Pub. 3 2023 Issue 1

As we enter 2023, our industry is faced with unprecedented risk management challenges amid rapid technological and competitive changes. Federal and state authorities have recently issued guidance to address paradigm-altering shifts such as climate change, artificial intelligence (A.I.), cryptocurrency, digital and mobile banking, credit models, data security, and more. Financial institutions should understand how these changes could affect their operating model and strategy. Below are highlights of recent select regulatory guidance. Learn how they might affect community banks in the near term and discover the steps banks can take to successfully prepare themselves for a shifting compliance backdrop. Climate Risk Large financial institutions first are impacted. The Federal Reserve Board will conduct a pilot to analyze climate-related financial risk involving the six largest U.S. banks in early 2023. Modernize the Community Reinvestment Act Mainly affecting retail lenders, changes to the CRA would — among many other things — increase access to credit, investment, and basic banking services in areas where it is needed most; generally, in low- and moderate-income communities. Small Business Lending Data Collection Most U.S. financial institutions will be impacted when implemented in 2023. Lenders will be required to annually report small business credit application data, including credit purpose, loan amount, business info and location, gross annual revenue, NAICS code, and more. Expansion of UDAAP Standards The expansion broadens the scope of consumer activities subject to UDAAP beyond lending to include advertising, pricing, servicing, reporting, payments, and collections. However, a lawsuit by several banking trade associations seeks to prevent the expansion of CFPB’s UDAAP role beyond its Dodd-Frank Act statutory authority. Reporting Credit Decisions that Use Complex Models/ Algorithms Lenders using A.I., machine learning, and/or complex credit models must disclose the precise reason(s) for credit denials as required by the Equal Credit Opportunity Act. Adverse action notices must also be timely and provide accurate reasons for denial, as mandated by current requirements. Enhanced Consumer Privacy Laws Five states have already enacted enhanced regulations: CA, CO, CT, VA, and UT. CA has already placed them into effect; CO, CT, VA, and UT state requirements became effective in 2023. Six other states have active legislation pending: MA, MI, NJ, NC, OH, PA. Oversight of BankThird-Party Risk Management (TPRM) Vendor/third-party relationships are generating renewed regulatory scrutiny, especially fintech partnerships. Ineffective TPRM could be cited as unsafe or unsound practice. Banks must demonstrate TPRM through documentation of third-party relationships, conduct audit and performance reviews, and require third parties to provide data that confirms the quality and sustainability of controls to meet service agreements. By Gale Simons-Poole, Chief Regulatory Relations Officer, BHG Financial NAVIGATING THE POTENTIAL IMPACT OF RECENT REGULATORY GUIDANCE 26 | The Show-Me Banker Magazine

RkJQdWJsaXNoZXIy ODQxMjUw