MAY/JUNE 2017 | VOL. 38 | NO. 3
THE BURGEONING NE W WORLD of online “marketplace” lending holds the promise of broader access to credit for consumers and businesses with reduced cost and more competition. However, cutting-edge technology, data sources and credit modeling methods also pose potential for fair lending risk–not withstanding the fair lending benefits of automated decision-making. We provide an overvie w
of marketplace lending, the “Big Data” and machine-learning technologies increasingly being used by both
online and traditional lenders, and key considerations in managing fair lending risk in this brave new world.
Regulators have taken a keen interest in the sector, as well. The federal
financial regulatory agencies appear to be attempting to adopt a fairly
constructive and balanced approach to marketplace lending, Big Data
and machine learning. The OCC, FDIC, Consumer Financial Protection
Bureau (Bureau) and FTC have each published reports on these topics
that have recognized both the potential benefits and risks to consumers
and small businesses, and in February of this year the Bureau issued a
Request for Information seeking to learn more about the topic.
What is Marketplace Lending?
We’ve all heard the term “marketplace lending”, but what does it mean and
who are these new competitors and cohorts? Generally, the term refers to
technology-focused online lending platforms which connect sources of
capital (individual and institutional investors) to users of capital (consum-
ers and small businesses). The original peer-to-peer lending platforms
from which the sector emerged, allowed individual investors to fund
loans to individual consumers, with the platform serving as matchmaker,
screening mechanism and servicer. The sector grew rapidly with fund-
ing from venture capitalists, hedge funds, and institutional investors as
many banks cut back their consumer and small business lending after
the financial crisis. More recently, equity and debt financing, direct bank
funding and securitization have played an increasing role in funding
online marketplace loans. While some of these lenders compete against
banks, many financial institutions are partnering with or investing in
these new lenders, so it is important to understand them.
Marketplace lenders have filled unmet demand for credit by leveraging
new technology to compete directly with higher-cost and less convenient
traditional lenders, and by providing opportunities for capital in search of
higher returns in a low interest rate environment. Marketplace lenders generally offer more flexible and innovative products, more favorable pricing to
consumers, quicker decisions and more efficient service. Some of the typical
distinguishing characteristics of most marketplace lenders are listed in Ex-
IN THE BRAVE NEW WORLD OF
6 | ABA BANK COMPLIANCE | MAY–JUNE 2017 MAY–JUNE 2017 | ABA BANK COMPLIANCE | 7
Wild, Wild West The Consumer Financial Protection Bureau’s
BY BRIAN AXELL, J.D., AND THOMAS G. PAREIGAT, J.D.
with Miles of
FOR YEARS, MANY BANKERS AND REGULATORS ALIKE VIEWED PREPAID CARDS
as an untamed frontier: the “wild, wild west” of financial products. Over the years,
federal regulators put up a few barbed-wire rules to fence-in certain types of prepaid
products (such as gift cards and payroll cards). But, as consumer use and acceptance of
prepaid accounts grew, our federal “sheriff,” the Consumer Financial Protection Bureau
(Bureau), promised to develop a more comprehensive approach to corral and contain
prepaid products and the cowboys and cowgirls who offer them. On October 5, 2016,
the Bureau delivered on its promise and released its long-awaited final rule (Prepaid
Rule or Rule: 81 Fed. Reg. 83934 (November 22, 2016)). Weighing in at 1,689 pages1, the
Prepaid Rule erases much of the regulatory guesswork regarding consumer protection
standards, and puts into place many miles of regulatory “fencing” aimed at increasing
consumer understanding and providing protection from potential consumer harm. To
provide additional support, the Bureau issued the Small Entity Compliance Guide dated
January 31, 2017.2
The Prepaid Rule contains an extensive compliance regime
of disclosures, documentation and dispute resolution requirements through amendments to Regulation E (on prepaid cards)
and Regulation Z (on hybrid prepaid-credit cards). The Rule was
initially set to be generally effective on October 1, 2017 (with
prepaid account agreements set for October 1, 2018). The Bureau has more recently proposed to delay implementation for an
additional six months. This article will review some of the key
requirements of the Prepaid Rule and will suggest practical steps
for compliance professionals who may be faced with lassoing the
the requirements for their bank.
What is a “Prepaid Account”?
The Prepaid Rule covers four account type categories. Two have
already been defined in and covered by Regulation E:
1. A payroll cardaccount.
2. A government benefits account.
The new rule adds two additional account types:
3. Open-loop accounts marketed or labeled as “prepaid”—An
account that is marketed or labeled as “prepaid” (i.e., it is
marketed using that term) and is redeemable upon presentation
at multiple, unaffiliated merchants for goods and services or
usable at automated teller machines (ATMs). This category
covers what the industry refers to as “open-loop” card products,
redeemable at numerous unaffiliated merchants (as opposed
to “closed-loop” accounts with limited purposes and tied to
4. General purpose accounts with loadable balances primarily
intended for transactions with multiple parties—This is the
widest characterization of a prepaid account, and is intended
to cover numerous variations of prepaid products in the
marketplace today. Under the Final Rule, this is an account
that meets all of the following: (i) is issued on a prepaid basis in
a specified amount or is capable of being loaded with funds after
issuance; (ii) whose primary function is to conduct transactions
with multiple, unaffiliated merchants for goods or services, to
conduct transactions at ATMs, or to conduct person-to-person
(P2P) transfers; and (iii) Is not a checking account, share draft
account, or a negotiable order of withdrawal (NOW) account.
The Bureau’s Small Entity Compliance Guide: Prepaid Rule
clarifies that “checkless” checking accounts are not covered
26 | ABA BANK COMPLIANCE | MAY–JUNE 2017 MAY–JUNE 2017 | ABA BANK COMPLIANCE | 27
Many Types of Models
Are Used in Bank
The models discussed in this article
have compliance risk implications,
and their governance falls under the
auspices of risk management and/
or the compliance function. For example, the compliance officer may
be the assigned owner of a bank’s fair
lending model used to identify exposures due to credit underwriting
and pricing decisions, a CRA data
assessment system used to evaluate
lending patterns, or models used to
identify BSA/AML suspicious activity. Credit scoring or complaint
analysis systems are other models
that may be owned by other functional areas but warrant compliance
risk management oversight. And, an
example of models helping compliance officers deal with the growing
regulatory burden is the coming
analysis of the expanded HMDA
data. These models maybe developed internally or purchased from
an external vendor depending on the
preference of the institution.
Trends in Model Usage
In the past 25 years, we have witnessed an analytical explosion and
a concomitant growth in modeling.
In fair lending, the initial modeling
effort involved differential treatment with respect to mortgage applicant race. Then, modeling expanded to include other prohibited
basis groups such as gender, age, and marital status. Additional
expansion included other credit products such as consumer secured
and unsecured loans, HELOCs, direct and indirect autos, small
business, and credit cards. Furthermore, the analytics expanded
from the credit and pricing decisions into other types of risk
such as redlining. We now witness expansion beyond banks to
mortgage companies and the like. Moreover, the recent amendments to HMDA that expanded the scope of data fields suggest a
heightened analytical capacity for models using such data.
Outside of the fair lending explosion, BSA/AML monitoring has
evolved from a largely manual process into a significant modeling
effort that is well beyond point-and-click processes. The urgency
of detecting terrorism financing post-9/11 certainly provided an
impetus for the increased use of automated monitoring processes.
Analysis now may involve machine learning or similar approaches,
especially among service providers.
As a direct result of the development of the Consumer Financial
Protection Bureau’s (Bureau’s) database, a new area of modeling
is “complaints”. At the start, modeling was applied on an ad hoc
basis as a way to discover causes for observed results. More re-
cently, the manual reviews of the past have been supplemented
with basic analytics employingbig data using machine learning
or similar techniques. Big data can be used to supplement tradi-
tional statistical analysis to detect patterns not otherwise seen in
the data. A particular area of interest is unstructured data (which
many analysts have estimated comprises 80% of all data), such
as raw text and voice recordings. Big data can be implemented
using machine learning techniques which are available from sev-
eral external vendors using your institution’s data and perhaps
external data. You may also have an enterprising individual in
your institution that has the ability to create models internally.
If so, the experienced compliance officer knows to connect as
soon as possible with that individual to help shape the approach,
understand the risks, and avoid the pitfalls. Let’s consider a few.
Practical Considerations in Model Usage
While there are many benefits to using models, there are also
some drawbacks or risks. The benefits are:
■■ ■Abilitytoreviewallapplications/transactions. Infair
lending analysis prior to usingmodels, the applications to be
reviewed were typically chosen bysampling. With regression
modeling, all applications are reviewed as part of the analysis.
Asaresultoftheall-inclusive modeling effort, outlier applicants are quickly identified
as part of the analysis output.
■■ ■Easy identification of matching applications/
transaction. Not only are outliers identified, but given a set
of matching criteria, matching applications for those outliers can
be identified, when they exist. Thus, the output of matched pairs
in the past are now matches to all similarly situated applicants,
if they exist.
■■ ■Increasedprecisioninmatching. Theoperatingprotocol
for models minimizes the judgment associated with some of
the old matched pair analyses and permits matching across
■■ ■Efficiencyandcostcontrol. Complianceofficers(notto
mention management) like this process since it is efficient (i.e.
cost effective) compared to other, more manual analyses and
it establishes a reproducible process that is not dependent on
the availability of a staff person running the process.
■■ ■Identification andexplanation offactorshighly
correlated with the target of the analysis. It can
identify what key factors highly correlate with credit and pricing
decisions, SAR decisions, moneylaundering and complaint
■■ ■Early warningcontrol. Complaintanalysiscangivethe
institution an earlywarning on potentially unfair, deceptive,
or abusive acts and practices.
BY ARTHUR R. PREISS, Ph.D., AND STEPHEN E. SUDHOFF, CFA
MODELShelpusthinkaboutourworldinastructured way.Ascreditproductshavebecomemorecomplexand computingpowerhasbecomecheaperandmoreaccessible, analysisofmorecomplexrelationshipshasbecomeeasier.
And, as our world has become more complex, our need for models has grown
to help us think about various issues, and devise solutions to these issues.
Model usage in compliance has also grown because models are a cost-effective
way of dealing with the regulatory burden.
Can Play a Leading
Role in Compliance
32 | ABA BANK COMPLIANCE | MAY–JUNE 2017 MAY–JUNE 2017 | ABA BANK COMPLIANCE | 33
Unfortunately, OFAC’s reasoningin concluding enforcement actions is not
always clear. While the agencypublishes details of settlements on its website,
the information provided is typically minimal. There will be a brief description
of the parties involved and the alleged violations, and a list of the factors—both
aggravating and mitigating—that OFAC considered in deciding what penalty
Nonetheless, these settlement announcements provide useful insight into
strategies to mitigate violations that do occur. This article attempts to outline
some of those strategies, both for purposes of protecting against violations and
to remediate them when they do occur.
OFAC currently administers approximately 25 different sanctions programs
against designated countries, governments and other entities, individuals, and
even vessels. As a general matter, U.S. persons (including U.S. companies and all
persons in the United States) cannot do any business with a sanctioned party.
Banks and other financial institutions are on the front lines of U.S. sanctions
compliance, as they process millions of transactions, on a daily basis and
across international boundaries. And it’s not just U.S. banks that are in the
cross hairs: as demonstrated in its enforcement action against the Canadian
bank, OFAC views its jurisdiction to extend to any party that transacts in or
through the United States. (See also the penalties imposed against Standard
Chartered, HSBC, and—most significantly—BNP Paribas for further evidence
of the long arm of OFAC jurisdiction.)
To be clear, OFAC is unlikely to attempt to exercise jurisdiction over a non-U.S. entity operating entirely outside the United States. But it is also clear that
OFAC may try to exercise jurisdiction over any transaction that involves U.S.
dollars—and which therefore needs to pass through the United States at least
electronically at some point.
Canadian Bank Violations
The January 2017 enforcement action against the Canadian bank is instructive
as to how OFAC pursues enforcement actions. In the action, OFAC asserted that
the bank was involved in trade finance transactions, from approximately 2003
through 2011, in violation of U.S. sanctions on Cuba and Iran. (Note that, as
is frequentlythe case with OFAC enforcement actions, the violations occurred
many years before the agency actually settled the matter, i.e., these matters often
take a long time to conclude.)
According to OFAC, the bank maintained accounts with one Canadian
company that was owned by a Cuban entity, and another Canadian company
that was an agent for an Iranian entitydesignated on OFAC’s List of Specially
Designated Nationals and Blocked Persons. The bank also apparently maintained
accounts on behalf of numerous Cuban nationals residing
OFAC determined that the bank conducted dozens of
transactions through the U.S. financial system on behalf of
these parties; by OFAC’s calculations, the unauthorized transactions
totaled over $2 million. The transactions reportedly involved non-U.S.
bank personnel who—according to OFAC—knew or should have known of
the customers’ connections to sanctioned nations and entities. OFAC asserted
that the shortcomings of these personnel were largelythe result of ineffective
compliance policies and procedures. (More on avoiding that later.) According to
OFAC, the bank, a large sophisticated financial institution with a global presence,
should have had more effective compliance controls in place.
But OFAC also decided to reduce the penalty as a result of several factors.
In particular, OFAC noted the bank’s substantial cooperation during the
investigation, including its voluntary self-disclosure, provision of detailed
and well-organized information in response to OFAC requests, and signing
IN JANUARY 2017, the U.S.Treasury
Department, Office of Foreign Assets Control (OFAC)
announced a settlement with a large Canadian bank for
approximately 170 alleged violations of U.S. sanctions against
On the same day, OFAC announced its determination that two of the bank’s
European subsidiaries had committed nearly 3,500 U.S. sanctions violations. Yet OFAC
imposed no penalty on the subsidiaries.
This is not the only example of OFAC imposing different penalties against
entities apparently involved in similar conduct. In September 2016, OFAC
announced penalties against two U.S. companies alleged to have violated
U.S. sanctions on Iran.The number of violations that each company
allegedly committed was similar; the penalty was not, as one
company paid 1/100th of what the other company paid.
BY THAD MCBRIDE
18 | ABA BANK COMPLIANCE | MA Y–JUNE 2017 MAY–JUNE 2017 | ABA BANK COMPLIANCE | 19
4 | Compliance
BY CARL PRY, CRCM,
12 | Governance
BY CLAYTON MI TCHELL,
CAMS, CFIRS, AND
PAUL OSBORNE, CPA,
16 | What’s New
BY MEG SCZYRBA,
24 | Risk
BY RYAN RASSKE
39 | The Other Side
BY S TU LEHR, CRCM
40 | From the
BY LESLIE CALLAWAY,
MARK KRUHM, CRCM,
RHONDA CAS TANEDA,
41 | Regulatory
6 | Fair Lending in the Brave New World of Big Data
42 | Around the
44 | Continuing
BY MARSHA J. COURCHANE, Ph.D. AND
DAVID M. SKANDERSON, Ph.D.
New technology, data sources and credit modeling methods
pose potential for fair lending risk. Here you’ll find an
overview of marketplace lending, Big Data, and the machine-learning technologies that are increasingly being used by
both online and traditional lenders. Key considerations
in managing fair lending risk in this brave new world
18 | Mitigating Economic Sanctions Risk
BY THAD MCBRIDE
This article is a discussion of recent settlements imposed by
U.S. Treasury Department, Office of Foreign Assets Control
(OFAC). You’ll find useful insight into strategies to mitigate
violations, for purposes both to protect against violations
and remediate them when they do occur.
26 | The Bureau’s Prepaid Account Rule: Taming the Wild-Wild We
with Miles of Regulatory Fencin
BY BRIAN AXELL, J.D., AND THOMAS G. PAREIGAT, J.D.
The Consumer Financial Protection Bureau has proposed to
delay implementation of their Prepaid Rule from October
1, 2017 (with prepaid account agreements set for October
1, 2018) to April 1, 2018. Here we review some of the key
requirements of the Prepaid Rule and suggest practical
steps for compliance professionals who may be faced with
lassoing the the requirements for their bank.
32 | How Model Risk Management Can Play a Leading Role in Compliance
BY ARTHUR R. PREISS, Ph.D., AND STEPHEN E. SUDHOFF, CFA
As modeling has improved, Compliance personnel are
able to target necessary changes, thus increasing their
efficiencies and oversight capabilities. As a result, banks can
manage risk more effectively, reduce costs, increase service
and have an overall competitive advantage. Here you’ll find
an educational resource to help understand the implications
of model use and make informed decisions.