Banking Exchange Magazine Logo

Compliance challenge continues…

Regulatory outlook for 2018, rule by rule with links

  • |
  • Written by  Pam Perdue & Donna Cameron, Continuity
Better load up your calendar. Compliance is going to have another busy year! Better load up your calendar. Compliance is going to have another busy year!

The first article in this series, “2017 regulatory review: a mixed bag,” recounted 2017’s many regulatory surprises. As the focus shifts forward, pending regulations and upcoming implementation dates illuminate a rough outline of the year.

Below we distinguish between rules already effective and those still in the proposal stage, recapping each in chronological order.

A few high-level predictions:

• Don’t be surprised to see rules amended shortly after being issued, while other controversial rules linger in limbo.

• Pace and volume of new regulation will remain steady despite deregulation efforts and intent.

• The Consumer Financial Protection Bureau will be dramatically changed by new leadership.

• Fintechs will continue to siphon market share from banks.

• Cybersecurity will remain front-of-mind.

Given these diverse predictions, maintaining a strong compliance management system is certain to remain a focal point for those struggling to deal with a volatile environment.

Diving into the details of the final rules already in place gives a starting point for addressing the challenges 2018 is sure to bring.

Final Rules with 2018 Effective Dates

Late breaking news: CFPB on Jan. 25 modified the prepaid accounts rule and postponed its effective date until April 2019, so that is not in play in the near term.

Jan. 1: New Home Mortgage Disclosure Act, including Check Digit Tool, New Rate Spread Calculator

January brought the new HMDA along with a new online “Check Digit Tool” which supports the Universal Loan Identifier (ULI) requirements. The tool generates a two-character check digit when a company enters a Legal Entity Identifier and loan or application ID. It validates that a check digit is calculated correctly for any complete ULI a company enters.

CFPB also introduced a rate spread calculator to determine the difference between the loan’s APR and the applicable Average Prime Offer Rate (APOR).

Jan. 1: HMDA-Related Equal Credit Opportunity Act (Reg B) and Community Reinvestment Act (Reg BB) Amendments

Amendments were made to align existing rules with new HMDA requirements. Changes allow financial institutions to collect the expanded demographic information now required by HMDA. Definitions in CRA for “home mortgage loan” and “consumer loan” were updated. In addition content requirements for a bank’s CRA public file were amended.

March 1: NACHA ODFI Registration

Originating Depository Financial Institutions (ODFIs) must identify and register their third-party sender customers. Most financial institutions already gather this now-required information about ODFI and senders. The rule stipulates that NACHA can request additional information about a sender, if necessary.

March 16: NACHA Same-Day ACH Rules, Phase 3

Phase 3 of this multi-stage implementation requires financial institutions to provide same-day availability on same-day ACH credits (e.g., payroll Direct Deposits) by 5:00 P.M. local time. This rule applies to nearly all ACH payments, with the exception of international transactions and transactions of more than $25,000. NACHA estimates this rule will cover roughly 99% of current ACH volume.

April 19: CFPB Mortgage Servicing Amendments

Amendments related to successors in interest and consumers in bankruptcy go into effect. Clarification is provided for special circumstances where a successor inherits the property, such as through death or divorce. Other provisions address timing and frequency of notices to borrowers going through bankruptcy.

May 11: Customer Due Diligence (Beneficial Ownership)

FinCEN expanded customer due diligence to require identification of a business entity’s beneficial owners (i.e., persons who own 25% or more of the legal entity, or exercise management control). After the effective date, financial institutions must maintain a customer risk profile and perform ongoing oversight, including suspicious activity monitoring, that takes beneficial owners into account.

July 1: Regulation CC Amendments

The Federal Reserve’s Regulation CC amendments were included in the previous article in this series. To encourage institutions to receive and send returned checks electronically rather than via paper, new warranties have been created and modifications made to the expeditious-return and notice of nonpayment requirements.

October 1: TRID Amendments

The latest TRID updates address common lender concerns by clarifying a host of procedural and disclosure requirements. Most changes only apply to applications received on or after Oct. 1, 2018. However, the provisions related to escrow closing notices and partial payment policy disclosures apply regardless of when the application is received.

Proposed Rules

Comment periods have ended on the following:

Aug. 1, 2017: Regulation CC Amendment

Currently, the regulation does not indicate whether a check is presumed to be altered or forged. The proposed amendment would adopt a presumption of alteration if there is insufficient evidence to determine whether a particular check was altered or forged.

Sept. 29, 2017: Appraisal Threshold Adjustments

Raising the appraisal threshold from $250,000 to $400,000 for commercial transactions may significantly reduce burden, without threatening safety and soundness. Under the proposal, commercial real estate borrowings below the threshold could, at a financial institution’s discretion, be evaluated internally or by less formal means than being appraised by a licensed or certified appraiser.

Nov. 17, 2017: CFPB Mortgage Servicing Amendments

Last October, CFPB proposed more amendments to the Mortgage Servicing rules; specifically, to revise timing requirements for servicers to transition to providing a modified or an unmodified periodic statement or coupon book for borrowers who are in bankruptcy.

Dec. 26, 2017: Regulatory Capital Rules under Basel III

A joint proposal in September by the Office of the Comptroller of the Currency (OCC), the Federal Reserve, and FDIC offers to simplify the Basel III regulatory capital rules for all but the largest banks.

Under the proposal, smaller institutions would enjoy simplified treatment of assets subject to common equity tier 1 capital threshold deductions and limitations on minority interest. More straightforward measures would replace the definition of high-volatility commercial real estate exposures.

Jan. 22, 2018: Stress Testing Design Framework

The Federal Reserve proposed to amend its policy statement on the scenario design framework for supervisory and company-run stress testing. The amendments would clarify when the Fed may adopt a change in the unemployment rate in the severely adverse scenario of less than 4 percentage points; institute a counter-cyclical guide for the change in the house price index in the severely adverse scenario; and introduce wholesale funding costs into the scenarios.

Comment periods remain open but will be expiring on the following:

Feb. 15: Director Responsibilities

New supervisory guidance on directors’ core responsibilities, including how boards oversee various types and levels of risk, and how to align business strategy with those risk decisions, was offered by the Federal Reserve in September 2017.

The most significant of the proposed changes clarifies that most Matters Requiring Immediate Attention (MRIAs) and Matters Requiring Attention (MRAs) should be communicated to senior management for corrective action, rather than to the board of directors.

This reduction in board effort would allow the board to better perform its core functions and duties rather than being spread too thinly across tasks better suited for a bank’s executive team.

March 9, 2018: FDIC Prohibitions on Banking

FDIC proposes to decrease the number of offenses that might disqualify a person from participating in banking. The current de minimis exceptions would be expanded to include insufficient funds checks of aggregate moderate value; small dollar, simple theft; and isolated, minor offenses committed by young adults.

Other developments to monitor

CFPB’s Future

Since our previous article, Mick Mulvaney has remained in the role of acting CFPB director, sticking to his promise to place a 30-day freeze on rulemaking, guidance, and hiring. In addition he decided to use the bureau’s reserves to fund the coming budget cycle. The courts have upheld Mulvaney’s appointment thus far, which continues to generate industry controversy and is sure to impact the agency internally as well as in its public-facing duties.


Congressional intentions to promote regulatory relief through legislation will be tested in 2018. Having removed arbitration rules in the fall, and with legislation pending to repeal the Payday Lending Rule, Congress expressed its intention to amend the National Flood Insurance Program as well. Instead, it decided to once again “kick the can down the road” by renewing the existing program for five more years.

Congress expressed an interest in changing the CFPB leadership structure and putting a board over the director or having multiple heads. While Congress is unlikely to change the structure of CFPB until the unrest caused by Mulvaney’s appointment stops, they may resume their efforts later in the year. On the table: modifying the leadership structure, changing funding mechanisms, or abolishing CFPB altogether.

OCC Fintech Charter

OCC proposed its Special Purpose Charter for fintech firms in December 2016, to mixed reactions. The original proposal offered fintech organizations a clear pathway to becoming financial institutions, in some sense, subject to the same regulations as financial institutions.

Since then, the new Comptroller of the Currency, Joseph Otting, has expressed support in favor of regulations similar to the original proposal. Meanwhile, fintech firms have debated the merits of whether the special purpose charter would help or hurt their growth objectives. Expect to see further developments around the proposed fintech charter in 2018.


In 2017, New York paved the way for new cybersecurity regulation by requiring banks, insurance companies, and other financial services institutions to have a cybersecurity program designed to protect consumers’ private data.

New York was not alone: The National Conference of State Legislatures reports that 27 states enacted cyber-related legislation, and 42 states introduced 240 bills around cybersecurity.

At the federal level, 28 bills were introduced. Heightened awareness stemming from the Equifax breach turned up the heat on legislators and regulators to take action and attempt solutions to the growing problem of data protection.

Keep watching your calendars

Given the changes, there’s no time to relax our vigilance over regulatory change management. A review of 40 years’ worth of efforts shows regulation followed by deregulation. Change volume remains stable whether rules are getting stricter or more lenient—raw numbers of changes stay within the same narrow band of 65-85 per quarter.

The challenge is interpreting and applying the sometimes conflicting, often confusing directives hurled toward the industry at a furious pace.

If you’re asking “When will it stop?”—it won’t.

Successful compliance requires accepting this reality, and making sure your regulatory change management systems adapt swiftly and reliably.

About the authors

Pam Perdue is chief regulatory officer and executive vice-president at Continuity. Donna Cameron, CRCM, CCBCO, is director of regulatory I/O.

Continuity is a provider of regulatory technology (regtech) solutions that automate compliance management for financial institutions of all sizes. For more information about Continuity, please visit

Read "Pressure isn't coming off for compliance risk"

back to top


About Us

Connect With Us



Belt and Suspenders

Date/Time: October 19, 2:00 CT / 3:00 ET

How Multiple Layers of Defenses Work Together to Keep Your Bank Covered

Cyber threats and attack vectors are ever-changing, especially due to the current geopolitical climate and distribution of data. Financial institutions remain attractive targets for cyber criminals due to the amount of sensitive data they hold. Join CSI’s Director of Product Strategy, Sean Martin, for his insight into why and how institutions should embrace a holistic cybersecurity approach to strengthen their defenses against these evolving threats. You’ll learn: 


This webinar is brought to you by:
OneSpan logo