Compliance Matters

How does the FDIC expect banks to manage their overdraft program risks?

January 1, 2011

FDIC Finalizes Overdraft Guidance

The Federal Deposit Insurance Corp. has finalized “guidance” that will further restrict automated overdraft programs offered by banks under its supervision, beyond the restrictions imposed by Regulation E last summer (CUMag 10/10, p. 46).

Starting July 1, the FDIC will expect banks to manage the risks, such as reputational risks, associated with these programs by offering less costly alternatives to overdrafts to a person who overdrafts his or her account and pays a fee more than six times over a 12-month period.

The FDIC also will expect banks under its jurisdiction to institute “appropriate” daily limits on overdraft fees charged to an accountholder (the regulator suggests no daily dollar limit, however), and to ensure transactions aren’t processed in a way designed to maximize fees, such as by processing checks from the largest to the smallest. The FDIC guidance lists eight other actions it expects banks to consider, such as eliminating overdraft fees for transactions that overdraw an account by a small amount and having a way to notify account­holders when their account balance is low.

Although the Federal Reserve Board when finalizing the Regulation E changes didn’t impose any requirements on the payment of overdrafts resulting from nonelectronic transactions, the FDIC believes banks should allow customers to decline overdraft coverage (opt-out) for overdrafts triggered by checks or automated clearinghouse (ACH) transfers.

Why should credit unions care about the FDIC guidance that clearly doesn’t apply to credit unions? It’s quite likely the FDIC staff who wrote the new overdraft restrictions will move over to the new Consumer Financial Protection Bureau (which formally comes into existence this July), and will want written consumer-friendly requirements that apply to all banks and credit unions. And consumer groups will undoubtedly want these new overdraft rules to apply to all financial institutions.  

So if your credit union’s automated overdraft program doesn’t follow the FDIC’s expectations and guidance, you might want to consider if any changes are warranted even if it’s not mandated—at least not yet. Find the FDIC’s oversight guidance at

What’s an NCUA ‘Legal Opinion Letter’?

The National Credit Union Administration’s (NCUA) Office of General Counsel issues “legal opinion letters” in response to written inquiries from credit unions, trade associations, lawyers, and other interested parties. Credit unions can find these letters on NCUA’s website (, select “resources for credit unions”).

Legal opinion letters aren’t to be confused with “Letters to Credit Unions,” which are distributed to all credit unions and explain regulations; express concerns and expectations about how credit unions are addressing emerging issues; or announce changes in examination procedures, new accounting requirements, or operating fee assessments.

Legal opinion letters cover a wide range of subjects addressing NCUA staff’s interpretation of Federal Credit Union Act provisions, agency regulations and policies, and consumer laws where NCUA has enforcement authority. They provide a wealth of information, especially on corporate governance issues for federal credit unions. NCUA has posted them since 1991, and they’re generally searchable by topic.

Credit unions can rely on a letter—until and unless the agency reverses itself in a subsequent letter or in the adoption of a new regulation. So credit unions must exercise a degree of caution in relying on older legal opinion letters because some of them are out-of-date. While publicly available, they aren’t distributed, so it’s useful for credit unions to monitor NCUA’s website, or better yet, sign up at ncua.govfor the “NCUA Express” e-mail alert subscription service. NCUA doesn’t release the incoming letter, so occasionally it’s difficult to understand the agency’s response.

The agency typically issues a few dozen legal opinion letters annually—the number depends on the questions that people decide to formally pose to the agency. The Credit Union National Association (CUNA) urges credit unions to first talk to their leagues, CUNA, or lawyers before writing to NCUA to discuss whether or not the question should be posed to the agency.

Topics addressed by legal opinion letters in 2010 included member business loans, homeequity loans, incidental powers, credit union service organizations, volunteer compensation, Regulation B, and Regulation Z disclosure for debt cancellation products.

SAFE Act Registration Procedures

During CUNA’s webinar on the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act) last month, credit unions heard from the Conference of State Bank Supervisors (CSBS) about the new registration procedures for employees who originate mortgages (including home equity loans), as well as from NCUA on the regulatory requirements.

Registration on the CSBS National Mortgage Licensing System & Registry is expected to begin in early 2011 and run through mid-2011.

Access the archived webinar at “education & training”). And find details on the SAFE Act requirements at CUNA’s e-Guide to Federal Laws and Regulations (, select “regulations & compliance”).

Compliance Q&A

Q Our credit union has revised its annual privacy notice, but it differs slightly from the new model form. Are we required to use the new model privacy notice?

A No. But using the model form NCUA and the federal banking agencies issued will ensure compliance with the privacy notice requirements. The goal of the model form is to provide a financial institution’s privacy policy in a standardized, easier-to-comprehend format so consumers can compare privacy policies of different institutions. A credit union isn’t required to change its privacy notice in 2011, but regulators are likely to encourage the use of the new, consumer-friendly form.

The model form replaces the sample clauses that were previously included in NCUA’s privacy rules. This means that credit unions no longer have a compliance “safe harbor” in using the sample clauses they’ve been using for the past decade.

There are three variations of the model form you can use, depending on whether your credit union provides an opt-out right and, if so, in what manner members exercise it (online, telephone, or mail).

The federal agencies have provided a downloadable version of the model form credit unions may use to create their own customized notice. The form builder is available at

Q Who’s responsible for providing the risk-based pricing notice in an indirect lending transaction: the auto dealer or the credit union?

A The original creditor is responsible for providing the risk-based pricing notice (or the alternative credit score disclosure). The original creditor is the person to whom the obligation is initially payable. This is the case even if the loan is assigned to a third party, or if the original creditor isn’t the funding source for the loan.

In some cases the auto dealer is the original creditor that extends credit contingent on the ability to assign the loan to a credit union or bank. In such cases, the auto dealer must provide the notice. But if the credit union is the original creditor, it will be obligated to either provide the notice or contract with the auto dealer to provide it. The credit union must have policies and procedures in place to verify that the dealer provides the notice within the applicable time periods.

Compliance Training Calendar

• Pressing CU Compliance Issues audio conference: Feb. 16.

• Compliance Fundamentals eSchool: March 16-30.

• Compliance Fundamentals seminar: April 30-May 1.

• Regulatory Compliance Schools (Introduction and Update): May 1-6.

Visit, and select “education & training.”