Finding the way through Regulatory Requirements

/in , , , , , , /by

Recently, there has been a lot of confusion in regards to what is required for non-FDIC regulated financial institutions regarding their overdraft privilege program. Strunk has received several questions from our non-FDIC regulated clients (financial institutions that are regulated by either OCC, Federal Reserve or NCUA) regarding findings from either auditors or examiners.  It seems there is some inconsistency surrounding the messages these clients are receiving regarding their regulatory responsibility regarding overdraft fees.

Overdraft privilege programs are overly scrutinized from financial institutions, auditors and examiners.  It is very important for financial institutions to understand and implement applicable regulations to ensure an effective, compliant approach to their overdraft privilege program. Part of that process is knowing what your regulatory agency requirements are for your overdraft privilege program.

In 2005, the OCC, Federal Reserve, FDIC and NCUA published interagency guidance ‘Joint Guidance on Overdraft Protection Programs’ describing expectations and best practices for overdraft privilege programs. In 2010, the FDIC issued a final rule that focused on requirements and recommendations for FDIC-regulated institutions that utilized an automated overdraft privilege program. In this ruling it states that FDIC-supervised institutions should monitor their program for excessive or chronic customer use, and if a customer overdraws his or her account on more than six occasions where a fee is charged in a rolling 12 month period, then the financial institution should undertake meaningful and effective follow-up action.  Also, in this ruling the FDIC is requiring their regulated institutions to use a de minimis threshold before an overdraft fee is charged and set daily limits on how many overdraft fees that the institution can charge a customer.

To understand this, it means that financial institutions that are not regulated by the FDIC (OCC, Federal Reserve and NCUA) are not required to monitor for excessive use because these agencies have never defined what excessive use or high numbers of overdrafts are. Also, non-FDIC institutions are not required to impose a daily cap on overdraft fees, and they are also not required to set a de minimis. For non-FDIC institutions, auditors and examiners can recommend that an institution implement these items but they should never make it a requirement because there is no regulatory requirement for your institution.

An independent certified public accountant has examined Strunk’s operations and found them to be in compliance with the AICPA’s Trust Service Principles. It was determined that Strunk meets the Security, Availability, Processing Integrity, Confidentiality, and Privacy criteria for SOC 2 established by the AICPA.