Top 10 Overdraft Program Questions

/in , , , , , , , /by

Strunk offers overdraft privilege training to our clients to provide consistency on how the employees view the program and how the employees present the program to their consumers.  When providing training we will sometimes get questions on how to handle specific areas of the program. Here are the 10 most frequently asked questions during overdraft privilege training and the response to those questions.

1. Does a consumer have to opt in to have overdraft privilege on their account?

No, a consumer does not have to opt in to have the “standard overdraft practice” on their account.  The “standard overdraft practice” pay overdrafts for Checks, In-person withdrawals, ACH transactions, Pre-authorized automatic transfers, Automatic bill payments, Recurring debit card transactions, Internet banking transfers and telephone banking transactions.  A consumer only has to opt in to have their Everyday debit card transactions and their ATM transactions cover under the overdraft privilege program.

2. When does a financial institution have to take a consumer out of the overdraft privilege program for Excessive Use?

Never, financial institutions should never take a consumer out of the overdraft privilege program because they use it.  The key is not whether the account has had a lot of overdrafts, but rather, whether the account holder has made deposits sufficient to cover the overdrafts in a timely manner.

3. Does a consumer have to sign the Reg. E opt in form to have their debit card point of sale transactions and their ATM transactions covered?

No, a consumer only has to consent to have their debit card point of sale tractions and their ATM transactions covered under the overdraft privilege program.  The regulation provides for four methods to obtain an opt-in (consent): 1) by completing the form, 2) in person, 3) over the phone, and 4) electronically.  The financial institution should make the best possible use of all of these methods.

4. How can the financial institution differentiate between a recurring debit card transaction and a nonrecurring one?

Financial Institution must comply with the Reg. E rule if it adapts its system to identify debit card transactions as either onetime or recurring.  If it does so, the financial institution may rely on the transaction’s coding by merchants, other institutions, and other third parties as a one-time or preauthorized or recurring debit card transaction.

5. Do business accounts have to opt into Reg. E?

No, Reg. E is a consumer regulation.  Business accounts do not have to opt in to have their debit card or ATM transactions covered under the overdraft privilege program.

6. Does the Overdraft Privilege Joint guidance address the order in which charges are posted?

No, the Federal Register continues to assess whether additional regulatory action relating to overdraft services is needed, but nothing yet.

7. Do both parties have to opt into Reg. E on joint accounts?

If two or more consumers jointly hold an account, the financial institution must treat the affirmative consent of any of the joint consumers as affirmative consent for the account.  Similarly, the financial institution must treat a revocation of affirmative consent by any of the joint consumers as revocation of consent for that account.

8. Once a consumer pays back their Fresh Start Loan, can that consumer have their overdraft limit back?

Yes, once the consumers Fresh Start Loan is paid back in full and their account is in ‘good standings’, then their overdraft limit should be added back to their account.

 9. Can a consumer have more than 4 payments on their Fresh Start Loan?

No, a consumer can only have 4 monthly payments on their Fresh Start Loan. To qualify as incidental credit under Reg. B (for Reg. Z not to apply) and to avoid limitations under The Military Lending Act, the number of payments must be limited to 4 and no interest or fees are charged on the loan.

 10. Once an account is no longer suspended, when should that consumer get their overdraft limit back on their account?

Once a consumer account is in ‘good standing’ then that consumer should have an overdraft limit on their account.

Replace Manual ODP Letter Processes with Ad Hoc Letters

/in , , , , , , /by

ODP Manager uses the information from the daily extract file to create Collection letters to send to overdrawn accounts. The hosted software also generates Custom letters, for example, Welcome or Reinstatement letters, or letters confirming a Reg E Opt-In election.

In addition to Collection letters and Custom letters, ODP Manager also offers Ad Hoc letters. This letter type allows the flexibility to generate letters on an as-needed basis. If you close and charge off an account before the standard number of days overdrawn, you will need to be able to generate an Account Closed letter. Or you may have ODP related letters that you send in specific situations other than those covered by the standard letter templates. You can even use Ad Hoc letters to generate your Fresh Start Loan agreements. Rather than creating letters manually, you can have them set up as Ad Hoc letter templates in the ODP Manager software.

Ad Hoc letters don’t require specific account events as a trigger. When you need to generate the letter, just enter the account number and the letter will prefill with the information from the software. The letters will automatically populate with the customer name and address from the extract file. Other fields from the file can also be included. Letters can be generated one account at a time, or multiple account numbers at once. By replacing your manual ODP Letter processes with Ad Hoc letter templates, you may save time and you will also benefit from the letter tracking and retention in ODP Manager.

Please contact Strunk Support at support@strunkaccess.com with any questions or for more details.

New Due Diligence Guidance for Community Bank on FinTech Firms

/in , , , , , /by

On August 27, 2021, the Board of Governors of the Federal Reserve, FDIC, and the OCC published new guidance aimed at community banks that are looking to expand their reach and service new customer bases through partnerships with financial technology companies (FinTech). While aimed at community banks, the regulators said the fundamental concepts could also be adopted by other kinds of banks and for other kinds of outsourcing partnerships. The regulators stated that the guidance was recommended but not mandatory and emphasized that it did not cover all types of third-party relationships.

The guide sets out six nonexclusive areas of due diligence that community banks should consider when engaging with FinTechs. The six key due diligence topics are: business experience and qualification, the companies’ financial condition, legal and regulatory compliance issues, risk management and control process, information security, and operational resilience.  The guide then provides direction on potential sources of information under each of the six steps and includes illustrative examples.

Business Experience and Qualifications

  • Business experience
  • Business strategies and plans
  • Qualifications and backgrounds of directors and company principals

Financial Condition

  • Financial analysis and funding
  • Market information

Legal and Regulatory Compliance

  • Legal
  • Regulatory Compliance

Risk Management and Controls

  • Risk management and control process

Information Security

  • Information security program
  • Information systems

Operational Resilience

  • Business continuity planning and incident response
  • Service level agreements
  • Reliance on subcontractors

Given the regulators’ recent and recurring emphasis on vendor management, the board of directors and senior management of all banking organizations should consider whether their vendor management policies and procedures comply with the Proposed Guidance and include the areas addressed in the Guide when engaging FinTechs.

What is a Fourth Party Vendor and Why Should I Care About Their Risk

/in , , , , , /by

Fourth-party risk is rising to the top of most auditors and examiners list when it comes to evaluating financial institutions vendor management program.  Fourth parties are your vendor’s third parties and subcontractors.  These vendors you will not have a direct contract; however, your vendor does, and relies on these vendors to produce a product or service for them.  Most of the time these vendors will be visible in your vendor’s SOC reports and should also be easily identified by your vendor as those classified as critical in their own vendor management program.

Financial Institutions should care about fourth-party vendors risk, because they are subject to the same risk as your vendors, which puts you at the same risk without having the same oversight that you have over your own vendors. Financial institutions are ultimately responsible for the protection of their customers data, sometimes a fourth-party vendor can expose the financial institution to reputational, operational or cybersecurity risk.  All it takes is a single opening for a threat to compromise protected information.  Like any risk, there can be serious business implications, from fines to legal issues which can negatively affect a business if the fourth-party risk is unchecked.

The most effective way to manage fourth-party risk is to build a mature, comprehensive vendor risk management program.  If you have the right practices and processes in place, then incorporating fourth parties into those processes should feel manageable and mostly seamless.  Your vendor management program should help you identify your most critical vendors.  Once you do that you can ask them who their vendors are; what products and services do they provide to the vendor that cause them to be classified as critical to their operations; and what due diligence on the fourth-party vendor has your vendor perform on them.

Customize Your ODP Manager Letter Templates

/in , , , , , , /by

Templates for all your necessary Collection and Custom letters are included with Strunk’s hosted ODP Manager software. We’ve provided the letter content for you but there are customizable letter template options to allow your letter appearance to be consistent with other letters sent by your institution.

Do you have a standard letterhead that is used for your customer communications? ODP Manager can save your header and footer information so you can print your letters on plain paper instead of letterhead.

Do you typically sign your letters? ODP Manager allows the flexibility to store signatures for each of your ODP Manager users. No more signing letters – the signature can print with your letter! A signature can be used for all letters, or the signature can change based on the user generating the letters.

Do your customers contact a central location to discuss the ODP Program information or do they contact their local branch? With the hosted software, letters can include a single contact number, or the included phone number can change based on the account’s branch. ODP Manager can even change contact names based on the account’s branch.

Take advantage of hosted ODP Manager’s flexibility to create letter templates specific to your institution. Please contact Strunk Support at support@strunkaccess.com with any questions or for more details.

Taken Your Eye Off the Overdraft Protection Ball?

/in , , , , , /by

Have you been worried about taking advantage of account holders in a pandemic environment? Not clear on what regulators expect in terms of accommodating customer hardship situations? The last 14 months certainly haven’t been easy on our account holders. The last thing we want to do is appear to be taking advantage of a bad situation by pushing the envelope on overdraft fees. But where is the right balance? Strunk can help.

We don’t charge a contingency fee – so we’re not going to push you to generate more fees if you think that’s not the right thing for your client base. We also charge a very affordable fixed annual fee – so you don’t have to feel like you should justify the price you pay the OD vendor by driving more fee income. Our goals are to maximize the performance of your program – based on your strategy – and also to ensure compliance.

With StrunkAccess receive the latest hosted ODP Manager software, which will facilitate the generation of proper notifications & reports when they’re needed. ODP Manager is the most powerful tool available to help financial institutions get the most benefit out of their overdraft programs and remain in full compliance with the law. It is provided as a cloud-hosted application, taking full advantage of the latest software developments and eliminates the need for users to maintain a separate application in their own network environment.

Get started today by contacting us at info@strunkaccess.com or 800-728-3116.

Employee Overdraft Privilege Training

/in , , , , , , /by

As more and more states are reducing their Covid-19 restrictions, we are seeing an increase in employees from financial institutions going back to face-to-face work environments. As workers start returning to their workspace in a safe fashion, this is a great time to have some additional training with your employees regarding your Overdraft Privilege program.

Strunk offers ODP training that is specific for your financial institution.  With each session tailored to your financial institution we can help identify issues that you may be having with your program while also ensuring that your employees fully understand the benefits of the overdraft privilege program. During this ODP training will review how to fully explain the ODP program to customers/members and this will prepare your employees to answer questions that they may receive regarding the program. The ODP training is excellent for both new staff that needs to learn about the service as well as a refresher training for other employees.

Another important item that Strunk covers with its training is the compliance perspective surrounding the program. We are all aware that Overdraft Privilege has been under the microscope of the CFPB, and we would like to make sure that your financial institution stays safe from any regulatory issues. Strunk’s training can be done in person and is still being offered as a webinar, which gives financial institutions the flexibility to choose how they would like their staff to be trained.

If you would like additional information on Strunk’s employee Overdraft Privilege training, please feel free to contact us at 800-728-3116 or info@strunkaccess.com.

Strunk at the ABA’s Virtual Risk Management Conference 2021

/in , , , , , , /by

We’re getting the hang of these virtual events at Strunk!  Strunk attended the ABA’s annual Risk Management conference last week. During the virtual event we hosted a virtual booth, met with many familiar and new faces via Zoom meetings and attended virtual sessions. We enjoyed the opportunity to connect with bankers across the country.

We welcomed the opportunity to discuss with attendees the latest features offered by our Governance, Risk Management and Compliance (GRC) software Risk Manager, which includes six GRC tools – Risk Assessor, Policy Manager, Controls Manager, Skills Manager, Issues Manager and Vendor Manager.

A state of the industry was provided by Dr. Catherine Mann, currently the Global Chief Economist for Citibank. The session included an update on the economy, focusing on pandemic recovery in all key sectors. She also shared thoughts on key economic risks for financial markets and how this impacts risk mitigation efforts. The session also included a keynote address by Rob Nichols, President and CEO of the American Bankers Association.

Attendees had the opportunity to discuss post-pandemic risk management, among many other topics. Bankers were encouraged to reassess and modify risk management frameworks as a result of the pandemic, especially reviewing and adjusting risk appetites and associated metrics.

Congratulations to the winner of Strunk’s giveaway, a $100 gift card to Amazon – Linda Schnitzler of The Canandaigua National Bank and Trust Company!

We hope to see you all in person next year. Until then, stay well.

Do Business Accounts Have To Opt In To Reg E?

/in , , , , , , /by

Over the years Strunk has been asked a number of times, “do business accounts that have overdraft privilege have to opt into Reg. E to have their debit card point of sale and ATM transactions covered in the program?” To understand this you must first understand that most consumer protection rules do not apply to deposit accounts held by a business. It is also important to understand that a business-purpose account can be held by a legal entity, such as an LLC or a corporation, or by individuals operating a business themselves as a sole proprietorship.

We need to take a look at Regulation E and break it down regarding this topic. The coverage of Reg. E is stated in section 1005.3(a). It applies to “electronic fund transfers” that debit or credit a “consumer’s account.” Paragraph 1005.2(b) (1) defines an “account” as a consumer asset account established primarily for personal, family, or household purposes. Paragraph 1005.2(e) defines a “consumer” as a natural person. The result is if an individual is using their deposit account for the purposes of operation a sole proprietorship or an account is held by a legal entity, it would not be covered by Reg. E either.

Reg. E coverage means that the “opt-in” for overdraft coverage of debit card point of sale and ATM transactions only applies to consumer accounts. Any application of the concept to other accounts (such as business accounts) is a matter of bank policy and should be addressed in the bank’s deposit account agreement for such accounts.

Are you tired of doing Risk Assessments?

/in , , , , , /by

We hear comments from community bankers across the country that they don’t like doing risk assessments and that they are time consuming. Risk Assessments generally come in the form of Excel Spreadsheets or Word documents. Often times they are done in silos where each functional area of the bank does their regulatory required risk assessment and periodically reports them to the bank’s board for review/approval.

Many banks do risk assessments for the regulators which is typically the wrong approach, in Strunk’s opinion. Risk assessments are done annually for those required by regulations and sometimes others are done two weeks before the regulators walk in. Risk Assessments should be designed to give senior management, board and ownership a snapshot of what risks your bank faces and what has been done to mitigate those risks. High risks aren’t bad; they just need to be managed.

Regulatory scrutiny of BSA/AML, ACH, Fair Lending, Loan Concentrations, Cybersecurity, Information Technology and other areas of the bank have caused financial institutions to spend more time and money focusing on the risks the bank faces. Outsourcing some of these functions to vendors is an expensive way to manage the risk assessment process and certainly unnecessary. Strunk’s GRC (Governance, Risk Management and Compliance) solution makes the risk assessment process easy to do and it consolidates all areas of risk the bank faces into one report.

Bank examiners often tell the community bank that they are coming out for the annual exam six weeks to two months prior to actually showing up. Generally, they ask the bank to send an extensive amount of information prior to coming onsite. This gives the regulator time to form their opinion on what risks the bank faces before arriving at the bank.

Strunk’s solution lets the bank tell their story rather than have the regulator tell the bank’s story to them. Comprehensive risk assessments are made easy with Strunk’s Risk Assessor Solution https://strunkaccess.com/risk-assessor/.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.