CFPB Calls Out Religious Discrimination

In December, the CFPB issued its Fall 2021 Supervisory Highlights which gives us a glimpse at noteworthy items identified in exams from January – June 2021.  One area that caught our attention was regarding religious discrimination.

CFPB Calls Out Religious Discrimination

As you are likely aware, the purpose of Regulation B …

is to promote the availability of credit to all creditworthy applicants without regard to race, color, religion, national origin, sex, marital status, or age (provided the applicant has the capacity to contract); to the fact that all or part of the applicant’s income derives from a public assistance program; or to the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act…

In the particular case mentioned, examiners found lenders were using a questionnaire that specifically asked about the applicant’s religion in connection with small business loan applications.  These inquiries were then used in the credit decision, as an applicant who did not respond to the questionnaire was denied.

Religious discrimination can obviously be an issue but it’s one that we don’t see cited by examiners very often.  Thus, we felt it was important to bring this to your attention.  The CFPB obviously thinks it’s a big deal as well because they followed up with a Bureau Blog article on January 14th related to this finding. 

The blog also addressed the CFPB’s concerns related to artificial intelligence, which is something they’ve also otherwise touched on recently.  The blog states:

We’re particularly concerned about how financial institutions might be making use of artificial intelligence and other algorithmic decision tools. For example, let’s say a lender uses third-party data to analyze geolocation data to power their credit decision tools. If the algorithm leads to an applicant getting penalized for attending religious services on a regular basis this could lead to sanctions under fair lending laws.

We plan to more closely monitor the use of algorithmic decision tools, given that they are often “black boxes” with little transparency. Institutions will face consequences for this type of robo-discrimination.

Fair Lending is a big deal and applies to both the consumer and commercial lending spaces.  The CFPB hasn’t been shy about where they stand and has put out several warning shots in the past year.  If you need a refresher, be sure to check out our webinar, All About Fair Lending, which is available now OnDemand.


BSA/AML & Customer Due Diligence

Be sure to JOIN US for our webinar, “Customer Due Diligence Programs & Beneficial Owners” 

In our December 2021 Monthly Connection, we discussed the FFIEC’s December 1, 2021, updates to the BSA/AML Examination Manual.  While the updates weren’t major, they did reinforce the idea that certain types of customers (or categories of customers) are not automatically high risk.  Any designation as such should be based on that specific customer relationship.  This, in turn, shines a light on the need for adequate customer due diligence (CDD) procedures both upfront and that are ongoing throughout the relationship.

Diane explains more in the video.


  • The Latest Guidance & Updates!
  • Customer Due Diligence Program Requirements
  • Exam Manual Update and Understanding “ML/TF Risk”
  • Performing & Documenting Customer Due Diligence
  • Enhanced Due Diligence for Higher Risk Customers
  • Identifying & Verifying Beneficial Owners of Legal Entity Customers
  • Specific BSA/AML Regulatory Expectations
  • Record Retention & Much More! 

Designed for BSA officers, management, compliance officers, auditors and other risk management, operations personnel and the frontline.

(2.5 Continuing Education credit hours)




FinCEN Announces CMP for Bank Secrecy Act Violations

FinCEN Announces CMP for Bank Secrecy Act Violations

FinCEN recently announced an $8 million civil money penalty (CMP) for Bank Secrecy Act (BSA) violations.  We often say it’s helpful to learn from others’ mistakes and that may never be more true than when it comes to BSA/AML compliance.  In this particular case, the Bank had a reasonably designed BSA program but it was not operating as intended.

Here are some of the shortcomings mentioned:

  • While an automated AML monitoring system was used, the Bank simply wasn’t able to keep up with the alerts it generated.  Analysts were reviewing 100 alerts a day on average and, due to the high volume, did not review other available supporting documents.
  • Although the Bank had policies and procedures in place to require Customer Due Diligence (CDD) information be obtained at account opening and upon any change in signature authority, the information was often missed.  BSA/AML staff then tried to get the missing information from account officers and, as a result, critical information was missing.
  • Account activity was reviewed 90 days after account opening to determine whether it was in line with the information provided at account opening.  The automated system was then relied on to monitor daily activity and provide monthly reports that compared actual to expected account activity.  The Bank, however, was unable to “fully understand the nature and legitimacy” of account activity.  While a customer’s activity may have remained consistent, it wasn’t necessarily legitimate activity.
  • The automated monitoring system was not used to its full capacity.  For instance, “High Risk Reports” and other “monthly worklist items” were not used on a regular basis.
  • To reduce the number of alerts needing attention, certain exemptions were given to customers with “well-known” activity.  This resulted in specific alerts not being generated that, in some cases, were tied to individuals arrested for or convicted of financial crimes.
  • The Bank often relied on the system’s ability to close out alerts based on a “pre-set” list of reasons, without additional analysis, even after a Suspicious Activity Report (SAR) had been previously filed.

It’s no surprise that these failures resulted in SARs not being filed when they should have been.  Now is a good time to ensure your institution isn’t making the same mistakes.  The CMP Order provides additional details and specific examples of account activity that can provide real-world credibility to your BSA/AML training efforts.

Want to make sure your BSA/AML program is on the right track?  Our store has a wide variety of webinars on BSA/AML-related topics that are available now OnDemand.

TRID Guidelines: Title Insurance

TRID Guidelines: Title Insurance

When the TRID guidelines took effect in 2015, they included a strange new way to disclose title insurance when there is a simultaneous purchase of lender and owner policies.  This transition was a painful process for some and, based on the CFPB’s findings in the  Summer 2021 Supervisory Highlights, there are still institutions out there disclosing this incorrectly.  The Highlights stated:

Where there is simultaneous purchase of lender and owner title insurance policies, Regulation Z requires creditors to disclose the lender’s title insurance based on the amount of the premium, without any discount that might be available for the simultaneous purchase of an owner’s title insurance policy.  Creditors are required to disclose the premium for the owner’s policy showing the impact of the simultaneous purchase discount.  The intent of this rule is to provide consumers with information on the incremental additional cost associated with obtaining an owner’s title insurance policy, and the cost they would be required to pay for the lender’s policy if they did not purchase an owner’s policy.  Examiners found that some creditors violated Regulation Z by disclosing the lender’s title insurance premium at the discounted rate and the owner’s title insurance at the full premium on the Loan Estimate. Supervision requested that the creditors revise their policies and procedures to ensure correct disclosure of title insurance premiums where there is a simultaneous issuance rate for lender’s and owner’s title policies.

Be sure to JOIN US for our webinar, “Auditing TRID”, where we will look at TRID from an auditor’s perspective.  Learn the hot spot areas and other things to look for and ensure your mortgage loan files are compliant.


Agencies Address Crypto-Assets

The Federal Reserve, FDIC and OCC (the Agencies) recently issued a statement outlining work they’ve done related to crypto-assets and what they’re planning for the future (i.e., a “crypto-asset roadmap”).

Specifically, the Agencies have begun to look at the different types of crypto-asset activities institutions may get involved with, such as crypto-asset custody; facilitating the purchase and sale of crypto-assets; using crypto-assets as collateral; payment activity; and holding crypto-assets on a balance sheet.  Their work up to this point has focused on:

  • Developing a common and consistent vocabulary that can be used and understood in the industry;
  • Identifying and assessing key safety and soundness, consumer protection, and compliance risks;
  • Conducting crypto-asset activities from a legal perspective;
  • Applying existing regulations and guidance; and,
  • Identifying areas that could use additional clarity.

The Agencies refer to the above as “sprint work”.  In 2022, the Agencies plan to clarify permissible crypto-asset activities, as well as safety and soundness, consumer protection and compliance expectations.  In addition, the Agencies will watch for new developments and look at how capital and liquidity standards should apply in relation to crypto-assets.

OCC Interpretive Letter

The OCC also issued an Interpretive Letter to clarify previous interpretations on cryptocurrency activity.  If done consistently with safe and sound banking practices, prior letters had clarified that banks may:

  • provide certain cryptocurrency custody services…;
  • hold deposits that serve as reserves for stablecoins that are backed on a 1:1 basis by a single fiat currency and held in hosted wallets; and,
  • …use distributed ledgers and stablecoins to engage in and facilitate payment activities.

This letter, however, explains how banks can demonstrate activities are being done in a safe and sound manner.  Banks should document and be able to demonstrate an understanding of the specific risks (operational, liquidity, strategic, compliance, etc.) and compliance requirements.  Before beginning any of these activities, banks should notify their supervisory office in writing and receive written notice of the OCC’s “non-objection”.  The OCC does also note the conditions, processes and controls outlined in prior letters still apply.