Compliance Matters

Rules; Regulations; Deadlines

July 1, 2010
SAFE Act Update

At press time, the National Credit Union Administration (NCUA) and all of the federal banking agencies (except the Office of Thrift Supervision) had approved the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act) regulations.

But all the agencies continue to work with the Conference of State Bank Supervisors to modify the Nationwide Mortgage Licensing System and Registry so staff who originate mortgage loans (including home equity loans) at banks and credit unions can register. When the registry is fully operational, credit union mortgage lending staff will have to provide background information, obtain a unique identifier, and renew their registration annually.

Staff won’t have to register until they receive “how-to” procedures, which could be several months away. And when the procedures are officially published, credit union mortgage loan originators will have six months to complete initial registrations. Credit Union Magazine will report on these procedures once they’re released.

A Database Of Credit Card Contracts

The Federal Reserve Board has launched an online database listing the terms and conditions of credit cards from more than 300 card issuers.The Credit Card Accountability, Responsibility, and Disclosure (CARD) Act of 2009 requires the database. Issuers with more than 10,000 open credit card accounts (the majority of card issuers) must provide their credit card agreements. The Fed will update the list quarterly. It currently contains credit card contracts from a number of larger credit unions.

The database helps consumers compare credit card terms. Access it at

Fed Clarifies Reg E

The Federal Reserve Board issued several clarifications to the Regulation E (Electronic Fund Transfers) overdraft rule. The new restrictions on overdraft protection programs become effective July 1, 2010.

The Fed clarifies the prohibition on assessing overdraft fees applies to all institutions,even those that may fall under the regulation’s “exception.” This means credit unions cannot assess a fee for the payment of ATM and one-time debit card overdrafts if the consumer doesn’t opt-in.That’s even if the institution has a policy and practice of declining ATM/debit card transactions when it believes at the time of the authorization request that an account has insufficient funds. If the credit union doesn’t assess any fees for these overdrafts, however, it doesn’t have to provide the opt-in notice.

Under the new overdraft rules, credit unions cannot assess an overdraft fee until they obtain the member’s consent andsend the required written confirmation. The Fed has clarified that a credit union complies with this requirement if it has adopted reasonable policies and procedures designed to ensure the written confirmation is sent before fees are assessed. The rule doesn’t require receipt of the confirmation before the credit union may impose a fee.

The Fed also has made it clear that a credit union may tailor Model Form A-9 (the consent notice) to whatever methods it offers members to opt-in to the service. For example, the credit union need not provide the tear-off portion of the form if it’s only permitting members to opt-in via telephone or electronic means.

The fee prohibition applies to daily or sustained overdraft, negative balance, or similar fees or charges. The rule doesn’t prohibit the credit union from assessing these types of fees to the extent that they’re attributable in whole or part to a check, automated clearinghouse (ACH), or other type of transaction not subject to the fee prohibition. The date on which such a fee may be assessed is based on the date on which the check, ACH, or other type of transaction is paid into overdraft. Revisions to the Official Staff Commentary to Regulation E provide examples.

The Fed also has amended its Truth in Savings (TIS) rules (Regulation DD) and the commentary, in part to conform its provisions to the Reg E overdraft rule. The Fed clarified that the aggregate fee disclosure on periodic statements must use the specific language “Total Overdraft Fees” to describe all fees and charges imposed on the account for the statement period and year-to-date. NCUA is expected to conform its TIS regulation to the Fed’s regulation. The TIS disclosure of “Total Overdraft Fees” has an effective date of Oct. 1, 2010, to allow banks and credit unions using alternative verbiage sufficient time to comply.

Become a Compliance Expert

The Credit Union National Association (CUNA) offers a credit union compliance expert (CUCE) certificationthrough proctored testing. It’s renewed every three years through examination. Most people obtain this designation by attending one of CUNA’s in-person regulatory compliance schools.

The weeklong introductory level compliance training program, offered twice a year, is based on CUNA’s six-volume Regulatory Training & Certification Program (RegTraC) compliance manual. Today, more than 1,000 people hold the CUCE designation. 

The next in-person school starts on Aug.15, 2010, in Boston. CUNA also offers similar in-depth compliance training  online.

For more information, visit

CU Private Insurance Disclosure

The Federal Trade Commission has published a regulation on “Disclosure Requirements for Depository Institutions Lacking Federal Deposit Insurance.”

This primarily affects about 170 state-chartered credit unions in nine states that aren’t insured by the National Credit Union Share Insurance Fund.

These credit unions are required to conspicuously disclose that they aren’t federally insured and that the federal government doesn’t guarantee depositors will get back their money.

They also need to provide required disclosures on all periodic statements of account, signature cards, certificates of deposit and share certificates, and in most advertisements.

Find more information on these disclosure requirements at


Features of Successful Compliance Programs

During a recent Webinar, Federal Reserve Board staff highlighted these 10 features of successful compliance programs:

1. The tone from the top creates a “culture of compliance.”

2. Compliance has status, authority, and resources.

3. The compliance function is independent of the business line.

4. Clear accountability exists throughout the organization (broader than just that of compliance officer or compliance department).

5. Business processes integrate compliance, involving it in the new product infrastructure, not as an afterthought in the decision-making process.

6. Comprehensive risk assessment drives structure, resource, and control decisions.

7. Robust audit and review processes exists.

8. Controls—policies, procedures, job aids, training—are consistent with the risk profile.

9. Compliance staff are technically proficient—establishing networks, seeking guidance, and using available resources.

10. There’s a method for early detection of new or emerging risks.


Compliance Q&A

Q. Can a credit union provide a cover letter along with the opt-in notice for ATM and one-time debit card overdrafts?

A. Yes. A credit union may provide additional information about its overdraft services and other overdraft protection plans in a separate document. Keep in mind, however, that Truth in Savings (TIS) regulations require additional disclosures in advertisements that promote the payment of overdrafts (such as the amount of the overdraft fee and the transactions in which they apply). So, the cover letter would likely be considered an advertisement under TIS if it’s encouraging the member to sign up for the service. Credit unions may want to have legal counsel review any additional documentation that goes out with the opt-in notices to ensure compliance.


Q. Does the Unlawful Internet Gambling Enforcement Act (UIGEA) regulation only affect commercial accounts?

A. Yes, but with one caveat: For card systems (credit and debit cards), the credit union has the option of applying the UIGEA due diligence procedures to just commercial accounts, or using the card network’s policies, procedures and merchant category codes for blocking illegal gambling transactions. This second option would generally include blocking all card transactions (commercial and consumer) associated with a certain merchant category code. The Treasury Department and Federal Reserve Board anticipate that most institutions will use this second option, since it’s likely a requirement for doing business with Visa, MasterCard, etc.



Compliance effective dates:

• July 1, 2010: Regulation Erules restricting overdraft fees for ATM and one-time debit transactions for new accounts (applicable to all credit unions).

• July 1, 2010: Regulation Z’sopen-end lending rules (applicable to all credit unions).

• July 1, 2010: FACT Act’saccuracy and direct dispute provisions (applicable to all credit unions).  

• Aug. 15, 2010: Regulation Eoverdraft rules for existing accounts—those established prior to July 1, 2010 (applicable to all credit unions).

• Aug. 22, 2010: Credit Card Accountability, Responsibility, and Disclosure (CARD) Act’sgift card rules and rules on the amount of fees and penalties and interest rate reviews on credit cards.


Visit and select “compliance,” and then “e-Guide.”