FDIC Shares Most Common Compliance Violations and Findings

Want to know where other financial institutions are making compliance missteps? The FDIC’s annual Consumer Compliance Supervisory Highlights 2024 shows problem areas during last year’s exams, giving FIs a compliance roadmap for this year. 

Three compliance issues jump out from the FDIC’s report: third-party mistakes and misrepresentation, fair lending miscues, and overcharging consumers on banking fees. 

Let’s examine these issues (and more) to see what your institution should do to avoid these common compliance pitfalls.

Most frequently cited statutes and regulations by the FDIC

Third-party compliance struggles

Third-party relationships were a common theme among FDIC violations. For example, of the 96 violations for unfair and deceptive practices under the Federal Trade Commission (FTC) Act Section 5, many were related to banking vendors’ product and service offerings.  

What kind of issues are we talking about? The agency found instances where third-party service providers misrepresented insurance coverage on speculative financial instruments (ex: crypto investing) and exaggerated the value of products (ex: credit builders). 

Meanwhile, outsourcing error dispute resolution was called out as a frequent citation among the 129 financial institutions that violated the Electronic Fund Transfer Act (EFTA)/Reg E.  

Takeaway: Financial institutions with fintech and Banking-as-a-Service (BaaS) partnerships must ensure that vendors follow applicable laws and regulations, truthfully advertising their capabilities as a company and the benefits (or risks) of their banking products. Taking its cues from the Interagency Guidance on Third-Party Relationships: Risk Management, the agency’s report reminds financial institutions that they are responsible for vendor due diligence and continued oversight throughout the relationship’s lifecycle. 

Just as important, financial institutions that use vendors for digital payment processing must verify that these third parties give consumers the option to dispute transaction errors, conduct timely investigations of reported errors, and promptly remedy any issues – otherwise, FIs must handle dispute resolution themselves. 

FIs should plan for increased scrutiny of their vendor risk management program going forward. The FDIC and other regulators are deeply concerned with third-party risk. They are paying more attention to institutions’ vendor risk controls and raising their expectations. Financial institutions must assess a broad range of third-party risks, as the FDIC’s report makes clear.

FDIC refers 7 fair lending cases to the DOJ

The FDIC referred seven cases of fair lending violations to the Department of Justice (DOJ) in 2023. Fair lending exams emphasized Redlining, disparities in auto lending, and underwriting policies and practices. 

Third-party risk also made an appearance in this area, with FDIC examiners finding inadequacies with FIs monitoring vendors' fair lending compliance and ability to access credit transaction reports, particularly when using third parties to offer consumers unsecured loans and credit products. 

Takeaway: Since the DOJ announced its Combatting Redlining Initiative in 2021, regulators have aggressively sought to stamp out Redlining with over $100 million from 10 settlements since 2021. With 7 cases referred by the FDIC alone in 2023, the agencies have become even more ambitious in their pursuit of Redlining settlements. The FDIC and other agencies are closely monitoring fair lending across the board.  

The National Credit Union Administration (NCUA) recently announced special fair lending examinations of credit unions’ indirect auto loan portfolios, while NCUA, the FDIC, the Office of the Comptroller of the Currency (OCC), the Federal Reserve, and the Consumer Financial Protection Bureau (CFPB) proposed new guidance addressing bias in third-party home appraisals. 

Financial institutions must be proactive in addressing Fair Lending risk by:

• Regularly assessing lending patterns 
• Identifying statistical disparities 
• Evaluating their presence (branch locations, loan officers, marketing outreach, etc.) in LMI and majority-minority neighborhoods in their assessment area 

Related: 7 Ways to Analyze Your Data for Redlining Compliance Risk 

Mitigating third-party fair lending risk requires the following: 

Planning: FIs must analyze third-party risk before entering a relationship with them. 

Due Diligence and Third-Party Selection. Assess a third party's fair lending compliance controls and compliance management system (CMS). 

Contract Negotiation. Financial institutions need contractual provisions giving them the right to audit a vendor’s fair lending controls and credit transactions, service-level agreements (SLAs) to remedy any issues, and termination triggers. 

Ongoing Monitoring. Look for any deterioration or change in a vendor’s fair lending compliance controls. 

Termination. Ensure your contract contains air-tight provisions for terminating a third-party relationship if vendors fail to comply with fair lending laws. Termination should be a last resort if a vendor can’t successfully fix their problems and compensate you for any damage according to the terms of your contract.

Money for nothing?

Dire Straits’ “Money for Nothing” criticizes overly compensated rock stars, but the song’s title could be the theme of regulators' recent attack on consumer banking fees. Examiners want these fees to align with the cost of providing them. 

With the CFPB leading the charge against so-called “junk fees,” other regulators (including the FDIC) have taken note. According to the Supervisory Highlights, 58% of FTC Section 5 violations prohibiting abusive and unfair practices involved charging insufficient fund fees (NSFs). Regulators are cracking down on FIs that charge individual consumers multiple NSFs without properly disclosing the terms of their overdraft programs.  

The agency also issued 101 Truth in Savings Act (TISA) violations, with many involving depository account information, including fees. 

The Supervisory Highlights give us a clear example of a junk fee: the FDIC directly challenges the fees mortgage lenders (and financial institutions offering mortgage services) charge for routine tasks, such as initiating appraisals, that have been close to fully automated. 

Under RESPA Section 8, the agency concludes that payment for mortgage services needs to be tied to their value. Regulators want to know if a “service” means simply filling in the name and address of a homebuyer and clicking Send to an appraiser – and what institutions charge for this. 

Takeaway: The push to limit (and maybe eliminate) overdrafts and other consumer banking fees has become an interagency position. Community banks and credit unions that benefit more than their larger industry counterparts from these fees should ask themselves: How much do we rely on fees for revenue? What alternative revenue streams might replace this income? 

Related: Will Regulators Eliminate Overdrafts and Other Consumer Banking Fees? 

TILA violations come on strong again

TILA violations accounted for 36% of FDIC infractions in 2023. This comes as no shock: TILA violations have topped the FDIC’s consumer compliance report for the past five years. 

While the FDIC notes that TILA violations ran the gamut, the agency seems primarily concerned with TILA/RESPA violations, calling out mortgage cost disclosures and calculation errors twice – it was the only TILA violation mentioned in the report. 

Takeaway: This serves as a helpful reminder that creditors must disclose fees on Loan Estimates and Closing Disclosures with the “best information reasonably available” to safeguard against tolerance violations.

That pesky (and absolutely essential) flood insurance

Flood insurance presents a perennial problem for financial institutions, with 136 FDIC violations last year. On the surface, it seems so simple: when originating a mortgage in a flood zone, the buyer is required to have flood insurance. 

The problem? Policies lapse, and it’s up to financial institutions to ensure homeowners have flood insurance through the life of their loan. Despite the hefty fines, FIs consistently fail to monitor flood insurance renewals. 

There can be other roadblocks and mistakes in securing flood insurance for homebuyers, but most of the problems arise from FIs failing to renew policies and secure flood insurance before closing. 

Related: Flood Insurance: Compliance Tips for Avoiding Costly Penalties 

Takeaway: Financial institutions need to revisit their flood insurance policies and procedures. With a compliance checklist, FIs can verify that coverage is in place before closing, confirm renewal dates, and ensure that insurance policies offer enough coverage. 

Institutions should also ensure employees receive proper training on flood insurance requirements and regularly audit their flood insurance compliance program to assess the strength of their controls and adjust them based on findings.

Addressing regulatory compliance in 2024

The FDIC has shown financial institutions what they will focus on in 2024. Third-party risk management, fair lending, and junk fees are on the radar of examiners.  

So, what can your institution do to prepare? 

FIs must take an integrated approach to compliance risk, building a program that seamlessly incorporates vendor risk, fee income risk scoring, fair lending, and more, for a comprehensive Compliance Management System (CMS).  

Institutions should conduct regular compliance reviews as part of their CMS audit function to identify and remediate findings, in addition to any external audits. Financial institutions that don’t perform compliance reviews overlook issues that are bound to crop up during exams.

Need help getting your Compliance Management System off the ground? Read our whitepaper: “What is a Compliance Management System and Why Does Your FI Need One?”