Tag: regulatory compliance

To provide consumers with clear-cut protections against disturbance by debt collectors, the Consumer Financial Protection Bureau (CFPB) issued a Notice of Proposed Rulemaking (NPRM) to implement the Fair Debt Collection Practices Act (FDCPA) earlier this year. Among many other things, the proposal would set strict limits on the number of calls debt collectors may place to reach consumers weekly and clarify requirements for consumer-facing debt collection disclosures. A bigger discussion Deliberation of the debt collection proposal was originally scheduled to begin on August 18, 2019. However, to allow commenters to further consider the issues raised in the NPRM and gather data, the comment period was extended by 20 days to September 18, 2019. It is currently still being debated, as many argue that the proposed rule does not account for modern consumer preferences and hinders the free flow of information used to help consumers access credit and services. The Association of Credit and Collection Professionals (ACA International) and US House lawmakers continue to challenge the proposal, stating that it doesn’t ensure that debt collectors’ calls to consumers are warranted, nor does it do enough to protect consumers’ privacy. Many consumer advocates have expressed doubts about how effective the proposed measures will be in protecting debtors from debt collector harassment and see the seven-calls-a-week limit on phone contact as being too high. In fact, it’s difficult to find a group of people in full support of the proposal, despite the CFPB stating that it will help clarify the FDCPA, protect lenders from litigation and bring consumer protection regulation into the 21st century. What does this mean? Although we don’t know when, or if, the proposed rule will go into effect, it’s important to prepare. According to the Federal Register, there are key ways that the new regulation would affect debt collection through the use of newer technologies, required disclosures and limited consumer contact. Not only will the proposed rules apply to debt collectors, but its provisions will also impact creditors and servicers, making it imperative for everyone in the financial services space to keep watch on the regulation’s status and carefully analyze its proposed rules. At Experian, our debt collection solutions automate and moderate dialogues and negotiations between consumers and collectors, making it easier for collection agencies to connect with consumers while staying compliant. Our best-in-class data and analytics will play a key role in helping you reach the right consumer, in the right place, at the right time. Learn more

Earlier this year, the Consumer Financial Protection Bureau (CFPB) issued a Notice of Proposed Rulemaking (NPRM) to implement the Fair Debt Collection Practices Act (FDCPA). The proposal, which will go into deliberation in September and won't be finalized until after that date at the earliest, would provide consumers with clear-cut protections against disturbance by debt collectors and straightforward options to address or dispute debts. Additionally, the NPRM would set strict limits on the number of calls debt collectors may place to reach consumers weekly, as well as clarify how collectors may communicate lawfully using technologies developed after the FDCPA’s passage in 1977. So, what does this mean for collectors? The compliance conundrum is ever present, especially in the debt collection industry. Debt collectors are expected to continuously adapt to changing regulations, forcing them to spend time, energy and resources on maintaining compliance. As the most recent onslaught of developments and proposed new rules have been pushed out to the financial community, compliance professionals are once again working to implement changes. According to the Federal Register, here are some key ways the new regulation would affect debt collection: Limited to seven calls: Debt collectors would be limited to attempting to reach out to consumers by phone about a specific debt no more than seven times per week. Ability to unsubscribe: Consumers who do not wish to be contacted via newer technologies, including voicemails, emails and text messages must be given the option to opt-out of future communications. Use of newer technologies: Newer communication technologies, such as emails and text messages, may be used in debt collection, with certain limitations to protect consumer privacy. Required disclosures: Debt collectors will be obligated to send consumers a disclosure with certain information about the debt and related consumer protections. Limited contact: Consumers will be able to limit ways debt collectors contact them, for example at a specific telephone number, while they are at work or during certain hours. Now that you know the details, how can you prepare? At Experian, we understand the importance of an effective collections strategy. Our debt collection solutions automate and moderate dialogues and negotiations between consumers and collectors, making it easier for collection agencies to reach consumers while staying compliant. Powerful locating solution: Locate past-due consumers more accurately, efficiently and effectively. TrueTraceSM adds value to each contact by increasing your right-party contact rate. Exclusive contact information: Mitigate your compliance risk with a seamless and unparalleled solution. With Phone Number IDTM, you can identify who a phone is registered to, the phone type, carrier and the activation date. If you aren’t ready for the new CFPB regulation, what are you waiting for? Learn more Note: Click here for an update on the CFPB's proposal.

Have you seen the latest Telephone Consumer Protection Act (TCPA) class action lawsuit? TCPA litigations in the communications, energy and media industries are dominating the headlines, with companies paying up to millions of dollars in damages. Consumer disputes have increased more than 500 percent in the past five years, and regulations continue to tighten. Now more than ever, it’s crucial to build effective and cost-efficient contact strategies. But how? First, know your facts. Second, let us help. What is the TCPA? As you’re aware, TCPA aims to safeguard consumer privacy by regulating telephone solicitations and the use of prerecorded messages, auto-dialed calls, text messages and unsolicited faxes. The rule has been amended and more tightly defined over time. Why is TCPA compliance important? Businesses found guilty of violating TCPA regulations face steep penalties – fines range from $500 to $1500 per individual infraction! Companies have been delivered hefty penalties upwards of hundreds of thousands, and in some cases, millions of dollars. Many have questions and are seeking to understand how they might adjust their policies and call practices. How can you protect yourself? To help avoid risk for compliance violations, it’s integral to assess call strategies and put best practices in place to increase right-party contact rates. Strategies to gain compliance and mitigate risk include: Focus on right and wrong-party contact to improve customer service: Monitoring and verifying consumer contact information can seem like a tedious task, but with the right combination of data, including skip tracing data from consumer credit data, alternative and other exclusive data sources, past-due consumers can be located faster. Scrub often for updated or verified information: Phone numbers can continuously change, and they’re only one piece of a consumer’s contact information. Verifying contact information for TCPA compliance with a partner you can trust can help make data quality routine. Determine when and how often you dial cell phones: Or, given new considerations proposed by the CFPB, consider looking at collections via your consumers’ preferred communication channel – online vs. over the phone. Provide consumers user-friendly mechanisms to opt-out of receiving communications At Experian, our TCPA solutions can help you monitor and verify consumer contact information, locate past-due consumers, improve your right-party contact rates and automate your collections process. Get started

Financial institutions preparing for the launch of the Financial Accounting Standard Board’s (FASB) new current expected credit loss model, or CECL, may have concerns when it comes to preparedness, implications and overall impact. Gavin Harding, Experian’s Senior Business Consultant and Jose Tagunicar, Director of Product Management, tackled some of the tough questions posed by the new accounting standard. Check out what they had to say: Q: How can financial institutions begin the CECL transition process? JT: To prepare for the CECL transition process, companies should conduct an operational readiness review, which includes: Analyzing your data for existing gaps. Determining important milestones and preparing for implementation with a detailed roadmap. Running different loss methods to compare results. Once losses are calculated, you’ll want to select the best methodology based on your portfolio. Q: What is required to comply with CECL? GH: Complying with CECL may require financial institutions to gather, store and calculate more data than before. To satisfy CECL requirements, financial institutions will need to focus on end-to-end management, determine estimation approaches that will produce reasonable and supportable forecasts and automate their technology and platforms. Additionally, well-documented CECL estimations will require integrated workflows and incremental governance. Q: What should organizations look for in a partner that assists in measuring expected credit losses under CECL? GH: It’s expected that many financial institutions will use third-party vendors to help them implement CECL. Third-party solutions can help institutions prepare for the organization and operation implications by developing an effective data strategy plan and quantifying the impact of various forecasted conditions. The right third-party partner will deliver an integrated framework that empowers clients to optimize their data, enhance their modeling expertise and ensure policies and procedures supporting model governance are regulatory compliant. Q: What is CECL’s impact on financial institutions? How does the impact for credit unions/smaller lenders differ (if at all)? GH: CECL will have a significant effect on financial institutions’ accounting, modeling and forecasting. It also heavily impacts their allowance for credit losses and financial statements. Financial institutions must educate their investors and shareholders about how CECL-driven disclosure and reporting changes could potentially alter their bottom line. CECL’s requirements entail data that most credit unions and smaller lenders haven’t been actively storing and saving, leaving them with historical data that may not have been recorded or will be inaccessible when it’s needed for a CECL calculation. Q: How can Experian help with CECL compliance? JT: At Experian, we have one simple goal in mind when it comes to CECL compliance: how can we make it easier for our clients? Our Ascend CECL ForecasterTM, in partnership with Oliver Wyman, allows our clients to create CECL forecasts in a fraction of the time it normally takes, using a simple, configurable application that accurately predicts expected losses. The Ascend CECL Forecaster enables you to: Fulfill data requirements: We don’t ask you to gather, prepare or submit any data. The application is comprised of Experian’s extensive historical data, delivered via the Ascend Technology PlatformTM, economic data from Oxford Economics, as well as the auto and home valuation data needed to generate CECL forecasts for each unsecured and secured lending product in your portfolio. Leverage innovative technology: The application uses advanced machine learning models built on 15 years of industry-leading credit data using high-quality Oliver Wyman loan level models. Simplify processes: One of the biggest challenges our clients face is the amount of time and analytical effort it takes to create one CECL forecast, much less several that can be compared for optimal results. With the Ascend CECL Forecaster, creating a forecast is a simple process that can be delivered quickly and accurately. Q: What are immediate next steps? JT: As mentioned, complying with CECL may require you to gather, store and calculate more data than before. Therefore, it’s important that companies act now to better prepare. Immediate next steps include: Establishing your loss forecast methodology: CECL will require a new methodology, making it essential to take advantage of advanced statistical techniques and third-party solutions. Making additional reserves available: It’s imperative to understand how CECL impacts both revenue and profit. According to some estimates, banks will need to increase their reserves by up to 50% to comply with CECL requirements. Preparing your board and investors: Make sure key stakeholders are aware of the potential costs and profit impacts that these changes will have on your bottom line. Speak with an expert

What is CECL? CECL (Current Expected Credit Loss) is a new credit loss model, to be leveraged by financial institutions, that estimates the expected loss over the life of a loan by using historical information, current conditions and reasonable forecasts. According to AccountingToday, CECL is considered one of the most significant accounting changes in decades to affect entities that borrow and lend money. To comply with CECL by the assigned deadline, financial institutions will need to access much more data than they’re currently using to calculate their reserves under the incurred loss model, Allowance for Loan and Lease Losses (ALLL). How does it impact your business? CECL introduces uncertainty into accounting and growth calculations, as it represents a significant change in the way credit losses are currently estimated. The new standard allows financial institutions to calculate allowances in a variety of ways, including discounted cash flow, loss rates, roll-rates and probability of default analyses. “Large banks with historically good loss performance are projecting increased reserve requirements in the billions of dollars,” says Experian Advisory Services Senior Business Consultant, Gavin Harding. Here are a few changes that you should expect: Larger allowances will be required for most products As allowances will increase, pricing of the products will change to reflect higher capital cost Losses modeling will change, impacting both data collection and modeling methodology There will be a lower return on equity, especially in products with a longer life expectancy How can you prepare? “CECL compliance is a journey, rather than a destination,” says Gavin. “The key is to develop a thoughtful, data-driven approach that is tested and refined over time.” Financial institutions who start preparing for CECL now will ultimately set their organizations up for success. Here are a few ways to begin to assess your readiness: Create a roadmap and initiative prioritization plan Calculate the impact of CECL on your bottom line Run altered scenarios based on new lending policy and credit decision rules Understand the impact CECL will have on your profitability Evaluate current portfolios based on CECL methodology Run different loss methods and compare results Additionally, there is required data to capture, including quarterly or monthly loan-level account performance metrics, multiple year data based on loan product type and historical data for the life of the loan. How much time do you have? Like most accounting standards, CECL has different effective dates based on the type of reporting entity. Public business entities that file financial statements with the Security and Exchange Commission will have to comply by 2020, non-public entity banks must comply by 2022 and non-SEC registered companies have until 2023 to adopt the new standard. How can we help: Complying with CECL may require you to gather, store and calculate more data than before. Experian can help you comply with CECL guidelines including data needs, consulting and loan loss calculation. Experian industry experts will help update your current strategies and establish an appropriate timeline to meet compliance dates. Leveraging our best-in-class industry data, we will help you gain CECL compliance quickly and effectively, understand the impacts to your business and use these findings to improve overall profitability. Learn more

Federal legislation makes verifying an individual’s identity by scanning identity documents during onboarding legal in all 50 states Originally posted on Mitek blog The Making Online Banking Initiation Legal and Easy (MOBILE) Act officially became law on May 24, 2018, authorizing a national standard for banks to scan and retain information from driver’s licenses and identity cards as part of a customer online onboarding process, via smartphone or website. This bill, which was proposed in 2017 with bipartisan support, allows financial institutions to fully deploy mobile technology that can make digital account openings across all states seamless and cost efficient. The MOBILE Act also stipulates that the digital image would be destroyed after account opening to further ensure customer data security. As an additional security measure, section 213 of the act mandates an update to the system to confirm matches of names to social security numbers. “The additional security this process could add for online account origination was a key selling point with the Equifax data breach fresh on everyone’s minds,” Scott Sargent, of counsel in the law firm Baker Donelson’s financial service practice, recently commented on AmericanBanker.com. Read the full article here. Though digital banking and an online onboarding process has already been a best practice for financial institutions in recent years, the MOBILE Act officially overrules any potential state legislation that, up to this point, has not recognized digital images of identity documents as valid. The MOBILE Act states: “This bill authorizes a financial institution to record personal information from a scan, copy, or image of an individual’s driver’s license or personal identification card and store the information electronically when an individual initiates an online request to open an account or obtain a financial product. The financial institution may use the information for the purpose of verifying the authenticity of the driver’s license or identification card, verifying the identity of the individual, or complying with legal requirements.” Why adopt online banking? The recently passed MOBILE Act is a boon for both financial institutions and end users. The legislation: Enables and encourages financial institutions to meet their digital transformation goals Makes the process safe with digital ID verification capabilities and other security measures Reduces time, manual Know Your Customer (KYC) duties and costs to financial institutions for onboarding new customers Provides the convenient, on-demand experience that customers want and expect The facts: 61% of people use their mobile phone to carry out banking activity.1 77% of Americans have smartphones.2 50 million consumers who are unbanked or underbanked use smartphones.3 The MOBILE Act doesn’t require any regulatory implementation. Banks can access this real-time electronic process directly or through vendors. Read all you need to know about the MOBILE Act here. Find out more about a better way to manage fraud and identity services.   References 1Mobile Ecosystem Forum, MEF Mobile Money Report (https://mobileecosystemforum.com/mobile-money-report/), Feb. 5, 2018. 2Pew Research Center, Mobile Fact Sheet (http://www.pewinternet.org/fact-sheet/mobile/), Jan. 30, 2017. 3The Federal Reserve System, Consumers and Mobile Financial Services 2015 (https://www.federalreserve.gov/econresdata/consumers-and-mobile-financial-services-report-201503.pdf), March 2015.

Customer Identification Program (CIP) solution through CrossCore® Every day, I work closely with clients to reduce the negative side effects of fraud prevention. I hear the need for lower false-positive rates; maximum fraud detection in populations; and simple, streamlined verification processes. Lately, more conversations have turned toward ID verification needs for Customer Information Program (CIP) administration. As it turns out, barriers to growth, high customer friction and high costs dominate the CIP landscape. While the marketplace struggles to manage the impact of fraud prevention, CIP routinely disrupts more than 10 percent of new customer acquisitions. Internally at Experian, we talk about this as the biggest ID problem our customers aren’t solving. Think about this: The fight for business in the CIP space quickly turned to price, and price was defined by unit cost. But what’s the real cost? One of the dominant CIP solutions uses a series of hyperlinks to connect identity data. Every click is a new charge. Their website invites users to dig into the data — manually. Users keep digging, and they keep paying. And the challenges don’t stop there. Consider the data sources used for these solutions. The winners of the price fight built CIP solutions around credit bureau header data. What does that do for growth? If the identity wasn’t sufficiently verified when a credit report was pulled, does it make sense to go back to the same data source? Keep digging. Cha-ching, cha-ching. Right about now, you might be feeling like there’s some sleight of hand going on. The true cost of CIP administration is much more than a single unit price. It’s many units, manual effort, recycled data and frustrated customers — and it impacts far more clients than fraud prevention. CIP needs have moved far beyond the demand for a low-cost solution. We’re thrilled to be leading the move toward more robust data and decision capabilities to CIP through CrossCore®. With its open architecture and flexible decision structure, our CrossCore platform enables access to a diverse and robust set of data sources to meet these needs. CrossCore unites Experian data, client data and a growing list of available partner data to deliver an intelligent and cost-conscious approach to managing fraud and identity challenges. The next step will unify CIP administration, fraud analytics and a range of verification treatment options together on the CrossCore platform as well. Spoiler alert. We’ve already taken that step.

As more financial institutions express interest and leverage alternative credit data sources to decision and assess consumers, lenders want to be assured of how they can best utilize this data source and maintain compliance. Experian recently interviewed Philip Bohi, Vice President for Compliance Education for the American Financial Services Association (AFSA), to learn more about his perspective on this topic, as well as to gain insights on what lenders should consider as they dive into the world of alternative credit data. Alternative data continues to be a hot topic in the financial services space. How have you seen it evolve over the past few years? It’s hard to pinpoint where it began, but it has been interesting to observe how technology firms and people have changed our perceptions of the value and use of data in recent years. Earlier, a company’s data was just the information needed to conduct business. It seems like people are waking up to the realization that their business data can be useful internally, as well as to others.  And we have come to understand how previously disregarded data can be profoundly valuable. These insights provide a lot of new opportunities, but also new questions.  I would also say that the scope of alternative credit data use has changed.  A few years ago, alternative credit data was a tool to largely address the thin- and no-file consumer. More recently, we’ve seen it can provide a lift across the credit spectrum. We recently conducted a survey with lenders and 23% of respondents cited “complying with laws and regulations” as the top barrier to utilizing alternative data. Why do you think this is the case? What are the top concerns you hear from lenders as it relates to compliance on this topic? The consumer finance industry is very focused on compliance, because failure to maintain compliance can kill a business, either directly through fines and expenses, or through reputation damage. Concerns about alternative data come from a lack of familiarity. There is uncertainty about acquiring the data, using the data, safeguarding the data, selling the data, etc. Companies want to feel confident that they know where the limits are in creating, acquiring, using, storing and selling data. Alternative data is a broad term. When it comes to utilizing it for making a credit decision, what types of alternative data can actually be used?  Currently the scope is somewhat limited. I would describe the alternative data elements as being analogous to traditional credit data. Alternative data includes rent payments, utility payments, cell phone payments, bank deposits, and similar records. These provide important insights into whether a given consumer is keeping up with financial obligations. And most importantly, we are seeing that the particular types of obligations reflected in alternative data reflect the spending habits of people whose traditional credit files are thin or non-existent.  This is a good thing, as alternative data captures consumers who are paying their bills consistently earlier than traditional data does. Serving those customers is a great opportunity. If a lender wants to begin utilizing alternative credit data, what must they know from a compliance standpoint? I would begin with considering what the lender’s goal is and letting that guide how it will explore using alternative data. For some companies, accessing credit scores that include some degree of alternative data along with traditional data elements is enough. Just doing that provides a good business benefit without introducing a lot of additional risk as compared to using traditional credit score information. If the company wants to start leveraging its own customer data for its own purposes, or making it available to third parties, that becomes complex very quickly.  A company can find itself subject to all the regulatory burdens of a credit-reporting agency very quickly. In any case, the entire lifecycle of the data has to be considered, along with how the data will be protected when the data is “at rest,” “in use,” or “in transit.” Alternative data used for credit assessment should additionally be FCRA-compliant. How do you see alternative credit data evolving in the future? I cannot predict where it will go, but the unfettered potential is dizzying. Think about how DNA-based genealogy has taken off, telling folks they have family members they did not know and providing information to solve old crimes. I think we need to carefully balance personal privacy and prudent uses of customer data. There is also another issue with wide-ranging uses of new data. I contend it takes time to discern whether an element of data is accurately predictive.  Consider for a moment a person’s utility bills. If electricity usage in a household goes down when the bills in the neighborhood are going up, what does that tell us? Does it mean the family is under some financial strain and using the air conditioning less? Or does it tell us they had solar panels installed? Or they’ve been on vacation?  Figuring out what a particular piece of data means about someone’s circumstances can be difficult. About Philip Bohi Philip joined  AFSA in 2017 as Vice President, Compliance Education. He is responsible for providing strategic direction and leadership for the Association’s compliance activities, including AFSA University, and is the staff liaison to the Operations and Regulatory Compliance Committee and Technology Task Forces. He brings significant consumer finance legal and compliance experience to AFSA, having served as in-house counsel at Toyota Motor Credit Corporation and Fannie Mae. At those companies, Philip worked closely with compliance staff supporting technology projects, legislative tracking, and vendor management. His private practice included work on manufactured housing, residential mortgage compliance, and consumer finance matters at McGlinchey Stafford, PLLC and Lotstein Buckman, LLP. He is a member of the Virginia State Bar and the District of Columbia Bar. Learn more about the array of alternative credit data sources available to financial institutions.

There’s no question today’s consumers have high expectations. As financial services companies wrestle with the laws and consumer demands, here are a few points to consider: While digital delivery channels may be new, the underlying credit product remains the same. With digital delivery, adhere to credit regulations, but build in enhanced policies and technological protocols. Consult your legal, risk and compliance teams regularly. Embrace the multitude of delivery methods, including email, text, digital display and beyond. When using the latest technology, you need to work with the right partners. They can help you respect the data and consumer privacy laws, which is the foundation on which strategies should be built. Learn more

Consumers and businesses alike have been hyper-focused on all things data over the past several months. From the headlines surrounding social media privacy, to the flurry of spring emails we’ve all received from numerous brands due to the recent General Data Protection Regulation (GDPR) going into effect in Europe, many are trying to assess the data “sweet spot.” In the financial services space, lenders and businesses are increasingly seeking to leverage enhanced digital marketing channels and methods to deliver offers and invitations to apply. But again, many want to know, what are the data rules and how can they ensure they are playing it safe in such a highly regulated environment. In an Experian-hosted webinar, Credit Marketing in the Digital Age, the company recently featured a team of attorneys from Venable LLP’s award-winning privacy and advertising practice. There’s no question today’s consumers expect hyper-targeted messages and user experiences, but with the number of data breaches on the rise, there is also the concern around data access. Who has my data? Is it safe? Are companies using it in the appropriate way? As financial services companies wrestle with the laws and consumer expectations, the Venable legal team provided a few insights to consider. While the digital delivery channels may be new, the underlying credit product remains the same. A prescreened offer is a prescreened offer, and an application for credit is still an application for credit. The marketing of these and other credit products is governed by an array of pre-existing laws, regulations, and self-regulatory principles that combine to form a unique compliance framework for each of the marketing channels. Adhere to credit regulations, but build in enhanced policies and technological protocols with digital delivery. With digital delivery of the offer, lenders should be thinking about the additional compliance aspects attached to those varying formats. For example, in the case of digital display advertising, you should pay close attention to ensuring delivery of the ad to the correct consumer, with suitable protections in place for sharing data with vendors. Lenders and service providers also should think about using authentication measures to match the correct consumer with a landing page containing the firm offer along with the appropriate disclosures and opt-outs. Strong compliance policies are important for all participants in this process. Working with a trusted vendor that has a commitment to data security, compliance by design, and one that maintains an integrated system of decisioning and delivery, with the ability to scrub for FCRA opt-outs, is essential. Consult your legal, risk and compliance teams. The digital channels raise questions that can and must be addressed by these expert audiences. It is so important to partner with service providers that have thought this through and can demonstrate a compliance framework. Embrace the multitude of delivery methods. Yes, there are additional considerations to think about to ensure compliance, but businesses should seek opportunities to reach their consumers via email, text, digital display and beyond. Also, digital credit offers need not replace mail and phone and traditional channels. Rather, emerging digital channels can supplement a campaign to drive the response rates higher. In Mary Meeker’s annual tech industry report, she touched on a phenomenon called the “privacy paradox” in which companies must balance the need to personalize their products and services, but at the same time remain in good favor with consumers, watchdog groups and regulators. So, while financial services players have much to consider in the regulatory space, the expectation is they embrace the latest technology advancements to interact with their consumers. It can be done and the delivery methods exist today. Just ensure you are working with the right partners to respect the data and consumer privacy laws.  

On May 11, 2018, financial institutions will be required to perform Customer Due Diligence routines for their legal entity customers, such as a corporation or limited liability company. Here are 3 facts that you should know about this upcoming rule: When validating ownership, financial institutions can accept what customers have provided unless they have a reason to believe otherwise. Some possible trigger events requiring review of beneficial ownership information for existing accounts include: change in ownership and law enforcement warrants or subpoenas. When collecting and updating beneficial ownership information, the financial institution must retain the original and updated information. While financial institutions are required to collect the same basic customer identification program information from business owners that is required from consumer customers, your current policies may not satisfy this new rule. Learn more

June 2018 will mark the one-year anniversary of the National Institute of Standards and Technology (NIST) release of Special Publication 800-63-3, Digital Identity Guidelines. While federal agencies are the most directly impacted, this guidance signals a seismic shift in identity proofing across the entire ecosystem of consumers, private sector businesses and public sector agencies. It’s the clearest claim I’ve seen to date that traditional, and rather basic, personally identifiable information (PII) verification should no longer be trusted for remote user interaction. For those of us in the fraud and identity space, this isn’t a new revelation, but one we as an industry have been dealing with for years. As the data breach floodgates continue to be pushed further open, PII is a commodity for the fraudsters, evident in PII prices on the dark web, which are often lower than your favorite latte. Identity-related schemes have increased due to fraud attacks shifting away from card compromise (due to the U.S. rollout of chip-and-signature cards), double-digit growth in online and mobile consumer channels, and high-profile fraud events within both the public and private sector. It’s no shock that NIST has taken a sledgehammer to previous guidance around identity proofing and replaced it with an aggressive and rather challenging set of requirements seemingly founded in the assumption that all PII (names, addresses, dates of birth, Social Security numbers, etc.) is either compromised or easily can be compromised in the future. So where does this leave us? I applaud the pragmatic approach to the new NIST standards and consider it a signal to all of us in the identity marketplace. It’s aggressive and aspirational in raising the bar in identity proofing and management. I welcome the challenge in serving our public sector clients, as we have done for nearly a decade. Our innovative approach to layered levels of identity verification, validation, risk assessment and monitoring adhere to the recommendations of the new NIST standards. I do, however, recommend that any institution applying these standards to their own processes and applications ensure they place equal focus on comparable alternatives for those addressable populations and users who are likely to either opt out of, or fail, initial verification steps stringently aligned with the new requirements. While too early to accurately forecast, it’s relatively safe to assume that the percentage of the population “falling out of the process” may easily be counted in the double digits. It’s only through advanced analytics and technology reliant on a significant breadth and depth of identity data and observations that we can provide trust and confidence across such a diverse population in age, demographics, expectations and access.

Regardless of personal political affiliation or opinion, the presidential election is over, and the focus has shifted from debate to the impact the new administration will have on the regulatory landscape for banks. While many questions remain regarding the policy direction of a Trump administration, one thing is near certain: change is on the horizon. While on the campaign trail, Trump took aim at banking regulation: “Dodd-Frank has made it impossible for bankers to function. It makes it very hard for bankers to loan money…for people with businesses to create jobs. And that has to stop.” And in his first post-election interview, Trump outlined named financial industry deregulation to allow “banks to lend again” as a priority. Before Election Day, Experian surveyed members of the financial community about their thoughts on regulatory affairs. An overwhelming majority—85 percent—believed the election outcome would impact the current environment. Most surveyed are also feeling the weight of financial regulations established by the Obama administration in the wake of the severe financial crisis of 2008. Five out of six respondents feel current regulations have placed an undue burden on financial institutions. Three-quarters believe the regulations reduce the availability of credit. And less than half believe the regulations are positive for consumers. According to our survey, complying with Dodd-Frank and other regulations has a financial impact for most, with 76 percent realizing a significant increase in spend since 2008. Personnel and technology spend top the list, with an increase of 78 percent and 76 percent, respectively. Top regulations that require the most resources to ensure compliance: the Dodd-Frank Act (70 percent), Fair Lending Act (55), Bank Secrecy Act/Anti-Money Laundering (47) and Fair Credit Reporting Act (42). Specifically, the Dodd Frank and TILA-RESPA Integrated Disclosure were the two most frequently mentioned regulations requiring additional investment, followed by the Military Lending Act and Bank Secrecy Act/Anti-Money Laundering. What lies ahead? It’s difficult to determine how the Trump administration will tackle banking regulations and policy, but change is in the air.

How will the FinCEN revisions impact your business? (Part 2) I recently discussed the new FinCEN requirements to Customer Due Diligence. This time, I’d like to focus on the recent FinCEN advisory regarding “email-compromise fraud.” This new advisory sheds additional light on the dual threats of both Email Account Compromise impacting the general public and Business Email Compromise that targets businesses. FinCEN has rightly identified and communicated several high-risk conditions common to the perpetration of scams such as varied languages, slight alterations in email addresses, out-of-norm account and transaction information, and social engineering in the form of follow-up requests for additional transfers. In addition to introducing operational standards to detect such conditions, institutions also would benefit from these other tactics and focal points as they respond to email requests for financial transfers: Email validation and verification — use of third-party vendor services that can deliver a measurable level of confidence in the association of an email address to an actual, true identity. Multifactor authentication — use of dual-step or out-of-band verification of the requested transaction using alternate channels such as phone. Robust KYC/CIP at application and account opening to ensure that name, address, date of birth and Social Security number are verified and positively and consistently linked to a single identity, as well as augmented with phone and email verification and association for use in customer communications and multifactor authentications. Customer transactional monitoring in the form of establishing typical or normal transfer activity and thresholds for outlying variations of concern. Known and suspected fraud databases updated in real time or near real time for establishing blacklist emails to be segmented as high risk or declines upon receipt. Identity application and transactional link analysis to monitor for and detect the use of shared and manipulated email addresses across multiple transaction requests for disparate identities. Access to device intelligence and risk assessment to ensure consistent association of a true customer with one or more trusted devices and to detect variance in those trusted associations. Which of these 7 tactics are you using to stop email-compromise fraud?

How will the FinCEN revisions impact your business? (Part 1) Some recently published FinCEN revisions and advisories are causing a stir. First, let’s look at revisions to Customer Due Diligence that require compliance by May 2018. Under the updated requirements for Customer Due Diligence, covered financial institutions must expand programs, including Customer Identification Programs (CIP), to include Beneficial Owners of Legal Entity customers. Under the new rule, financial institutions must collect and verify identity information (name, address, date of birth, Social Security number or passport number for foreign individuals):  For each Natural Person with at least 25% ownership in the Legal entity and  For an individual with significant responsibility for managing or controlling the business — for example, a chief executive officer, a chief financial officer, a chief operating officer, a managing member, a general partner, a president, a vice president or a treasurer The U.S. Treasury estimates that illicit proceeds generated in the United States alone total $400 billion annually. These requirements are intended to prevent anonymous access to financial systems through shielded or minority ownership. While the effort to stem the tide of illicit proceeds is laudable, the impact to business may be significant. Most organizations will need to audit their data collection practices, and many will need to make changes to either data collection or workflow processes to ensure compliance. While quite simple and straightforward on paper, the standardization of additional CIP policies and procedures tend to create substantive impact to the customer experience as well as operational resource allocations and utilization. Covered financial institutions should already be discussing with their current or prospective fraud risk and identity management vendors to ensure that: There is a clear path to altering both data collection and verification of these additional identity elements. Clear and accurate benchmarking around expected verification rates is available ahead of the compliance date to allow for operational workflow design to accommodate both ‘verifications’ and ‘referrals stemming from lack of full verification.’ Service providers are granting access to best-in-class data assets and search & match logic related to identity element verification and risk assessment, along with multi-layered options to reconcile those initial verification ‘fails.’ Full business reviews and strategy design sessions are underway or being scheduled to align and document overall objectives of the program, benchmarking of leading industry practices, current and future state gaps, near- and long-term initiatives and a prioritized roadmap, a viable business case toward additional investment in services and resources, and a plan of execution. Will this impact your business? Will you need to make any changes? Click here to read part two - FinCEN and email-compromise fraud.