the other institution.
  

Purpose

Prevents bank insiders (directors, management officials, and principal shareholders) from obtaining credit on more favorable terms than other customers of their banks.

Compliance Reminders

Combine credit extensions to insiders with those of their immediate family and businesses to make sure that loans to insiders stay within lending limits specified in the regulation.

There is a limit on loans to a single insider and an aggregate limit on total loans to all insiders.

Overdrafts are extensions of credit and are specifically addressed by the regulation.

Be alert to loan transactions where insiders may receive, directly or indirectly, some benefit. Be mindful that an insider’s endorsement, or guarantee, can be considered an indirect extension of credit to the insider.

Purpose

Ensures safeguarding of nonpublic, personal information that customers provide to the bank.

Compliance Reminders

The regulation requires an annual notice to customers describing the bank’s policy on sharing of their information with nonaffiliated third parties.

If your bank shares customer information with nonaffiliated third parties, then it must also provide customers with the ability to prevent their information from being shared, also known as the ability to “opt out.”

Make sure the bank’s policies regarding its information sharing are consistent with its current sharing practices.

Purpose

Prevents misuse of bank resources resulting from non-arm’s-length transactions with affiliates.

Compliance Reminders

Your bank cannot buy a low-quality asset from an affiliate, except under very limited circumstances.

Be alert to parent bank-holding company expenses and overdrafts paid by the bank, because such payments could constitute illegal, unsecured credit to the holding company.

Be sure the bank receives its share of refunds and benefits from joint tax filings.

Tax payments to the parent should not be made too far in advance of when they are due, or they may be considered a loan to the parent company.

Watch for transactions between the bank and firms controlled by insiders to ensure that their terms are no less favorable than terms the bank would receive on similar transactions with an outsider.

Management fees paid by the bank to its parent bank holding company should be appropriate to the services received.

Asset purchases, rental agreements and lease contracts between the bank and firms owned by insiders must be on equivalent terms to those with outsiders.

Maintain documentation to demonstrate that all transactions with insiders and affiliates take place at market value

Purpose

Implements the Community Reinvestment Act (CRA), which encourages banks to meet the credit needs of their communities, including low- and moderate-income (LMI) neighborhoods.

Compliance Reminders

The bank’s most recent Community Reinvestment Act (CRA) rating is public information and must be made available to the public upon request.

The assessment area defined by the bank is the geographic area in which the bank’s CRA performance will be judged. It may not be the same thing as the bank’s market or trade area. It is key to the evaluation of the bank’s record of meeting community credit needs.

Assessment areas must:

• include whole geographic areas (e.g., counties, census tracts or metropolitan statistical areas (MSAs),
  
• not illegally discriminate and
  
• not arbitrarily exclude low- or moderate-income areas (i.e., no “redlining”).

Review the bank’s assessment area to make sure it includes all the bank's branches, deposit-taking ATMs and a substantial portion of its loans.

Perform a self-assessment of your CRA performance to avoid surprises at your next CRA examination.

Purpose

Apprises regulators of senior management changes that may be detrimental to banks in troubled condition.

Compliance Reminders

Applies to banks that are deemed to be in troubled condition

Requires a 30-day prior notice for:

• any changes to the board of directors or
• employment of new senior officers.

Purpose

Limits severance payments and indemnification in order to safeguard bank assets; limits rewards to institution-affiliated parties who may have contributed to a bank’s less than satisfactory condition or who may have otherwise harmed the bank.

Compliance Reminders

The limitation on indemnification applies to all banks. The limitation on severance payments applies only to banks that are in a troubled condition.

Generally, a bank cannot indemnify an insider against the liability or legal expenses of an administrative proceeding by the bank’s regulator.

Indemnification for the payment of civil money penalties is not permitted.

Golden parachute payments or agreements cannot be made without the prior written approval of the bank’s primary federal regulator and the FDIC. A state member bank that is in a troubled condition would need to consult with its Reserve Bank before making or entering into any agreement to make severance payments

For additional information on golden parachute payments, please see the Federal Reserve Board’s SR 03-6.

Purpose

Requires shareholders to receive prior regulatory approval before taking a controlling position in banks and bank holding companies.

Compliance Reminders

Stock transactions, such as treasury stock redemptions, may take a shareholder’s ownership over 10 percent of the outstanding shares of the bank or its parent bank holding company, which may require a change in control notification.

Prior notification is required, unless otherwise grandfathered under the regulation, if a share purchase would take a shareholder’s ownership to 25 percent or more of the bank's or its parent bank holding company's voting shares.

A transaction that takes a shareholders’ ownership over 10 percent of any voting class of stock may require filing a notification.

A shareholder’s ownership may be combined with others, as indicated in the regulation (e.g., immediate family members), in determining the need for a notification.

Placing 10 percent or more of bank or holding company stock in a trust or shareholder agreement may raise control or bank holding company issues and require filings under the Change in Bank Control Act or the Bank Holding Company Act.

If the bank or its bank holding company is being sold, terms of purchase options may give buyers control of the bank or company and require prior notification.

Purpose

Promotes diversification in a bank’s loan portfolio by limiting loans to a single, non-insider borrower. Single borrower includes family members, affiliates and business relationships.

The general lending limit to single borrowers for national banks is 15 percent of the bank’s capital and surplus, plus an additional 10 percent of capital and surplus if the loan is fully secured by readily marketable collateral.

Limits for state banks vary, depending upon the state of the charter. Often, the limit is set from 15 to 30 percent of a bank’s capital and surplus. State banking statutes should be consulted for specific lending limit information and for the method of calculating the limit.

It is important to note that banks often establish an internal or “in-house” lending limit to further diversify their credit risk. The level at which the board of directors sets the internal limit depends upon its risk tolerance. At many banks, the board sets the in-house limit at 50 percent or less of the bank’s legal lending limit.

Compliance Reminders

Be cognizant of the bank’s statutory lending limit and its internal lending limits.

Loans and investments that approach these limits represent significant exposure to the bank’s capital and should receive scrutiny.

Loans in excess of the legal lending limit may expose approving directors to potential liability in the event of default.

Overdrafts are loans to be included in the calculation of a borrower’s legal lending limit.

Purpose

Requires banks to protect customer information by:

• implementing a comprehensive written information security program that ensures the security and confidentiality of customer information;
• protecting the security and integrity of this information; and
• providing safeguards against the bank's unauthorized access or use.

The information security program is to identify internal and external risks associated with information technology systems and activities, ensure the implementation of risk-mitigating controls, and establish periodic tests of key controls, systems and procedures.

Compliance Reminders

Periodically test the key controls set out in the bank's information security program.

Supervisory guidance on controlling information security risks extends to third-party service providers.

Purpose

Prohibits lenders from discriminating against credit applicants, establishes guidelines for gathering and evaluating credit information, and requires written notification when credit is denied.

Compliance Reminders

Make credit decisions based on objective information regarding a borrower’s ability to pay, rather than any of the “prohibited bases.”

Generally, notify loan applicants of action taken within 30 days after receiving a completed application.

On credit primarily for the purchase or refinancing of a dwelling occupied or to be occupied by the applicant as a principal residence, and secured by the dwelling, collect the government monitoring information regarding applicant ethnicity, sex, marital status and age.

Purpose

Implements the National Flood Insurance Act which makes federally backed flood insurance available to owners of improved real estate or manufactured (mobile) homes located in high flood risk areas.

Compliance Reminders

Banks may not make, increase, extend or renew a loan on improved property located in a flood hazard area and in a “participating” community, unless the improvements are covered by flood insurance.

Failure to comply may lead to Civil Money Penalties and potential enforcement action.

Purpose

Prescribes uniform methods for computing the cost of credit, for disclosing credit terms, and for resolving errors on certain types of credit accounts.

Compliance Reminders

Inaccurate disclosure of credit terms, particularly understating the annual percentage rate of interest or the finance charge, can result in reimbursements to the customer.

Reg. Z requires certain pieces of information that must be disclosed to a borrower prior to extending credit:

• annual percentage rate (APR),
  
• term of the loan and
  
• total costs to the borrower.
  

Purpose

Implements HUD’s Real Estate Settlement Procedures Act (RESPA), which covers consumer real estate loans secured with a mortgage placed on a one-to-four family residential property. These include most purchase loans, assumptions, refinances, property improvement loans and equity lines of credit.

Compliance Reminders

Within three days of receiving a purchase-money mortgage loan application, the lender must furnish the applicant with a good faith estimate (GFE) of loan closing costs, a copy of HUD’s Special Information Booklet, and a mortgage servicing disclosure statement.

RESPA prohibits a person from giving or accepting anything of value (a.k.a., kickbacks) for referrals of settlement service business related to a mortgage loan.

It also prohibits a person from giving or accepting a charge for services that are not performed.