Two Discuss Web Plan Laptops

Examiners are taking a hard look at website compliance. But when you know the most common violations, it’s easier for your institution to find and address them.

Reducing Risk

Financial Institutions: Check For These Website Compliance Violations

  • 1/22/2019

Examiners and third parties are more closely scrutinizing financial institution websites for compliance with federal consumer regulations. Clients all over the country have told us that examiners are sifting through their websites looking for compliance violations, and examiners are indicating this trend will continue. We’ve also heard of third-party plaintiff attorneys reviewing websites for compliance violations that could be the basis for class action lawsuits. As a result, we have collected a few examples of requirements that trip up many financial institutions to help you avoid examiner findings, or even a lawsuit, down the road.

Closed-end trigger terms

Regulation Z requires that if an advertisement for a closed-end loan includes a payment term (e.g., 60 months, 30 years), it triggers the following disclosures:

  • The terms of repayment (you can use payment examples such as “60 monthly payments of $31.83 per $1,000 borrowed”)
  • The APR (and indication that it may increase, if applicable)

We frequently find that a website’s home page, and often other pages, promotes something like “30 year mortgages available” but does not include a payment example or rate information, which could result in a violation.

Credit card trigger terms

According to Regulation Z, any credit card terms initially disclosed to the consumer are trigger terms requiring further disclosures. Consequently, if a home page states, “Our VISA credit cards have no annual fees,” the page must also state:

  • Any charge (e.g., minimum, fixed, transaction, activity, or similar) that is a finance charge
  • The APR (and indication that it may increase, if applicable)
  • Any membership or participation fee that could be imposed

Note that “low annual fees” does not trigger any disclosures, while “no annual fees” requires disclosures.

Deposit account trigger terms

Truth in Savings requires that anytime an annual percentage yield (APY) is stated on a webpage, further disclosures related to that rate must also appear, including:

  • Variable rate information
  • The period of time the APY is effective
  • The minimum balance required to open the account and earn the APY
  • A statement that fees could reduce the earnings on the account, if applicable
  • For certificate of deposits/share certificates, the term of the account and a statement that a penalty will or may be imposed for early withdrawal

Note that including a relatively high APY, such as 2.50 percent, could be deceiving if you do not also disclose that $10,000 must be deposited for 60 months to earn that APY.

Home equity line of credit application disclosures

If your website includes a home equity line of credit (HELOC) application, Regulation Z requires that you also provide the HELOC early disclosure and the HELOC brochure. We have heard of examiners checking this closely, as the information in the early disclosure and brochure are important from a consumer protection standpoint.

Managing your risk

Compliance violations are magnified because of the potential reach of online information, so it’s easy to see why financial institution websites receive such scrutiny. Your financial institution needs a process in place that will help your website comply with consumer protection regulations. Periodic regulatory compliance testing of your website is imperative, and every financial institution should perform regulatory scheduled website compliance tests or engage a third party to perform the testing. Whether you perform the testing internally or use a third party, having a website free from federal consumer protection regulation violations can start your compliance exams on the right foot and keep your institution out of court.

How we can help

CLA’s regulatory compliance consultants perform hundreds of website compliance tests for financial institutions every year. All of our testing is performed remotely as we search for these frequent violations, as well as applicable requirements in Regulation Z, B, Truth in Savings and Unfair, Deceptive or Abusive Acts or Practices (UDAAP), and more.