The Consumer Financial Protection Bureau (CFPB) recently issued a final rule § 1033.121(c) supporting open banking and personal financial data rights. Under this ruling, banks, credit unions, credit card issuers, and other financial service providers must enhance consumer access to personal financial data.

The first compliance deadline of April 1, 2026, impacts the largest organizations.

• The ruling demands action from all non-depository firms (e.g., institutions that issue credit cards, hold transaction accounts, issue devices to access an account, or provide other types of payment facilitation products or services). The compliance deadline, however, depends on the firm’s total receipts from calendar years 2023 and 2024.
  • April 1, 2026: $10B+ total receipts in either calendar year
  • April 1, 2027: <$10B total receipts in both calendar years
• The ruling also impacts depository institutions that hold at least $850 million in total assets. Compliance deadlines follow a staggered rollout based on total assets.
  • April 1, 2026: $250B+ total assets
  • April 1, 2027: $10B to <$250B total assets 
  • April 1, 2028: $3B to <$10B total assets
  • April 1, 2029: $1.5B to <$3B total assets
  • April 1, 2030: $850M to <$1.5B total assets

Accelerating the shift to open banking with 1033 

Open banking changes how financial data is shared and accessed, giving customers more control of their information. The 1033 Personal Financial Data Rights rule ensures that:

• Personal financial data is made available to consumers and agents at no charge
• Data is exchanged through a safe, secure, and reliable digital interface
• Consumers aren’t surprised with hidden or unexpected charges when accessing their personal financial data
• Consumers can walk away from bad financial services and products
• Safeguards protect consumers and financial firms from surveillance, data misuse, and risky data practices

Open banking is going to do for the banking industry what the introduction of the Apple smart phone did for cell phones.

CFPB 1033 open banking requires financial firms to ease personal financial data access for consumers 

CFPB first proposed the rule in the Federal Register on October 31, 2023, accepted public comments on the regulation though December 29, 2023, then issued its final rule November 18, 2024. This effort carries out the personal financial data rights established by the Consumer Financial Protection Act of 2010 (CFPA).

The final rule § 1033.121(c) “requires banks, credit unions, and other financial service providers to make consumers’ data available upon request to consumers and authorized third parties in a secure and reliable manner; defines obligations for third parties accessing consumers’ data, including important privacy protections; and promotes fair, open, and inclusive industry standards.”  

The implications of the CFPB’s regulation on open banking will be enormous for consumers, banks, and data providers.

Impact on consumers 

Without open banking, consumers struggle to switch between bank deposit and lending offerings. For example, switching checking accounts to one with a better interest rate involves resetting direct deposits and recurring bill-paying, printing new checks, and obtaining a new ATM card. Mistakes resulting in overdrafts are costly, both financially and to one’s credit score and reputation.   

As a result, larger banks have a much smaller net interest margin, as shown in the chart below:

In addition, the stickiness of deposits causes a considerable lag between when a bank raises deposit rates and when deposit balances increase proportionately. 

As open banking, mandated by Rule 1033, takes effect, consumers will be able to:

• Switch credit cards within seconds while retaining terms and rewards of their current account
• Transfer deposits and multiple years of transaction history into a new checking account  

Impact on data providers 

Data providers, including digital wallet providers, will be able to move on from “screen scraping” and instead provide API-driven real-time balances, transaction history, and reward balances to their retail customers. Of course, providing this “new and improved” service will require re-writing front ends and processing engines to provide the necessary data in a timely manner. 

Impact on banks 

Banks and their affiliates must look toward building an open, larger ecosystem as part of continued digital transformation efforts.

While challenging, this work is necessary for banks that aim to grow revenue through collaboration and cooperation. Ultimately, banks that don’t satisfy their borrowers or lenders will be hard-pressed to compete in the ever-challenging financial landscape.

Navigate 1033 open banking compliance deadlines with confidence 

We encourage leaders to identify mandates’ silver lining opportunities. After all, to remain competitive and compliant, financial services firms must innovate in ways that add business value, meet consumers’ evolving expectations, and build trust. Achieving transformative outcomes and experiences requires a digital strategy that not only satisfies mandates but also aligns the enterprise around a shared vision and actionable KPIs, ultimately keeping customers at the heart of progress.

A holistic approach could include:

• Strategy + Transformation: current-state assessment, future-state roadmap, change management
• Platforms + Technology: pragmatically scalable, composable architecture and automations to accelerate progress
• Data + Intelligence: well-governed “golden source of truth” data and secure integrations/orchestration
• Innovation + Product Development: engineering and design for what’s now, new, and next
• Customer Experience + Digital Marketing: human-centered, journey-based engagement
• Optimized Delivery: Agile methodologies, deep domain expertise, and scalable global teams

Our financial services experts continuously monitor the regulatory landscape and deliver pragmatic, scalable solutions that meet the mandate and more. Discover why we’ve been trusted by 18 of the top 20 banks, 16 of the 20 largest wealth and asset management firms, and are regularly recognized by leading analyst firms.

Ready to explore your firm’s compliance with Rule 1033? Contact us to discuss your specific risk and regulatory challenges.  

Introduction

A quick summary of the new official digital sign requirement of the FDIC is that effective January 1, 2025, this logo:

must be replaced by this logo:

For readers who missed part 1 of this series or want to reread the original blog can find it here.

However, the new lengthy regulation raised many questions by the industry, and Perficient’s Financial Services Risk and Regulatory consultants have been researching answers and questioning regulators to provide in order to provide our current and future clients the answers to the following questions that have been raised.

Detailed Q&A:

#1. Are IDIs’ websites considered deposit taking channels for purposes of the digital signage requirements?

Answer: Under part 328, the FDIC official digital sign must be displayed on “digital deposit taking channels,” which includes IDIs’ “websites and web-based or mobile applications that offer the ability to make deposits electronically and provide access to deposits at insured depository institutions.” 12 CFR § 328.5(a). If an IDI’s website is purely informational, with no ability to make deposits or access deposits, it would not be a digital deposit-taking channel.

#2. Can the official digital sign appear only on the IDI’s “home page” and not on the other web pages that make up the website?

Answer: No. Under part 328, the FDIC official digital sign must be displayed on the (1) initial or homepage of the IDI’s website or application, (2) landing or login pages, and (3) pages where a customer may transact with deposits. For example, the FDIC official digital sign should be displayed where a mobile application allows customers to deposit checks remotely, because this electronic space is in effect a digital teller window. 12 CFR § 328.5(d).

#3. Where are we required to place the official digital sign on a bank webpage or app to ensure compliance with the “clear,” “continuous,” and “conspicuous” placement of the digital sign?

Answer: The final rule requires IDIs to display the official digital sign in a clear, continuous, and conspicuous manner. In general, the FDIC would expect to see official digital signs displayed on the applicable pages in a manner that is clearly legible to all consumers to ensure they can read it easily. The official digital sign could be displayed above the IDI’s name, to the right of the IDI’s name or below the IDI’s name, but under all circumstances, the official digital sign continuously displayed near the top of the relevant page or screen and in close proximity to the IDI’s name would meet the clear and conspicuous standard under the rule.

#4. Can the official digital sign be dismissed once a customer logs in?

Answer: No. The final rule requires that the official digital sign be displayed “in a continuous manner,” which means it must remain visible on the (1) initial page or homepage of the website or application, (2) landing or login pages, and (3) pages where the customer may transact with deposits. 12 CFR § 328.5(d). The final rule, however, does not require the official digital sign to continue to follow the user as they scroll up or down the screen.

#5. How should IDIs display the FDIC official digital sign on mobile devices with screen resolutions that do not support the ability to display the entirety of the digital sign on one line?

Answer: If the image does not fit a particular device or screen, the official digital sign can be scaled, “wrapped,” or “stacked” to fit the relevant screen and may satisfy the “clear and conspicuous” requirement.

#6. If an IDI’s name appears at the top of its website, and it also appears in the website’s footer, does the new FDIC official digital sign need to be displayed at the top of the page and also in the footer?

Answer: Under the final rule, IDIs are required to display the FDIC official digital sign “clearly and conspicuously” in a continuous manner; the official digital sign continuously displayed near the top of the relevant page or screen and in close proximity to the IDI’s name would meet the clear and conspicuous standard under the rule. 12 CFR § 328.5(f). IDIs are not required to display the FDIC official digital sign every time the IDI’s name appears, such as in the footer of the website.

#7. To satisfy the final rule’s official digital sign requirements, can the official digital sign be placed in the footer of the webpage?

Answer: No. For purposes of satisfying the final rule, IDIs are required to display the official digital sign in a clear, continuous, and conspicuous manner. The official digital sign continuously displayed near the top of the relevant page or screen and in close proximity to the IDI’s name would meet the clear and conspicuous standard under the rule. 12 CFR § 328.5(f). Therefore, placing the official digital sign in a footer of an IDI’s webpage would not meet the clear, conspicuous, and continuous display requirement.

#8. If an IDI displays the FDIC official digital sign on its mobile app’s homepage and alongside the IDI’s logo within the app, is it also necessary to include this signage on the transaction portal before a customer completes a transaction?

Answer: It depends in part on what type of transaction is being completed. The FDIC official digital sign must be displayed on the (1) initial or homepage of the bank’s website or application, (2) landing or login pages, and (3) pages where a customer may transact with deposits. 12 CFR § 328.5(d). For example, the FDIC official digital sign should be displayed where an IDI’s mobile application allows customers to deposit checks remotely, because this is an electronic space where a customer is transacting with deposits.

However, if a consumer is completing a transaction by using an embedded third-party payment platform that consumers: (a) access after logging into their IDI’s website; and (b) utilize to initiate payments/move funds out of the IDI, then the official digital sign should not be posted on those pages.

#9. What are examples of “pages where the customer may transact with deposits” that require the display of the FDIC official digital sign?

Answer: Examples of “pages where the customer may transact with deposits” that require the display of the FDIC official digital sign include, but are not limited to: mobile application pages that allow customers to deposit checks remotely; and, pages where customers may transfer deposits between deposit accounts held within the same IDI (e.g., checking to savings or vice versa). On the other hand, the FDIC would not expect an IDI to display the FDIC official digital sign on pages where a customer is transferring money from a deposit account to a non-deposit account.

#10. What is the definition of “landing or login page”?

Answer: For purposes of the final rule, a “landing or login page” generally refers to an insured depository institution’s (IDI’s) webpage or screen from which a customer is able to log into the IDI’s digital deposit taking channel. Specifically, the terms include pages where customers enter their credentials (e.g., username and password) or use other authentication methods (e.g., face identification) to access an IDI’s website or banking application. The terms are intended to cover various types of logins, whether with usernames and passwords, face IDs, thumbprints, etc.

#11. Where should the official digital sign be placed if the IDI’s app or website does not currently display the IDI’s full name; it only displays the IDI’s logo or a partial name?

Answer: The final rule provides that an official digital sign be continuously displayed near the top of the relevant page or screen and in close proximity to the IDI’s name would be considered clear and conspicuous. 12 CFR § 328.5(f)

If an IDI displays its full name, a partial name of the IDI, or the logo of the IDI (or any similar symbol used to identify the IDI) near the top of the page or screen, and continuously displays the official digital sign in close proximity to it, this approach would be considered clear and conspicuous.

#12. Do the FDIC official digital sign requirements apply to downloadable content such as terms and conditions or other digital collateral available via an IDI’s online channels?

Answer: Part 328 requires IDIs to display the official digital sign on their digital deposit-taking channels on the following pages or screens: initial or homepage of the website or application, landing or login pages, and pages where the customer may transact with deposits. Downloadable content that is available from an IDI’s website would not likely be viewed as a page or screen where the official digital sign would be required.

#13. Is an IDI required to display the FDIC official digital sign in the app store where the IDI’s app is available for download?

Answer: No. An IDI is not required to post the official digital sign in the app store where its app is available for download.

Contact us to discuss your specific risk and regulatory challenges. Our financial services expertise, blended with our digital leadership across platforms and business needs, equips the largest organizations to solve complex challenges and compliantly drive growth.

FDIC Digital Sign Requirement

Just before Christmas on December 23, 2023, to be precise, the Federal Deposit Insurance Corporation (“FDIC”) Board of Directors gave a Christmas gift that was the equivalent of coal in their stocking. Since the 1930s, when the FDIC was founded as part of the New Deal, the black and gold official sign (shown below) displayed at bank branch teller windows has given bank customers confidence that their deposited funds are safe.

Upon opening their stocking, bankers learned that the FDIC Board had adopted a final rule to amend part 328 of its regulations to modernize the rules governing the use of the official FDIC signs and advertising statements, and to clarify the FDIC’s regulations regarding false advertising, misrepresentations of deposit insurance coverage, and misuse of the FDIC’s name or logo.

Driven by the fact that depositors and consumers today have a variety of options for where they can deposit their money and how they can access banking products and services, the new rule is seeking to extend the certainty and confidence associated with the FDIC official sign to digital channels, such as banking websites and mobile apps, through which depositors are increasingly accessing their deposit funds and banking needs.

New Rule Established

However, rather than the same sign to be put online, the December 2023 rule established a new black and navy blue official digital sign shown below:

Beginning on New Year’s Day 2025, banks will be required to display the FDIC official digital sign near the name of the bank on all bank websites and mobile applications. Banks will also be required to display the FDIC official digital sign on certain automated teller machines.

Under the final rule, Insured Depository Institutions (“IDIs”) are required to display the FDIC official digital sign “clearly and conspicuously” in a continuous manner; the official digital sign continuously displayed at the top of the relevant page or screen and in close proximity to the IDI’s name would meet the clear and conspicuous requirement standard.

What Perficient has been seeing in the industry is that since an IDI’s mobile apps and websites must be altered for the new FDIC signage, bank executives are taking the opportunity to kill two birds with one stone and revamp their website and mobile apps to improve the user experience and enhance security while meeting the new FDIC signage requirements.

Contact us to discuss your specific risk and regulatory challenges. Our financial services expertise, blended with our digital leadership across platforms and business needs, equips the largest organizations to solve complex challenges and compliantly drive growth.

The following information was generated by utilizing the Azure GPT-4-32k variant, which is part of the Azure OpenAI Service. Comparable to the publicly accessible ChatGPT, Azure GPT-4 offers equivalent accuracy in solving problems.  

 The advantages of using Azure GPT-4-32k includes: 

• Context Size: Available in 128K context and 32K context variants. 

• Larger context size, better suited for detailed discussions. 

• Cost: More cost-effective in terms of input and output pricing. 

• Ideal for complex conversations, long-form content, and tasks requiring extensive context. 

 The AI tool was created by Perficient’s Generative AI Innovation Group which aims to drive innovation, connection and community to Perficient’s clients, colleagues, partners and investors while having a strong focus toward the emergence of generative AI tools and capabilities, and the impact these technologies have in businesses today.  

 The AI Innovation Group is developing proofs of concept (POCs) to help clients explore use cases for generative AI and operationalize it through policies, advocacy, controls and enablement. The team set up a sandbox for Perficient’s Finance Services Center of Excellence (FS CoE), allowing them to analyze the newly revised, 1,300-page Community Reinvestment Act, published by federal bank regulators, in mere seconds.  

 In our last 2 blogs, we asked the Azure GPT software tool to generate a 1,000-word and a 1,500 blog on the CRA. This time we thought, to provide both another comparison and even more depth and detail to the new CRA, we asked:  

• “Generate a 1,999 word blog on the CRA” 

 Read More:  

Azure GPT-4 Analysis of the New CRA: Part 1 

Azure GPT-4 Analysis of the New CRA: Part 2

 The Community Reinvestment Act (CRA) is a crucial piece of legislation that has shaped the landscape of banking and community development since its introduction in 1977. It mandates federal banking agencies to evaluate how well each bank meets the credit needs of its community, particularly in low- and moderate-income neighborhoods, while maintaining safe and sound operations. This blog post will delve into aspects of the CRA, including its public file requirements, evaluation methods, and recent updates. 

Public File Requirements 

One significant part of the CRA is its public file requirements. Banks are required to include written comments in their CRA public files that pertain to their Retail Lending Test conclusions. These comments, whether submitted directly to a bank or to an agency, are available both for a bank’s consideration and for public review. 

The intention behind this requirement is to create a transparent evaluation process and limit the potential effect of social media posts and other potentially spurious claims. It’s worth noting that it may often not be feasible or appropriate to consider social media posts as part of a bank’s performance context due to challenges in determining whether such remarks are relevant or appropriate for agencies to consider during a CRA evaluation. 

Access to Information 

As part of the CRA, the public is entitled to certain information about a bank’s operations and performance. This includes information about the bank’s branches, such as their location and services, the public section of their most recent CRA Performance Evaluation, and comments received from the public regarding the bank’s performance in meeting community credit needs. 

Before the beginning of each quarter, the Federal Reserve System publishes a list of banks scheduled for CRA examination in that quarter. This list not only prepares the banks for the examination but also allows the public to review and provide meaningful comments on a bank’s performance. 

Performance Evaluation 

The CRA’s performance evaluation process involves an assessment of a bank’s record in meeting the credit needs of its community, including low- and moderate-income neighborhoods. This evaluation is written and accounts for any comments submitted by the public that relate to the bank’s performance. 

Furthermore, the CRA also includes a quantitative evaluation of the geographic distribution of retail lending in distressed and underserved middle-income census tracts for banks with few or no low- and moderate-income census tracts. 

CRA Disclosure Statement 

Each year, the appropriate Federal banking agency prepares a CRA Disclosure Statement for each bank or savings association. This statement includes data on a state-by-state basis, and for each county or assessment area with a population of 500,000 persons or fewer, information about the number and amount of small business and small farm loans reported as originated or purchased in low-, moderate-, middle-, and upper-income geographies. 

Recent Updates and Developments 

The CRA has undergone several updates and developments to keep it in line with the evolving banking landscape. For instance, the final rule, effective from October 1, 2020, with compliance dates for certain provisions set for January 1, 2023, and January 1, 2024, aims to modernize the CRA regulations. 

The Board issued a CRA Advance Notice of Proposed Rulemaking on September 21, 2020, seeking public comment on modernizing the CRA regulations. The proposal aims to strengthen, clarify, and tailor the regulations to better meet the core purpose of the CRA and reflect the current banking landscape. 

Additionally, the agencies proposed changes to make a bank’s CRA public file more accessible to the public by allowing any bank with a public website to include its CRA public file on its website. They also proposed publishing a list of banks scheduled for CRA examinations for the next two quarters at least 60 days in advance and establishing a way for the public to provide feedback on community needs and opportunities in specific geographies. 

Conclusion 

The CRA plays a vital role in ensuring that banks adequately serve the credit needs of their communities, particularly low- and moderate-income neighborhoods. Through its public file requirements, performance evaluations, and the provision of information to the public, the CRA fosters transparency, promotes fair lending, and encourages banks to contribute positively to their communities. The recent updates and developments not only reflect the changing banking landscape but also reinforce the CRA’s commitment to enhancing banking services to all communities.   

Your Expert Partner 

Contact us to discuss your specific risk and regulatory challenges.  

Our financial services expertise and artificial intelligence experience blended with our digital leadership across platforms, equips the largest organizations to solve complex challenges and compliantly drive growth. 

This blog was co-authored by: Andrea Milano, Noelle Reinhold, AbdulKadir Sheikh, Lalit Diwate, Akshay Suryawanshi, Akshay Admane, Raj Merchant, and Ashish Chakole

On June 6, Acting Comptroller of the Currency, Michael J. Hsu, addressed the 2024 Conference on Artificial Intelligence (AI) and Financial Stability, providing critical regulatory insights on AI. Hsu discussed the systemic risk implications of AI in banking and finance using a “tool or weapon” approach. He noted that while both tools and weapons pose threats to financial stability, they do so in different ways, necessitating distinct analyses. 

In his speech, Hsu emphasized that the rapid adoption of technology during periods of change, without corresponding adjustment in controls, allows risks to grow undetected until they culminate in financial crises. Learning from history, he referenced the lack of regulatory controls in derivatives and financial engineering before the 2008 financial crisis, and more recently, the unregulated growth of cryptocurrencies leading to the “Crypto Winter” of 2022. 

Toll Gates Are Needed 

To avoid repeating such scenarios, of that rather dire history, Hsu advocated for regulators and the industry to proactively identify points where growth and development should pause to ensure responsible innovation and build trust. He argued that well-designed checkpoints could help balance the need for innovation with necessary safeguards to prevent runaway growth. 

The evolution of electronic trading provides a valuable case study to consider. Traditionally, trading was manual. Market making eventually transitioned to phone-based systems, with computers providing real-time information, valuations and forecasts for traders. In time, computers took on a more active role, not only providing information but also assisting and guiding traders’ actions, supporting faster execution and more complex strategies. Eventually, algorithms took over entirely, automatically buying and selling securities according to pre-determined instructions without the need for human intervention.  

Using the evolution of electronic trading as a reference, Hsu outlined three phases in its history:   

1. Inputs: Computers provided information for human traders to consider. 
2. Co-pilots: Software supported and enabled traders to operate more efficiently and swiftly.  
3. Agents: Computers executed trades autonomously based on algorithms programmed by software developers.  

Understanding the Different AI Phases 

Hsu highlighted that each phase requires different risk management strategies and controls. For example, mitigating the risk of flash crashes—exacerbated by algorithmic trading—demands more sophisticated controls than those needed when traders are simply receiving information on a computer screen and execute trades manually. 

Artificial Intelligence (AI) is following a similar evolutionary path: initially producing inputs for human decision-making, then acting as a co-pilot to enhance human actions, and finally becoming an agent that makes decisions independently on behalf of humans. As AI progresses from an input provider to a co-pilot and ultimately to an autonomous agent, the risks and potential negative consequences of weak controls increase significantly. 

For banks interested in adopting AI, establishing clear and effective gates between each phase can help ensure that innovations are beneficial rather than harmful. Before advancing to the next phase of development, banks should ensure that proper controls are in place and accountability is clearly established for the new phase being entered.  

Your Expert Partner

Acting Comptroller Hsu’s advocacy for a robust control environment mirrors the guidance provided in the 2021 Supervisory Letter from the OCC, which we discussed in our blog OCC Provides Roadmap for National Banks and Savings Associations To Conduct Crypto Activities.

If you are interested in establishing a new relationship with Perficient or strengthening an existing one, our financial services regulatory, risk and controls, and AI subject matter experts are available to help. We can work with you to enhance your control environment and design checkpoints to ensure your firm remains well-regulated.   

Contact us today to discuss your specific needs. 

YOU MAY ALSO ENJOY:  

Azure GPT-4 Analysis of the New CRA: Part 1 

Azure GPT-4 Analysis of the New CRA: Part 2 

Our risk and regulatory compliance experts, Carl Aridas and Chandni Patel, have just returned from XLoD 2024 in New York. The event brought together the world’s top financial institutions and regulators to discuss the future of non-financial risk and control. With over 500 industry professionals in attendance, it showcased the unwavering commitment to practical innovation within the field. 

Strategic Utilization of Intelligent Automation and GenAI 

Upside of Generative Artificial Intelligence 

The executives that Chandni and Carl spoke with identified two main benefits of AI.  

First, it can automate controls and detect fraud patterns earlier and proactively, enhancing the control environment without needing to hire many new staff. Even if not fully effective initially, generative AI software will gradually reduce false positives, improving the value of risk findings over time. 

Second, AI can automate many mundane, low-value tasks performed by risk staff, freeing them to focus on more high-value tasks. This potential to enhance efficiency and productivity was noted by many risk practitioners at the conference. 

Downsides of AI 

One memorable demonstration featured a video that cost only $60 and 30 minutes to create, showing an executive fluently speaking Italian in his own voice. After the 45-second video ran, the risk executive explained that he didn’t speak Italian and that he was merely reading an Italian weather forecast. This raised concerns about the potential misuse of such technology, highlighting the need for robust defenses to prevent fraud, such as unauthorized wire transfers.  

Additionally, a simulated boardroom debate pointed out that while humans have biases, it is likely that AI programs can also produce biased results. Given new regulation like the new CRA Act, requiring result-based tests of non-discrimination lending, risk managers need to carefully ensure that they are ever-vigilant, and have the testing methodologies required, to ensure automation programs do not result in automated discrimination. 

The Importance of Data Quality 

While it was generally agreed that Artificial Intelligence, particularly generative AI, is the future of risk controls, several experienced industry executives note that the value of AI is wholly dependent on the quality of the data provided to the generative AI system to conduct the analysis.  

Similar to how programmers learned the saying “garbage in, garbage out” in the 1980’s, a system that does not have quality data points to draw the picture of risks will not be able to determine risks at either the transaction level or higher product/systemic level. 

Frequency of Controls Testing 

In one roundtable discussion entitled “How to create great RCSA controls”, the group leader asked how many of the 200+ risk professional participants present considered RCSA testing an annual “check the box” exercise. Many hands rose immediately. 

During the discussion, several risk executives explained their bank used to develop RCSA goals annually, which had become a routine exercise. However, they shifted to testing  controls quarterly, providing near real-time status reports to executives, and conducting deeper dives into controls performed annually. This more frequent approach provided significant value to the bank’s RCSA program, transforming it from a tick-the-box exercise into a meaningful practice.  

Conquer Compliance 

The insights that Carl and Chandni gathered at XLoD highlight the ongoing evolution within the industry. While intelligent automation and generative AI offer significant opportunities for enhancing efficiency and fraud detection, these technologies still pose challenges like potential biases and data quality issues that must continue to be managed carefully. 

 As the industry progresses, balancing innovation with regulatory and risk management will be crucial. 

Contact us today to discuss your specific risk and regulatory challenges.    

Learn More: Strategies + Solutions to Ensure Regulatory and Compliance Excellence 

This blog was co-authored by: Carl Aridas and Chandni Patel

The following information was generated by utilizing the Azure GPT-4-32k variant, which is part of the Azure OpenAI Service. Comparable to the publicly accessible ChatGPT, Azure GPT-4 offers equivalent accuracy in solving problems.  

The advantages of using Azure GPT-4-32k includes: 

• Context Size: Available in 128K context and 32K context variants. 

• • Larger context size, better suited for detailed discussions. 

• Cost: More cost-effective in terms of input and output pricing. 

• • Ideal for complex conversations, long-form content, and tasks requiring extensive context. 

 The AI tool was created by Perficient’s Generative AI Innovation Group which aims to drive innovation, connection and community to Perficient’s clients, colleagues, partners and investors while having a strong focus toward the emergence of generative AI tools and capabilities, and the impact these technologies have in businesses today.  

 The AI Innovation Group is developing proofs of content (POCs) to help clients explore use cases for generative AI and to operationalize it through policies, advocacy, controls and enablement. The team set up a sandbox for Perficient’s Finance Services Center of Excellence (FS CoE), allowing them to analyze the newly revised, 1,300-page Community Reinvestment Act in mere seconds.  

 In our last blog, Azure GPT-4 Analysis of the New CRA: Part 1, we asked the Azure GPT software to generate a 1,000-word blog on the CRA. To provide us with a comparison and more depth, we asked:  

• “Generate a 1,500 word blog on the CRA” 

Title: Understanding the Community Reinvestment Act (CRA) and Its Implications 

The Community Reinvestment Act (CRA) is a landmark piece of legislation passed in 1977 to combat discriminatory lending practices and to ensure that banks serve the needs of their entire community, including low-and moderate-income neighborhoods. The OCC, Federal Reserve Board, and FDIC jointly oversee the CRA to ensure banks are meeting these obligations. 

A crucial aspect of the CRA involves the assessment of a bank’s record in meeting the credit needs of its community. Upon completing this examination, the agencies prepare a written evaluation of the bank’s performance. This evaluation includes information about the bank’s branches, their location, services provided at them, and the bank’s CRA Performance Evaluation. It’s important to note that the CRA evaluations are not just a regulatory requirement but also serve as a reflection of a bank’s commitment to its community. 

Public involvement is a significant component of the CRA process. The agencies publish a list of banks scheduled for CRA examinations in the upcoming two calendar quarters, 30 days in advance of each calendar quarter. This advance notice allows the public to review and provide meaningful comments on a bank’s performance before a CRA examination. 

Written comments are a valuable tool in the CRA process. They are submitted directly to a bank or to an agency and are available both for consideration and response by a bank and for public review. This engagement allows the public to voice concerns or provide feedback on a bank’s efforts to meet community credit needs. Some of these comments may address concerns about a bank’s performance in distressed and underserved areas. Such feedback can be instrumental in shaping a bank’s future community engagement efforts. 

However, it’s worth noting that comments are not without challenges. For instance, it may not be feasible or appropriate to consider social media posts as part of a bank’s performance context. The agencies believe it could be challenging to determine whether remarks made by members of the public on social media were intended or appropriate for them to consider in the bank’s CRA evaluation. Therefore, written comments, particularly those submitted through the proper channels, are given more weight in CRA evaluations. 

The agencies also publish a nationwide list of the banks and savings associations scheduled for CRA examination in each quarter. This transparency empowers the public to engage with the banks and make written comments about their performance in helping to meet community credit needs. These comments are considered by the OCC or FDIC, as appropriate, in their evaluation of the bank’s CRA performance and may be made public. 

As the digital age continues to evolve, so does the way we engage with our banks. Hence, for CRA evaluations to be truly reflective of a bank’s performance, they must adapt and change with the times. Therefore, the agencies have made provisions for the public to submit comments electronically. 

The CRA continues to evolve to meet the changing needs and realities of the banking sector. In September 2020, the Board issued a CRA Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on an approach to modernize the CRA regulations. The proposed changes aim to strengthen, clarify, and tailor the regulations to reflect the current banking landscape and better meet the core purpose of the CRA. 

In conclusion, the CRA is an essential piece of legislation that promotes fairness and equality in banking. It ensures that banks meet the credit needs of their entire community, including low-and moderate-income neighborhoods. The public’s involvement in the CRA process is crucial in holding banks accountable and ensuring they meet their obligations. As the CRA continues to evolve and modernize, it remains a critical tool in ensuring equitable access to credit and banking services for all communities. 

Read More: Regulatory Risk and Compliance in Financial Services

Your Expert Partner 

Contact us to discuss your specific risk and regulatory challenges.  

Our financial services expertise and artificial intelligence experience blended with our digital leadership across platforms, equips the largest organizations to solve complex challenges and compliantly drive growth. 

This blog was co-authored by: Andrea Milano, Noelle Reinhold, AbdulKadir Sheikh, Lalit Diwate, Akshay Suryawanshi, Akshay Admane, Raj Merchant, and Ashish Chakole

Starting April 1, 2024, the Federal Deposit Insurance Corporation (FDIC) has implemented a new rule for trust account insurance coverage. This rule, originally passed in January 2022, consolidates insurance coverage for different types of trust accounts into a single category called “Trust Accounts.”  

Key Changes to Trust Account Coverage 

Consolidation of Trust Categories 

• The FDIC has merged irrevocable trust accounts (§330.13) and revocable trust accounts (§330.10) into a single category called “Trust Accounts”  

• This new trust account category will include formal revocable trusts (§330.10); informal revocable trusts (e.g., POD/ITF accounts from 330.10); and irrevocable trusts (§330.13) 

Insurance Coverage Details 

• Each trust owner is now insured up to $250,000 per eligible primary beneficiary, with a maximum of five beneficiaries  

• An eligible beneficiary can be any living person or an IRS-recognized charity/non-profit  

• Only “primary” (not contingent) beneficiaries count toward the insurance coverage 

The maximum number of five beneficiaries is the biggest change as shown below:  

Implication of the FDIC’s New Rule 

The FDIC claims that this new rule simplifies the calculation of insurance coverage. However, it introduces a significant change by limiting the number of insured beneficiaries to five, affecting those with more than $1.25 million in trust assets.  

Potential Motivations and Consequences 

Ultimately, this change aims to reduce the FDIC’s insurance coverage liability, possibly due to the Deposit Insurance Fund being below regulatory minimums as a percentage of insured deposits.  As a result, bank executives will face challenges as trust attorneys, estate planners and financial advisors may need to spread trust accounts across multiple banks to ensure deposit balances remain federally insured. 

READ MORE: Regulatory Risk & Compliance in Financial Services 

Your Expert Partner 

Contact us today to discuss your specific risk and regulatory challenges.  

Our financial services expertise, blended with our digital leadership across platforms and business needs, equips the largest organizations to solve complex challenges and compliantly drive growth. 

The following information was generated by utilizing the Azure GPT-4-32k variant, which is part of the Azure OpenAI Service. Compared to the publicly available ChatGPT, Azure GPT-4 offers equivalent accuracy in problem solving.  

Advantages of Azure GPT-4-32k 

• Available in 128K context and 32K context variants. 

• • Larger context size, better suited for detailed discussions. 

• More cost-effective in terms of input and output pricing. 

• • Ideal for complex conversations, long-form content, and tasks requiring extensive context. 

Azure GPT-4 was created by Perficient’s Generative AI Innovation Group which aims to drive innovation, connection, and community to Perficient’s clients, colleagues, partners, and investors. The group focuses on the emergence of generative AI tools and capabilities, and the impact these technologies have on businesses today.  

The AI Innovation Group is developing proofs of content (POCs) to help clients explore generative AI use cases and operationalize them through policies, advocacy, controls and enablement.  

Another notable initiative while the team was creating Azure GPT-4 involved setting up a sandbox for Perficient’s Finance Services Center of Excellence (FS CoE). This sandbox enabled the FS CoE to analyze the newly revised Community Reinvestment Act, which was published by federal bank regulators, into a concise 1,300 pages, in mere moments.

See Azure analysis example below:  

Question asked – “Generate a 1,000 word blog on the CRA”  

The Community Reinvestment Act (CRA) is a groundbreaking piece of legislation designed to encourage commercial banks and savings associations to meet the needs of borrowers in all segments of their communities, including low- and moderate-income neighborhoods. This is done in a manner that is compatible with the safe and sound operation of such institutions. The Act has played a pivotal role in providing access to credit for individuals and communities that might otherwise be overlooked. 

The CRA requires the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) to assess a bank’s record of meeting the credit needs of its entire community. This includes both the provision of services and the location of branches. Once this examination is completed, the agencies are required to prepare a written evaluation of the institution’s record, which is then made available to the public. 

One of the key aspects of the CRA is its emphasis on transparency and public involvement. Banks are required to maintain a public file that includes a variety of information about their operations and performance under the Act. This includes information about their branches, such as their location and services provided; the public section of their most recent CRA Performance Evaluation, prepared by the respective agency; and comments received from the public relating to their performance in helping to meet community credit needs, along with responses to those comments. 

In addition to evaluating a bank’s performance in meeting the credit needs of its community, the CRA also guides the agencies in deciding on certain applications submitted by the bank. This means that a bank’s compliance with the CRA can influence its ability to merge with other banks, open new branches, or conduct similar activities. 

Public engagement is highly encouraged under the CRA. Members of the community can send written comments about a bank’s performance in helping to meet community credit needs to the respective agency and the bank itself. These comments are considered in the bank’s CRA evaluation and may be made public. The agencies also publish a list of banks that are scheduled for CRA examination each quarter, allowing community members to stay informed and contribute their views. 

The CRA has not been without its fair share of challenges and criticisms, however. Some commenters have expressed concern about the subjectivity of comments and the risk of creating an inaccurate representation of a bank’s performance. There is also concern about how effectively the CRA incentivizes activities in rural areas or smaller urban areas. 

Despite these challenges, the CRA remains a vital tool for ensuring that banks serve the needs of their entire community. The legislation continues to evolve to meet the changing needs of communities and the banking industry. With continued public engagement and transparency, the CRA will continue to play a pivotal role in promoting access to credit and ensuring that banks fulfill their obligations to all segments of their communities.

Read More: Regulatory Risk & Compliance in Financial Services 

Your Expert Partner 

Our solutions empower the largest organizations to tackle complex challenges and drive compliant growth.

Contact us today to discuss your specific risk and regulatory challenges.  

Our financial services and artificial intelligence expertise, blended with our digital leadership across platforms and business needs, equips the largest organizations to solve complex challenges and compliantly drive growth.

This blog was co-authored by: Andrea Milano, Noelle Reinhold, AbdulKadir Sheikh, Lalit Diwate, Akshay Suryawanshi, Akshay Admane, Raj Merchant, and Ashish Chakole

Our banking risk and regulatory experts are excited to attend the upcoming XLoD Global event in New York on June 11th.  

What is XLoD Global? 

The world’s leading financial institutions and regulators come together at XLoD to discuss the future of non-financial risk and control. Representatives from all three lines of defense—operational management, risk management/compliance, and internal audit—attend to present, discuss, and learn about industry shifts that are impacting risk and regulatory compliance.

Sessions include a keynote interview with former FBI director James B. Comey as well as topical discussions spanning regulatory risk, market abuse, and leveraging technology in automation (RPA), data analytics and ML/AI.

Understanding the Industry: Risk & Regulatory Themes We’re Tracking

LinkedIn | Blogs

Carl Aridas, a seasoned compliance expert and leader of Perficient’s Banking Risk and Regulatory Center of Excellence (CoE), remembers when a couple risk policies—mandatory two consecutive weeks away from the office and basic dual control procedures—were cutting-edge. The landscape has evolved, and organizations must maintain pace.

Many banking firms that are operating with multiple legacy systems are curious about implementing new AI technologies. They want to know how AI and machine learning can enhance the capabilities of compliance, legal, and risk professionals in managing non-financial risk. 

He looks forward to the session, “Harnessing AI & Cutting-edge Technology for Enhanced Risk Detection,” and also plans to attend “Harmonization and Integration of NFR frameworks.” With extensive experience designing and implementing NFR frameworks for major banks, Aridas is going to be a keenly attuned to this discussion. 

LinkedIn

Chandni Patel, one of our financial services digital assets team leaders, is also eager for the conference. As a risk expert, Patel is especially excited about attending the keynote address by Mihaela Nistor, chief risk officer at the Federal Reserve Bank of New York. 

Throughout her career, Patel has been approached by many financial services executives facing fines and regulatory issues related to monitoring trading activities. She is excited to attend “Surveillance of WhatsApp and Social Media,” and hear how technology data insights and sentiment analysis can mitigate conduct risk and enable proactive market abuse management. 

She also looks forward to the panel discussion, “Innovations in Conduct Surveillance and Monitoring Practices,” to hear about the future technology and surveillance solutions that banks are exploring.

Meet Our Banking Risk and Regulatory Experts at XLoD

If you’ll be at the XLoD Global conference in New York, our team would love to connect and discuss the challenges and opportunities that are top of mind in your organization. 

Leading financial institutions count on our financial services expertise to solve complex digital challenges and compliantly drive growth. Contact us today to learn more about our digital solutions.  

This blog was co-authored by Chandni Patel and Carl Aridas.

Recent news shook the financial services space on Friday, April 26th, as Pennsylvania state banking regulators, in collaboration with the Federal Deposit Insurance Corporation (FDIC), took decisive action by closing Republic First Bank. 

With assets totaling approximately $6 billion and deposits reaching $4 billion across its 32 branches as of January 31, the closure marked the inaugural bank failure of 2024 in the United States. Notably, the last recorded bank failure prior to this was Citizens Bank in Sac City, Iowa on November 3, 2023. 

Operating as a Pennsylvania state-chartered regional lender, Republic First Bank held a significant presence in the tri-state area encompassing Pennsylvania, New Jersey and New York. 

Learn More: 7 Possible Causes of SVB Failure and Predicting the Impact on Regulatory Reporting 

Post Bank Closure

In the aftermath of the closure, Fulton Bank, headquartered in Lancaster, Pennsylvania, emerged as a key player. Boasting assets exceeding $27 billion as of March 31, 2024, Fulton Bank stepped in to absorb a substantial portion of Republic First Bank’s deposits and acquired nearly all its assets as reported by the FDIC. 

For depositors of Republic Bank’s 32 branches, swift action was taken to ensure access to their funds. ATMs remained operational, and checks were honored on Friday evening. By Saturday morning, these branches were re-opened under the banner of Fulton Bank, ensuring continuity and service to customers.  

However, this transition comes at a cost. The FDIC estimates the fallout from Republic First Bank’s failure will amount to a staggering $667 million for the deposit insurance fund. This fund, established by Congress in 1933 and managed by the FDIC, serves as a crucial safeguard for depositors across the nation’s banking institutions.  

Read More: Lessons Learned From the Fourth United States Bank Failure of 2023 

Causes of the Bank Failure 

The roots of Republic First Bank’s demise trace back to warning signs that emerged in 2022. Identified weakness in internal controls over financial reporting, highlighted in an 8-K Report filed with the Securities and Exchange Commission (SEC), underscored underlying vulnerabilities.  

Subsequent events, including a decline in deposits and the erosion of the mortgage loan portfolio’s value in a rising interest rate environment, further exacerbated the situation. In August 2023, the parent company of Republic Bank, Republic First Bankcorp, was delisted by Nasdaq, after the bank failed to file its fiscal year 2022 report with the Securities and Exchange Commission. Republic First claimed the report was not filed because of its “former executive team’s failure to maintain adequate internal controls.”  

The culmination of declining asset values and deposits with weak internal controls led to the inevitable collapse.  

Resources Mentioned:  

• REPUBLIC FIRST BANCORP INC (Form: 8-K, Received: 02/27/2024 16:52:40) (d18rn0p25nwr6d.cloudfront.net) 
•  Republic First Bancorp Investor Presentation (q4cdn.com) 

Unlock Regulatory + Risk Management Expertise  

For deeper insights into the dynamics of recent bank failures and their implications, our team of experts offers valuable resources and analysis. In the wake of Republic First Bank’s closure, it’s imperative for institutions to assess their risk and regulatory landscape.  

Contact us today to engage in tailored discussions addressing your specific challenges.  

How are Federal Credit Unions Regulated? 

Banking professionals are aware that the Federal Reserve Bank (Fed), the Office of the Comptroller of the Currency (OCC), or for state-chartered banks, the Federal Deposit Insurance Corporation (FDIC) serves as their primary federal regulator. For those whose deposits are insured, the FDIC acts as a secondary federal regulator, while the Fed or OCC remains the as the primary regulator.

Conversely, credit union executives know that their primary federal regulator is always the National Credit Union Administration (NCUA). Established by Congress in 1970, the NCUA operates as an independent federal agency within the executive branch, fulfilling multiple roles including deposit insurance for federally insured credit unions, safeguarding the interests of credit union members, and overseeing the chartering and regulation of federal credit unions. 

Capital Requirements 

Capital requirements play a pivotal role in the success of both banks and credit unions. While maintaining higher capital reserves enhances a credit union’s resilience against economic downturns, the aim is to strike a balance and avoid being excessively capitalized to optimize deposit funding and earnings.   

Until December 31, 2021, all credit unions were required to compute the Net Worth Ratio (NWR), while credit unions with total assets exceeding $50 million also had to calculate the Risk-Based Net Worth (RBNW) ratio. However, starting on January 1, 2022, the definition of a complex credit union shifted to those with quarter-end total assets surpassing $500 million on its most recent Call Report.  

While all credit unions must still compute their NWR, only complex credit unions are mandated to perform an additional capital calculation, adhering to either the Risk-Based Capital (RBC) framework or, if eligible, the Complex Credit Union Leverage Ratio (CCULR) framework. 

Net Worth Ratio 

The formula for the Net Worth Ratio now reads as follows, referencing the reporting cell on the current NCUA call report:

• [(997 – NW004) / (NW0010 – NW004)] x 100 

The numerator begins with Total Net Worth, encompassing undivided earnings, other reserves, undistributed income, the Current Expected Credit Loss Transition Provision (CECL) and subordinated debt. Subsequently, NW004, representing the CECL Transition Provision, is deducted from the numerator.  

In the denominator, NW0010 factors in and considers and excludes Small Business Administration Paycheck Protection Program loans pledged as collateral to the Federal Reserve Bank Paycheck Protection Program Lending Facility. NW004, representing the Current Expected Credit Loss Transition Provision, is included in the denominator, and the formula deducts the CECL Loss Transition Provision, thereby excluding the CECL from the denominator and the asset class from the overall ratio. 

Risk-Based Capital Ratio 

The Risk-Based Capital Ratio, (RBC) involves a more intricate calculation of a credit union’s capital, aiming to adjust for the risk associated with the union’s assets. The formula, again referencing the cells in the NCUA’s call reports, is:

• RB0012/RB0171 x 100 

The numerator starts with the same Net Worth calculation used in the Net Worth Ratio, but additionally incorporates the allowance for credit losses and subordinated debt. It then subtracts the National Credit Union Share Insurance Fund (NCUSIF) Capital Deposit, goodwill and other intangibles, identified losses not previously recognized in the numerator, and mortgage servicing assets exceeding 25% of other total capital.  

The denominator, RB0171, represents the sum of all risk-based equivalents of both on-balance sheet and off-balance sheet assets. For on-balance sheet assets, each asset category, such as cash, loans, and securities, is assigned to a risk category, where the balance is multiplied by the respective risk category percentage.  

The standard risk categories include 0%, 20%, 50%, 75%, and 100%, 150%, 250%, 300%, 400%, and 1,250%. As the capital elements in the numerator increase, the ratio improves; however, an increase in risk-weighted assets in the denominator leads to a decrease in the ratio.  

For off-balance sheet assets, the contingent asset is multiplied by a credit equivalent amount (0%, 2%, 4%, 20%, 50%, 75%, 100%), reflecting the likelihood of the contingent asset being funded. This result is then multiplied by a credit conversion factor (10%, 20%, 50%, 100%), indicating the riskiness of the asset once it appears on the balance sheet. 

Complex Credit Union Leverage (CCULR) Ratio  

CCULR, pronounced cooler, represents the third capital calculation option for credit unions. Credit unions may opt for CCULR if they meet specific requirements including: 

• Being a complex credit union (>$500 million total assets) 
• NWR of 9 percent or more 
• Off-balance sheet exposures totaling less than 25 percent of total assets 
• Trading assets and liabilities that comprise less than 5 percent of total assets 
• Goodwill and intangible assets that are less than 2 percent of total assets 

By choosing CCULR, qualifying complex credit unions are relieved from calculating the challenging risk-based capital ratio discussed earlier. However, in exchange, they must uphold a higher Net Worth Ratio (9% vs 7%) than is otherwise required for the well-capitalized classification. 

For those interested in reviewing the detailed 37-page credit calculation directions prepared by the NCUA, the Financial Performance Report Ratio and Formula Guide is linked below:  

Learn More: Financial Performance Report Ratio and Formula Guide (ncua.gov) 

Your Expert Partner 

Contact us to discuss your specific risk and regulatory challenges. While many consulting firms have their experience limited to strictly banking, Perficient is a firm with more than 70 completed projects within the credit union industry.  

Our financial services expertise, blended with our digital leadership across platforms and business needs, equips the largest organizations to solve complex challenges and compliantly drive growth.