Horizon Scanning

Following last issue’s review of compliance in 2016, we look at how community banks will meet the challenges of compliance in 2017

By Mary Thorson Wright

When we visited with compliance officers at the end of 2016, they were looking ahead and projecting timelines, resource requirements and organizational effects for regulatory changes coming to fruition in 2017 and beyond. Now, with numerous demands from Dodd-Frank in the rearview mirror, they are taking a deep breath and launching efforts to begin anew with a continuous stream of regulatory changes.

Bank Secrecy Act and anti-money laundering (BSA/AML) compliance again requires attention for enhanced due diligence beneficial ownership rules effective May 11, 2018. Under these rules, community banks will have to collect and verify the personal information of the individuals who own and control companies that open accounts; understand the nature and purpose of customer relationships to develop customer risk profiles; and continuously monitor the businesses and beneficial owners to identify and report suspicious transactions. The bank can use a standard certification form to collect the information provided by the customer for verification, only if the bank has “no knowledge of facts that would reasonably call into question the reliability of the information.”

First State Bank, a community bank with $435 million in assets located in Winchester, Ohio, is now turning its attention to addressing beneficial ownership rules. Tim Grooms, the bank’s chief risk officer, points to bank growth in both assets and employees, and a growing community of customers and prospective customers, as critical reasons for the bank to take an enterprise-wide approach to the beneficial ownership rule changes, as well as other regulatory requirements.

“In 2016, TRID [Truth in Lending Act – Real Estate Settlement Procedures Act Integrated Disclosure rule] took center stage, and we diverted resources to meet the challenge,” he says. “Our organization has changed, and our customer base is changing. We must employ our resources as effectively as possible to meet the new requirements, train our staff and effectuate internal controls, and we must understand the customer base we have now, not the one we served several years ago.”

Changes to the HMDA process
Preparation for implementing the revised Home Mortgage Disclosure Act (HMDA) rule began in 2016. In 2017, HMDA reporters should be working—in many cases with their vendors—to update systems, procedures, data collection and reporting, and employ training
focused on bringing staff and management up to speed to comply with the increased data reporting requirements.

“These HMDA changes are significantly complex and may be as big, if not bigger, an operational challenge for community banks than TRID was and is,” observes Jim Bedsole, senior vice president, chief compliance and risk officer for BankSouth, a $531 million-asset bank in Greensboro, Ga. “Start preparations early.”

Melody Andrus, Bank Secrecy Act and compliance officer at Pioneer Bank, a $757 million-asset community bank headquartered in Roswell, N.M., chairs the HMDA Committee, whose purpose is to address the pending HMDA changes across the enterprise.

“In 2016, the HMDA Committee was formed to prepare for the upcoming HMDA changes,” says Andrus. “We’ve been studying communications from our vendors and the requirements of the new reporting, evaluating how we will need to change to accomplish it. Our committee will now focus on training, actually rolling out the data collection and reporting process, and testing our ability to report data to the CFPB before we go live.”

From transaction to risk
In April 2016, the Federal Financial Institutions Examination Council issued a proposal to revise the Consumer Compliance Rating System on the basis of compliance risk and to address regulatory, supervisory, technological and market changes that have occurred since the system was established in 1980. The final rule updating the Consumer Compliance Rating System—substantially the same as the April proposal—was published in November 2016.

Regulators generally expect that banks will have conducted risk assessments of most areas of compliance. This is a priority for Krystal Gaskill, chief financial officer and compliance officer for North Valley Bank, a $150 million-asset bank in Thornton, Colo.
“In 2017, we will build risk assessments for any new requirements and enhance the risk assessments we’ve already built,” she says. “In this volatile compliance environment, cybersecurity, privacy, fraud and the Unfair, Deceptive or Abusive Acts or Practices Act have emerged as areas of concern. Focusing more on risk assessments will help us manage and mitigate our risk exposure.”

In the coming year, community banks will face the compliance challenges of the industry. They must draw on their ability to change, to shift resources to the greatest need and to shore up both technical and managerial compliance requirements.

Jacque Eberhart became the compliance officer and real estate loan officer at the $93 million-asset Peoples Savings Bank in Wellsburg, Iowa, in January 2016. She sums it up succinctly: “Many employees wearing many hats to get everything done.”

Mary Thorson Wright, a former Federal Reserve System managing examiner, is a financial writer in Virginia.