WASHINGTON—The Federal Financial Institutions Examination Council has announced two actions.
In the first, the FFIEC is seeking public comment on its proposal to revise the existing Uniform Interagency Consumer Compliance Rating System to reflect regulatory, supervisory, technological and market changes since the system was established. In the second action, the agency issued a revised Retail Payment Systems booklet.
The Consumer Compliance Rating System is a supervisory policy for evaluating financial institutions’ adherence to consumer compliance requirements. The FFIEC released its proposal to revise the Consumer Compliance Rating System to reflect consumer compliance supervisory approaches already being used.
The agency stated that the revisions are designed to more fully align the rating system with the FFIEC agencies’ current risk-based, tailored examination approaches. “The proposed revisions were not developed with the intention of setting new or higher supervisory expectations for financial institutions; their adoption will represent no additional regulatory burden,” the FFIEC said.
NAFCU stated that it is evaluating the proposal to determine its full impact on credit unions.
“Credit unions already are struggling with an overload of regulations and we oppose any additional requirements that will exacerbate the compliance burden on credit unions,” said NAFCU Senior Regulatory Affairs Counsel Michael Emancipator.
Under this system, institutions are assigned confidential “consumer compliance” ratings based on an evaluation (during the examination process) of its compliance with consumer financial laws and the adequacy of its systems designed to ensure compliance on a continuing basis, NAFCU explained. The rating is on a scale of 1-5 in order of increasing supervisory concern, i.e., 1 is the lowest level of concern and 5 is the highest level of consumer.
The rating system announced Friday is voluntary, noted NAFCU.
“NCUA does not currently release an institution’s ‘compliance rating’ publicly. This number is incorporated into various aspects of a credit union’s CAMEL rating. There are no plans to change this process,” NAFCU stated.
CUNA, like NAFCU, stated that it will review the proposal and analyze it’s impact on credit unions.
“We look forward to working with the CFPB/NCUA during the rulemaking process to ensure that credit unions are not unduly burdened by this proposal,” CUNA said.
The FFIEC said it invites public comments on any aspect of the proposal. Comments must be received 60 days from publication in the Federal Register. All comments received, including any personal information provided, will be posted, generally without change, to www.regulations.gov. The proposal can be found in CUToday.info’s The gov.
Separately, FFIEC members issued a revised Retail Payment Systems booklet, which is part of the FFIEC Information Technology Examination Handbook (IT Handbook). The update consists of the addition of a new appendix, Appendix E: Mobile Financial Services.
The Retail Payment Systems booklet contains guidance to assist examiners in evaluating financial institution and third-party provider management of the risks associated with retail payment systems. Appendix E contains guidance pertaining to mobile financial services risks that supplements existing booklet guidance on other retail payment topics, such as electronic payments related to credit cards and debit cards, remote deposit capture and changes in technology of retail payment systems.
“Appendix E focuses on the risks associated with mobile financial services and emphasizes an enterprise-wide risk management approach to effectively manage and mitigate those risks,” the FFIEC stated. “It also contains a separate set of work-program objectives to assist the examiner in determining the state of risk and controls at an institution or third party providing mobile financial services. Financial institution management should also find this guidance helpful.”
This appendix addresses the following:
- Mobile financial services technologies.
- Risk identification.
- Risk measurement.
- Risk mitigation.
- Monitoring and reporting.
The IT Handbook is available at http://ithandbook.ffiec.gov/.