On March 28, the FDIC released the spring edition of its consumer compliance supervisory highlights. The FDIC supervises approximately 3,000 state-chartered banks and thrifts that are not members of the Federal Reserve System. Most of these institutions are community banks that provide credit and services locally. Like the CFPB, the FDIC conducts supervisory activities, including examinations, to review institutions’ compliance management systems. Its examination focuses on identifying the greatest potential risk of harm to consumers, based on the business model and products offered by a particular institution. The FDIC’s report highlights consumer compliance issues identified by the agency’s examination of close to 900 institutions in 2023. While the entire report is worth a read, here are some key areas of focus:

• Frequently cited violations. Of the most frequently cited violations, TILA/Regulation Z violations relating to the disclosure of closing costs topped the list. EFTA/Regulation E violations relating to institutions’ error resolution process was also frequently cited and comprised of 46% of Regulation E violations. Finally, many institutions were charged for deceptive practices under Section 5 of the FTC Act where financial institutions charged multiple nonsufficient funds fees for the re-presentment of the same transaction, but the disclosures did not fully or clearly describe the financial institution’s re-presentment practice. 
• Deposit Insurance by Third Parties. Examiners observed third parties representing or implying that uninsured financial products (including crypto-related assets) were FDIC-insured when they were not. The agency also noted third parties misrepresenting the extent or manner of deposit insurance coverage.
• Credit Builder Products. The FDIC found that credit-building products offered in bank-fintech arrangements overstated the degree to which a product could improve a consumer’s credit or, in some cases, misrepresented that a credit product with no such credit-building feature could improve a person’s credit. The agency advised banks to substantiate and periodically review advertising claims.
• Regulation E Processes Outsourced to Third Parties. The FDIC described a situation where a bank’s EFT dispute resolution process was outsourced to a third party. Separately the bank utilized a security program to validate online credit and debit card transactions. But the third-party service provider automatically denied consumers’ debit and credit card disputes if the transactions were processed using the security program, and no error resolution follow up was done as required by Regulation E.
• Fair Lending Concerns. The FDIC discussed potential fair lending risks with automated/AI-based underwriting and pricing models provided by third parties. The agency criticized a bank’s fair lending program that did not give it full access to the credit transaction records from a third-party partner. The FDIC also said the bank failed to provide adequate oversight of pricing and underwriting systems used by third parties in connection with originating loans, when the bank did not have access to all variables used in the models. Finally, the FDIC made fair lending findings in examinations related to redlining, pricing for automobile financing (dealer markups), and other discriminatory credit underwriting policies (where applications from companies owned by Native American tribes were not considered).

Putting It Into Practice: One theme that is consistent through the entire 22 page report “involve[s] deficiencies in bank oversight of its third-party relationships.” The drumbeat for better third-party oversight is only getting louder (as evidenced by recent FDIC consent orders we discussed here and here). Financial institutions that partner with fintechs or are in other types of third-party arrangements would be wise to review their policies and procedures to ensure they have the appropriate level of oversight over their partners, vendors, and third-party contractors.