SRMD white.png
Lighthouse _2_.jpg



What's New?

The Online Compliance Consulting Dashboard has been enhanced!


Bureau FAQs

Bureau RegCast


OFAC Annual Report of Blocked Property


SFHDF Expiration (09/30/2023)

SCRA Notice Expiration (11/30/2024)


Small Business Lending FAQs



Corporate Transparency Act Quick Bite


Visit for more information.

Calendar Items

08/29 - Reg. B Small Business Lending Data Rule Effective *

08/29 - HMDA LAR Quarterly Submission (large filers)

09/01 - NCUA Cyber Incident Rule Effective

*On July 31, 2023, the U.S. District Court for the Southern District of Texas ordered the CFPB not to implement or enforce the small business lending rule against plaintiffs in Texas Bankers Ass'n, et al. v. CFPBet al., No. 7:23-cv-00144, and their members. That order, a copy of which is available here, stays all deadlines for compliance with the small business lending rule for plaintiffs in that case and their members.

Featured Content

New Observations in UDAAP

As our readers are aware, even if you comply with the myriad of compliance regulations and provisions that apply to our day-to-day activities, an institution can still run afoul when it comes to Unfair, Deceptive, and Abusive Acts and Practices (UDAAP).


Because of that, it is very important to remain continually aware of what the UDAAP “hot spots” are. To that end, the CFPB’s recently-issued “Supervisory Highlights” covers a lot of ground.


The latest issue of Supervisory Highlights reports on CFPB findings of UDAAP across a wide array of consumer financial product lines.

What UDAAP Issues are the CFPB Finding?


In keeping up with this topic, institutions should be aware of the following areas and findings as reported by the CFPB:   

  • Auto Loan Origination – The CFPB noted deception in advertising in instances where pictured automobiles were significantly larger, more expensive, and newer than the advertised loan offers were good for. 

  • Key TakeawayConsider representations made in your advertisements, even graphics and pictures, to ensure they are not misleading.

  • Auto Loan Servicing – The CFPB noted various servicing practices that were deemed to be either unfair or abusive. This included: a) the charging of interest on options that were not actually part of the collateral, b) the discontinuation of ACH payments for the final payment made on the loan without sufficient notice, and c) the engagement of a “blanket practice of cross-collateralizing loans” that impacted the consumer from redeeming their repossessed vehicles.

  • Key TakeawayEnsure systemic settings are adjustable to support the terms of individual transactions. Review impactful terms that can get lost in the fine print and consider meaningful communication where needed. Review practices related to cross-collateralization for unfairness.

  • Debt Collection – The CFPB observed deception in multiple areas of debt collection. They note that debt collectors were using deceptive representations in the collection of work-related medical debt. They also noted, as a deceptive practice, promises to reverse interest assessed on debt, when the debt collector failed to do so.

  • Key TakeawayWhile compliance with the Fair Debt Collection Practices Act is integral for compliance, ensure that collectors do not implement deceptive strategies in their processes.

  • Deposits – In the area of deposits, the CFPB observed as unfair the assessment of both an NSF fee and a line of credit transfer fee on the same transaction. It was noted that a consumer could not avoid this substantial injury and would be contrary to the consumer’s expectations when enrolling in the line of credit program. It was noted that the institutions where this was observed believed they had safeguards in place to not assess both fees on the same transaction. 

  • Key Takeaways When implementing systemic safeguards, ensure that they are properly checked for effectiveness and will work in a variety of situations. 

  • Information Technology – In the CFPB’s review of information technology controls, it was noted that institutions engaged in unfair acts or practices due to their failure to implement adequate technology controls.

  • Key Takeaway - In the scope of strengthening UDAAP controls, don’t overlook this area of your institution. Consumers do not have control over an institution’s security controls and are unable to avoid injury if they are not adequate. This can include controls related to password management, number of log-in attempts, and multi-factor authentication.

  • Mortgage Servicing – In the area of Mortgage Servicing, the CFPB noted two UDAAP-related issues. First, it was noted that servicers engaged in an unfair practice when they delayed processing borrower requests to enroll in loss mitigation options, based on incomplete applications. Second, the CFPB observed that servicers engaged in deception in informing consumers that they would evaluate a loss mitigation application, but then proceeded with foreclosure without completing the evaluation. 

  • Key Takeaway Servicers should review loss mitigation practices related to the processing and evaluation of applications to ensure that consumer communications do not misrepresent the process or result in unfair delays.

Institutions that participate in payday and small-dollar lending will want to review the CFPB’s Supervisory Highlights for other UDAAP-related observations.

What Else Does the Supervisory Highlights Say?

As the CFPB’s report covers observations from their supervisory activities, the contents also include findings related to compliance with Federal consumer financial law that goes beyond UDAAP. It also covers recent developments in the CFPB’s supervision program as well as a recap of recent remedial actions.


Interested persons are encouraged to review the Supervisory Highlights - Summer 2023 in its entirety for additional details. 

FinCEN Update - Growing Concerns on Tax Evasion

In a recent issuance, FinCEN details increasing concerns related to tax evasion and workers’ compensation insurance fraud in the residential and commercial real estate construction sector.


These fraudulent schemes result in the loss of hundreds of millions of dollars to state and federal tax authorities. These activities are often carried out by networks of individuals and shell companies, using banks and check cashers. Besides the loss of tax revenue, these schemes can also have a devastating impact on the local and national construction job market.


What Does This Look Like?


FinCEN describes these schemes as being perpetuated through shell companies that have been set up to allow certain construction contractors to avoid paying workers’ compensation premiums as well as payroll taxes. The shell company takes out a “minimal workers’ compensation” policy and rents or sells that policy to other contractors that employ a much larger number of workers than the policy is designed to cover, thereby committing insurance fraud. Also, the shell company facilitates tax fraud because the contractors use the shell company to pay their workers “off the books.”


A FinCEN graphic reflects a typical representation of the establishment of a shell company, followed by compensation fraud, as follows:

Financial institutions should be aware of various red flags that can serve as indicators for this type of fraud, such as:


  • The customer is a new (i.e., less than two years old) small construction company specializing in one type of construction trade (e.g., framing, drywall, stucco, masonry, painting, etc.) with minimal to no online presence and has indicators of being a shell company for illicit activity.

  • Large volumes of checks for under $1,000 are drawn on the company’s bank account and made payable to separate individuals (i.e., the workers), which are subsequently negotiated for cash by the payee.


BSA Officers, related staff, and other interested parties should review FinCEN’s Notice in its entirety, making note of all red flags and SAR filing instructions. The Notice may be found here

Credit Unions...The Time Has Arrived!

The NCUA final rule, to implement cyber incident notification requirements, becomes effective on September 1st.   


Under that rule, federally insured credit unions must provide notification to the NCUA, within 72 hours, after it reasonably believes that a reportable cyber incident has occurred. 

A new resource focused on these notification requirements is now available. Earlier this month, the NCUA issued 23-CU-07 that provides summary information, along with a notification framework. Implementation guidelines were also provided that touch on:

  • updating your incident response plan,
  • reviewing service provider contracts,
  • training employees,
  • monitoring and reviewing your reporting process, and
  • documenting incidents.

All federally insured credit unions should ensure a framework for adhering to these newly effective requirements is in place and ready for use. Interested parties may find the NCUA’s published final rule here. Also of interest is the NCUA’s 23-CU-07 and their Cyber Incident Reporting Quick Reference Guide.

What's New in the BSA/AML Exam Manual?

Just in case you missed it…earlier this month, the FFIEC announced some updates to the BSA/AML examination manual. The updates are not to be considered as new instructions, but offer greater transparency.  


Updates include the following:


While links to the updated sections are included in the bullet list above, interested persons may find the FFIEC announcement here.  

Convenient and Affordable Compliance Assistance

Do you know someone that needs help preparing for the upcoming regulatory requirements? As you know, we can help with our Online Compliance Consulting Services, which combines the ease of online tools with the guidance of a compliance expert.


Clients have access to an online compliance expert who:

  • Answers compliance questions;
  • Reviews new policies and disclosures for compliance; and
  • Trains Boards of Directors on upcoming regulatory requirements.


Clients also receive access to our online tools, including:

  • Our Compliance Calendar;
  • Our Regulatory Deadline resources and Implementation Checklists enable our clients to determine what steps they need to take to comply with new requirements and track progress as they implement them;
  • Our exclusive Knowledge Base of compliance Q&As; and
  • FREE access to our quarterly Be Prepared! webinar series.


For anyone interested in a free Demo, please have them contact Rhonda Coggins at 

(512) 703-1509.