Point to Ponder- Pot

First Pot Penalty Violations

Missouri, Oklahoma, and Arkansas are just some examples of states that are now permitting marijuana related businesses. With many states seeing new laws passed allowing for some type of marijuana or cannabis sales, financial institutions must learn to adapt.

A small credit union in Michigan was penalized by Federal Regulators for not following the strict guidance established. The Financial Crimes Enforcement Network (FinCEN) issued guidance to banks and credit unions that outlined obligations when they elect to serve the cannabis industry. The guidance says financial institutions should verify where a marijuana business is licensed, get an understanding of the business’s normal activity, and conduct ongoing monitoring for suspicious activity.

The enforcement action underscores the importance of adhering to long-standing nationwide guidance on how to mitigate the risks associated with a drug that remains illegal under federal law. The credit union must stop opening new marijuana-related accounts, and file missing suspicious activity reports. The National Credit Union Administration is also requiring the institution to implement an automated transaction monitoring system by April 30.

Nationwide, approximately 680 banks and credit unions are actively banking marijuana-related businesses. However, not all of them may actually have programs for serving the cannabis industry and for complying with all federal guidelines. Is your institution prepared for cannabis related businesses? Do you have policies and programs in place? Let ABS help you prepare.

Core Values

Core Values: What you believe to be most important in the way you live, lead, and do business. Your values support your vision of life and business, the outcomes you desire, the impact you want to have and the influence you want to create for others – your creed, your brand, your culture. They shape and become the culture of your life – your business and the lives of your team.

Most of us know what core values are and their importance but if we are honest, we do not do a very good job of living our values, and building our teams based on those common values. Yet, we are always trying to have the best CULTURE.

Company culture is increasingly becoming a differentiator for organizations of all sizes and across industries. A positive, productive culture has the power to make prospective employees and customers want to partner with you, and — just as important — stay with you. And the benefits don’t stop there: Over 50% of executives now agree that corporate culture can influence productivity, creativity, profitability, firm value, and growth rates.

But while it is usually easy to describe what your company does – the products and/or services it provides- it is not always as easy to define your culture. That is because culture is intangible. It is a feeling present in the workplace and throughout the company, and it can even reach people outside your organization.

How can you capture that unique feeling and focus on preserving your culture, or improving it, as you grow your business and welcome more people to your team? By identifying your company’s core values, you can better define your culture — your greater mission and reason(s) for existing as a company, beyond the tangible products or services you offer.

ABS surveyed 100 of our client’s employees – no CEOs or Presidents were included. The results speak for themselves. Remember one of the things we can all do to improve our bottom line is identify, communicate, and live our core values – build our culture. If you are unsure of how to start – ABS is here to help you!

Client Survey Results

  1. What are your institutions values and definitions of them? Want the list, ask us for it!
  2. Do you feel every employee knows what the institutions values are? 32% yes; 68% no (82 responses)
  3. Are the values discussed from the top down on a regular basis? 23% yes; 77% no (80 responses)
  4. Do you feel everyone interprets the values with the same definition and actions? 45% yes; 55% no (42 responses
  5. Does your institution use their values when hiring new staff? 68% yes; 32% not sure (23 responses)

OCC Updates

OCC Supervision Priorities for 2021

The OCC has released its bank supervision operating plan for the 2021 fiscal year. The OCC plans for supervision efforts to be flexible, recognizing the broad and specific impacts of the pandemic and resulting economic, financial, operation, and compliance implications.

Not surprisingly, the OCC stated many supervision efforts will focus on the pandemic. Specific points noted include:

  • Credit risk management, due to likely weaker economic conditions;
  • Residential and commercial real estate concentration risk management- particularly in sectors that were most affected by COVID-19;
  • Compliance risk management tied to pandemic- related activities such as CARES Act loan forbearance requirements or other consumer loan or account accommodations;
  • Fair lending exams and risk assessments, including those associated with pandemic-related loan accommodations and loss mitigation efforts.

Additional priorities touched on cybersecurity, CRA performance associated with new rules, BSA/AML compliance, impact of low-rate environment, and more. For the full list, see the OCC press release. Let ABS help make sure you are meeting these priorities. Contact us now!

OCC Proposes Rule Regarding the CRA General Performance Standards

As a follow-up to the final rule published in June, the OCC has now released a proposed approach to determine the CRA evaluation measure benchmarks, retail lending distribution test thresholds, and community development minimums. The proposal also explains how the OCC would assess significant declines in CRA activities levels in connection with performance context following the initial establishment of the benchmarks, minimums, and thresholds. Finally, the proposed rule would make clarifying and technical amendments to the 2020 final rule. Comments are now being accepted.

SBA Borrower Assistance

In past SBA articles we have provided details on how ABS can help your institution with packaging, servicing, selling the guaranteed portion and auditing your files to ensure your guaranty is secure.

We can also work with the financial institution’s potential borrowers in putting the application together.  We have clients that put us in touch with their potential SBA borrowers to work with them to gather all the needed information, fill out the correct forms and to review if the potential borrower is a good candidate for an SBA loan.  All the financial institution has to do is send the loan through its own review and approval process.  All this is at the cost of the potential borrower.

Plus, ABS has access to many services that small business owners may need for their back room operations.  These services include bookkeeping, accrual accounting, bill pay, payroll administration, invoicing, sales tax filing, compliance calendar, strategic planning and mentorship.  This is just a partial list.  These services may also benefit your current borrowers/customers as well.

To see how this process works and the costs for our various services, please contact us at 913-599-7471 or info@abs-core.com.   We welcome the opportunity to meet with you.

Security Overlooked

It seems the publicity of hacks and attacks on business networks has been quiet lately. Don’t be fooled into thinking your business is safe because all has been quiet. Security is a continuous and evolving practice that businesses should have a plan in place for and continuously monitor.

Many businesses are moving their hosting of security and business resources to the “cloud” as a solution to offload the responsibility of managing these resources in-house. While this is a sensible solution, keep in mind the business still has a responsibility of oversite of these services. If you are a financial institution, the Regulators still want to ensure you have knowledgeable oversite of these services and that institutions have sound security practices in place. If you are a business, don’t be fooled that someone else is watching over your security and you have nothing to worry about. You should continuously monitor their practices through reports available to you. Many services have Management Portals you can get dashboard reports without having to be technology savvy.

While the task of managing and understanding these security services can seem daunting, take heart that ABS can be a resource for helping you navigate these services and help you understand the reports and dashboards. We offer one time and contracted services to help educate, study and review these services and reports. Need help with choosing an outsourced solution, ABS can help there as well.

ABS is your trusted resource in helping your business thrive and survive. To see how this process works and services ABS offers, please contact us at 913-599-7471 or info@abs-core.com.   We welcome the opportunity to meet with you.

Supervisory Highlights on Consumer Compliance

In June 2019, the FDIC issued Consumer Compliance Supervisory Highlights. This publication includes a high-level overview of consumer compliance issues identified during 2018 through the FDIC’s supervision.

Five of the most frequently cited level 2 (Medium Severity) and level 3 (High Severity) violations included:

  • Truth in Lending Act (Regulation Z) – failure to properly calculate or disclose the finance charge or annual percentage rate for mortgage loans and disclosing fees on the closing disclosure that exceeded permitted tolerances;
  • Trust in Savings Act (Regulation DD) – applicable and accurate information not included on account disclosures;
  • Electronic Funds Transfer (Regulation E) – failure to properly investigate whether an error occurred and present the results of the investigation to the consumer within the appropriate timeframe;
  • Flood Disaster Protection Act (FDPA) – originating or renewing a designated loan with no flood insurance or an insufficient amount of flood insurance coverage; and
  • Equal Credit Opportunity Act/Regulation B – written notice of the applicant’s right to receive a copy of the written appraisal not provided to the applicant within three business days of receiving the application; higher fees for credit reports being charged for unmarried joint applicants than married joint applicants; erroneously obtaining information about the applicant’s race, color, religion, national origin, or sex in connection with a credit transaction for loan products prohibited from collecting this information; and failure to provide specific reason for adverse action to applicants for denied credit.

To read additional information presented in the Consumer Compliance Supervisory Highlights, the link is here.

If you have concerns with compliance or need assistance ensuring all necessary areas are reviewed, ABS is ready to help with any outstanding reviews or guidance you may need.  Please contact us at info@abs-core.com.

Upcoming Changes to Regulation CC

In June 2019, the Federal Reserve Board and the Bureau of Consumer Financial Protection issued a final rule amending Regulation CC – Availability of Funds and Collection of Checks.  The final rule implements a statutory requirement to adjust for inflation the amount of funds depository institutions must make available to their customers as required by The Dodd-Frank Wall Street Reform and Consumer Protection Act, as well as certain amendments made by the Economic Growth, Regulatory Relief, and Consumer Protection Act.

Under the final rule, the adjustments for inflation are based on the Consumer Price Index for Urban Wage Earners and Clerical Workers.  The final rule implements the first set of adjustments and provides a timetable for adjustments to be made ever five years thereafter.

The following dollar amounts will be impacted by the adjustments and will be effective July 1, 2020:

  • The $200 Rule (check deposits not subject to next day availability) adjusted to $225;
  • The $400 rule (time period adjustment for withdrawal by cash or similar means) adjusted to $450;
  • The new account threshold adjusted from $5,000 to $5,525;
  • The large deposit threshold adjusted from $5,000 to $5,525; and
  • The threshold for determining a repeat overdraft adjusted from $5,000 to $5,525.

For additional information regarding the changes, please review the published Regulation CC Amendments.  These changes will require updates to the financial institution’s Funds Availability Disclosures, Change Notices, poster updates, training materials and system updates.

As you start the process to implement these changes and would like some guidance or a secondary review to ensure all changes required have been identified, please contact ABS at info@abs-core.com.

Federal Regulators issue Frequently Asked Questions regarding CECL

Recently, the Federal regulatory agencies issued updated Frequently Asked Questions on the new accounting standard for credit losses, Current Expected Credit Losses (CECL).  The new standard will take effect in 2020, 2021 or 2022 depending on the institution’s characteristics.  The Frequently Asked Questions is intended to help institutions understand the regulators expectations under the new standard.

The Federal regulators continue to emphasize that:

  • Community institutions are not expected to need to adopt complex modeling techniques to implement the new accounting standard.
  • No one system is preferred over others. The agencies expect an array of credit loss estimation methods will be used under CECL.
  • The agencies expect institutions to make good faith efforts to apply the new credit losses standard in a sound and reasonable manner.
  • Institutions should continue preparing to implement the standard.

For the complete FAQ, please click here.  If you have questions regarding implementation of CECL, where to start or just need a sounding board, ABS is here to help guide you through the transition.

FDIC Warns of Importance of Vendor Contracts

The FDIC has issued a new Financial Institution Letter (FIL) FIL-19-2019 . This FIL discusses examiner observations about gaps in financial institutions’ contracts with technology service providers that may require financial institutions to take additional steps to mitigate risks and manage their own business continuity and incident response.

In recent FDIC examinations, they noted the institution’s contracts with technology service providers lacked detail regarding the rights and responsibilities for business continuity and incident response.  They noted some contracts did not require the provider to maintain business continuity plans or recovery standards or define the remedies if the provider doesn’t meet the recovery standards. Some did not identify the provider’s responsibility to notify the financial institution, regulators, or law enforcement.

The FDIC and other regulators will want to see that you have performed your due diligence, both before signing and during the contract term, to ensure that the provider has business continuity and incident response plans.  Financial institutions should ensure their contracts give them rights to see the plans, and/or see any testing completed on the plans.  If the service provider will not provide them, or they do not meet your standards, then you must mitigate your risk either through looking at different vendors or putting other controls in place to offset their shortcomings.

The FDIC also reminds depository institutions of their responsibility to notify their federal banking regulator of contracts or relationships with technology service providers that provide certain services.  These providers include check and deposit sorting and posting, computation and posting of interest, preparation and mailing of checks or statements, and other clerical, bookkeeping, accounting, statistical, or similar functions such as data processing, Internet banking, or mobile banking services.  This is required by Section 7 of the Bank Service Company Act (12 USC 1867).  You should check with your regulator for help with how they recommend you comply with the notification requirements.

As always, please contact ABS if we can help you identify potential vendors or provide assistance with your vendor due diligence for your current vendors

Phishing

No, I didn’t spell some people’s favorite pastime wrong (fishing) but with summer coming on I thought it pertinent to discuss some hackers’ favorite past time. Phishing is a scam in which a perpetrator sends an official looking e-mail message that attempts to obtain your personal and financial information. Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $30 million to phishing schemes in one year. But there are several things you can do to protect yourself.

  1. Set up recover phone number/email address.
  2. Use unique passwords for your accounts.
  3. Keep software up to date.
  4. Set up two-factor/multi-factor authentication- Multi-factor authentication makes is harder for scammers to log in to your accounts if they do get your username and password.

Older generations appear to have better cybersecurity knowledge and practices than younger tech users according to a report from Google. The report, in partnership with Harris Poll, found that despite negative stereotypes, older generations are more aware about security concerns and concepts than their younger counterparts.

The report surveyed 3,000 US adults between the ages of 16 and 50+ to determine their beliefs and practices regarding online security. Gen Zers aren’t as well-versed in security practices as they think they are, the report found. While 71% said they are too smart to fall for a phishing scam, only 44% said they actually know what “phishing” means.

Some 65% of respondents ages 25 to 49 said they are confident they won’t fall for phishing attacks, and 53% said they know what phishing means. As for Baby Boomers, only 55% were confident, but 71% said they understand what phishing is, the report found.

Password reuse was the highest among Generation Z, with 78% saying they used the same password for multiple accounts online.

While Gen Z may think they know more about cybersecurity risks and procedures than their older counterparts, the data says differently. Baby Boomers proved to have a better understanding of the importance in software updates than younger generations: 84% said they believed updating security software is absolutely essential, while 61% of Gen Z said the same.  Baby Boomers also demonstrated a greater overall understanding of phishing schemes, according to the report, leaving younger generations vulnerable to attack.

While many people’s hobby may not include fishing, you should avail yourself to what Phishing is and how to protect yourself. Who knows, you may find that fishing is something you like!

ABS is always ready to help you audit your phishing security and help you ensure your organization is protected. Let us know how we can help.