Pub. 2 2021 Issue 3

11 ISSUE 3 | 2021 William J. Showalter, CRCM, CRP is a Senior Consultant with Young & Associates, Inc. ( , with over 35 years’ experience in compliance consulting, advising, and assisting financial institutions on consumer compliance and compliance management issues. He has authored or co-authored numerous compliance publications and articles and developed and conducted compliance training programs for individual banks and their trade associations. Bill can be reached at (330) 678-0524 or I know Regulation Z provides that, if the product changes (which it did not in this case), a new CD and waiting period are required. But I did not know if this situation falls under that rule as well. A: Yes, a new CD is required. However, a new waiting period is not to correct this clerical error. Privacy. Q: I have a beginner’s question I think you may be able to help me with. In an effort to make sure all information available on our website is current and accurate, I found our Privacy Notice. For all intents and purposes, it seems compliant with Regulation P and our privacy policy, and it is based on the model form provided in the regulation. We noticed that the revision date at the top, December 2010, is more than a decade old and could cause a customer to question if the notice is actually current/reliable. I think that is a fair sentiment; however, the notice is current despite its age. Would removing the revision date from the notice trigger a new one to be mailed? I do not think that would constitute a privacy policy change to require a new mailing, nor do I think the revision date is required on the notice from my reading of Regulation P. In practice, I do think it is a good idea to keep track of the revisions, but not necessarily on the document in this particular situation. Am I correct in my understanding? A: I can understand that concern, but there is no requirement that the notice be updated on any particular frequency. It is updated when the bank’s privacy policy/practices change, whenever that is. So, having the same notice for 11 or so years is not a problem under Reg P. As far as having the revision date on the notice, I will point you to the General Instructions in the Appendix to Reg P. While the body of the regulation is silent about a revision date, the General Instructions in the Appendix does require it. Insider Credit. Q: When calculating Regulation O loans to insiders, how do we treat related interests? We have a director who is a senior executive of an LLC and owns 10.6% of the LLC. I am pretty sure he sets the policies and practices there. He does not guarantee the loan. Do we count 10.6% of the LLC loan or 100% of the LLC loan in his total Regulation O loans? A: You are correct. From your description, your director has “control” of the LLC since he “Has the power to exercise a controlling influence over the management or policies of the company or bank.” Therefore, extensions of credit to that related interest feed into your computations of insider lending limits – and you count the entire loan amount (100%), no prorating based on any ownership percentage in that related interest. Percentage of ownership comes into play in one of the tests of “control,” as well as in determining whether someone is a “principal shareholder.” Otherwise, it is not an issue. EFTA. Q: After going through a webinar on Regulation E errors and disputes, we have come to the conclusion that third-party payment applications (e.g., PayPal, Apple Pay, Cash, Venmo) do not fall under the Regulation E rules. During the webinar, it was noted that the financial institution may not be liable for unauthorized electronic funds transfers (EFT) initiated through third-party payment applications. The financial institution will not be liable if the “account” is held by a third party, it does not provide an access device (such as login credentials or debit card that the consumer can use to access the consumer’s account held by the third party), and it does not have an agreement with the consumer regarding the access device. With that being said, I would like to confirm that we are not obligated to give the customer credit for those types of “fraud” disputes, even under the $50. A: First, unless the customer is funding the particular transfer with a check, money order, cash, Bitcoin-type “currency,” or some other non-EFT method, then the method used to get their funds from their account at the bank does qualify as an “electronic fund transfer” (“any transfer of funds initiated through an electronic terminal….”). If the bank does not have an agreement with the third-party payor, it still has some EFT error investigation obligation, but that is limited to its own records (whatever it has within its four walls — actual & virtual — so to speak). So, the bank is not totally off the hook regarding investigation, but its role is rather limited when it has no agreement with that third party regarding EFTs to/from its customer’s “account” (that is accessed somehow to fund transfers through that third party). CRA. Q: If a bank originates a loan in an area that gives them CRA credit and they later sell the loan (servicing released), do they still get CRA credit for that loan? What if the loan originates in the bank’s name — do they get the CRA credit? On the other hand, what if the loan originates in the other bank’s (the one they are selling the loan to) name? Does the originating bank get the CRA credit? A: Generally, to get “credit” for a loan, it must be originated in the bank’s name. Whether it is sold later is not really an issue – that just allows the bank to lend more as it gets its funds back. The bank could keep records related to loans it originates in another bank’s name and share this information with examiners as additional information. Since the bank is acting as the other bank’s agent in such cases, rather than as the lender/creditor, it does not get full “credit” — after all, this is a loan of the other bank.  