2006 COMPLIANCE RADAR

1
2006 COMPLIANCE RADAR
Michael Weathers Vice President of Governance
Risk
2
TODAYS DISCUSSION POINTS

• Privacy Laws
• Multi-Factor Requirements Solutions
• Regulation DD Overdraft Protection Rules
• Fraud Check Capture
• FDIC Insurance Rules
• Basel 1a Impact
• IFS Governance Client Communication Programs
• Win a Digital Camera!!!

3
PRIVACY RULES

• STATE versus FEDERAL

• Federal laws typically deem customer sensitive
  data as
• Customers Name, Address, or Telephone Number
• in conjunction with social security number,
  drivers license number, account number, credit
  or debit card number
• or a personal identification number or password
  that would permit access to the customers
  account.
• Case Law (GLBA Encryption Requirements)
• State laws typically expand Federal privacy
  rules
• Safe Harbor for encrypted data
• Expand covered sensitive data (mothers maiden
  name)
• Liability Damages
• State Agency Notification
• Consumer Red-Envelope Requirements

4
MULTI-FACTOR

• REGULATORS

The agencies consider single-factor
authentication to be inadequate for high-risk
transactions involving access to customer
information or the movement of funds to other
parties.

5
MULTI-FACTOR
6
MULTI-FACTOR

• AUTHENTICATION ROADMAP

Three-Factor
Strong
Two-Factor
Strength
Traditional
Single-Factor
Weak
Password
Easy
Difficult
(and high cost)
Convenience
7
NEW REGULATION DD

• NEW TISA RULES Section 230.4

• Banks are not required to provide new disclosures
  or change-in terms to customers who previously
  received overdraft fee disclosures under prior
  rules.
• Banks should consider providing a new disclosure
  if their account products are significantly
  broader by new functionality and applies to
  overdrafts by in-person withdrawals, ATM
  withdrawals, and by other electronic means, as
  applicable.
• When overdraft protection programs are
  automatically provided to customers, bank
  disclosures should clearly outline opt out
  rules.
• Multiple fees Bank disclosures need to clearly
  disclose that more than one overdraft fee may be
  charged against the account per day, depending on
  the number of checks presented and other
  withdrawals made from the consumers account.

8
ACCOUNT DISCLOSURE CONSIDERATIONS

• NEW TISA RULES Section 230.4

• TISA disclosures must state the categories of
  transactions for which an overdraft fee may be
  imposed such as stating that the fee is imposed
  for overdrafts created by checks, in person
  withdrawals, ATM withdrawals, or by other
  electronic means, as applicable.
• Stating language in a TISA disclosure such as
  overdraft fees or fees will apply, shall not
  meet the new disclosure requirements.
• New product channels do not trigger new or
  re-disclosures
• Change in terms that adversely affect
  accountholders must be provided 30 days prior to
  the effected change.

9
ADVERTISING RULES

• GENERAL CONSIDERATION Section 230.8

• Banks that promote the payment of overdrafts are
  required to include disclosures in their
  advertisements outlining
• Applicable fees or charges
• Categories of transactions covered
• The circumstances in which the overdraft will not
  be paid
• Overdraft limit or the amount of funds available
  on a periodic statement shall be considered an
  advertisement thus triggering the new required
  disclosures
• The final rule provides a safe harbor from
  advertising disclosure requirements to banks when
  they provide educational materials when
  responding to a consumer-initiated inquiry about
  their overdraft accounts.
• The new advertising disclosures are not required
  on ATM receipts, TV, billboards, or similar
  media.
• Under the new rules limited advertising
  disclosures are required on ATM screens,
  telephone response machines and indoor signs.

10
PERIODIC STATEMENTS

• NEW RULES Section 230.6 230.11

• TISA does not mandate that banks provide periodic
  statements.
• Banks that promote the payment of overdrafts in
  an advertisement must separately disclose the
  following on their periodic statements
• The total amount of fees or charges imposed for
  paying the overdraft
• The total amount of fees charged for the
  statement period
• The total aggregate amount of fees charged for
  calendar year-to-date
• The total amount of fees charged for returning
  items unpaid
• Fees disclosure on the periodic statement may be
  itemized by type or separately
• Banks that do not promote the payment of
  overdrafts in an advertisement are not required
  to provide the new periodic statement disclosures.

11
FRAUD CHECK CAPTURE FDIC RULES

• REMOTE CHECK PRESENTMENT AMENDMENT

• Shifts liability to first bank of deposit for
  fraudulent items
• Compliance Date July 1st, 2006
• Does not affect the rights of customers

FDIC INSURANCE CHANGES

• Compliance Date April 1st, 2006
• Retirement account deposits will increase to
  250,000 e.g. (Roth, IRAs SEP)
• Education IRAs are not eligible for the new
  change
• The balances from all applicable accounts shall
  be aggregated
• Employee pass-thru plans will be covered
• Future inflation deposit insurance adjustments
  (2011 year 10K increments)

12
FRAUD CHECK CAPTURE FDIC RULES
FDIC INSURANCE CHANGES

• The new law precludes banks from accepting
  employee plans deposits unless they meet certain
  capital requirements.
• Customer notification (Statement Stuffer)
• Why the change (Customer Deposit Account
  Hopping)
• Teller signs changes Backed by the full faith
  and credit of the United States Government

13
BASEL 1A
THE SLEEPING GIANT

• The underpinning of the Basel Committee (G10
  Nations) is to develop international banking
  regulations and industry methodologies to
  mitigate risk from the global banking system.
• Basel II versus Basel 1a
• Portfolio Regulatory Capital Risk Reduction
• The current Basel I framework has five risk
  weight categories of 0, 20, 50, 100 and 200.
  Under the new rules four additional risk weight
  categories of 35, 75, 150 and 350 shall be
  added

14
BASEL 1A
COLLATERAL

• At present, banks are only allowed to recognize
  cash deposits, government securities in
  calculating risk based capital. The proposed
  revisions expand the list of recognized
  collateral to include short- and long-term debt
  securities (e.g., corporate, asset-backed and
  mortgage-backed).

REMOVING THE ONE SIZE FITS ALL APPROACH 1-4
FAMILY

• The proposed approach would use Loan-to-value
  (LTV) as the risk-sensitive measure to
  determine the risk weight category.
• In this case, the LTV of a mortgage takes into
  consideration private mortgage insurance (PMI)
  bank long-term debt rating will equal single A or
  higher.

15
BASEL 1A

• Assigning a risk weight of 100 or higher to
  loans that are 90 days or more past due or in
  nonaccrual status
• Lowering the risk weight for certain small
  business loans where the total consolidated
  exposure to a single borrower is less than 1
  million.
• Quantifying Operational risk (people, systems and
  external events)
• In addition to modeling the risk of financial
  assets, banks will be required to quantify the
  risk of loss from inadequate or failed internal
  processes, people, and systems or external
  events.
• Example If an employee does not follow the
  required procedure for accepting a check, the
  bank could lose money if that check turns out to
  be bad. Banks will need to develop operational
  risk management systems to quantify this risk.
• Selling or Holding Mortgages (competitive
  advantage)
• Under the current rules, performing, residential
  mortgages receive a 50 risk weighting. Under the
  proposal, mortgage loans would be risk-weighted
  according to loan-to-value or through a matrix of
  loan-to-value and credit score. Risk weights for
  residential mortgages could range from 20 to
  100.

16
(No Transcript)