T COMPLIANCE Q&A SPRING 2023 BY BILL SHOWALTER, SENIOR CONSULTANT, YOUNG & ASSOCIATES, INC. TISA. Q: We have recently made a change that our online banking logins will expire after 18 months if a customer has not logged in. This may trigger them to begin being assessed paper statement fees, if they sign up for e-statements (there is no cost), as the paper statement fee is determined by an online account being established and maintained. The $3.00 paper statement fee is listed as one of our fees on our fee chart; however, customers don’t know that they have to log in every 18 months to keep their online account from expiring and therefore start incurring the paper statement fee. I feel that this should be disclosed in some way, but I’m not sure how best to do it. We can push a message to all online account holders. Would that be acceptable? A: Yes, the bank should have been disclosing this all along on its TISA account disclosures for the account affected because Regulation DD requires the financial institution to disclose both the amount of any fee that may be imposed in connection with the account (or an explanation of how the fee will be determined) and the conditions under which the fee may be imposed. Failing to log in at least every 18 months, in this case, is the condition under which the fee may be imposed. So, the conservative approach would be to send a corrective disclosure to your existing customers disclosing both the fee and the condition (logging on, etc.). Also, you need to make sure the TISA account disclosures for affected accounts include this information for future customers. ECOA. Q: My understanding of when providing an appraisal to an applicant is that if there is an application that has multiple first-lien dwellings, then the appraisal disclosure and appraisals would not need to be given to the customer. This is because Regulation B provides that this requirement applies to an “Application for credit that is to be secured by a first lien on a dwelling.” Am I correct on this issue? A: No, you are not. I find no exception to this requirement for transactions secured by more than one dwelling. As long as there is at least one dwelling with a first lien (mortgage or deed of trust), the requirement to provide a copy of any appraisal/valuation would apply. FCRA/Privacy Q: We recently made several minor changes to our Privacy Notice, but one more significant change under the section “Reasons we can share your personal information.” In that section, we changed from stating that “we do NOT share information with our affiliates for their everyday business purposes” to “Yes, we do share.” The bank owns 50% of a title agency that we share information with. My question is, do we need to mail the revised privacy notice out to our customers or could we include a statement message letting our customers know where to locate the most recent privacy notice on our website? A: Your question hits on an intersection of two regulations — Regulation V (Fair Credit Reporting) and Regulation P (Privacy). Regulation V lays out the requirements for sharing consumer information among affiliated entities, while Regulation P does the same for sharing consumer information with non-affiliated entities. They are joined to an extent because Regulation V (and the FCRA itself) allow its opt-out notice to be “coordinated and consolidated” with another similar notice — such as the Regulation P privacy notice. Regulation P explicitly provides for including the Regulation V/FCRA notice as an integral part of its model privacy notice. With that said, Regulation V requires that a bank give a consumer appropriate notice — either in writing or, if the consumer has agreed, electronically — before sharing the consumer’s information with an affiliate so that the affiliate may market to the consumer and give the consumer a reasonable opportunity to opt out of this sharing before the sharing occurs. All of this argues against merely using something like a statement message. There would not be room for the required language — and there is nothing in the rules that explicitly allow merely providing a web address (where the full notice may be accessed) as a substitute for the required notice. The best route would be to send revised privacy notices to affected consumers and provide them with the required opportunity to opt out of the sharing before the sharing with any affiliate commences. 16 Community Banker
RkJQdWJsaXNoZXIy MTg3NDExNQ==