COMPLIANCE MONTHLY

December 2015
Compliance Monthly is intended to keep you informed of regulatory changes in advance of their effective
date so your institution can have the necessary policies, procedures and processes in place to be compliant
at the time of enactment.

Finalized Rules:
None.
Proposed Rules:
None.
Other Compliance News:

CFPB UPDATES RULE MAKING AGENDA FOR

2015-16
The CFPB updated its rule making agenda for the
remainder of 2015 and into 2016. The CFPB expects
to issue final rules on consumer protections for
prepaid cards in the spring of 2016 and on mortgage
servicing by mid-2016. The agenda also indicates
that a proposed rule to address lending and
collection practices for payday, auto title and similar
lending products could come in the first quarter
of 2016. The CFPB will continue with its early-stage
rule making on arbitration and conducting further
research on overdrafts, debt collection and lending
to small and women-and minority-owned businesses.

TILA-RESPA DISCLOSURE RULE GUIDANCE

OCC Bulletin 2015-42 was issued to provide
guidance regarding initial examinations of OCCsupervised institutions for compliance with the
Truth in Lending Act and Real Estate Settlement
Procedures Act Integrated Disclosure (TRID) Rule.
The rule went into effect on October 3, 2015.

CFPB RELEASES 2016 RURAL AND RURAL OR

UNDERSERVED LIST OF COUNTIES
The CFPB posted the 2016 rural and rural or
underserved counties lists for purposes of applying
various regulatory provisions. Rural counties are
generally defined by using the USDA Economic
Research Services urban influence codes, and
underserved counties are defined by reference
to data collected under the Home Mortgage
Disclosure Act.

CFPB ISSUED BULLETIN 2015-06 ON

REGULATION E PRE-AUTHORIZED TRANSFERS
The CFPB Bulletin clarifies the obligations of entities
obtaining customer authorization for preauthorized
electronic funds transfers. To be compliant, all
EFTs must be authorized by the customer in writing
and the customer must be provided with a copy
of the authorization terms that includes the timing
and amount of the recurring transfers. The CFPB
issued the bulletin after the CFPB observed that
some entities may not fully comply with Regulation
E requirements on EFT authorizations. The CFPB
also noted that authorization can be given over
the phone if the customer provides authentication
by using a code or PIN entered on the phones
keypad, or if the oral authorization is recorded and
retained by the requesting company and follows the
requirements of the E-Sign Act.

accumepartners.com

Compliance Monthly
December 2015

OCC UPDATES GUIDANCE ON CREDIT CARDS

The OCC updated its Comptrollers Handbook
guidance on credit card lending. The revised booklet
rescinds outdated guidance, updates guidance to
include thrifts, provides guidance to examiners on
assessing credit card risk management and addresses
the CARD Act.

Copyright 2015 Accume Partners, All rights reserved.

Information contained in Compliance Monthly is not intended to
provide specific advice and guidance. You should consult your own
professional services provider in connection with matters affecting
your own interests.

JOINT STATEMENT ON CYBER ATTACKS

INVOLVING EXTORTION
The Federal Financial Institutions Examination
Council (FFIEC) on behalf of its members has issued
a statement to notify financial institutions of the
increasing frequency and severity of cyber attacks
involving extortion. Financial institutions face a
variety of risks from cyber attacks involving extortion,
including liquidity, capital, operational, compliance,
and reputation risks, resulting from fraud, data loss and
disruption of service. The FFIEC statement reinforces
the importance of maintaining effective programs
to identify, protect against, detect, respond to and
recover from these types of attacks. The statement
outlines various steps financial institutions should
consider taking to prevent cyber attacks.

NEW CYBERSECURITY TOOL AVAILABLE

To assist financial institutions in collecting and
scoring responses to the Federal Financial Institutions
Examination Councils Cybersecurity Assessment
Tool, the Financial Services Sector Coordinating
Council has released an Automated Cybersecurity
Assessment Tool. The tool uses language specific to
the inherent risk profile categories and cyber maturity
levels articulated in the FFIEC tool and incorporates it
into a user-friendly Excel spreadsheet that indicates
risk criteria and cyber maturity levels. The spreadsheet
can then automatically calculate these results into
a series of graphs and charts to illustrate where users
may need to improve their preparedness efforts.

accumepartners.com

Compliance Monthly
December 2015

ABOUT ACCUME PARTNERS

Accume Partners provides the financial industry with regulatory compliance, internal audit, technology
and enterprise risk management services. Through these key areas of focus, Accume is able to remain at
the forefront of changing needs and regulations of its clients, bring balanced perspectives and the specialized
knowledge necessary to serve todays banks and financial institutions.
To learn more, please visit our website at accumepartners.com.
For more information, please call or e-mail any of these Accume Partners contacts:

Steven Peck
Managing Director, Compliance
610.803.1617
speck@accumepartners.com
James Nemecek
Director, Compliance
215.565.6576
jnemecek@accumepartners.com
Paul Nobbs
Managing Director, NJ Banking
and Financial Services
609.332.7132
pnobbs@accumepartners.com
Glenn Hoffman
Managing Director, Technology
Risk Management
203.803.7345
ghoffman@accumepartners.com

David Smith
Director, Compliance
570.606.7423
dlsmith@accumepartners.com
Mark Lindig
Chief Executive Officer
646.476.1961
mlindig@accumepartners.com
Nicole Lloyd
Managing Director, Mid-Atlantic
717.903.3142
nlloyd@accumepartners.com
K.D. Mehra
Managing Director, NY Banking
347.576.5652
kmehra@accumepartners.com
Michael Barrack
Managing Director, Risk Director
and Cybersecurity Services
702.461.8682
mbarrack@accumepartners.com

accumepartners.com