Compliance changes coming this year

2022 illustration

Driven by uncertainty around the pandemic, few compliance reforms were realized in 2021. This year, regulators are considering reforms centered on the Community Reinvestment Act, the Fair Housing Act and more.

By Mary Thorson-Wright


Last year was quiet for compliance reform, but in 2022, some changes go into effect and several regulatory proposals take shape.

Here are the regulatory and risk issues that should be on community bankers’ radar this year. Many in this sample hold unknown results.

Changes going into effect

General Qualified Mortgage (QM) final rule. In April 2021, the Consumer Financial Protection Bureau (CFPB) delayed mandatory compliance for the General QM final rule from July 1, 2021, to Oct. 1, 2022. Lenders may use the old rule, the new rule or the Government Sponsored Enterprise (GSE) patch until then.

Home Mortgage Disclosure Act (HMDA) reporting thresholds. In April 2020, the CFPB increased the loan-volume coverage thresholds for financial institutions reporting data under HMDA. Effective Jan. 1, 2022, the current temporary threshold of 500 open-end lines of credit expires and reverts to 200.

Computer-security incident notification requirements. In January 2021, the Federal Reserve, FDIC and the Office of the Comptroller of the Currency (OCC) submitted a notice of proposed rulemaking to require banks to notify their primary federal regulator when they believe a “computer security incident” has occurred. Following a comment period, in which ICBA submitted a comment letter to the agencies expressing its concerns and recommendations, the agencies published a final rule in November 2021. The rule requires notification to regulators as soon as possible but no later than 36 hours after determining a notification incident has occurred. Further, the rule requires bank service providers to notify an affected bank if an incident could disrupt, degrade or impair services for four or more hours. The rule becomes effective April 1, 2022, with a compliance date of May 1, 2022.

Evolving proposals in 2022

Small business loan reporting. The Dodd-Frank Act amends the Equal Credit Opportunity Act (ECOA) to require reporting of certain business loans. In September 2021, the CFPB issued a notice of proposed rulemaking, which was published in the Federal Register on Oct. 8, 2021. Comments are due Jan. 6.

ICBA partnered with other associations … to encourage HUD to codify a standard of disparate impact consistent with U.S. Supreme Court precedent, FHA requirements and a clear legal framework to address unlawful discrimination.

Third-party oversight. The federal bank regulatory agencies issued separate rules on managing third-party relationships and risk. In July 2021, the agencies published it in the Federal Register and requested comments that were due last September.

Community Reinvestment Act (CRA). The OCC issued a change to national banks in May 2020 for the CRA, but it announced in September 2021 that it would rescind the rule and work with the Federal Reserve and FDIC on an interagency proposal.

Fair lending. The Department of Housing and Urban Development (HUD) proposed to rescind its 2020 changes to the Fair Housing Act (FHA) disparate impact rule, reverting to the 2013 standard. ICBA partnered with other associations on written comments to encourage HUD to codify a standard of disparate impact consistent with U.S. Supreme Court precedent, FHA requirements and a clear legal framework to address unlawful discrimination.

Potential issues in 2022

Credit reporting. Discussion has ensued regarding changes to the credit reporting system, including the use of alternative data, credit scoring and limits on the uses of credit information. The Financial Services Committee has constructed legislation to those ends.

Data access and UDAAP. In July 2021, President Biden issued an executive order about customer data access and the Unfair, Deceptive, or Abusive Acts and Practices (UDAAP) Act. It encourages the CFPB to commence rulemaking about customer access to financial data and to keep enforcing UDAAP. In March 2021, the CFPB rescinded a policy statement that adopted restraint in the agency’s enforcement of the prohibition on “abusive” acts and practices. As of November 2021, there had been no further action. However, community banks should continue to be mindful of UDAAP and its potential impact.

The community bank view

“The opportunities for fraud and cyber intrusion to bank clients and internal network structures is an ongoing focus,” says Jamie Santistevan, vice president of compliance, Bank Secrecy Act (BSA), anti-money laundering (AML), CRA and operations officer of $166 million-asset Native American Bank in Denver. “Supply chain issues and our current economic climate increases our ongoing risk of exposure.”

Tim Grooms, vice president and chief risk officer of $800 million-asset First State Bank in Winchester, Ohio, remains committed to strong compliance practices. “Our overall focus will continue to be a strong compliance management system, including increased fraud risk often associated with COVID-19-related programs,” he says.

Community banks will continue to address operational challenges, serve their communities and deliver on regulatory compliance.


Potential climate change compliance

In May 2021, President Biden issued an executive order directing federal agencies to act regarding climate change-related financial risks. In response, the Financial Stability Oversight Council (FSOC) issued a report in October identifying climate change as an emerging and increasing threat to U.S. financial stability. The report recommends new actions on climate change data, disclosure and scenario analysis. ICBA has issued a white paper in response to the order. Congress has also introduced its own bills concerning climate change regulation, including:

  • The Climate Risk Disclosure Act. It would direct the Securities and Exchange Commission (SEC) to issue rules for a public company to annually disclose its climate change risk exposure.
  • H.R. 1549. It would require federal banking regulators to include climate risk in supervision and examinations.
  • H.R. 3571. It would require the Federal Reserve to conduct stress tests on large financial institutions to measure their resilience to climate-related financial risks, including the risk of their customers and customers’ businesses.

Mary Thorson-Wright is a writer in Washington, D.C.