Posted by Anthony Demangone
Yesterday, the FDIC announced a $2 million civil money penalty against Monterey County Bank of California. The bank was slammed by the FDIC for what it considered to be "unfair and deceptive" practices related to the bank's balance transfer credit card and debit card program. If you read the FDIC's order, you'll soon ask yourself this: who was looking out for the management of compliance risk related to these programs?
While the FDIC doesn't come out and say what the bank allegedly did, you can infer what the problem was by what the bank must stop doing. Here are a few practices that must stop:
- Offering credit cards which are intended for the transfer and payment of charged-off consumer debt ("Balance Transfer Credit Cards") without disclosing the age of the debt and the fact that the transferred debt is time-barred and/or no longer reportable by credit reporting agencies;
- Offering Balance Transfer Credit Cards to consumers when the Bank does not have sufficient substantiation that the debtor is obligated for the amount of indebtedness subject to the Balance Transfer;
- Refrain from misleading consumers about the utility of Balance Transfer Credit Cards advertised as credit cards when, in fact, the consumers have no available credit at the time the credit card is issued; and my favorite claim,
- Refrain from misrepresenting debt collection programs as a credit card offer.
Yikes. So now the bank must pay $2 million to make the FDIC go away. But that's not all. As I read the FDIC order, it almost sounded like the FDIC said this: You guys do not respect or understand the importance of compliance. If you aren't willing to build a good compliance program, we'll force you to do it. Here's what they must do on that front:
- The bank's board agreed to participate fully in the oversight of the bank's compliance system, including the approval of appropriate policies and procedures;
- The board has to create a board compliance committee, made up of 3 board members. The committee must meet at least monthly to review minutes of the compliance committee, compliance officer reports, compliance program management audit reports; and compliance program policies, and compliance with the FDIC's order.
- The board compliance committee must report to the board each month, noting review and approval of all items, and noting who dissents.
- The board must allocate appropriate resources toward the compliance function. The compliance officer must have direct access to the board and board compliance committee
- AND THE FDIC MADE SURE TO PUT THIS IN ABOUT THE COMPLIANCE OFFICER'S AUTHORITY AND RESOURCES: The board must ensure that the Compliance Officer has and retains sufficient authority and independence to implement policies related to Consumer Laws and to institute corrective action as needed. This authority shall include the ability to cross departmental lines, have access to all areas of the Bank's operations, and effectuate corrective action upon discovering deficiencies. The board must also ensure that the Compliance Officer receives ongoing training, sufficient time, and adequate resources to effectively oversee, coordinate, and implement the Bank's Compliance Management System,
I could go on, because there's more. There's more about the supervision of third parties. The development of an effective compliance system. Training. The compliance officer. Independent audits. And more.
This order is the perfect road map for any credit union that wants to build a solid compliance program. File this one away, folks. There is a ton of useful information and great ideas in there.