FFIEC Joint Overdraft Guidance Flashcards
The senior vice president of a bank would like to establish an overdraft protection program for the bank and has asked the compliance department for assistance with evaluating regulatory compliance. Which of the following is NOT one of the guidelines the compliance professional should follow when implementing and managing an overdraft protection program?
A. Alerting customers before transactions trigger overdraft fees
B. Imposing a cap on customers’ daily fees from overdraft program
C. Notifying customers when overdraft protection has been assessed
D. Reporting negative information to credit bureaus when overdrafts are paid
D. Reporting negative information to credit bureaus when overdrafts are paid
Which of the following is LEAST important when validating an action plan regarding overdraft practice violations?
A. Monitoring going forward to notify customers of excessive overdrafts
B. Verifying that the opt-out process is in place and working as designed
C. Including overdrafts that occur on home equity lines of credit
D. Reviewing ads to ensure they promote responsible use of overdrafts
C. Including overdrafts that occur on home equity lines of credit
Overdraft practices principally involve deposit accounts, although they do also involve lines of credit. But there is more consumer risk on the deposit side. Monitoring for excessive overdrafts and verifying that opt-outs are processed correctly is very important, as is reviewing advertising to ensure responsible use of overdrafts. Including HELOC overdrafts, while not unimportant, is not as critical as each of the other three options.
The compliance officer is participating in designing a risk assessment for the bank’s social media activities. Which of the following is a particular risk faced by the bank as a result of its social media presence and activities?
A. Compliance risk if an employee identifies him/herself as a bank employee on his/her personal social media account
B. Operational risk through failures of the bank to monitor employees’ activities on social media outlets that pertain to the bank
C. Legal risk if one of the bank’s loan officers makes a public plea for readers of the post to apply for a mortgage loan with the bank
D. Reputation risk if the bank’s internal instant messaging communication platform is breached and conversations are released to the public
B. Operational risk through failures of the bank to monitor employees’ activities on social media outlets that pertain to the bank
The bank faces clear operational risk by not monitoring employees’ banking-related social media activities. Misrepresentations could be made, rules and policies not followed, and so forth. There is no specific compliance risk by an employee identifying him/herself as a bank employee on a personal account. Banking-related activities may present compliance risk, but not identification as an employee only. There is no legal risk in inviting consumers to apply for mortgage loans, although there may be some compliance risk depending on how the plea is phrased. The bank’s internal instant messaging platform is not considered social media under the FFIEC guidance.
The compliance officer has been tasked with developing a risk assessment to reflect FFIEC Guidance on Authentication in an Internet Banking Environment. Which of the following must be included in the risk assessment?
A. The content of the bank’s advertising messages on its website
B. How many customers access the bank’s online account access system on a daily basis
C. The effectiveness of integrating authentication processes into the bank’s Internet banking environment
D. How effective the authentication of customer identity processes are when customers access the bank’s telephone banking system
C. The effectiveness of integrating authentication processes into the bank’s Internet banking environment
Evaluating the effectiveness of authentication processes into the bank’s Internet banking environment is a core requirement of the FFIEC guidance. Advertising content, the number of customers accessing the bank’s system, and the bank’s telephone banking system are not elements of the FFIEC guidance.
The compliance officer is participating in a meeting with the bank’s examiners around the bank’s overdraft practices. Which of the following is the BEST response about how the bank should represent its overdraft program?
A. The bank will only respond to questions about its overdraft program; it will not advertise its availability
B. Assessing an overdraft fee constitutes an abusive practice under UDAAP principles
C. The bank must appoint a Chief Overdraft Officer to address concerns about the program
D. It must be explained to customers that the program is discretionary
D. It must be explained to customers that the program is discretionary
FFIEC Joint Overdraft Guidance mandates that banks explain to customers that the program is discretionary. Banks are permitted to advertise overdraft programs, although they must do so responsibly. Overdraft fees are not in and of themselves a UDAAP issue unless the fee is excessive. The Guidance does not require a bank to appoint an overdraft officer of any sort.
