Compliance myths… debunked

Don’t let regulation hinder your bank’s creativity. Before dismissing a new idea for a product or service, it pays to get the facts.

By Mary Thorson Wright

The only thing that interferes with my learning is my education.” —Albert Einstein
What has formed your compliance education? Hearsay and watercooler conversations? What’s “always been done”? Myths and misconceptions about compliance reduce program effectiveness and stifle creativity and innovation, which are essential to community bank survival and growth. Before you dismiss a creative or inquisitive thought about compliance, ignore tradition and dig into what the regulation actually says.

On the next page, we look at some common myths and misconceptions about regulation and give examples of how you can make it work for your bank’s creative development process, not against it.

MYTH: Customers can’t withdraw money from a certificate of deposit (CD) at all.

FACT: Federal Regulation D—Reserve Requirements of Depository Institutions—provides the definition of time accounts (CDs), including the terms and conditions that must be present to support the account, in Section 204.2(c)(1). Under Regulation D, a “time deposit means … a deposit that the depositor does not have a right and is not permitted to make withdrawals from within six days after the date of deposit unless an early withdrawal penalty of at least seven days’ simple interest [is imposed] on amounts withdrawn within the first six days after deposit.”

So, during the first six days, if a bank allows a customer to withdraw any amount from his or her CD, it must impose a penalty of at least seven days’ simple interest on the amount withdrawn. If the bank hasn’t imposed early withdrawal penalties under those conditions, the account ceases to be a time deposit and the bank must classify it as another type of account, such as a savings deposit or transaction account.

Whether the bank allows depositors to withdraw funds from time deposits and whether it imposes an early withdrawal penalty after the first six days of the deposit are generally matters of bank policy, the account contract and the discretion
of management.

MYTH: Some customers want to pay bills with direct debits from a savings deposit account. That’s not allowed, is it?

FACT: The law does not prohibit it. However, there are rules about the number and types of debits allowed, based on the definition of savings deposit in Regulation D (Section 204.2(d)(1)). Savings deposits include statement savings accounts, passbook savings accounts and money market deposit accounts. To be considered a savings deposit, under the terms of the deposit contract or by practice of the bank, the depositor can make up to six transfers and withdrawals, or a combination of such transfers and withdrawals, per calendar month or statement cycle of at least four weeks to another of his or her accounts at the same institution, or to a third party. He or she can make these transfers or withdrawals using a pre-authorized or automatic transfer; a telephonic (including data transmission) agreement, order or instruction; or a check, draft, debit card, or similar order made by the depositor and payable to third parties.

The most successful banks [use] laws and regulations as guidelines and to provide a framework for their activities.

For compliance, the bank must either prevent transfers or withdrawals to ensure that no more than the permitted number are made, or it must adopt procedures to monitor those transfers on an ex post basis and contact customers who exceed the established limits on more than an occasional basis. If the bank doesn’t enforce these transaction restrictions, it may need to classify the account as another type of account.

MYTH: We’d like to offer a no-fee checking account to fit low- and moderate-income customers and small businesses, but it’s prohibited.

FACT: Fees on deposit accounts are primarily at the bank’s discretion, as long as they are disclosed and advertised accurately and in compliance with the requirements of Federal Regulation DD—Truth in Savings Act. This prohibits misleading or inaccurate advertisements, specifically the use of terms like “free” or “no cost” if the bank imposes any maintenance or activity fee on the account.

That said, even if there is no maintenance or activity fee for a checking account designed to meet the needs of low- and moderate-income customers and small businesses, it’s wise to avoid using terms that could trigger regulatory scrutiny, such as “free” or “no cost,” while still describing accurately and clearly the terms and conditions of the account.

MYTH: We haven’t explored online or mobile banking because those types of products can’t be offered safely.

FACT: “Online banking and mobile banking have very similar risk profiles,” explains Christina Churchill, principal, RSM US LLP and ICBA Community Banker University instructor.

“As mobile phones have become handheld computers, customers are often accessing online sites via their mobile devices versus traditional PCs across unsecured Wi-Fi. Mobile apps are somewhat safer than mobile-enabled websites, as additional security is inherent in the applications; they were simply built specifically for this technology.”

Churchill says the best protection for financial institutions includes these best practices:

  • Development of any customer-facing product or service should involve the IT and compliance departments to ensure the bank identifies and addresses strategic, reputational, operational, and compliance risks.
  • Institutions need systemic controls to reduce the potential
    for unauthorized account access and prompt identification of fraudulent transactions.
  • Consumer education about privacy and cybersecurity is paramount to protecting private personal information.

For more information, refer to the FFIEC’s Information Technology Examination Handbook and related booklets ( You can find specific guidance related to mobile banking risk mitigation in Appendix E of the Retail Payment Systems booklet.

Ongoing security testing and monitoring are essential to a successful product, and third-party security experts may be needed.

MYTH: We haven’t offered electronic account access because customers in smaller communities like ours wouldn’t want it.

FACT: The internet is everywhere, and it touches communities large and small, rural and urban. Churchill says, “Perhaps a bigger myth is that ‘mobile is only for Gen X and the millennials, and my older customers won’t use it.’” The 2016 Digital Banking Report found 52 percent of people age 45 to 60 and over use mobile banking; in 2013, it was only 34 percent.

“Intergenerational communication via tablets and smartphones is driving familiarity: think grandchildren interacting with baby boomers,” Churchill adds. “Mobile devices have irrevocably changed the banking industry. Branch traffic has continually decreased, and your bank’s app is your front door.”

MYTH: The BSA/AML customer due diligence rules that will become effective in May 2018 are of no concern. We already have a customer vetting process in place.

FACT: The new rules (see next month’s Independent Banker) require financial institutions to implement procedures for developing a customer risk profile and perform ongoing customer due diligence (CDD), including identification of beneficial owners, to effectively monitor for suspicious activity. The rules also must be documented in the bank’s BSA/AML program as a “fifth pillar.”

“The impact of the new CDD rules on community banks will vary based on the health of the bank’s current CIP [Customer Identification Program] procedures and overall compliance program,” advises Laura Marshall, partner, Hunton & Williams LLP. “Many community banks are already in the habit of inquiring as to beneficial ownership for business customers, and they will need to be sure that the information currently being collected is consistent with new regulatory requirements. For others, the new rules present an opportunity to revisit their existing CIP and monitoring procedures and make enhancements. It is difficult to effectively manage risk, unless you have CIP procedures at the front end that essentially block would-be money launderers at the outset.”

Although it can be easiest to take a conservative approach to compliance, the most successful banks actively dispel regulation myths and misconceptions, using laws and regulations as a framework for their activities. Think creatively about regulation, analyze the elements of successful implementation, and use it to your advantage.

Mary Thorson Wright, a former Federal Reserve manager, is a financial writer in Virginia.