Q&A

If you haven’t already, subscribe to FinCEN Notifications. FinCEN regularly releases updates, advisories, and guidance regarding SAR reporting and key terms. Subscribing to their email list or checking their website frequently helps ensure you stay informed of changes, especially regarding emerging threats like fraud schemes, money laundering, or cybercrime. The link to register can be […]

The Reg E definition of an access device is a generic “card, code, or other means of accessing an account” so the debit card number does meet the definition of an access device. However, for the $500 liability tier to apply, 1005.2(b)(2) notes that the fraud must involve an “accepted access device” which must be

The Institution must grant provisional credit to the consumer within 10 business days after the Institution has been informed of an unauthorized transaction on the account. Provisional credit also does not have to be provided unless the notice of error has been provided in writing (i.e. not oral). This does not mean investigation doesn’t start

Answer: There have been no changes to the FI’s current requirements to obtain beneficial ownership information. The FAQs stated that FI’s are not currently required to access the beneficial ownership IT (BO IT) system. Access to the system is expected to be extended to FIs in the spring 2025. FinCEN intends to provide additional guidance

Answer: Generally, the SAFE Act Officer is the person responsible for the SAFE Act registration of the staff. The SAFE Act regulation does not allow the person that registers employees to be an MLO unless the institution has less than 10 employees. Part 1007.103 Registration of mortgage loan originators (e) Required covered financial institution information.

Answer: Although this ruling prohibits FinCEN from mandating that reporting companies submit beneficial ownership information to the FinCEN database, this rule does not impact the 2018 Customer Due Diligence Rule which requires financial institutions to obtain beneficial ownership information from legal entities opening new accounts or have a change in their risk profile. If a

Answer: Yes, the regulatory agencies are requesting institutions to include their originated small business loans as part of their fair lending review to determine their lending patterns in substantially minority census tracts within their assessment area to note any redlining issues. This practice is a precursor to the future 1071 Small Business Data Collection analysis.

Answer: While the institution is still required to investigate the claim, the institution is not obligated to comply with the provisional credit rules nor the 45-day (90-days) resolution time period. It should be noted that if the EFT claim does not involve fraud (i.e., the claim involves an approved transaction that was not clear for

Answer: A broad prohibition on opening accounts for NRA/RA’s may lead to accusations of discrimination and reputational risk. Speaking from an AML perspective, Institutions should proactively have a Customer Identification Program (CIP) that is risk based and reasonably designed to allow the institution to form a reasonable belief that it knows the identity of its

Answer: Updating your institution’s compliance risk assessments is crucial for maintaining regulatory standards and ensuring effective risk management. The Risk Assessment communicates the Board of Directors’ tolerance of risks and identifies controls for managing risks within those tolerances. Examples of events that may require a Risk Assessment update: As the basis for updating policies and procedures,