June 11

Question: If we send out an email to customers who use Interactive Teller Machines (ITMs), letting them know the ITMs will be discontinued, would that message be considered mixed or transactional?

Answer: The CAN-SPAM Act governs email communications. For the purposes of the Act, conservatively, we would agree that your email would be considered a mixed message. The language informing the discontinuance of the product could be construed as a transaction itself, but the email also contains content promoting existing services such as online banking and the mobile application. That can be considered commercial content as it is promoting a product or service. The Federal Trade Commission (FTC) provides the following guidance in making the primary purpose determination under the Act.

Answer: What matters is the “primary purpose” of the message. To determine the primary purpose, remember that an email can contain three different types of information:

  • Commercial content – which advertises or promotes a commercial product or service, including content on a website operated for a commercial purpose;
  • Transactional or relationship content – which facilitates an already agreed-upon transaction or updates a customer about an ongoing transaction; and
  • Other content – which is neither commercial nor transactional or relationship. https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business

Answer: What if the message combines commercial content and transactional or relationship content?

It’s common for email sent by businesses to mix commercial content and transactional or relationship content. When an email contains both kinds of content, the primary purpose of the message is the deciding factor. Here’s how to make that determination: If a recipient reasonably interpreting the subject line would likely conclude that the message contains an advertisement or promotion for a commercial product or service or if the message’s transactional or relationship content does not appear mainly at the beginning of the message, the primary purpose of the message is commercial. So, when a message contains both kinds of content – commercial and transactional or relationship – if the subject line would lead the recipient to think it’s a commercial message, it’s a commercial message for CAN-SPAM purposes. Similarly, if the bulk of the transactional or relationship part of the message doesn’t appear at the beginning, it’s a commercial message under the CAN-SPAM Act. https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business

June 7

Question: A borrower passed away, leaving the property to her daughter. The borrower’s outstanding debt remains, and the daughter applied for a loan to pay off the debt. With respect to HMDA requirements, what type of loan is the daughter applying for?

Answer: This is an equity loan for HMDA purposes. HMDA, § 1003.2(j), defines a “purchase loan,” in part, to mean, credit used, in whole or in part, to purchase a dwelling. Additionally, § 1003.2(p), further defines a “refinance” to mean an obligation replacing another obligation by the same borrower. In this case, the interest in the home passes from the mother to the daughter immediately upon the mother’s death. Therefore, the daughter cannot purchase something that she already owns. Further, because the mother was the borrower on the existing loan, the daughter cannot refinance such loan for HMDA purposes, since the borrowers would not be the same. By exclusion, the HMDA loan purpose here would be an equity loan.


May 26:
A customer deposited a check into a savings account, the funds from which were made available, and then transferred the funds into a savings account. The savings account receives social security benefits. The check is now being returned. Can the bank exercise the right of setoff against the savings account?

Answer: This is a fine-line question that has several moving parts.  First, the bank potentially would be able to offset against funds in the savings account to the extent those funds are not protected under 31 CFR 212. This requires the bank to calculate the “protected amount,” in accordance with that section, with any remainder being available for setoff.

But when an account receives federally protected funds, like in this scenario, whether the bank can exercise the right of setoff against those funds as well has not been clearly established by courts or available regulatory guidance. While some jurisdictions appear to permit this practice, the law is not uniform. Therefore, unless the bank confirms the specific stance on the issue with the bank’s jurisdiction or further clarification is obtained, C/A advises not setting-off against federally protected funds.

May 18

Question: What is the line between relying on the National Automated Clearing House Association (NACHA) warranty and Regulation E requirements in resolving disputes unauthorized transaction disputes?

Answer: Regulation E and NACHA are two requirements that while each govern electronic transactions, run parallel to each other, but never intersect. NACHA requirements can never supersede Regulation E provisions in resolving disputes, the regulatory timelines requirements, or the requirement to provide credit to a consumer.

Regulation E, § 1005.11, requires the bank to investigate upon learning of a dispute within the definition of Regulation E. Additionally, the Regulation allows consumers to make a dispute in any manner, orally or in writing. If the bank learns of a dispute, the duty arises to either investigate and act accordingly or provide credit without an investigation.

The above is in contrast with some of the NACHA requirements. For example, NACHA requires the bank to obtain a Written Statement of Unauthorized Debit (WSUD) for the bank to recover funds from the ODFI, the institution that made the debit. This may create a conflict with Regulation E, as under the regulation, the bank cannot condition conducting investigation or issuing a provisional credit on the consumer executing a WSUD. Regulation E only allows not providing provisional credit in the event the consumer does not provide a written confirmation of a claim. However, the duty to investigate and provide a reimbursement in the event of an unauthorized transaction remains.

When a bank (RDFI) submits a breach of warranty claim to the bank making the debit (ODFI), the ODFI may refute the warranty claim, by showing that the RDFI’s customer did in fact authorize the transaction. This may result in conflicting outcomes under Reg E and NACHA. For example, if the RDFI’s customer does not execute an WSUD fast enough, the RDFI may have no choice but to provide credit, and later learn that the transaction was not unauthorized after the time to revoke provisional credit lapses.

The best course of action is for the bank to require a written confirmation of unauthorized credit under Regulation E, which would allow the bank to avoid providing provisional credit, if the customer fails to provide such a confirmation. Such a confirmation may be in the form of WSUD, but it is sufficient that the customer confirms in writing, without specifically executing a WSUD. Otherwise, the bank must continue investigating upon learning of a Reg E dispute.

May 13

Question: We have two consumers applying for a mortgage jointly and have provided the same email address for each applicant. The bank complies with TRID disclosures electronically, how should the bank ensure that each consumer received the disclosure, since the email addresses are the same (does the bank email each disclosure twice or require two confirmations?).

Answer: Regulation Z, § 1026.17(d) and Commentary 2 govern disclosures to multiple consumers.  When two consumers are joint obligors with primarily liability on an obligation, the disclosures can be given to either one of them if the bank chooses.  Merely being a guarantor or surety to the loan does not require the consumer to receive the disclosures.  It is always important to remember any internal policy or investor requirements as this may differ.  The Regulation does require each consumer to receive disclosures when: (1) the transaction is subject to the right of rescission; and (2) each consumer must receive the disclosures who has a right to rescind. Therefore, for a transaction that is not subject to a right of rescission, it is sufficient that the primary applicant confirms receipt of the disclosure.

It is always important to remember E-Sign requirements when complying with providing TRID disclosures electronically.  Compliance Alliance’s E-Sign toolkit is very helpful to assist with those obligations: https://compliancealliance.com/find-a-tool/by-toolkit/e-sign

May 3: 

Question: My customer would like to establish a benefit account for a fundraiser they are doing in their community. What type of account should this be and what documentation is needed?

Answer: Generally, benefit or memorial accounts are accounts that will be used in connection with raising money for people who need financial assistance due to an accident, illness, or other tragedy. There are several ways that these types of accounts could be set up at the financial institution:

  • A simple trust can be drafted, and the account opened in the name of the trust (e.g.—irrevocable trust agreement).
  • Organization assisting in the fundraiser or memorial could open the account under their name for collected and deposited funds (e.g.—treat like opening an organization account)
  • Account could be opened in name of person(s) benefiting from the fundraiser (e.g.—treat account like individual/single-party or joint/multiple-part account but the beneficiary must be authorized to transact on the account).

The above methods are generally the only practical methods used when determining how to establish these types of accounts. Some banks may allow customers to open these accounts as informal trusts, like “FBO” or “ITF” accounts. But this brings in a couple of other considerations for the bank, especially when it comes to ownership of the account, and CIP purposes.

And as always, the bank is within their rights to recommend the customer consult with an attorney or a tax professional.

C/A has an excellent cheat sheet for Benefit/Memorial Accounts that further breaks down these considerations here: https://compliancealliance.com/find-a-tool/tool/benefit-memorial-fund-accounts-cheat-sheets



April 27:
Question: Are banks required to perform OFAC checks on incoming domestic wire transfers?

Answer: OFAC requires banks to implement a program in accordance with the bank’s size, complexity, risk-factors, and other criteria, in order to block transactions with certain individuals and counties on the OFAC list. There is no exception to doing business with a party or geography on the OFAC list. However, that being said, a bank’s program will not necessarily cover every single transaction the bank engages in.

For example, cashing non-customer’s checks. While banks often do not perform an OFAC check during this transaction, OFAC does not exempt non-customer check cashing from its requirements. That is, if a non-customer is an SDN individual, the bank is still technically violating OFAC by engaging in the transaction. However, regulators and the OFAC program itself recognizes the limitation of resources of an institution and other more prevalent OFAC-related risks that the institution may encounter. For that reason, if a bank implements and follows an OFAC program under which checking each non-customer check cashing is not feasible, it is likely regulators would not criticize such a practice. This being said, it is important to consider the context. An isolated check-cashing or two without an OFAC verification will likely be compliant in light of the above. However, consistently cashing checks for the same non-customer who happens to be on an OFAC list will almost certainly result in an OFAC violation.

A similar principle applies to incoming wire transfers. Generally, OFAC allows institutions to rely on the verification process of another institutions that is subject to OFAC provisions. Nonetheless, this should be addressed under the bank’s OFAC program and the bank would have the burden to show why an OFAC check was not performed, in the event of accepting a wire transfer from an OFAC party.

Reference: https://bsaaml.ffiec.gov/manual/OfficeOfForeignAssetsControl/01

April 15: 
Question: State Bank has a customer who is getting a home equity loan for home improvement and debt consolidation for credit cards. Is the bank required to gather GMI/Demographic Information and is this HMDA reportable?

Answer: It would be HMDA reportable if the purpose of the loan is for improvement of a dwelling and is also secured by a dwelling. So, assuming that is the case, and it is reportable, then yes, GMI/demographic information would be collected and reported as applicable. Reference: https://www.consumerfinance.gov/policy-compliance/rulemaking/regulations/1003/2/#i

April 7:

Question: What constitutes “demonstrable consent” when meeting ESign requirements? Are banks required to collect information that the consumer actually read the disclosure apart from just acknowledgement?

Answer:  The statutory requirement can be found in 15 USC §7001, and reads as follows:

"[T]he consumer—

(i) prior to consenting, is provided with a statement of the hardware and software requirements for access to and retention of the electronic records; and

(ii) consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent[.]"


Technically, the statute does not require that the consumer actually read the statement of hardware and software requirements--the consumer just needs to be presented with them.

As for "demonstrable consent," typically the consumer must either first consent, or later confirm any prior consent they gave, using the same method of delivery by which they'll be receiving the disclosures. C/A considers that to be a manner that "reasonably demonstrates" a consumer’s ability to access electronic information, in accordance with the statutory requirement above. Best practice would be for the consumer to show some evidence that they viewed the actual e-SIGN disclosure (such as by including a numeric code in the document and then asking them to enter that code when providing consent), but it is not absolutely required to do that as long as the process meets the bare minimum statutory requirements.

Read Past Questions of the Week