Abstract: This issue’s “BANK Wire” reports on bank regulators’ recent attempts to streamline and simplify community bank reporting, new cybersecurity assessment tools, and disclosures and redisclosures required by Regulation E.
Recently, the FFIEC announced that federal banking regulators are taking steps to streamline and simplify reporting by community banks. To achieve this objective, they’re considering several proposals to eliminate or revise data items in community banks’ quarterly call reports.
Proposed changes include deletion of data items pertaining to other-than-temporary impairments, troubled debt restructurings, loans covered by FDIC loss-sharing agreements, and certain risk-weighted assets; increased reporting thresholds for certain items; and other revisions designed to streamline the reporting process.
Cybersecurity Assessment Tools Hit the Marketplace
Cybersecurity threats are among the biggest risks banks face today. So it’s critical for banks to assess their risk, evaluate their current cybersecurity practices and preparedness, and take steps to mitigate the risk.
Fortunately, cybersecurity assessment tools are available from a variety of sources. In June 2015, for example, the FFIEC released its Cybersecurity Assessment Tool, a detailed, 57-page guide that helps banks identify their risks and determine their “cybersecurity maturity.” You can find the tool by clicking here. Currently, use of the tool is optional, but banking regulators plan to incorporate it into their examinations in the future.
In addition, several private information security firms and cybersecurity insurance providers have developed assessment tools that automate the process. These tools use sophisticated software to continuously monitor a bank’s cybersecurity performance and provide objective ratings — similar to credit scores — on a daily basis.
Regulation E: When should you Redisclose?
Regulation E requires banks to inform consumers of the basic rights, liabilities and responsibilities of the bank and customer in connection with certain electronic fund transfers (EFTs). Generally, this disclosure must be made when a customer enters into an agreement for EFT services or before the first EFT is made with the customer’s account. To satisfy this requirement, most banks provide the disclosure at the time the account is opened.
In addition, banks are required to make updated disclosures at least 21 days before the effective date of any changes in EFT terms or conditions that would have a negative effect on the customer. These include fee hikes, increased customer liability, reduced EFT options, or stricter limitations on EFT frequency or dollar amount. Be aware, however, that redisclosure isn’t required if a customer accepts EFT terms and conditions but doesn’t activate the service until later (unless those terms and conditions have changed).
To avoid Regulation E compliance issues, make sure your bank has policies and procedures in place to ensure that redisclosures are made when required.