<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1863587697294894&amp;ev=PageView&amp;noscript=1">

| Phone: (704) 401-1730

Learn 210+ Compliance Terms with this Ultimate Compliance Glossary!

Explore the Ultimate Compliance Glossary:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

To use the glossary, click on one of the letters above to navigate to that section.

This Compliance Glossary is designed to be a living resource, updated as new ideas emerge and terms develop. Right now, it includes 210+ important vocabulary terms that compliance professionals should know. New compliance terminology will be added regularly, so we recommend refreshing the link to this resource often to make sure it’s up-to-date. 

Want a PDF version of this glossary with even more key terms? Click here to get it!

Did we overlook a key term you need, or do you have an idea for how to improve? If so, just send a note to info@trupointpartners.com so that we can add it!


Terms defined: A, Regulation; AA, Regulation; Advertisement of Membership; Adverse Action & Adverse Action Notice; AML, Anti-Money Laundering; AMTPA, Alternative Mortgage Transactions Parity Act of 1982; Annual Review; Applicant; Audit

A, Regulation

The SEC and FRB both have a Regulation A.

  • If you offer securities that do not exceed $5M annually, the SEC’s Regulation A provides an exemption from registration requirements.
  • The FRB’s Regulation A governs Extensions of Credit by Federal Reserve Banks.

On June 8, 2018, a Final Rule was issued with updated to Reg A. This Final Rule is designed to “revise the provisions regarding the establishment of the primary credit rate in a financial emergency and to delete the provisions relating to the use of credit ratings for collateral for extensions of credit under the former Term Asset-Backed Securities Loan Facility (TALF).”  You can read more about them in the Federal Register here.

AA, Regulation

In 2016, the Federal Reserve Board repealed Regulation AA. The regulation, which prohibited “unfair or deceptive acts or practices,” was repealed in order to comply with the Dodd-Frank Wall Street Reform Act. See also:  “UDAAP.”

Advertisement of Membership

According to the FDIC, 12 CFR Part 328, the Advertisement of Membership describes the official sign of the FDIC and how it can be used by insured depository institutions. It also describes the official advertising statement that insured depository institutions must include in their advertising.

Part 328 applies to insured branches of foreign depository institutions, but it doesn’t apply to non-insured offices or branches of insured depository institutions in foreign countries.

Adverse Action

In lending, an Adverse Action is a negative action that relates to the denial of credit; it may also relate to negative decisions regarding  insurance transactions, employment decisions, and a few other circumstances. Adverse Action compliance requirements are related to both ECOA and Reg B, and the FCRA; Adverse Actions are defined differently in each regulation.

An Adverse Action is defined by Reg B as:

  • A refusal to grant credit in substantially the amount or on substantially the terms requested in an application unless the creditor makes a counteroffer (to grant credit in a different amount or on other terms), and the applicant uses or expressly accepts the credit offered;
  • A termination of an account or an unfavorable change in the terms of an account that does not affect all or substantially all of a class of the creditor’s accounts; or
  • A refusal to increase the amount of credit available to an applicant who has made an application for an increase.

Reg B applies to both consumers and businesses.

An Adverse Action is defined by ECOA as:

  • Adverse action as defined in section 701(d)(6) of ECOA;
  • A denial or cancellation of, an increase in any charge for, or a reduction or other adverse or unfavorable change in the terms of coverage or amount of, any insurance, existing or applied for, in connection with the underwriting of insurance;
  • A denial of employment or any other decision for employment purposes that adversely affects any current or prospective employee;
  • A denial or cancellation of, an increase in any charge for, or any adverse or unfavorable change in the terms of a government license or benefit; or
  • An action on an application or transaction initiated by a consumer, or in connection with account review that is adverse to the consumer’s interests.

FCRA applies to consumers.

There are many more details to know regarding Adverse Action compliance. To learn more about Adverse Action requirements, please refer to the federal laws and this Consumer Compliance Outlook from 2013.

Adverse Action Notice

An Adverse Action Notice is a communication to an applicant (either an individual or a business) of an adverse action taken with regard to a loan application or existing credit account. The FCRA also requires that adverse actions related to insurance transactions, employment decisions, and specific other circumstances.

Under ECOA, Adverse Action Notices are designed to provide transparency into the credit underwriting process, and protecting against potential credit discrimination by requiring creditors to explain the reasons for the adverse Action.

Under FCRA, Adverse Action Notice requirements only apply to consumer transactions. They are designed to alert consumers that negative information was the reason for the adverse action. The consumer has 60 days from the date of the notice to get more details about the negative information so that, if it is false, the consumer can correct it.

A creditor can use a single notice to comply with the requirements of both laws; model forms have been published in connection with Regulation B.


Source: Consumer Compliance Outlook

AML, Anti-Money Laundering

Anti-Money Laundering, or AML, is a term used to describe rules, policies, procedures, and items that are designed to prevent money laundering. The Bank Secrecy Act (BSA) is the primary AML regulation. Collectively, it and its implementing regulations are known as the AML rules. The AML rules are designed to help detect and report suspicious activities, money laundering, terrorist financing, securities fraud, market manipulation.

AMTPA, Alternative Mortgage Transactions Parity Act of 1982

Implemented by the CFPB’s Reg D (Part 1004), AMTPA is designed to improve housing affordability, create a balance between access to responsible credit, and improving parity between state and federal housing creditors. It made it possible for banks to write more different types of home loans, not just conventional fixed-rate mortgages.

It applies to all “alternative mortgage transactions,” such as adjustable rate mortgages (ARMs), option ARMs, interest-only mortgages, and balloon payment mortgages.

The CFPB updated the AMTPA in 2011 in response to the mortgage crisis. Learn more here.

Annual Review

For compliance purposes, an Annual Review is an annual evaluation of your risk exposure.


The applicant is the primary individual or entity requesting a loan or other extension of credit or services.

Applicant Ethnicity

Ethnicity of the applicant. This is reported for originated loans and for loan applications that do not result in an origination. Institutions may, but are not required to, report applicant ethnicity for purchased loans. When the applicant is not a natural person (a business, corporation or partnership, for example) or when the applicant information is unavailable because the loan has been purchased by your institution, the numerical code for "not applicable" is reported.

Applicant Income

For HMDA purposes, applicant income is typically defined according to the following:

- Low: The applicant's income is less than 50% of the MSA/MD or state's median family income.

- Moderate: The applicant's income is greater than or equal to 50% and less than 80% of the MSA/MD or state's median family income.

- Middle: The applicant's income is greater than or equal to 80% and less than 120% of the MSA/MD or state's median family income.

- Upper: The applicant's income is greater than or equal to 120% of the MSA/MD or state's median family income.

- Not Applicable: The applicant's income was reported as NA; or MSA/MD, State, County, and Census Tract are reported as NA; or The MSA/MD or state's median family income is 0.The applicant's income is less than 50% of the MSA/MD or state's median family income.

Applicant Race

For HMDA purposes, this is the race of the applicant. This is reported for originated loans and for loan applications that do not result in an origination. Institutions may, but are not required to, report these data for purchased loans. When the applicant is not a natural person (a business, corporation or partnership, for example) or when the applicant information is unavailable because the loan has been purchased by your institution, the numerical code for "not applicable" is reported.

Applicant Sex

For HMDA purposes, this is the sex of the applicant. This is reported for originated loans and for loan applications that do not result in an origination. Institutions may, but are not required to, report these data for purchased loans. When the applicant is not a natural person (a business, corporation or partnership, for example) or when the applicant information is unavailable because the loan has been purchased by your institution, the numerical code for "not applicable" is reported.

Application Received Date

For HMDA purposes, this is the date the application was received or the date shown on the application form. For purchased loans, "NA" for not applicable is reported. For HMDA, this date is defined by the financial institution in its policies.

Please note: for TRID purposes, it is when have the six required pieces of information. For Reg B, it is when you have the required four pieces of information, either verbally or in writing. Pre-qualifications and pulling of a credit report are two more factors that may play into determining this date.


Independent Audit

An Independent Audit assesses the fairness and accuracy of the transactions or processes being tested in accordance with an institution's written policy.

The Auditor's job is to look at the past, present, and future to ensure all activities were carried out in accordance with the company's written policies and procedures. Using detailed procedures and evaluation of written materials, the auditor will evaluate how the area being tested compares to the policy.

Their job is to answer the question “Did the institution do what they said they would do?” If not, recommendations should be made to ensure correction of the oversight.

These types of engagements are usually very niche and focused on a particular topic, internal process and/or section of a regulation. By definition, an independent audit is limited. If something doesn’t exist in your written policies, it doesn’t get tested.

Please note: TRUPOINT does not conduct audits; we conduct annual reviews, risk assessments, and other types of risk services. This is because TRUPOINT prefers to take a more holistic and partnership-oriented approach to compliance and risk management than an audit can provide. Learn more about our risk assessments here.

Internal Audit

An internal audit is an audit completed by an independent party within the institution. This may be a department that is tasked with reviewing or testing departments to ensure compliance and/or adherence to policies, procedures, regulations, etc.


Terms defined: Regulation B; Regulation BB; Bank Bribery, Federal Bank Bribery Law & Bank Bribery Amendments Act of 1985; BI, Business Intelligence; Branch Office; BSA, Bank Secrecy Act

B, Regulation B

The CFPB’s Regulation B (Part 1002) implements ECOA, the Equal Credit Opportunity Act.

See also:  ECOA

BB, Regulation

The FRB’s Regulation BB implements the Community Reinvestment Act.

See also: CRA

Bank Bribery, Federal Bank Bribery Law

The FDIC has provided in their Miscellaneous Statutes and Regulations, guidelines for gifts, commissions, and other contributions that may constitute a bribe. Such bribes include, but are not limited to, the following:

  • Offer of a loan or gratuity to a financial institution examiner, or the acceptance of a loan or gratuity by a financial institution examiner.
  • Offer for procurement of Federal Reserve bank loan and discount of commercial paper.
  • Receipt of commissions or gifts for procuring loans.

Bank Bribery Amendments Act of 1985

The Bank Bribery Amendments Act of 1985 amends the federal bank bribery law, 18 U.S.C. 215, which outlines repercussions for accepting a bribe. It also requires that the financial institution regulatory agencies publish guidelines to assist employees, officers, directors, agents and attorneys of financial institutions in complying with the law.

This act says that a bank’s code of conduct should prohibit any bank officials from “(1) soliciting for themselves or for a third party (other than the bank itself) anything of value from anyone in return for any business, service or confidential information of the bank and (2) accepting anything of value (other than bona fide salary, wages and fees referred to in 18 U.S.C. 215(c)) from anyone in connection with the business of the bank, either before or after a transaction is discussed or consummated.”

Generally, bankers are prohibited from accepting bribes. The Bank Bribery Amendments Act does outline these exceptions, where a banker may accept:

- Gifts, gratuities, amenities or favors based on obvious family or personal relationships (such as those between the parents, children or spouse of a bank official) where the circumstances make it clear that it is those relationships rather than the business of the bank concerned which are the motivating factors.

- Meals, refreshments, entertainment, accommodations or travel arrangements, all of reasonable value, in the course of a meeting or other occasion, the purpose of which is to hold bona fide business discussions or to foster better business relations, provided that the expense would be paid for by the bank as a reasonable business expense if not paid for by another party (the bank may establish a specific dollar limit for such an occasion);

- Loans from other banks or financial institutions on customary terms to finance proper and usual activities of bank officials, such as home mortgage loans, except where prohibited by law;

- Advertising or promotional material of reasonable value, such as pens, pencils, note pads, key chains, calendars and similar items;

- Discounts or rebates on merchandise or services that do not exceed those available to other customers;

- Gifts of reasonable value that are related to commonly recognized events or occasions, such as a promotion, new job, wedding, retirement, holiday or birthday (the bank may establish a specific dollar limit for such an occasion); or

- Civic, charitable, educational, or religious organization awards for recognition of service and accomplishment (the bank may establish a specific dollar limit for such an occasion). eptance of gifts, gratuities, amenities or favors based on obvious family or personal relationships (such as those between the parents, children or spouse of a bank official) where the circumstances make it clear that it is those relationships rather than the business of the bank concerned which are the motivating factors. 

BCFP, or Bureau of Consumer Financial Protection

This was the proposed name and branding for the CFPB under former Acting Director Mick Mulvaney.

See also: CFPB, Consumer Financial Protection Bureau

BI, Business Intelligence

Business Intelligence, or BI, refers to analysis of business-related data to gain important insights. This may refer to strategies or technologies that help you and your company analyze quantitative and qualitative data about your business, and in most cases includes past, present, and even future views of business operations. The point of all of this strategic data analysis is to help make better decisions!

Most BI softwares have the same or similar components. TRUPOINT Analytics is a BI software, so we will use it to illustrate some of the key elements of a BI technology:

  • Database: This is all the data used in the analysis. It can include many different data sources; in Analytics, this is private financial institution data and publicly available data from sources like the Census Bureau and the annual HMDA LAR.
  • Portal: This is the interface through which users and administrators can access and analyze the data. As a TRUPOINT Analytics customer, your digital experience happens entirely within the portal.
  • Dashboard(s) and/or Report(s): These are the tables, charts, maps, graphics, and reports that help you understand the story your data tells. A BI software doesn't need to be interactive, but TRUPOINT Analytics is. We tend to refer more to "dashboards" than "reports" - we feel that "reports" implies a static, paper analysis, while "dashboards" helps express the multi-dimensional and interactive nature of Analytics better.
  • Users: Every BI software needs users, often a combination of internal and external users. All Analytics customers are users, but so is your Customer Success Team!

You may have heard us use the phrase "data discovery" in connection with BI - this refers to the act of analyzing data from multiple sources from multiple angle to discover more sophisticated insights.

In combining the census data with public and proprietary data sets in TRUPOINT Analytics, and then looking at it from many different perspectives (for Fair Lending, those perspectives include underwriting and pricing), we are helping you with data discovery. The dashboards and graphics you see in Analytics are designed to help with the data discovery process.

Branch Office

This is used in HMDA compliance in particular. For banks and thrifts, a branch office is an office approved as a branch by a supervisory agency. For credit unions, a branch office is any office where member accounts are established or loans are made, whether or not the office has been approved as a branch by a federal or state agency. A branch office does not include offices of affiliates or loan brokers, offices of the institution where loan applications are merely taken, or ATMs and other electronic terminals.

For mortgage companies and other non-depository institutions, a branch office is an office where the institution takes applications from the public for home purchase or home improvement loans or refinancings. Those institutions also are considered to have a branch office in any MSA where, in the preceding year, they received applications for, originated, or purchased five or more home purchase or home improvement loans or refinancings (whether or not they had a physical office there).

BSA, Bank Secrecy Act

The Bank Secrecy Act outlines compliance requirements for national banks, federal savings associations, federal branches and agencies of foreign banks in order to “deter and detect money laundering, terrorist financing and other criminal acts and the misuse of our nation's financial institutions.”

In particular, the BSA provides guidance on program, examination, recordkeeping and reporting requirements for covered financial institutions. The BSA also incorporates some provisions from the USA PATRIOT Act, which require banks to adopt a customer identification program (CIP) as part of its BSA compliance program.

See also: Anti-Money Laundering, CIP


Terms defined: Regulation C; Regulation CC; CCPA, Consumer Credit Protection Act; CDD, Customer Due Diligence - Beneficial Owner, Legal Entity Customer; Census Tract - Census Tract Income, Census Tract Minority Percentage, Distressed-Underserved,  Majority-Minority Census Tract; ; CFPB, Consumer Financial Protection Bureau; CIP, Customer Identification Program; CMIR, Report of International Transportation of Currency or Monetary Instruments; CMP, Civil Money Penalty; CMS, Compliance Management System; Co-Applicant - Co-Applicant Ethnicity, Co-Applicant Race, Co-Applicant Sex; Community Development - Affordable Housing, Community Services, Economic Development, Enterprise Community or Empowerment Zone, Revitalization or Stabilization; Complaint, Consumer Complaint - Complaint Management Program, Consumer Complaint Database; Consumer Leasing Act; COPPA, Children’s Online Privacy Protection Act; CRA, Community Reinvestment Act - Assessment Area, Performance Context, Performance Evaluation & CRA Ratings, Strategic Plan; Cryptocurrency - Bitcoin, Blockchain; 
CTR, Currency Transaction Report (FinCEN Form 104) - Currency; Culture of Compliance

C, Regulation C

The CFPB’s Regulation C (Part 1003) implements the Home Mortgage Disclosure Act.

See also:  HMDA

CC, Regulation CC

The FRB’s Regulation CC provides guidance regarding the availability of funds and collection of checks.

CCPA, Consumer Credit Protection Act of 1968

The CCPA, or Consumer Credit Protection Act of 1968, is a consumer protection act with four main concepts, or titles. These titles became the foundation for later consumer protection laws, including the Truth in Lending Act (TILA), the Fair Credit Reporting Act (FCRA), the Equal Credit Opportunity Act (ECOA), the Fair Debt Collection Practices Act (FDCPA) and the Electronic Fund Transfer Act (EFTA).

Title III of the CCPA limits wage garnishment of a person who is in debt to 25 percent, with important deductions and restrictions. The Department of Labor enforces those provisions.


CDD, Customer Due Diligence

Customer Due Diligence is the process of understanding your customers, particularly for BSA/AML compliance.

In May 2016, FinCEN released new Customer Due Diligence Requirements for financial institutions that are focused on properly identifying “beneficial owners.” These new CDD requirements (the CDD Final Rule) are part of overall Bank Secrecy Act (BSA) and anti-money laundering compliance. CDD is sometimes referred to as the Fifth Pillar of BSA/AML compliance.

The Final Rule became effective July 11, 2016, and covered financial institutions need to be fully compliant with the new rule by May 11, 2018.

This Final Rule strengthens the current CDD requirements; it requires banks to identify, collect data about,
and verify the beneficial owners of legal entity customers. According to FinCEN, the CDD Rule “requires covered financial institutions to establish and maintain written policies and procedures that are reasonably designed” to accomplish the following four goals:

  1. “Identify and verify the identity of customers;

  2. Identify and verify the identity of the beneficial owners of companies opening accounts;

  3. Understand the nature and purpose of customer relationships to develop customer risk profiles; and

  4. Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”

The CDD requirements says that financial institution need to implement "appropriate risk-based procedures for conducting ongoing CDD to understand the nature and purpose of customer relationships, ongoing monitoring to identify and report suspicious transactions, and, on a risk basis, to maintain and update customer information." [2 31 C.F.R. Part 1020.210(b)(1-5).]

Beneficial Owner

A beneficial owner is an individual that meets at least one of the following requirements, called "prongs":

- An individual who either directly or indirectly own 25 percent or more of the legal entity customer (called the "Ownership Prong") , or

- An individual who has significant responsibility to control, manage, or direct the legal entity (called the "Control Prong").

An individual who either directly or indirectly own 25 percent or more of the legal entity customer (called the "Ownership Prong") , or An individual who has significant responsibility to control, manage, or direct the legal entity (called the "Control Prong").Legal Entity Customer

A "legal entity customer is defined as a corporation, limited liability company, limited partnership, general partnership, business trust, or any other entity created by filing with a state office or with a Secretary of State. It also includes any similar entities formed under laws of a non-US jurisdiction. This excludes natural persons, covered financial institutions, bank holding companies, and unincorporated associations, among others.

To learn more, get this free guide to CDD and Beneficial Ownership.

Census Tract

A census tract is a small geographic area defined by the federal government. A census tract is a semi-permanent geographic area defined for the purpose of taking a census, defined by the Census Bureau. Each census tract is an area that is approximately equivalent to a neighborhood, and has a population of approximately 2,500-8,000 people.

Here is an image of a census tract map from TRUPOINT Analytics:

Screen Shot 2018-09-17 at 1.03.10 PM

2010 Based Census Information (Years 2012 and Forward)

The FFIEC Census File now uses the 2006-2010 American Community Survey (ACS) for the majority of its demographic fields, with selected 2010 Census Summary File 1 tables used for population related fields. This contrasts to previous years when the FFIEC Census used Census 2000 Summary File 3 and Summary File 1 data as the basis for the file.

2000 Based Census Information (Years 2003-2011)

Census 2000 assigned census tract numbers to all areas of the U.S. and some U.S. territories and possessions. Census tract numbers are unique within a county. Institutions are required to use census tract numbers from the Census 2000 series beginning with calendar year 2003 data through calendar year 2011 HMDA data.

Census Tract Income

In compliance analysis, the Census Tract income is an important metric to consider. Below are the usual thresholds for census tract income definitions: The tract level Median Family income is less than 50% of the MSA/MD or state's median family income.

- Low: The tract level Median Family income is less than 50% of the MSA/MD or state's median family income.

- Moderate: The tract level Median Family Income is greater than or equal to 50% and less than 80% of the MSA/MD or state's median family income.

- Middle: The tract level Median Family Income is greater than or equal to 80% and less than 120% of the MSA/MD or state's median family income.

- Upper: The tract level Median Family Income is greater than or equal to 120% of the MSA/MD or state's median family income.

- Not Applicable: The tract level Median Family Income was reported as NA; or MSA/MD, State, County, and Census Tract are reported as NA; or The MSA/MD or state's median family income is 0.

Census Tract Minority Percentage

This is the percentage of the tract’s total population minus the white alone population according to the 2010 SF1. It is calculated by dividing the Minority Population by the Total Tract Population.


Distressed-underserved nonmetropolitan census tracts are those that have been categorized as such by the Federal government, and are eligible for CRA Community Development credit. They are designated by the regulatory agencies, and are identified based on local economic conditions, such as changes in unemployment, poverty, and population.

You can find a list of Distressed-Underserved Census Tracts here.

Please note that distressed-underserved census tracts are eligible for CRA Community Development credit as long as they remain designated as such, and for one year following.

Majority-Minority Census Tract

A majority-minority census tract has a population that is at least 50 percent minorities, which means that more than half of individuals in the census tract are minorities, i.e. Black, Asian, Hispanic, Asian-Pacific Islander, and/or Native American. Fair Lending analysis may focus specifically on census tracts where a majority of residents are of a single minority group, i.e. Black or Hispanic.

CFPB, Consumer Financial Protection Bureau

cfpblogo-1The CFPB, or Consumer Financial Protection Bureau, is a US regulatory agency of the financial industry that is designed to protect consumers. Sometimes referred to as the BCFP, or Bureau of Consumer Financial Protection, the CFPB was created by the Dodd-Frank Act.

The CFPB regulates offering and providing of financial products and services according to federal consumer financial laws. In addition, they provide consumer education to facilitate more informed financial decisions. According to the CFPB’s website, their core functions are to educate, empower, and enforce.

The CFPB has supervisory authority over banks, thrifts, and credit unions with assets over $10 billion, as well as their affiliates. They also supervise non-bank mortgage originators and servicers, payday lenders, and private student lenders of all sizes.

The leadership of the Bureau has indicated that they will not continue to pursue former Acting Director Mick Mulvaney’s rebranding initiative, which would have renamed the agency as the Bureau of Consumer Financial Protection (BCFP). The website and branding of the Bureau reflects the original name and acronym. For the time being, either acronym is recognized.

CIP, Customer Identification Program

A CIP, or Customer Identification Program, is designed to help a bank to form a reasonable belief that it knows the true identity of each customer.

According to section 326 of Patriot Act, all banks are required to have a written CIP. This CIP must be incorporated into the bank’s BSA/AML compliance program.

The CIP must include:

  • Account opening procedures that specify the identifying information that will be obtained from each customer. At a minimum, banks need to collect:
    • Name
    • Date of birth, for individuals
    • Address
    • Identification number
  • Reasonable and practical risk-based procedures for verifying the identity of each customer.

This process of identifying your customer is often referred to as KYC, or Know Your Customer.

To learn more about Customer Identification Program requirements, please see the FFIEC’s BSA/AML Examination Manual guidance on CIP.

See also: KYC

CMIR, Report of International Transportation of Currency or Monetary Instruments

CMIR is the acronym for “Report of International Transportation of Currency or Monetary Instruments.” Any person, including a bank, who physically transports, mails, or ships more than $10,000 in currency or monetary instruments at one time out of or into the US needs to file a CMIR. Any person who causes such a transportation, mailing, or shipment also needs to file a CMIR.

The CMIR is filed with the appropriate Bureau of Customs and Border Protection officer or with the commissioner of Customs at the time of entry into or departure from the US.

The person who received the qualifying currency or monetary instruments also needs to file a CMIR within 15 days, unless a report has already been filed.

To learn more about CMIR requirements, please see the FFIEC’s BSA/AML Examination Manual.

CMP, Civil Money Penalty

Generally speaking, a CMP is”a  fine issued in civil court which penalizes a violator who profited from an illegal or unethical action. The penalty is typically equal to the gains made from the activity.” In the context of the financial industry, a civil money penalty is a punitive fine imposed by a regulatory agency.

The FDIC, FRB, and SEC do levy civil money penalties. The FDIC and FRB have three tiers of CMPs as defined by the Federal Reserve Act:

  • Tier 1: Tier 1 CMPs may be levied are related to the relations of a bank with its affiliates. These fines may be up to $5,000 per day for the duration of the violation.
  • Tier 2: Tier 2 files may be levied if a bank commits any violation described in subsection (a); recklessly engages in an unsafe or unsound practice in conducting the affairs of such member bank; or breaches any fiduciary duty. Such violations, practices, or breaches must be part of a pattern of misconduct, causes or is likely to cause more than a minimal loss to such member bank; or results in pecuniary gain or other benefit to such party to be eligible for a Tier 2 CMP. These fines can total up to $25,000 per day for the duration of the violation.
  • Tier 3: These CMPs are levied when a bank or its affiliate commits any violation described in subsection (a); engages in any unsafe or unsound practice in conducting the affairs of such credit union; or breaches any fiduciary duty; and knowingly or recklessly causes a substantial loss to such credit union or a substantial pecuniary gain or other benefit to such party by reason of such violation, practice, or breach.

To learn more about Federal Reserve Act CMPs, read the FRB’s resources here.

CMS, Compliance Management System

A Compliance Management System, or CMS, is a comprehensive compliance program. It’s a term that describes the entire system of policies, processes, written documents, functions, controls, and tools that allow a financial institution to comply with regulations and reduce risk.

According to the FDIC, a CMS is how a financial institution:

  • Learns about its compliance responsibilities.
  • Ensures that employees understand these responsibilities.
  • Ensures that requirements are incorporated into business processes.
  • Reviews operations to ensure responsibilities are carried out and requirements are met.
  • Takes corrective action and updates materials as necessary.

A strong CMS typically includes Board and management oversight, the actual compliance program, and the compliance audit or independent review.

Here’s a little more information about those three parts:

  1. Board Oversight: The Board of Directors is responsible for developing and administering a CMS that ensures compliance with federal consumer protection laws and regulations.
  2. Compliance Program: A financial institution’s compliance program is  formal, written resource. It helps plan, guide, train, implement and monitor compliance-related activities, including consumer complaints. It’s also a resource for training and reference materials for the institution.
  3. Compliance Audit: According to the FDIC, a compliance audit is an independent review of the institution’s compliance with consumer protection laws and regulations. It also should evaluate compliance with internal policies and procedures.


Co-Applicant Ethnicity

Ethnicity of the co-applicant. This is reported for originated loans and for loan applications that do not result in an origination. Institutions may, but are not required to, report co-applicant ethnicity for purchased loans. When the co-applicant is not a natural person (a business, corporation or partnership, for example) or when the co-applicant information is unavailable because the loan has been purchased by your institution, the numerical code for "not applicable" is reported. If there is no co-applicant, the numerical code for "no co-applicant" is reported.

Co-Applicant Race

Race of the co-applicant. This is reported for originated loans and for loan applications that do not result in an origination. Institutions may, but are not required to, report co-applicant race for purchased loans. When the co-applicant is not a natural person (a business, corporation or partnership, for example) or when the co-applicant information is unavailable because the loan has been purchased by your institution, the numerical code for "not applicable" is reported. If there is no co-applicant, the numerical code for "no co-applicant" is reported.

Co-Applicant Sex

Sex of the co-applicant. This is reported for originated loans and for loan applications that do not result in an origination. Institutions may, but are not required to, report co-applicant sex for purchased loans. When the co-applicant is not a natural person (a business, corporation or partnership, for example) or when the co-applicant information is unavailable because the loan has been purchased by your institution, the numerical code for "not applicable" is reported. If there is no co-applicant, the numerical code for "no co-applicant" is reported.

Community Development

In lending compliance, Community Development (sometimes shortened to CD)  is typically defined as loans, services, or activities that fall into the following categories:

  • Affordable housing for Low- to Moderate-Income (LMI) individuals or families.
  • Community services targeted to LMI individuals.
  • Activities that promote economic development by financing small businesses and farms.
  • Activities that revitalize or stabilize:
    • LMI geographies.
    • Distressed or Underserved Non-Metropolitan Middle-Income Geographies.
    • Designated Disaster Areas.
  • Loans, investments, and services that support, enable, or facilitate Neighborhood Stabilization Program (NSP) eligible activities in designated target areas.

To qualify for CD credit, the activity must meet these criteria:

  • The true intent is community development.
  • The activity is structured to achieve that purpose.
  • The activity either accomplishes or is reasonably expected to accomplish community development goals.
  • The activity benefits the assessment area, or broader statewide/regional area.
    • The assessment area doesn’t need to receive an immediate or direct benefit, as long as the activity does include serving census tracts, business, or individuals in the assessment area.
    • Activities done in cooperation with minority- or women-owned financial institutions and low-income credit unions will not count for CD.

The FDIC released this presentation in 2015 that explains Community Development. In addition, the FDIC’s Community Affairs program promotes Community Development. The OCC also released this fact sheet about Community Development that provides additional information. You can also download TRUPOINT’s Community Development eBrief here.

There are many more nuances to Community Development than we can include here. Please keep an eye out for more Community Development resources from TRUPOINT. If you want to be put on our list to be the first to find out about Community Development information, please email info@trupointpartners.com.

Affordable Housing

To qualify as affordable housing, it must be an affordable rent or mortgage payment for an LMI family or individual. To qualify, the affordable housing does not need to be located in an LMI geography.

To determine if it qualifies as affordable housing, the regulators recommend using demographic, economic, and market data.

Community Services

Community Services are defined as those that are targeted to LMI individuals or families. Such community services include: child care, and educational, health, or social services.

Economic Development

Economic development is defined as activities that promote economic development by financing small businesses and farms. To qualify, such activities must meet both a size and purpose test:

- Size Test: Does the activity support entities that meet the size eligibility requirements of the SBA, or have a gross annual revenue of $1M or less?

- Purpose Test: Does the activity promote permanent job creation, retention, or improvement for LMI individuals or geographies, or redevelopment by federal, state, local, or tribal government?

Empowerment Zone

Enterprise Communities and Empowerment Zones are distressed areas specifically targeted for redevelopment by the federal government.

Revitalization or Stabilization

To meet Community Development criteria for “revitalization or stabilization,” the activity must help:

- Help either an LMI geography, a distressed or underserved non-metropolitan middle-income area, or a designated disaster area.

- Attract or retain businesses or residents.

The activity may qualify if the activity has been approved by a federal, state, local or tribal government, or the governing board of an Enterprise Community or Empowerment Zone. That said, not all activities in LMI areas, distressed or underserved non-metropolitan middle-income areas, or designated disaster areas, will qualify.

See also: CRA, Distressed-Underserved, Designated Disaster Area, LMI

Complaint, Consumer Complaint

A consumer complaint is any written or verbal communication that expresses dissatisfaction with your financial institution’s product(s) and/or service(s). Complaints can come from customers or non-customers. In addition, complaints may be shared with your financial institution by the consumer, their legal representative(s), or a regulatory agency. Whether you believe the complaint to be accurate or justified has little bearing on whether it deserves acknowledgement and response

Complaints made by individuals anonymously or by individuals with no previous interaction with your financial institution are unique, and how your institution decides to handle them may vary.

Certain types of complaints do require special attention. This includes any complaint that alleges discrimination or other Fair Lending (such as ECOA, FHA, HMDA, or CRA), UDAAP, RESPA, FACT ACT violation. These are very serious; how your institution chooses to handle them really matters.’

There is no universal litmus test for what might qualify as a consumer complaint versus just an inquiry; much of that will be defined by your financial institution’s policies and procedures.

Complaint Management Program

A complaint management program is the term used to describe all of the policies, procedures, and practices that guide how you respond to a consumer complaint. A consumer complaint program generally includes:

- A Complaint Policy

- Complaint Management Process/Procedures

- Clear Responsibilities

- Training

- Tracking and Reporting

To learn more about those five things a complaint management program needs to succeed, check out this blog post.

Consumer Complaint Database

The CFPB maintains a public consumer complaint database. Complaints are added after the company has responded to the complaint, therein confirming a commercial relationship with the complainant, or after they have had the complaint for 15 days, whichever comes first.

The database is updated daily.

The CFPB does not verify all of the allegations of the complaints, and only publishes the complaint narrative describing what happened if the consumer agrees to share it, and after personal information is removed.

To learn more information about the CFPB’s Complaints Database, visit their website.

Consumer Leasing Act

Implemented by the CFPB’s Reg M, the Consumer Leasing Act is intended to provide consumers with disclosures that let them compare terms for a lease with other leases, and to compare those lease terms with those for credit transactions. It only applies to consumer leases. Consumer leases may include:

  • Automobile leases, furniture leases, and other personal property leases
  • Closed-end (“walk-away”) leases
  • Open-end leases

These disclosures must be:

  • Made clearly and conspicuously in writing.
  • In a form the consumer can keep.
  • Provided before the consummation of the lease agreement.
  • Segregated from other information in certain cases. They may be made in a separate statement identifying the transaction, or in the contract, or in another document that evidences the lease.

Different lease are required to include different information in the disclosures.

The Consumer Leasing Act applies to all persons who regularly lease, offer to lease, or arrange for the lease of personal property under a consumer lease. To qualify, a person must lease, offer to lease, or arrange for a lease more than five times in the prior calendar year or the current calendar year.

There are many additional details about the Consumer Leasing Act that may be relevant to your institution. Learn more about the Consumer Leasing Act here.

COPPA, Children’s Online Privacy Protection Act

COPPA, or the Children’s Online Privacy Protection Act of 1988, is a federal law that imposes requirements on operators of websites or online services designed for children under 13 years old, and on operators of other websites or online services that knowlingly collect personal information online from children under 13 years old.

It became effective in 2000, and the Federal Trade Commission (FTC) is responsible for regulatory oversight. An amended rule was released in 2012, and became effective in 2013.

Covered operators or websites or online services must:

  • Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children;
  • Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;
  • Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);
  • Provide parents access to their child's personal information to review and/or have the information deleted;
  • Give parents the opportunity to prevent further use or online collection of a child's personal information;
  • Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and
  • Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the  information using reasonable measures to protect against its unauthorized access or use.

To learn more about COPPA, including who qualifies as an “operator,” what qualifies as personal information, and what to do if you collect it, please read the full text of the rule here, or the FTC’s FAQs here.

CRA, Community Reinvestment Act

Implemented by Regulation BB, the Community Reinvestment Act of 1977 is meant to:

  • Encourage insured depository institutions to meet the credit needs of the communities in which they operate, including low- and moderate-income (LMI) neighborhoods. The CRA does not promote unsafe or unsound operations or extensions of credit.
  • Prevent the practice of discrimination now known as Redlining, whereby financial institutions denied or increased the cost of banking to residents of majority-minority or racially defined neighborhoods.

It also requires that a covered institution’s record of helping meet the credit needs of its entire community be evaluated periodically by one of the federal bank regulatory agencies - the OCC, FRB, or FDIC - and made public.

The talk of CRA modernization is hot right now. To learn more, check out this blog, “Your All-in-One Guide to the OCC’s ANPR about CRA Reform,” or get this free CRA Info Kit.

The regulators also recommend that all covered institutions analyze their data for CRA compliance. TRUPOINT makes that process easy. Learn more here.

Assessment Area

An Assessment Area is the geographic area that will be used to assess CRA compliance, and is defined by the lender. It includes whole geographies where an institution has deposit-taking facilities such as a branch or ATM, and/or where a substantial portion of loans are made.

Assessment areas usually consist of one or more metropolitan statistical areas (MSA); metropolitan divisions; or one or more contiguous political subdivisions, such as counties, cities, or towns. If you are serving an area smaller than a political subdivision, you may adjust the boundaries of its assessment area to include only the portion of a political subdivision that it can reasonably be expected to serve.

A financial institution may not define an Assessment Area substantially beyond an MSA or state boundary, and they may not arbitrarily exclude a geographic area based on a prohibited basis, or exclude low- and moderate-income or high-minority areas - that's Redlining.

Some characteristics of the Assessment Area that examiners will likely consider as they evaluate your performance include economic conditions and trends; income levels and demographics; housing foreclosure rates and permit activity; job and population growth/contraction trends; family income levels and distribution; impact of government spending; poverty level; unemployment rates and trends; major industries and employers; competitive environment; and lending or investment constraints.

Performance Context

The performance context is defined by the CRA regulation Part 345.21(b) and the CRA Q&A .21(b)-1 as "a broad range of economic-, demographic-, and institution- and community-specific information" that the examiner will review in order to understand the context in which the institution operates. It's used, as the name suggests, to contextualize an institution's performance.

According to the regulation, the following are some components of performance context:

- Demographic and economic data;

-Info about lending, investment and service opportunities in the bank's assessment area(s);

- Product offerings and business strategy;

- Institutional capacity and constraints;

- Past performance and the performance of similarly-situated lenders;

- The bank's public file and any written comments/complaints about CRA performance submitted to the bank or the FDIC; and

- Any other information deemed relevant by the FDIC.

To learn more about Performance Context, read this blog.

Performance Evaluation & CRA Ratings

The regulators will evaluate a financial institution’s record of serving the community in a Performance Evaluation, often colloquially called a CRA exam.

After a CRA exam, a financial institution will receive one of four ratings: Outstanding, Satisfactory, Needs to Improve, or Substantial Noncompliance. The results of CRA exams are made public.

Typically, better CRA ratings will result in less frequent CRA examinations. According to the FDIC, "maintaining a Satisfactory or better CRA exam rating will result in less frequent CRA examinations at your institution."

These CRA ratings will be considered in applications for changes to deposit facilities (i.e. opening or closing branches), as well as any merger or acquisitions. If your CRA performance isn't strong, it can limit your ability to grow your branch network, or engage in M&A activity.

In addition, each CRA exam includes an at-least-cursory evaluation of Fair Lending performance.

Strategic Plan

Any bank may opt to be evaluated for CRA compliance according to a Strategic Plan, if that Strategic Plan meets all the following criteria:

- The plan receives regulatory approval.

- The institution solicits public comment on the plan according to proper procedures. -The term of the plan is no longer than 5 years.

- The plan establishes measurable goals for each of the three performance tests and specifies what constitutes satisfactory or outstanding performance.

- The institution has operated under the approved plan for at least one year.

See also: Community Development, Redlining


“Cryptocurrency” is a portmanteau of "cryptographic" and "currency." It's used to refer to digital currency that are secured and decentralized; it doesn't have a central bank.

The most common example is Bitcoin, but there are other types of cryptocurrencies.

Encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds. Every single data point and change in the digital ledgers have to be verified by every other member of the network - it requires an "absolute consensus" in the network. This absolute consensus ledger is called “blockchain.”


Bitcoin is the most common peer-to-peer cryptocurrency.  Users can send Bitcoins (or part of one) to their digital wallet.

Bitcoin was founded by a person or persons calling themselves Satoshi Nakamoto. Nakamoto is said to have authored the bitcoin white paper, created and deployed bitcoin's original reference implementation, and the first blockchain database.

There are many other types of cryptocurrencies besides Bitcoin.


Blockchain is is a growing list of records, called blocks, which are linked into a “chain” using cryptography. Each block contains encrypted data from the previous block, a timestamp, and transaction data; that is how they form the “chain.” By design, a blockchain is resistant to modification of the data.

CTR, Currency Transaction Report (FinCEN Form 104)

US financial institutions are required to file a currency transaction report (CTR) with FinCEN for transactions of more than $10,000 by, through, or to the financial institution. Transactions are defined as  deposit, withdrawal, exchange of currency, or other payment or transfer.

The CTR is sometimes referred to as FinCEN Form 104. You can view it here.

There are many nuances to CTR requirements. To learn more, including what qualifies as a $10,000 currency transactions, report exemptions, and more, view this page from the FFIEC.


According to the FFIEC, Currency is defined as coin and paper money of the United States or any other country as long as it is customarily accepted as money in the country of issue. Currency also includes U.S. silver certificates, U.S. notes, Federal Reserve notes, and official foreign bank notes.

Culture of Compliance

In banking, a Culture of Compliance can be described as the collective prioritization and dedication to compliance throughout a financial institution. Strong compliance cultures have support from leadership, compliance training and education, communication company-wide, and alignment throughout the financial institution. A compliance culture is important because it brings compliance into every day, and establishes an awareness of risks and priorities across the entire organization.

Regardless of its size or business model, “a financial institution with a poor culture of compliance is likely to have shortcomings” in its BSA compliance program, according to FinCEN. This holds true for other areas of compliance.


- - - - X

D, Regulation D

The Federal Reserve, CFPB, and FDIC each have a Regulation D:

  • The FRB’s Reg D provides guidance on Reserve Requirements of Depository Institutions.
    • See also: Reserve Requirements of Depository Institutions
  • The CFPB’s Reg D (Part 1004) provide guidance on the Alternative Mortgage Transactions Parity Act.
    • See also: Alternative Mortgage Transfers Parity
  • The FDIC’s Reg D (12 CFR Part 330) governs Deposit Insurance Coverage.
    • See also: Deposit Insurance Coverage

DD, Regulation DD

The CFPB’s Reg DD (Part 1030) implements the Truth in Savings Act.

See also: TISA

Data Stewardship

Data Stewardship is the responsibility a company, product, or person has for the data quality and security in an organization. Data Stewardship is, in some ways, an emerging field, as companies hire dedicated Data Stewards.

For example, a bank has the responsibility to be a good steward of their customers' data, and TRUPOINT is responsible for being a good steward of financial institutions' data.

Deposit Insurance Coverage

Implemented by FDIC’s Reg D (12 C.F.R. Part 330), the deposit insurance coverage requirements protects the funds that depositors place in banks and savings associations. The FDIC insurance covers all deposit accounts, including:

  • Checking accounts
  • Savings accounts
  • Money market deposit accounts
  • Certificates of deposit

FDIC insurance does not cover other financial products and services that banks may offer, such as stocks, bonds, mutual funds, life insurance policies, annuities or securities.

The standard insurance amount is $250,000 per depositor, per insured bank, for each account ownership category.

To learn more about the FDIC’s deposit insurance requirements, please see the FDIC’s website.

Depository Institution

A financial institution that makes loans and obtains its funds mainly through accepting deposits from the public; commercial banks, savings and loan associations, savings banks, and credit unions are all considered depository institutions.

See also: Savings and Loan Associations


A disclosure is the act of revealing a fact. A disclosure statement is an official document that outlines the terms, conditions, risks and rules of a financial transaction, such as a loan, deposit, or an investment.

For Credit Transactions: Federal and state laws require financial institutions to provide information on credit terms to customers in a disclosure. Disclosure information means information extracted from the key information summaries. Generally, for credit transactions the following items must be disclosed: finance charges; method of interest rate computation; and minimum monthly payment.

When a dispute arises in billing, procedure adopted for finding the error must be included in the disclosure. When a bank refuses to provide a consumer loan, the disclosure must include the reason for rejecting the application. Full disclosure requires disclosure of all material facts related to a transaction.

For Deposit Transactions: A disclosure explains the rules of the account in simple, non-technical language. The disclosure statement includes the rights and restrictions of deposits, redemptions, withdrawals, fees, and penalties of the account. In these cases, the disclosure statement is provided in advance of the execution date of the account opening, allowing the consumer time to consider the requirements, compare it to other institutions, and make an informed decision.


There are 3 types of evidence of illegal discrimination in Fair Lending compliance: Overt Evidence, Comparative Evidence, and Disparate Impact.

Overt Evidence of Disparate Treatment

Overt Evidence of Disparate Treatment occurs when a lender openly discriminates on a prohibited basis or expresses a discriminatory preference. There is overt evidence of discrimination even when a lender expresses, but does not act on, a discriminatory preference

Comparative Evidence of Disparate Treatment

Comparative Evidence of Disparate Treatment occurs when a lender treats similarly situated credit applicant differently based on one of the prohibited bases during any stage of the crediting process. It does not require any proof that the treatment was motivated by prejudice or a conscious intention to discriminate beyond the difference in treatment itself.

Disparate Impact

Disparate Impact occurs when there is an apparently neutral policy or practice that is applied to all applicants, but the policy or practice disproportionately excludes or burdens certain groups of people on a prohibited basis.

If a policy or practice that has a disparate impact can be justified by a business necessity, it may still be discriminatory if an alternative policy or practice could serve the same purpose with less discriminatory effect. This is also known as the “Effects Test.”

Note: The CFPB has indicated a willingness to reconsider their approach to disparate impact in 2018 and 2019. Financial institutions should pay attention to this issue, as any changes in the definition of disparate impact will have a significant influence on future Fair Lending compliance.


In lending compliance, a disparity is a difference between two numbers, or metrics, related to loan or deposit activity. Disparities are especially relevant to Fair Lending, HMDA, CRA, and Redlining compliance, because they may indicate that similarly situated individuals aren’t being treated similarly or that an individual or group is being treated differently based on a prohibited basis. That’s why they matter to compliance teams, analysts, and examiners.

When analyzing data, compliance officers and examiners alike should look for instances where specific prohibited basis groups are being treated differently than the control group, as indicated by disparities.

TRUPOINT Analytics, our analysis software, makes it easy to quickly and clearly identify any disparities that may indicate Fair Lending, CRA, or Redlining risk. Learn more about TRUPOINT Analytics by downloading this product brochure.

Dodd-Frank, Dodd-Frank Wall Street Reform Act

The Dodd-Frank Wall Street Reform Act was passed in 2010 as a response, in part, to the financial crisis. According the the law itself, the goals were to improve stability in the financial system, increase accountability and transparency in the financial system, end the idea of “too big to fail,” protect the American taxpayer by ending bailouts, and protect consumers from abusive financial services practices.

Notably, it provided for the formation of the Consumer Financial Protection Bureau, and the Bureau’s authorities. Today, Dodd-Frank is seen as one of the key modern Fair Lending regulations, and a flashpoint in political conversations about financial regulation.

Due Diligence

According to FCC regulation 12 CFR §64.1200, consumers who have registered with the national do-not-call registry should be exempted from telemarketing. Many financial institutions also adopt a “do-not-call” policy that is made publicly available to customers and consumers.

The FCC regulation states that a business will not be held in violation if it can show “that the violation is the result of error and that as part of its routine business practice, it meets the following standards:

  1. It has established and implemented written procedures to comply with the national do-not-call rules.

  2. It has trained its personnel, and any entity assisting in its compliance, in procedures established pursuant to the national do-not-call rules;

  3. It has maintained and recorded a list of telephone numbers that the seller may not contact;

  4. It uses a process to prevent telephone solicitations to any telephone number on any list established pursuant to the do-not-call rules, employing a version of the national do-not-call registry obtained from the administrator of the registry no more than 31 days prior to the date any call is made, and maintains records documenting this process.”

Due Diligence

In general, “due diligence” describes the process, sometimes referred to as “care” or “consideration,” for reasonably avoiding legal violations and managing risk. Due diligence is often used in the context of entering into legal contract or other relationship with another party (individual or otherwise). It usually involves some kind of investigation, audit, and/or other review of relevant documents, history, and facts.

In banking compliance, “due diligence” has many different meanings and, in some cases, very specific requirements.

See also: Customer Due Diligence


In Fair Lending compliance, "dwelling" means any residential structure, whether or not attached to real property. It includes vacation or second homes and rental properties; multifamily as well as one-to-four-family structures; individual condominium and cooperative units; and manufactured and mobile homes. It excludes recreational vehicles such as boats and campers, and transitory residences such as hotels, hospitals, and college dormitories.


E, Regulation E

The CFPB’s Regulation E (Part 1005) implements the Electronic Funds Transfer Act.

See also:  EFTA

ECOA, Equal Credit Opportunity Act

ECOA, or the Equal Credit Opportunity Act, is one of the primary Fair Lending regulations. ECOA says that “a creditor shall not discriminate against any applicant on a prohibited basis regarding any aspect of a credit transaction.”

ECOA defines the following as prohibited basis factors:

  • Race or Color
  • Religion
  • National Origin
  • Gender or Sex
  • Marital Status
  • Age
  • Receipt of Income from public assistance programs
  • Exercise of rights under the CCPA (Consumer Credit Protection Act)

EFTA, Electronic Funds Transfer Act

Implemented by Reg E, the Electronic Funds Transfer Act protects consumers engaging in electronic funds transfers (EFTs), such as the sending and receiving of funds via ATMs, point-of-sale terminals, automated clearing house systems, by-phone bill payment programs, and remote banking programs.

The EFTA applies to:

  • Accounts for where there is an agreement for an EFT to or from an account between the consumer and financial institution, or the consumer and a third party, when the account-holding financial institution has notice of the agreement and the fund transfers have begun.
  • All people and entities, including offices of foreign financial institutions in the US, that offer EFT services to residents of any state.
  • Any account located in the US through which EFTs are offered to a resident of a state, no matter where a particular transfer occurs or where the financial institution is chartered.

Disclosures in consumer transactions provided in electronic form would satisfy Regulation E’s written disclosure requirement only if the financial institution received proper consent under the E-SIGN Act.

Section 920

Implemented by the FRB’s Reg II, Section 920 of the EFTA says that:

- The interchange fee that an issuer of debit cards either charges or receives for a electronic debit transaction be “reasonable and proportional” to the cost incurred by the issuer for the transaction. It directs the Board of Governors to establish these standards.

- Debit card-issuing financial institutions with less than $10B in total assets are exempt from these requirements when considering the fee charged to or received from merchants.

- Debit card issuers and payment card networks are not allowed to restrict the number of payment card networks over which an electronic debit transaction may be processed to only one network (or two affiliated networks).

- Debit card issuers and payment card networks are also not allowed to inhibit a merchant from directing the routing of an electronic debit transaction to any network that can process the transaction.

- Networks are not allowed to prevent merchants from provide discounts or in-kind incentives for payments by cash, check, debit card, or credit card. That said, networks may prohibit discounts and incentives if the discounts differentiate among issuers or networks.

See also: E-SIGN Act

E-SIGN Act, Electronic Signatures in Global and National Commerce Act

The E-SIGN Act says that the validity or enforceability of a contract, electronic record, or signature for a transaction affecting interstate commerce cannot be challenged solely because it is in electronic form or because an electronic signature or record was used in the formation of the contract. In short, electronic signatures have the same validity as paper or handwritten signatures, as long as:

  1. There was intent to sign.
  2. The consumer has consented to do business electronically.
  3. The signature is associated with either the record of how the signature was made on the document, or a statement/graphic that it was made with an electronic signature.
  4. It is possible to accurately retain and reproduce records of the electronic signature.

In addition, paperwork and documentation provided in electronic format is also valid, as long as there is prior compliance with the consumer consent requirements of the E-SIGN Act.

As indicated above, the E-SIGN Act does have disclosure and consent requirements. In layman’s terms, financial institutions using electronic documents and signatures are required to ensure that consumers understand the availability of electronic versus paper materials, the validity of electronic versus paper materials, how to access and retain electronic versus paper materials, and more.

To learn more about the E-SIGN Act consumer consent requirements, please see the Q4 2009 Consumer Compliance Outlook.


Ethnicity is a concept that is used often in Fair Lending compliance. For the purposes of Fair Lending analysis,  “ethnicity” may be any of the following:

  • Hispanic or Latino: Applications in which the applicant's ethnicity is identified as Hispanic or Latino and the co-applicant's ethnicity, first race and gender are not identified as Not Hispanic or Latino, White, Male (a Control Group member).
  • Not Hispanic or Latino: Applications in which the applicant's ethnicity is is not identified as Hispanic or Latino.
  • Not Provided: Applications in which the applicant's ethnicity is reported as Not Provided.
  • Not Applicable: Applications in which the applicant's ethnicity is reported as Not Applicable.


F, Regulation F

The CFPB and Federal Reserve each have a Regulation F:

  • The CFPB’s Reg F (Part 1006) implements the Fair Debt Collection Practices Act.
    • See also: FDCPA
  • The FRB’s Reg F provides limitations on interbank liabilities.
    • See also: Interbank Liabilities

FF, Regulation FF

The FRB’s Reg FF provides guidance on obtaining medical information in connection with credit. In general, it says that a creditor may not obtain or use medical information about a consumer in connection with any determination of the consumer’s eligibility, or continued eligibility, for credit, with a few exceptions.

A creditor may use medical information if:

  • The information is the type of information routinely used in making credit eligibility determinations, such as information relating to debts, expenses, income, benefits, assets, collateral, or the purpose of the loan, including the use of proceeds.
  • The medical information is used in a manner and to an extent that is no less favorable than it would use comparable information that is not medical information in a credit transaction.
  • The creditor does not take the consumer’s physical, mental, or behavioral health, condition or history, type of treatment, or prognosis into account as part of any such determination.

According to the regulation, creditor may use medical information to determine current or continued eligibility for credit in the following nine instances:

  1. “To determine whether the use of a power of attorney or legal representative that is triggered by a medical event or condition is necessary and appropriate or whether the consumer has the legal capacity to contract when a person seeks to exercise a power of attorney or act as legal representative for a consumer based on an asserted medical event or condition;
  2. To comply with applicable requirements of local, state, or Federal laws;
  3. To determine, at the consumer’s request, whether the consumer qualifies for a legally permissible special credit program or credit-related assistance program that is:
    1. Identifies the class of persons that the program is designed to benefit; and
    2. Sets forth the procedures and standards for extending credit or providing other credit-related assistance under the program.
    1. Designed to meet the special needs of consumers with medical conditions; and
    2. Established and administered pursuant to a written plan that:
  4. To the extent necessary for purposes of fraud prevention or detection;
  5. In the case of credit for the purpose of financing medical products or services, to determine and verify the medical purpose of a loan and the use of proceeds;
  6. Consistent with safe and sound practices, if the consumer or the consumer’s legal representative specifically requests that the creditor use medical information in determining the consumer’s eligibility, or continued eligibility, for credit, to accommodate the consumer’s particular circumstances, and such request is documented by the creditor;
  7. Consistent with safe and sound practices, to determine whether the provisions of a forbearance practice or program that is triggered by a medical event or condition apply to a consumer;
  8. To determine the consumer’s eligibility for, the triggering of, or the reactivation of a debt cancellation contract or debt suspension agreement if a medical condition or event is a triggering event for the provision of benefits under the contract or agreement; or
  9. To determine the consumer’s eligibility for, the triggering of, or the reactivation of a credit insurance product if a medical condition or event is a triggering event for the provision of benefits under the product.”

This has some Fair Lending and UDAAP implications.

Fair Lending

Fair Lending is an umbrella term that covers multiple consumer protection regulations, including HMDA, CRA, FHA and ECOA. The purpose of Fair Lending is to ensure that similarly situated individuals are treated similarly throughout the entire crediting process.

Here is how the concept is defined by different regulations:

  • Dodd-Frank Act: “Fair, equitable and nondiscriminatory access to credit for consumers.”
  • ECOA: “A creditor shall not discriminate against any applicant on a prohibited basis regarding any aspect of a credit transaction.”
  • FHA: “No person shall be subjected to discrimination because of race, color, religion, sex, handicap, familial status, or national origin in the sale, rental, or advertising of dwellings, in the provision of brokerage services, or in the availability of residential real estate-related transactions.”

Fair Lending Analysis

Fair Lending analysis, or the process of analyzing your lending data for disparities that may indicate discrimination, is an important part of any Fair Lending compliance program. 

Fair Lending analysis is about more than just HMDA; any lending is subject to Fair Lending regulations, and your analysis should keep that in mind.

Depending on your financial institution, your Fair Lending analysis may look different than other institutions’. Fair Lending analysis should consider product mix, customer and market demographics, your institution’s regulatory history, and your Fair Lending risk exposure. 

Institutions with more data and/or more risk may want to consider in-depth analysis solutions, like Regression Analysis.

Note: Regulators will analyze your Fair Lending data to identify potential risks and prioritize institutions for exams. In addition, analysis and monitoring is an important part of any Fair Lending compliance management system and regulators will expect to see that you’re conducting it. Many financial institutions use a software solution or external consultant to conduct the analysis. If you decide to conduct the analysis in-house, please know that simple pivot tables are rarely adequate to proactively identify risk.

TRUPOINT specializes in Fair Lending analysis through our revolutionary software platform, TRUPOINT Analytics. You'll get a guided review of every report, unlimited support, and free best practices training. To learn more, request a free guided walk-through here.

FBAR, Foreign Banks and Financial Accounts Report

Persons with a financial interest in or signature authority over a foreign financial account, (such as a bank account, brokerage account, mutual fund, trust, or other type of foreign financial account), exceeding certain thresholds, may be required by the Bank Secrecy Act to complete and submit a Foreign Banks and Financial Accounts Report (FBAR). As applicable, this report of foreign financial accounts must be submitted yearly to the Department of Treasury by electronically filing a FinCEN 114, Report of Foreign Bank and Financial Accounts (FBAR).

United States persons are required to file an FBAR if: 

  1. They had a financial interest in or signature authority over at least one financial account located outside of the United States; and
  2. The aggregate value of said account(s) exceeded $10,000 at any point during the calendar year reported.

The deadline for filing this report now coincides with the April 15 tax filing deadline in the US.

To learn more about FBAR requirements, read this article from the IRS.

FCA, Farm Credit Administration

The Farm Credit Administration is an independent federal agency that regulates financial institutions, including four banks and 69 entities of the Farm Credit System, that provide credit to farmers. It was created by President Franklin D. Roosevelt in the Farm Credit Act of 1933.

The FCA is tasked with ensuring that all institutions “remain financially sound, fulfill their mission, and comply with all laws and regulations that apply to them.” All institutions are reviewed at least once every 18 months for compliance.

Here is a list of regulatory items the FCA is focused on currently.

Farm Credit System

The Farm Credit System includes four banks, five service corporations, the Federal Agricultural Mortgage Corporation, and the Federal Farm Credit Banks Funding Corporation.

The Farm Credit System is a cooperative. The institutions are owned and controlled by the farmers who borrow; these farmers also set policies and help make decisions. 

See also: Farm Credit System Insurance Corporation

FCPA, Foreign Corrupt Practices Act

The Foreign Corrupt Practices Act is a law passed in 1977 designed to prohibit all US individuals and some companies, as well as certain foreign securities issuers, from paying bribes to foreign officials for the purpose of getting or keeping a business deal. As of 1998, it also applies to foreign firms and individuals who enable such a bribe, either on their own or through a third-party. 

According to the Department of Justice, “the anti-bribery provisions of the FCPA prohibit the willful use of the mails or any means of instrumentality of interstate commerce corruptly in furtherance of any offer, payment, promise to pay, or authorization of the payment of money or anything of value to any person, while knowing that all or a portion of such money or thing of value will be offered, given or promised, directly or indirectly, to a foreign official to influence the foreign official in his or her official capacity, induce the foreign official to do or omit to do an act in violation of his or her lawful duty, or to secure any improper advantage in order to assist in obtaining or retaining business for or with, or directing business to, any person.”

The FCPA also has an accounting component. According to the regulation, covered corporations with securities listed in the US are required to:

  • “Make and keep books and records that accurately and fairly reflect the transactions of the corporation, and 
  • Devise and maintain an adequate system of internal accounting controls.”

The DOJ and the SEC are jointly responsible for FCPA enforcement.

Want to learn more? Here is a great website covering all things FCPA enforcement.

FCRA, Fair Credit Reporting Act

Implemented by Reg V, the FCRA [15 U.S.C. 1681 et seq.] Fair Credit Reporting Act was designed to help promote accuracy, fairness, and privacy of information in files of consumer reporting agencies, and other requirements for other types of agencies. In some cases, a financial institution might qualify as a consumer reporting agency, if they function in any of the following ways:

  • Procurers and users of information (for example, as credit grantors, purchasers of dealer paper, or when opening deposit accounts).
  • Furnishers and transmitters of information (by reporting information to consumer reporting agencies or other third parties, or to affiliates).
  • Marketers of credit or insurance products.
  • Employers.

It regulates the collection, sharing, and use of that information. That information includes credit reports; the FCRA also protects consumers from having inaccurate information, either intentionally or negligently, included in their credit reports.

Consumer reporting agencies may be defined as credit bureaus, and agencies that specialize in selling financial, medical, and housing records.

The FCRA is part of a group of acts related to the Federal Consumer Credit Protection Act, which also includes TILA and the FDCPA.

To learn more about consumers’ rights under the FCRA, view the FTC’s info sheet for consumers. To learn more about FCRA Examination Procedures, view the FDIC’s fact sheet.

FCSIC, Farm Credit System Insurance Corporation

The Farm Credit System Insurance Corporation (FCSIC) is an independent corporation controlled by the federal government. The FCSIC was created by the Agricultural Credit Act of 1987.

Its purpose is to encourage the financial integrity of the Farm Credit System and “insure the payment of principal and interest on insured debt obligations issued on behalf of Farm Credit System (System) banks.” In this role, the FCSIC protects the investors who purchase the insured debt.

A single Board of Directors serves as the administrators for the FCSIC as well as the Board for the Farm Credit Administration. However, the Chairman of the Board for the FCSIC cannot be the same person as the Chairman of the Board for the FCA.

FDCPA, Fair Debt Collection Practices Act

Implemented by the CFPB’s  Reg F, the FDCPA provides guidance about how a financial institution can collect debt. It was found that abusive, deceptive, and unfair debt collection practices contributed to the number of personal bankruptcies, marital instability, loss of jobs, and invasions of privacy, according to Congress. The FDCPA was intended to protect against such debt collection practices by:

  1. Eliminating abusive debt collection practices by debt collectors.
  2. Insuring that debt collectors who don’t use abusive debt collection practices are not competitively disadvantaged.
  3. Promoting consistent State action to protect consumers against debt collection abuses.

In today’s regulatory landscape, the FDCPA is often related to Fair Lending and UDAAP risks.

FDIC, Federal Deposit Insurance Corporation

The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the Congress in the Banking Act of 1933  to maintain stability and public confidence in the financial system. The FDIC accomplishes this by insuring deposits, examining and supervising financial institutions for safety and soundness and consumer protection, making large and complex financial institutions resolvable. and managing receiverships.

The FDIC oversees approximately 64% of active banks in the US, and more than 90% of community banks. It also has backup supervisory responsibility for other FRB- and OCC-regulated institutions.

The FDIC’s major programs are currently related to deposit insurance, supervision for consumer financial protection, and receivership management.

See also: Advertisement of Membership 12 C.F.R. Part 328,  Deposit Insurance Coverage 12 C.F.R. Part 330

Federal Register

The Federal Register is the official daily journal of the US federal government; it contains government agency rules, proposed rules, and public notices.

FFIEC, Federal Financial Institutions Examination Council, The Council

The Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRS), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision(OTS), and to make recommendations to promote uniformity in the supervision of financial institutions.

In 2006, the State Liaison Committee (SLC) was added to the Council as a voting member. The SLC includes representatives from the Conference of State Bank Supervisors (CSBS), the American Council of State Savings Supervisors (ACSSS), and the National Association of State Credit Union Supervisors (NASCUS).

The FFIEC was given additional statutory responsibilities by section 340 of the Housing and Community Development Act of 1980 to facilitate public access to data that depository institutions must disclose under the Home Mortgage Disclosure Act of 1975 (HMDA) and the aggregate of annual HMDA data, by census tract, for each metropolitan statistical area (MSA)

In 1988 and 1989, coverage was expanded to include nondepository institutions in the collection and reporting of HMDA. Independent mortgage companies (nondepository institutions) that are regulated by the Department of Housing and Urban Development (HUD) were required to collect and report HMDA if they met the reporting criteria.

FHA, Fair Housing Act of 1968

The Fair Housing Act (FHA) was a major part of the Civil Rights Act passed in 1968 by President Lyndon B. Johnson. It is a cornerstone of the group of regulations known as “Fair Lending laws.” The Fair Housing Act outlines a few prohibited basis characteristics, on the basis of which an individual may not be discriminated against in housing and real-estate transactions:

  • Race or Color
  • Religion
  • National Origin
  • Gender or Sex
  • Handicap
  • Familial Status

The FHA also provides for investigation and resolution of consumer complaints related to allegations of housing discrimination. It also says that financial institutions covered by FHA requirements must use language or imagery, such as the “Equal Housing Lender” statement or logo, in their marketing and advertisements of products and services covered by the FHA. Similarly, it states that certain entities who sell or rent properties are required to display an FHA poster in certain covered places of business.

See also: Fair Lending

FHFA, Federal Housing Finance Agency

The Federal Housing Finance Agency, or FHFA, was created in 2008 as part of the Housing and Economic Recovery Act of 2008 (HERA). It is part of the Financial Stability Oversight Council.

It is responsible for supervision, regulation, and housing mission oversight of Fannie Mae, Freddie Mac, and the Federal Home Loan Bank System. (The Federal Home Loan Bank System includes the 11 Federal Home Loan Banks (FHLBanks) and the Office of Finance.) The FHFA has served as the conservator of Fannie Mae and Freddie Mac since 2008.

The FHFA conducts on-site examinations of institutions in the Federal Home Loan Bank System, as well as the Office of Finance. It also oversees the FHLBank System’s affordable housing and community investment activities, including allocations for the Affordable Housing Program.

Federal Home Loan Bank System, FHLBank System

There are 11 Federal Home Loan banks in the The Federal Home Loan Bank System. The FHLBank System provides thrift institutions, commercial banks, credit unions, insurance companies, and certified community development financial institutions with:

    • A source of funding for mortgages and asset-liability management.
    • Liquidity for short-term needs.
    • Additional funding for housing finance and community development.

See also: Financial Stability Oversight Council

Final Action

In lending, the “Final Action” is the decision made on an application.

Final Action Taken Date

In Fair Lending analysis, this is the settlement or closing date for originations. For applications that did not result in an origination, the date when the action was taken or when the notice was sent to the applicant is entered. For an application that was expressly withdrawn by the applicant, either the date shown on the applicant's letter or the date you received the letter or notice is reported. For loans that an institution purchased, the date of purchase is entered.

Action Taken Type

The disposition of the loan/application.

Financial Stability Oversight Council

The Financial Stability Oversight Council was established by the Dodd-Frank Wall Street Reform and Consumer Protection Act to provide comprehensive monitoring of the stability of the U.S. financial system. It has “collective accountability for identifying risks and responding to emerging threats to financial stability.” To aid in its mandate to respond to emerging threats to financial stability, the Council can “provide direction to, and request data and analyses from, the newly created Office of Financial Research (OFR) housed within Treasury.” The Council is also responsible for constraining excessive risk in the financial system. 

The Council is comprised of 10 voting and 5 non-voting members, and is chaired by the Secretary of the Treasury.

The 10 voting members are:

  1. Secretary of the Treasury, who serves as the Chairperson of the Council
  2. Chairman of the Board of Governors of the Federal Reserve System
  3. Comptroller of the Currency (OCC)
  4. Director of the CFPB;
  5. Chairman of the SEC
  6. Chairperson of the FDIC
  7. Chairperson of the Commodity Futures Trading Commission (CFTC)
  8. Director of the Federal Housing Finance Agency (FHFA)
  9. Chairman of the NCUA
  10. An independent member with insurance expertise who is appointed by the President and confirmed by the Senate for a six-year term.

The five non-voting members serve in an advisory capacity. They are:

  1. Director of the Office of Financial Research;
  2. Director of the Federal Insurance Office;
  3. A state insurance commissioner designated by the state insurance commissioners;
  4. A state banking supervisor designated by the state banking supervisors; and
  5. A state securities commissioner (or officer performing like functions) designated by the state securities commissioners.

The state insurance commissioner, state banking supervisor, and state securities commissioner serve two-year terms.

FinCEN, Financial Crimes Enforcement Network

FinCEN, or the Financial Crimes Enforcement Network, is a bureau of the Department of the Treasury. FinCEN is tasked with safeguarding the financial system from illicit uses, identifying and preventing  money laundering. FinCEN is also responsible for promoting national security through the collection, analysis, and sharing of financial intelligence and strategic use of financial authorities.

The Director of FinCEN is appointed by the Secretary of the Treasury.

FinCEN is in charge of regulating financial institutions in relation to the BSA/AML and OFAC regulations. The BSA authorizes the Secretary of the Treasury to issue regulations requiring banks and other financial institutions to take precautions against financial crime, such as establishing an AML program and filing reports that help criminal tax, regulatory investigations and proceedings, and certain intelligence and counter-terrorism efforts.

FinCEN collaborates with other similar agencies globally to work together in preventing financial crimes. FinCEN also partners with domestic law enforcement and other regulatory agencies.

FinCEN also has a glossary of terms related to their work, which you may find valuable.


FinTech is a portmanteau that stands for Financial Technology. FinTech refers to a sector of the financial and technology industries that is focused on providing financial services through technology. It's a fast-growing industry, in North America particularly.

Today, FinTech can refer to any new financial technology, for anything from education to retail banking. A few examples may include cryptocurrencies, peer-to-peer payments, and much more.

FRA, Federal Reserve Act

The Federal Reserve Act accomplishes four primary goals:

  • Provides for the establishment of Federal reserve banks.
  • Furnishes an elastic currency.
  • Affords means of rediscounting commercial paper.
  • Establishes a more effective supervision of banking in the US.

The Federal Reserve Act defines the different federal reserve banks, which today have a variety of regulatory, oversight, and management responsibilities.

The Federal Reserve, The Fed.

The Federal Reserve is the central bank of the US. The Federal Reserve establishes US monetary policy, supervises and regulates banking institutions, and promotes and maintains the stability of the financial system. It also provides financial services to depository institutions, the federal government and foreign official institutions.

FRB, Federal Reserve Board, The Board

The Board of Governors of the Federal Reserve System is the governance and oversight group of the Federal Reserve System. This group is sometimes referred to as simply the “Board.”

FRS, Federal Reserve System

The Federal Reserve System collective term for the network of Reserve Banks and member banks that comprise the central banking system of the US.

Federal Reserve System Membership

Any bank or incorporated banking institution engaged in similar business may become a member of the FRS. National banks are required to be members, while state-chartered banks may join if they meet the requirements as outlined in the FRB’s Reg H. In particular, Reg H outlines:

- Membership requirements,

- Membership privileges and conditions,

- Procedures for getting approval for new branches,

- Procedures for voluntary withdrawal from membership,

- Guidelines for registering and filing financial statements,

- Procedures for dealing with banks that are less-than-adequately capitalized, and

- Real estate lending standards

for state-chartered banks. In general, membership in the Federal Reserve System comes with significant benefits, but there are strict standards for members. State banks that want to apply for membership and stock in the Federal Reserve System need to apply with their local Reserve Bank.


G, Regulation G

The CFPB and FRB both have a Regulation G:

  • The CFPB’s Regulation G implements the S.A.F.E. Mortgage Licensing Act - Federal Registration Residential Mortgage Loan Originators.
    • See also: S.A.F.E. Mortgage Licensing Act
  • The FRB’s Reg G provides guidance on the disclosure and reporting of CRA-related agreements, as outlined in the Graham-Leach-Bliley Act.
    • See also: Graham-Leach-Bliley Act

GG, Regulation GG

The FRB’s Regulation GG provides guidance regarding a prohibition on funding unlawful internet gambling.

This has connections to AML programs, and Reg E in banks and credit unions.

See also: UIGEA


Geocode refers to the combination of applicable codes for the metropolitan area, state, county and census tract. These codes indicate the location of the property to which a loan relates.

Beginning with calendar year 2004 data, the combination is MSA-MD/state/county/census tract.

GLBA, Graham-Leach-Bliley Act

The GLBA, which is also known as the Financial Services Modernization Act of 1999, that was designed to protect consumer financial privacy by requiring entities that provide financial solutions and services to clearly explain their information-sharing practices and protect consumer data. According to the FTC, such financial institutions include “companies that offer consumers financial products or services like loans, financial or investment advice, or insurance.” It also partially repealing the Glass-Steagall Act of 1933.

Disclosure and Reporting of CRA-Related Agreements

Implemented by Reg G, section 711 of the Gramm-Leach-Bliley Act (12 U.S.C. 1831y) requires any nongovernmental entity or person, insured depository institution, or affiliate of an insured depository institution that enters into a covered agreement to:

- Make the covered agreement available to the public and the appropriate Federal banking agency; and

- File an annual report with the appropriate Federal banking agency concerning the covered agreement.

Privacy of Consumer Financial Information

The CFPB’s Reg P outlines requirements for how financial institutions provide annual notices to consumers regarding the institution’s privacy policies. It also provides guidance on how financial institutions that share certain consumer information with particular types of third parties should provide annual notices to consumers, including a way to opt out of the information sharing.

In 2015, an exception to the GLBA requirement that financial institutions provide an annual notice describing their privacy policies and practices to their customers was passed. Financial institutions that don’t share non-public personal information about customers (except as described in certain statutory exceptions), and that haven’t changed  policies and practices about disclosing nonpublic personal information since the most recent privacy notice was sent are exempted.


H, Regulation H

The CFPB and FRB both have a Regulation H:

  • The FRB’s Regulation H provides guidance on the membership of state banking institutions in the Federal Reserve System.
    • See also: Federal Reserve System Membership
  • The CFPB’s Regulation H implements aspects of the S.A.F.E. Mortgage Licensing Act.
    • See also: S.A.F.E. Mortgage Licensing Act

HMDA, Home Mortgage Disclosure Act

Implemented by Reg C, the Home Mortgage Disclosure Act is designed to:

  • Provide the public with information that will help show whether financial institutions are serving the housing credit needs of the neighborhoods and communities in which they are located;
  • Help public officials distribute public-sector investments so as to attract private investment to areas where it is needed; and
  • Identify possible discriminatory lending patterns and enforce anti-discrimination statutes by requiring the collection and disclosure of data about applicant and borrower characteristics.

Every year, institutions that are required to comply with HMDA must report data on its origination and purchases of home-purchase and home-improvement loans by census tract. Covered institution must also report data on loan applications, even if they didn’t result in an origination (i.e. applications that were denied, withdrawn, approved but not accepted, and closed for incompleteness.)

This data is collected on a Loan Applicant Register, or LAR. This HMDA LAR must be submitted to the institution's regulatory agency by March 1 following the end of the calendar year in which the data were collected.

In addition, a covered institution’s home office must make its disclosure statement and HMDA LAR available to the public; this info must be retained for at least three years for examination purposes.

Starting in 2015, HMDA has undergone many changes. To learn more about exemptions, and other information, check out this Guide to the HMDA Updates.

HMDA Filing Instructions Guide

The HMDA Filing Instructions Guide, or HMDA FIG, is a resource document published by the regulatory agencies that outlines how an institution should format and prepare the data in their HMDA LAR. A new HMDA FIG is published every year.

It details valid values, how to format the LAR, and how to file the HMDA data collected with the CFPB in order for submission. It also explains the different data fields and data points that should be included in the HMDA LAR. Finally, it provides information regarding edit checks that an institution is expected to run on its HMDA data before submission.

If there have been changes to the HMDA regulation, the HMDA FIG may also detail some of those and how they might impact HMDA submission and resubmission, if necessary.

Here is the HMDA Filing Instructions Guide for HMDA data collected in 2018.

HMDA LAR, HMDA Loan Application Register, LAR, The Register

The HMDA LAR, or the HMDA Loan/Application Register (sometimes written without the backslash), is your institution’s record of all HMDA loans and applications received and/or originated in a calendar year in a specific format for reporting. Computer-generated reports must conform to the format of the LAR.

See also: HMDA LAR Data

HMDA Submission

HMDA Submission is the act of providing an institutions HMDA LAR to the federal regulators for reporting, monitoring, and compliance.

This process can be complete by a financial institution using the CFPB’s free HMDA Submission Tool. However, some institutions choose to rely on third parties to help with submission.

TRUPOINT Partners does provide HMDA submission services to our HMDA Analytics customers. Learn more by reading this press release.

HMDA Analysis

HMDA data analysis is the process of verifying, analyzing, modeling and interpreting your institution's HMDA LAR data. This data analysis helps institutions identify red flags, uncontrolled risk or areas that are likely to draw regulatory focus, like disparities.

It's an important part of many different elements of the compliance risk management process, included in risk assessments as well as self-testing and regulatory exams.

Learn more about the importance of HMDA data analysis with this free info kit.

HMDA Data Points and Fields

HMDA data typically refers to the data included in the HMDA LAR. There are two terms used to describe this data: data points and data fields.

Data Point

Essentially, a data point is the term used to describe to a small number of related data fields. For example, there is a "property address" data point. In that data point are a four different "data fields": street address, city, state and ZIP code.

Data Field

A data field is a single piece of data in the HMDA LAR. For example, there are four different data fields - street address, city, state, and ZIP code - in the single “property address” data point in the HMDA LAR.

Given the recent HMDA small filer exemption, some institutions are wondering how to report data points versus dat fields. For HMDA data collection and reporting, it’s important to know that you must report all data fields within a single data point. If you choose to report a data point that is not required for your institution, you will need to report all of the data fields within.

Learn more about the HMDA Small Filer Partial Exemption in this blog.


As mentioned above, the term LAR refers to the loan application register format that has been designed for reporting HMDA data. Computer-generated reports must conform to the format of the LAR. According to the most recent Final Rule, there are 46 potential data points that an institution can report for HMDA compliance. Here are definitions for a few of them.

Activity Year

For HMDA compliance, this is the year for which the HMDA data are being collected.

Agency Code

Code to identify the supervisory/regulatory agency of the HMDA reporting institution. The agency code along with the respondent ID number is the unique combination that identifies a specific institution. The codes for each agency are:

1 - Office of the Comptroller of the Currency (OCC)
2 - Federal Reserve System (FRS)
3 - Federal Deposit Insurance Corporation (FDIC)
4 - Office of Thrift Supervision (OTS)
5 - National Credit Union Administration (NCUA)
7 - Department of Housing and Urban Development (HUD)
9 - Consumer Financial Protection Bureau (CFPB)

County Code

A three-digit FIPS (Federal Information Processing Standards) code that identifies the county where the property is located.


In HMDA compliance, gender is typically defined as:

- Male: Applications in which the applicants gender is identified as Male.

- Female: Applications in which the applicant's gender is identified female and the co-applicant does not belong to the Control Group.

- Not Provided: Applications in which the applicant's gender is reported as Not Provided.

- Not Applicable: Applications in which the applicant's gender is reported as Not Applicable.

Gross Annual Income

The income reported is the total gross annual income an institution relied upon in making the credit decision. "NA" is used 1) when an institution does not ask for the applicant's income or rely on it in the credit decision, 2) the loan application is for a multifamily dwelling, 3) the applicant is not a natural person (a business, corporation or partnership, for example), or 4) the applicant information is unavailable because the loan was purchased by your institution. "NA" is also used for loans to an institution's employees to protect their privacy.

Lien Status

For HMDA reporting purposes, lenders are required to report lien status for loans they originate and applications that do not result in originations (Codes 1 through 3 are used for these loans; Code 4 is used for purchased loans). Lien status is determined by reference to the best information readily available to the lender at the time final action is taken and to the lender's own procedures. Lien status aids in the interpretation of price data.

For more information on lien status, see the HMDA Price Data Frequently Asked Questions (FAQs) section.

Loan Purpose

Indicates whether the purpose of the loan or application was for home purchase, home improvement, or refinancing. If the loan falls into more than one of the three categories, report the loan under just one category according to the following rule.

If the loan is a home purchase loan, report it as such even if it is also a home improvement loan and/or refinancing; if the loan is not a home purchase loan but is a home improvement loan and a refinancing, report it as a home improvement loan.

Loan Type

Indicates whether the loan granted, applied for, or purchased was conventional, government-guaranteed, or government-insured.


The concept of occupancy describes whether the property to which the loan application relates will be the owner's principal dwelling. For multifamily dwellings (housing five or more families), and any dwellings located outside MSA/MDs, or in MSA/MDs where an institution does not have home or branch offices, an institution may either enter the code for not applicable or the code for the actual occupancy status.

For purchased loans, use code 1 (owner-occupied as a principal dwelling) unless the loan documents or application indicate that the property will not be owner-occupied as a principal residence. For second homes or vacation homes, as well as for rental properties, use code 2 (not owner-occupied as a principal dwelling). If a loan relates to multiple properties, the institution reports the owner-occupancy status of the property for which property location is being reported.

Property Type

The Property Type field indicates whether the loan or application was for a one-to-four-family dwelling (other than manufactured housing), manufactured housing, or multifamily dwelling. For loans on individual condominium or cooperative units, use code 1 (one-to-four-family dwelling other than manufactured housing). In addition, if you cannot determine (despite reasonable efforts to find out) whether the loan or application relates to a manufactured home, use code 1.

Reasons for Denial

These fields identify why an application was denied. As many as three reasons may be reported. Recording reasons for denial is optional, except for institutions supervised by the Office of Thrift Supervision (OTS) or the Office of the Comptroller of the Currency (OCC).

RID, Respondent or Reporter ID

A ten-digit number used to identify a HMDA reporting institution. RIDs often require leading zeros to meet the length requirement.

For example, if the source number is 12345, the ten-digit RID number is 0000012345. The number, which is assigned by each supervisory/regulatory agency, along with the agency code, keeps an institution separate and unique from another.

Beginning with the reporting of 2011 HMDA data, the RID number used by each agency for the depository and nondepository institutions as well as their agency code are shown in the table below. The RID and agency code rules below do not apply to the resubmission of 2010 HMDA data. If your institution has to resubmit 2010 HMDA data, use the RID number and agency code that was used on the initial 2010 HMDA report.

We provide a lot more detail on this in the downloadable version of this Glossary, so make sure to request it today!

Respondent Name

The name of the HMDA reporting institution.

State Code

A two-digit FIPS (Federal Information Processing Standards) code that identifies the state where the property is located.

ULI, Universal Loan Identifier

The ULI, or Universal Loan Identifier, is a code that identifies a loan and stays with the loan for its entire lifetime. This identification code was introduced in the 2015 Final HMDA Rule.

Your financial institution will create a ULI for any originated loans. The ULI is described in the 2018 HMDA Filing Instructions Guide (FIG) as follows:

- Begins with the financial institution’s Legal Entity Identifier as defined in Paragraph 4(a)(1)(i)(A).

- Follows the Legal Entity Identifier with up to 23 additional characters to identify the covered loan or application, which: may be letters, numerals, or a combination of letters and numerals; must be unique within the financial institution; and must not include any information that could be used to directly identify the applicant or borrower.

- Ends with a two-character check digit that is calculated using the ISO/IEC 7064, MOD 97-10 as it appears on the International Standard ISO/IEC 7064:2003, which is published by the International Organization for Standardization (ISO). A check digit can be generated by: using the check digit tool. Information regarding the check digit tool; or applying the procedures provided in Appendix C to Regulation C.

May be letters, numerals, or a combination of letters and numeralsMust be unique within the financial institution; If you purchase a loan that does not have a ULI, it is your financial institution’s responsibility to assign one. However, if your financial institution purchases a loan that already has a ULI, you should continue to use the existing ULI throughout the lifetime of the loan.

Learn more about ULIs and much more in this post, Answers to 7 HMDA Questions.

See also: Non-Universal Loan Identifier

Validity Edits

The specified data are reported incorrectly and must be corrected. The most common example is incorrect census tracts. The letter 'V' precedes the error numbers.

Syntactical Edits

The loan applications will not be loaded to the FFIEC database. If they should be included on the FFIEC database, the data must be corrected. Some examples are incorrect activity year used in your submission; or initial LAR data (T2 record) already on file, which indicates that a LAR with a duplicate loan application number was submitted. The letter 'S' precedes the error numbers.

HOEPA, Home Ownership and Equity Protection Act

Lenders are required to report whether a loan is subject to the provisions of the HOEPA.

HOEPA, enacted as part of the Truth in Lending Act, imposes substantive limitations and additional disclosures on certain types of home mortgage loans with rates or fees above a certain percentage or amount. For more information about HOEPA, see the CFPB's Regulation Z, section 1026.

There are also additional questions regarding HOEPA in the HMDA Price Data Frequently Asked Questions (FAQs) section here.

Home Improvement Loan

A home improvement loan is (a) any dwelling-secured loan to be used, at least in part, for repairing, rehabilitating, remodeling, or improving a dwelling or the real property on which the dwelling is located, and (b) any non-dwelling-secured loan (i) that is to be used, at least in part, for one or more of those purposes and (ii) that is classified as a home improvement loan by the institution.

Home Purchase Loan

A home purchase loan is any loan secured by and made for the purpose of purchasing a dwelling. 

See also: Dwelling

HUD, Department of Housing and Urban Development

The United States Department of Housing and Urban Development, or HUD, is a Cabinet department that helps with housing, fairness, rental assistance, sustainability, and research about access to housing and the housing market in the US. 

HUD is one of the key federal entities responsible for regulating mortgage lenders.


I, Regulation I

The FRB’s Regulation I provides guidance on the issuance and cancellation of capital stock of Federal Reserve banks. More specifically, it sets out stock subscription requirements for all banks joining the FRS.

II, Regulation II

The FRB’s Regulation II provides guidance for debit card interchange fees and routing. It is a section of the EFTA.

See also: EFTA

Identity Theft

Identity theft, also known as identity fraud, is a crime where an imposter obtains key pieces of personally identifiable information, such as Social Security or driver's license numbers, in order to impersonate someone else.

Identity Theft Red Flag Rule

The Red Flags Rule was based on section 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003 (FACTA). FACTA was put in place to help

- Identity Theft Prevention and Credit History Restoration,

- Improvements in Use of and Consumer Access to Credit Information,

- Enhancing the Accuracy of Consumer Report Information,

- Limiting the Use and Sharing of Medical Information in the Financial System,

- Financial Literacy and Education Improvement,

- Protecting Employee Misconduct Investigations, and

- Relation to State Laws.

Independent Review

An Independent Review is an objective, relatively holistic review of the compliance program. It includes discussions with compliance teams, management, and employees to determine if practices meet the needs of the organization and comply with all federal and state regulatory requirements.

The consultant’s job is to look at the present and towards the future to ensure all activities are carried out in accordance with written policy and procedures, while also being aligned with regulatory compliance requirements. The consultant’s job is also to provide advice, training, and collaboration to ensure that the client understands and implements specific regulatory requirements that work within the existing business process and organization.

Their goal is to answer the questions: "Does the current process, which includes policies and procedures, ensure compliance? Are actual practices following the written policy?"

If not, they should be providing recommendations of how it could be changed, who should do it, and to whom the changes need to be communicated.

Independent reviews tend to focus on the operations (e.g. policy, procedures, process) to determine if and ensure that they comply with the institution's policy and federal and state regulatory compliance regulations.

Interbank Liabilities

The FRB’s Regulation F provided updates to the Federal Reserve Act’s guidance on interbank liabilities in section 23. Interbank liabilities are designed to help limit the risks that the failure of a large depository institution (whether insured or not) would pose to insured depository institutions. The FRB determines aggregate limits on insured depository institutions’ exposure to other depository institutions in order to limit the risks posed by that exposure.

An insured depository institution may be considered to be “exposed” to another depository institution if:

  • The insured depository institution has extended credit to the other depository institution, regardless of name or description, including:
    • All deposits at the other depository institution.
    • All purchases of securities or other assets from the other depository institution subject to an agreement to repurchase.
    • All guarantees, acceptances, or letters of credit (including endorsements or standby letters of credit) on behalf of the other depository institution.
  • The insured depository institution has purchased investments or securities issued by the other depository institution.
  • The insured depository institution accepted securities issued by the other depository institution as collateral for an extension of credit to any person.

Plus, all similar transactions that the FRB by regulation determines to constitute “exposure.”

The FRB can exempt transactions if those exemptions from the definition of “exposure” if they are in the public interest and consistent with the purpose of this section.

Any transaction by an insured depository institution with any person is a transaction with another depository institution to the extent that the proceeds of the transaction are used for the benefit of, or transferred to, that other depository institution.

Insured Depository Institution

An insured depository institution is one that is insured by the FDIC.


J, Regulation J

The FRB’s Reg J provides guidance on check collection by Federal Reserve Banks, and funds transfers through Fedwire. More specifically, it establishes procedures, duties and responsibilities related to check collection and other items among Federal Reserve Banks, senders and payers of checks and other items, and the senders and recipients of Fedwire funds transfers.

There is a proposed amendment to simplify this regulation, and make it conform more closely to Reg CC, which provides guidance about the availability of funds and collection of checks. Although the comment period is now closed, you may want to review the press release here.


Jargon is a term used to refer to words, phrases, or expressions used by members a profession, industry, or other group that are difficult for non-members to understand.

In consumer compliance, a best practice is to avoid jargon in consumer-facing materials as much as possible.


K, Regulation K

The FRB’s Reg K provides guidance on international banking operations. It outlines rules regarding the  international and foreign activities of US banking organizations, including:

  • Procedures for establishing foreign branches, Edge corporations, and agreement corporations that would engage in international banking, and
  • Investments in foreign organizations.

There is a proposed amendment regarding this regulation and Board responsibilities; you may want to review the press release here.

KYC, Know Your Customer

Know Your Customer (KYC) is the process by which a financial institution attempts to understand and confirm the identity of their customers. This may include ID verification, information about where they currently live and address verification, employment details (optional), copies of utility bills (optional), and other measures.

KYC is most relevant to BSA/AML compliance. Such KYC guidelines are designed to prevent financial institutions from being used for money laundering. KYC policies, procedures, and processes usually include these four elements: customer acceptance policy, Customer Identification Procedures (CIP), transaction monitoring, and risk management, which likely included Politically Exposed Persons (PEP) monitoring.

Larger customers and transactions may also be subject to Enhanced Due Diligence (EDD), as per the USA PATRIOT Act.


L, Regulation L

The FRB’s Regulation L provides guidance for the management of official interlocks; more specifically, it outlines the situations wherein a management interlock is prohibited, and when it is allowed. According to the regulators, this regulation is designed to promote competition.

In general, a manager of a financial institution is not allowed to serve simultaneously as a management official of another depository institution if both institutions are large and/or located in the same area, and the institutions are not affiliated. if the organizations are not affiliated and both either are very large or are located in the same local area. These prohibitions are known as:

  • Community Prohibition
  • Relevant Metropolitan Statistical Area Prohibition Prohibition
  • Major Assets Prohibition

Learn more about the prohibitions and exemptions in the OCC’s guide to management interlocks.

LAN, Loan Application Number

A unique identifier (up to 25 characters long) that can be used to retrieve the particular loan application to which the entry relates. It is recommended that institutions do not use applicants' names or social security numbers to ensure the privacy of the applicant or borrower.

Please note: With the updated HMDA rules, there are now new rules regarding Universal Loan Identifiers and Non-Universal Loan Identifiers that may be relevant for your institution. In some instances, a ULI or NULI may take the place of the Loan Application Number.

LAR, Loan Application Register

This is also known as the HMDA LAR, the LAR, or the Register.

The term LAR refers to the loan application register format that has been prescribed for reporting HMDA data. Computer-generated reports must conform to the format of the LAR.

Location-Based Authorization

Location-based authorization is a type of security feature that controls access based on location. It's used most frequently in apps and software. As a financial institution, you may restrict account access, or have additional layers of security, if a user tries to access their account outside of their usual locations.


M, Regulation M

The CFPB’s Regulation M (Part 1013) provides guidance regarding consumer leasing.

See also: Consumer Leasing Act

MM, Regulation MM

The FRB’s Regulation MM provides guidance regarding mutual holding companies. In particular, Reg M regulates all of the following:

  • The reorganization of mutual savings associations to mutual holding companies.
  • The creation of subsidiary holding companies of mutual holding companies.
  • The operations of mutual holding companies and their subsidiary holding companies.

It also establishes procedures for securing approval for these transactions.

MARS Rule, Mortgage Assistance Relief Services Rule

Implemented by Regulation O, the CFPB’s MARS Rule (Part 1015) is designed to prohibit unfair and deceptive acts or practices in mortgage assistance relief services. In particular, these services are typically for mortgage or foreclosure relief. It is directed at companies that offer to help consumers negotiate mortgage or foreclosure negotiations.

The MARS Rule says that:

  • It is illegal for mortgage assistance relief service providers to charge upfront fees.
  • Mortgage assistance relief service providers must “clearly and prominently” disclose certain information to consumers, including:
    • The total cost.
    • That consumers can stop using the services at any time.
    • That the provider is not associated with the government or a lender.
    • That the lender may not agree to change the terms of the mortgage.
    • Consequences that could result from failing to pay the mortgage if that was advised by the service provider. In particular, service providers must warn of the potential loss of the home or damage to the consumer’s credit rating.
  • It is illegal for mortgage assistance relief service providers to advise consumers to stop communicating with their lender or servicers.
  • Mortgage  assistance relief service providers must disclose certain information to customers if they forward an offer of mortgage relief from a lender or servicer, including:
    • Details from the lender or servicer about all material differences between the consumer’s current loan and the new offer.
    • The fact that consumers are not obligated to pay the mortgage assistance relief service provider’s fee, if the offer isn’t acceptable.
  • It is illegal for mortgage assistance relief service providers to make claims that are false, misleading, or unsubstantiated.

MD, Metropolitan Division

A metropolitan division is a subset of an MSA having a single core with a population of 2.5 million or more. For reporting and disclosure purposes of HMDA, an MD is the relevant geography, not the MSA of which it is a division.


A mortgage is a type of loan where the collateral is a property or real estate. In this type of loan, the borrower receives cash upfront, and makes payments to the lender over a period of time until the lender is paid back in full.

Mortgage Acts and Practices - Advertising

Mortgage Acts and Practices - Regulation N was passed by the CFPB to implement requirements outlined by a variety of different regulations, including the CARD Act and the Dodd-Frank Act. The regulation clarifies restrictions and guidelines on what can be included in materials related to a “mortgage credit product,” a term that is also defined by the regulation. It also provides details on waivers, recordkeeping requirements, actions by states, and severability.

Reg N specifically prohibits a long list of misrepresentations. To view the full list, review the regulation here.

MSA, Metropolitan Statistical Area

MSA stands for Metropolitan Statistical Area, and is a geographical region with a relatively high population and a close-knit economic network that connects it. While it's not a legally-defined geographic area, like a city or a town that has its own laws and regulations, it is a way of conceptualizing that high-population area (like Atlanta, San Francisco or Dallas-Fort Worth) and its local sphere of influence. MSAs are defined by the Office of Management and Budget (OMB) and used by the U.S. Census Bureau, as well as other agencies and organizations.

For purposes of HMDA, the term is interchangeable with "metropolitan area." The underlying concept of an MSA is that of a core area containing a large population nucleus, together with adjacent communities having a high degree of economic and social integration with that core. MSAs are composed of entire counties or county equivalents. Every MSA has at least one urbanized area with a population of 50,000 or more.

MSA/MD, Metropolitan Statistical Area/Metropolitan Division

An MSA/MD is an area that has at least one urbanized area of 50,000 or more population, plus adjacent territory that has a high degree of social and economic integration with the core as measured by commuting ties. If the specified criteria are met, a metropolitan statistical area containing a single core with a population of 2.5 million or more may be subdivided to form smaller groupings of counties referred to as metropolitan divisions. This is a five-digit code defined by the Office of Management and Budget. Those properties located outside of an MSA/MD should be coded as "NA" for not applicable.


N, Regulation N

The FRB and CFPB both have a Reg N:

  • The CFPB’s Regulation N (Part 1014) governs mortgage acts and practices related to advertising.
    • See also: Mortgage Acts and Practices - Advertising
  • The FRB’s Reg N provides guidance on relationships and transactions between Federal Reserve Banks and foreign banks, their employees, and foreign governments.

NN, Regulation NN

The FRB’s Reg NN provides guidance on retail foreign exchange transactions, by setting the standards for Federal Reserve-regulated banking organization that engage in certain types of foreign exchange transactions with retail consumers. It outlines the risk disclosure, record-keeping, business conduct, and documentation requirements.

NCUA, National Credit Union Association

The National Credit Union Administration, or NCUA, is the only federal regulatory agency for credit unions in the United States. The NCUA is responsible for supervision and regulation of credit unions in the US, in an effort to ensure access to and confidence in American credit unions.  It does examine credit unions on a 12-month cycle for compliance and other important factors related to the health and stability of the credit union system.

The NCUA officially became an independent federal agency in 1970. That same year, Congress established the National Credit Union Share Insurance Fund (NCUSIF), which protects credit union deposits.

Non-Depository Institution

Non-depository institution are defined as for-profit mortgage lending institutions (other than banks, savings associations, and credit unions).

Similarly, non-bank financial institutions, or NBFIs, are broadly defined as institutions other than banks that offer financial services. The USA PATRIOT Act has defined a variety of entities as financial institutions. Common examples of NBFIs include, but are not limited to: Casinos and card clubs; securities and commodities firms (e.g., brokers/dealers, investment advisers, mutual funds, hedge funds, or commodity traders); money services businesses (MSB); insurance companies; loan or finance companies; operators of credit card systems; other financial institutions (e.g., dealers in precious metals, stones, or jewels; pawnbrokers.


O, Regulation O

The CFPB and the FRB both have a Regulation O:

  • The CFPB’s Regulation O (Part 1015) governs mortgage assistance relief services.
    • See also: MARS Rule, Mortgage Assistance Relief Services Rule
  • The FRB’s Reg O provides guidance on extensions of credit by member banks to their officers, directors, and principal shareholders. It also covers any extension of credit by a member bank to a bank holding company of which the member bank is a subsidiary, and of any other subsidiary of the holding company. In particular, it outlines reporting and disclosure requirements around these extensions of credit. Read the regulation here.


P, Regulation P

The CFPB’s Regulation P (Part 1016) provides guidance on the privacy of consumer financial information according to the Graham-Leach-Bliley Act. It governs the treatment of nonpublic personal information about consumers by financial institutions.

See also:  Graham-Leach-Bliley-Act

Panel, HMDA Reporter Panel Listing

The reporter panel listing is the universe of all institutions that reported under HMDA. A separate panel exists for each reporting year.

Predictive Analytics

Predictive Analytics describes the field of analysis focused on using current and past data to estimate, or predict, the future state. It can be especially helpful in identifying opportunities and risk.

In banking, predictive analytics is already being used for credit risk assessment, fraud detection, among others.

Combined with AI, predictive analytics has the potential to create self-learning predictive analytics that constantly enhance the available predictions and understanding of your processes.

Prohibited Basis Characteristic

Used primarily for Fair Lending compliance, a prohibited basis characteristic or trait is a feature based upon which a financial institution may not treat a person or persons differently than a similarly situated person or persons. Prohibited Basis Characteristics, according to the FHA and ECOA, include:

  • Race or color
  • Religion
  • National origin
  • Gender or sex
  • Marital status
  • Age
  • Receipt of income from public assistance programs
  • Exercise of rights under the CCPA
  • Handicap
  • Familial status

Prohibited Basis Group

This is the group of individuals that share a prohibited basis characteristic.


P-value is a statistical term that is used to help describe the statistical significance of a number. A p-value less than 0.05 indicates statistical significance. A p-value less than .05 indicates that we can say with 95% confidence that the variance between two group is statistically significant.

For Fair Lending analysis, it helps describe when a disparity is statistically significant.


Q, Regulation Q

The FRB’s Regulation Q provides minimum capital requirements and overall capital adequacy standards  of bank holding companies, savings and loan holding companies, and state member banks.  

Quality Edits

The data in question do not agree with an expected standard (value). Review for correctness and change only if erroneous data has been reported. An example is reported income that is less than or equal to $9 thousand. The letter 'Q' precedes the error numbers.

(It is important that you do an initial review of the data containing quality edits. If, after the review, you find that the data are reported correctly or you change the data because the data are reported incorrectly and the quality edit still remains on the data, those quality edit(s) will remain on succeeding edit reports).


R, Regulation R

The FRB’s Reg R provides guidance on exceptions for banks from the definition of broker in the Securities Exchange Act of 1934. There are a lot of nuances to this regulation. Please see the FRB’s Reg R compliance guide for more details.

See also: Securities Exchange Act of 1930


  • American Indian or Alaskan Native: Applications in which the applicants first race is identified as American Indian or Alaska Native and the co-applicant's ethnicity, first race and gender are not identified as Hispanic or Latino, White, Male (a Control Group member).
  • Asian: Applications in which the applicants first race is identified as Asian and the co-applicant's ethnicity, first race and gender are not identified as Hispanic or Latino, White, Male (a Control Group member).
  • Black or African American: Applications in which the applicants first race is identified as Black or African American and the co-applicant's ethnicity, first race and gender are not identified as Hispanic or Latino, White, Male (a Control Group member).
  • Native Hawaiian or Other Pacific Islander: Applications in which the applicants first race is identified as Native Hawaiian or Other Pacific Islander and the co-applicant's ethnicity, first race and gender are not identified as Hispanic or Latino, White, Male (a Control Group member).
  • White: Applications in which the applicants first race is identified as White.
  • Not Provided: Applications in which the applicant's race is reported as Not Provided.
  • Not Applicable: Applications in which the applicant's race is reported as Not Applicable.

Rate Spread

The price data take the form of a "rate spread." Lenders must report the spread (difference) between the annual percentage rate (APR) on a loan and the rate on Treasury securities of comparable maturity - but only for loans with spreads above designated thresholds.

Rate spreads are reported for some, but not all, reported home loans. The rate spread, along with Lien Status and HOEPA help interpret the pricing data.

For more information about the Rate Spread, see the HMDA Price Data Frequently Asked Questions (FAQs) section here. Also, see the Rate Spread Calculator link for assistance in generating the rate spread, and the HELP section for additional guidance.


Redlining is the act of providing unequal access to or terms of credit to residents of an area where applicant resides or will reside, or the area where the property to be mortgaged is located. Redlining is prohibited by both Fair Lending and CRA regulations; particularly, the Fair Housing Act and the Community Reinvestment Act.

Redlining has roots in the lending practices of the early-to-mid 1900s. At that time, financial institutions and the federal government both created and used maps of neighborhoods to guide their lending and pricing decisions.

Redlining, Reverse

Reverse Redlining is the practice of targeting certain individuals for less favorable products on the basis of where they live or where the property to be mortgaged is located.

Redlining, Digital

Digital Redlining is the practice of redlining online; that is, excluding individuals and communities from online marketing, advertising, and credit based on where they live or where the property to be mortgaged is located. This may be done a result of digital practices, such as location-targeted or excluded online advertising.

To learn more about Redlining, and how to understand your risk in 3 simple steps, get this free eBrief!


Refinancing is any dwelling-secured loan that replaces and satisfies another dwelling-secured loan to the same borrower. The purpose of the loan being refinanced is not relevant to determining whether the new loan is a refinancing for HMDA purposes. Neither is the borrower's intended use of any additional cash borrowed relevant to determining whether the loan is a refinancing, although the borrower's intended use of the funds could make the transaction a home improvement loan or a home purchase loan.


RegTech is another blended word, this time combining "regulatory" and "technology." RegTech refers to any technologies that help companies comply with regulations. It very frequently refers to software that helps financial companies comply with financial regulations, even though it doesn't necessarily have to refer to that.

TRUPOINT’s Fair Lending, HMDA, CRA and Redlining Analytics are all examples of FinTech, but more specifically, RegTech software.

Note: We have also started hearing the phrase "BankTech," but usage is limited. In general, BankTech refers to technology used in banking. The practical meaning of this term is still evolving (i.e. does it refer to technologies used to facilitate banking by end-consumers? Does it refer to operational technologies used by traditional banks? Can non-traditional banks be considered BankTech?) We will keep an eye on that trend, and update as needed.

Reserve Requirements of Depository Institutions

Implemented by the FRB’s Reg D, reserve requirements are the amount of funds that a depository institution is required to hold in reserve against specified deposit liabilities, such as net transaction accounts, non-personal time deposits, and Eurocurrency liabilities.

Depository institutions are defined by the FRB as commercial banks, savings banks, savings and loan associations, credit unions, U.S. branches and agencies of foreign banks, Edge corporations, and agreement corporations.

The Board of Governors is solely responsible for adjusting the reserve requirements.


To learn more about reserve requirements, read more details from the FRB here.

REMA, Reasonably Expected Market Area

REMA stands for Reasonably Expected Market Area (sometimes just called Market Area). It is used when discussing Fair Lending analysis, but in particular, Redlining analysis. A REMA is the geographic area that regulators believe an institution can serve based on its distribution of applications and loans, as well as its marketing and outreach efforts.

The REMA is used to evaluate lending and level of services in majority-minority census tracts for potential redlining. It's not defined by Fair Lending laws, and not selected by the institution. It may or may not be the same as the CRA assessment area or trade area. A few factors that may determine the REMA are:

  • Where the institution has received applications;
  • Where the institution has originated loans;
  • The history of mergers and acquisitions;
  • The market area as defined by the bank in its written policies;
  • Branching structure and history, including closures, acquisitions, and relocations;
  • Advertising; and
  • The exclusion of Majority-Minority census tracts from the assessment area.

See also: Redlining

RESPA, Real Estate Settlement Procedures Act

Implemented by the CFPB’s Regulation X, RESPA is supposed to protect consumers when they apply for and have mortgage loans. It achieves this because it requires lenders, mortgage brokers, or servicers of home loans to provide borrowers with pertinent and timely disclosures regarding the nature and costs of the real estate settlement process. It also makes it illegal for financial institutions to provide kickbacks, and limits the use of escrow accounts.

According to the CFPB, RESPA provides guidance on topics such as:

  • Prohibition on kickbacks and unearned fees
  • Mortgage origination and servicing disclosures
  • Affiliated business arrangements
  • Title insurance
  • Escrow accounts
  • List of homeownership counseling organizations
  • Mortgage loan servicing requirements
  • Force-placed insurance
  • Mortgage loan servicing error correction/resolution, and borrower information requests
  • Loss mitigation

In 2008, RESPA was updated in both material and technical ways. In 2013, it was amended to require the TILA-RESPA integrated disclosures, known as TRID.

TRID, TILA-RESPA Integrated Disclosures

TRID, which stands for TILA-RESPA Integrated Disclosures, outlines integrated disclosures that financial institutions can use for both TILA and RESPA compliance. It requires the use of the integrated disclosure forms at application and settlement, known as the Loan Estimate (LE) and the Closing Disclosure (CD). The LE integrates RESPA's Good Faith Estimate (GFE) and TILA's Early Truth in Lending (TIL) disclosure. The CD integrates the Final TIL and the HUD-1 settlement statement.

Risk Assessment

A risk assessment is a snapshot, a point-in-time evaluation of your institution's risk. It can be conducted internally or by a consultant. Risk assessments enable the compliance officer to identify the program's regulatory risk and establish a risk profile. A risk assessment also allows the institution to control risk through appropriate risk management tactics and focus on high-risk areas.

Risk assessments should be conducted at least annually, or sooner if there are changes to the business, product offerings, geography or risk exposure. Many institutions conduct a risk assessment at the beginning of the year for primary areas of risks, particularly Fair Lending, to set the stage for compliance success.

TRUPOINT does provide Fair Lending risk assessments; we offer both on-site and remote traditional, comprehensive risk assessments.

We also offer consultant-led remote risk surveys, which are a good fit for small institutions and those with limited risk exposure. These remote risk surveys use a software, called RiskCheck, that helps guide questions and generate reports.


S, Regulation S

The FRB’s Reg S governs reimbursement for providing financial records and record-keeping requirements for certain financial records. According to the FRB, Reg S outlines “rates and conditions for reimbursement to financial institutions for providing customer records to a government authority and prescribes record-keeping and reporting requirements for insured depository institutions making domestic wire transfers and for insured depository institutions and non-bank financial institutions making international wire transfers.”

SaaS, Software as a Service

SaaS is an acronym that stands for Software-as-a-Service. It refers to the act of providing a centrally hosted software or application via the internet as a service. Because they're online, they're available 24/7. Most SaaS tools are subscription-based, meaning that users pay monthly or annually for access to the service.

SaaS tools may be described as web-based or on-demand, so you may have heard those words before.

With a SaaS tool, you don't have any hardware or installation to manage, and the service provider handles things like security. Microsoft Office 365 is a great example of a SaaS product.

TRUPOINT Analytics definitely qualifies as a SaaS tool. The fact that access to the platform is bundled with guided service qualifies it as a TES tool, too.

See also: TES

S.A.F.E. Mortgage Licensing Act

Implemented by Reg G and Reg H, the S.A.F.E. Mortgage Licensing Act outlines licensing and registration requirements for mortgage loan originators. It applies to any of the following types of employees who act as mortgage loan originators:

  • Employees of depository institutions.
  • Employees of subsidiaries that are owned and controlled by a depository institution and regulated by a Federal banking agency.
  • Employees of institutions regulated by the Farm Credit Administration.

The S.A.F.E. Act requires such employees to do all of the following:

  • Register with the Nationwide Mortgage Licensing System and Registry.
  • Obtain a unique identifier
  • Maintain this registration.

The S.A.F.E. Act also requires states to adopt minimum standards for licensing residential mortgage loan originators.

Savings and Loan Association

Savings and Loans are specialized banks created to promote affordable home ownership.

SEC, Securities and Exchange Commission

The SEC, or US Securities and Exchange Commission, aims to ”protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.” Founded in 1934, it is the federal agency that holds primary responsibility for enforcing Federal securities law.

The SEC is focused on ensuring that there is accurate, clear, public information about securities from the companies that are offering them. The SEC says that this disclosed information allows all investors to make sound business decisions about if and when to buy, sell, or hold securities. This information is related to the businesses themselves, the securities being sold, and the risks involved in investing. The SEC also has oversight power over people and entities who sell and trade securities, such as brokers, dealers, and exchanges.

The SEC is led by five commissioners who are appointed by the President, and serve staggered 5-year terms. According to the SEC, their responsibilities include:

  • Interpreting and enforcing federal securities laws;
  • Issuing new rules and amending existing rules;
  • Overseeing the inspection of securities firms, brokers, investment advisers, and ratings agencies;
  • Overseeing private regulatory organizations in the securities, accounting, and auditing fields; and
  • Coordinating securities regulation with federal, state, and foreign authorities.
  • In addition, the SEC’s Chairman serves as a representative of the agency on the Financial Stability Oversight Council (FSOC).

To learn more about how the SEC provides oversight on some key compliance issues, check out this article.

Securities Exchange Act of 1934

This Act established the SEC, and gave it regulatory and oversight authority over the securities industry, including the self-regulated organizations (SROs). The Act also gave the SEC the authority to create rules about the conduct of individuals and entities as it relates to securities, and the ability to take disciplinary action. It also allows the SEC to require reporting of certain important information.

SRO, Self-Regulated Organization

The exchanges (the New York Stock Exchange, the NASDAQ Stock Market, and the Chicago Board of Options), and FINRA (Financial Industry Regulatory Authority) are considered SROs. 

The SROs are responsible for creating rules and regulations that guide the conduct of members and users, and are also able to discipline members for violations of those rules. They also focus on ensuring market integrity and investor protections.

Although proposed SRO rules are effective upon filing, they are still subject to SEC approval. Sometimes, the SEC approves rules governing the SROs before they actually go into effect.

SOD, Summary of Deposits

Every year, the FDIC publishes a Summary of Deposits (SOD). It’s an annual survey of branch office deposits as of June 30 for all FDIC-insured institutions, including insured U.S. branches of foreign banks. 

All institutions with branch offices are required to submit the survey, although institutions with only a main office are exempt.

The SOD data provides valuable insight into the state of the financial system.


T, Regulation T

The FRB’s Reg T provides guidance on credit by brokers and dealers. In particular, it regulates extensions of credit by brokers and dealers, and transactions related to such extensions of credit. It imposes initial margin requirements and payment rules on certain securities transactions, too.

See also: Securities Exchange Act of 1934

TCPA, Telephone Consumer Protection Act of 1991

The Telephone Consumer Protection Act (TCPA), which amended the Communications Act of 1934, restricts telemarketing and the use of automated telephone and dialing equipment, artificial or prerecorded voice messages, SMS/text messages, and fax machines. It also outlines other requirements for individuals using such methods and machinery.

The FCC has regulatory, oversight, and rule-making authority over the TCPA. Penalties may reach $500 per call for negligent violations, and $1,500 for willful violations. The number of TCPA lawsuits has increased in recent years.

There are four key provisions: consent requirements, equipment and process requirements, do-not-call requirements, and caller ID requirements.

TES, Technology-Enabled Service

TES stands for Technology-Enabled Service. It refers to a type of product or company that leverages technology with service to provide value to customers. The success of the customer is closely related, if not intrinsic to, the success of the product or the company. TES solutions are focused on the delivery of software, and making it as human and helpful as possible.

TILA, Truth in Lending Act

Implemented by the CFPB’s Reg Z, TILA requires disclosures about terms, costs, and other details related to the use of consumer credit in an effort to foster the informed use of credit. It is designed to protect against inaccurate and/or unfair credit billing and credit card practices.

Under TILA, consumers are allowed up to three days after making a decision on a credit product to back out of the deal  without losing any money.

Check out the Interagency Questions and Answers on the policies for TILA enforcement here. The OCC also released a revised TILA handbook earlier in 2018; you can access it here.

TISA, Truth in Savings Act

Implemented by Reg DD, TISA was intended to help consumers make informed decisions about their accounts at depository institutions, improve transparency, and promote competition between depository institutions through the use of uniform disclosures. TISA makes it easier for consumers to compare interest rates, fees, annual percentage yield, and terms in  savings institutions' deposit accounts.

Consumers are entitled to receive disclosures about their account:

  • When an account is opened;
  • Upon request;
  • When the terms of the account are changed;
  • When a periodic statement is sent; and
  • For most time accounts, before the account matures.

The regulation also has requirements on the payment of interest, the methods of calculating the balance on which interest is paid, the calculation of the annual-percentage yield, and advertising.

Reg DD covers both interest-bearing and non-interest-bearing accounts.

Learn more about TISA with the FRB’s overview.

TS, Transmittal Sheet

The transmittal sheet is submitted with a reporter's data. The transmittal sheet includes the following information: reporter's HMDA ID number, regulatory agency code, reporter's tax ID, number of application/loan records submitted, HMDA activity year, name of reporting institution, address, city, state, zip code, contact name, telephone number, fax number, and e-mail address.

Also, input the name, address, city, state and zip code of any parent company. Non-depository institutions of all agencies, except HUD (possibly), must provide parent information. However, if any HUD reporters have a parent, they too must provide the parent company information.


A t-test determines the statistical significance of the variance between two averages. For Fair Lending analysis, these group averages are often defined by demographic or geographic characteristics, or product..

If a t-test shows statistical significance, then the difference between two groups is unlikely to be due to chance or an atypical sample.

Type of Purchaser

If you sell a loan in the same calendar year in which it was originated or purchased, you must identify the type of purchaser to whom it was sold. If the loan is sold to more than one purchaser, use the code for the entity purchasing the greatest interest. If you sell only a portion of the loan, retaining a majority interest, do not report the sale. If you do not sell the loan during the same calendar year, or if the application did not result in a loan origination, enter the code "0" (zero).

If you sell the loan in a succeeding year, you need not report the sale in the succeeding year and you do not go back to previous years to show it as sold.


U, Regulation U

The FRB’s Regulation U provides guidance regarding credit provided by banks and persons other than brokers or dealers for the purpose of purchasing or carrying margin stock.

See also: Securities Exchange Act of 1934

UDAAP, Unfair, Deceptive, or Abusive Acts or Practices

UDAAP stands for Unfair, Deceptive and Abusive Acts and Practices. It has a broad scope that interacts with other areas of consumer compliance.


An "unfair" act or practice is defined as one that may cause substantial injury, is not reasonably avoidable, and does not have benefits that outweigh the injury.

Interpretation of whether an act or practice may cause "substantial injury" is often subjective, but below are some considerations: may or may not include monetary harm; small amount of harm to a large number of people or substantial harm to one person; Actual injury is not required, as harm could be substantial if it merely raises the risk of harm; and emotional harm is not typically part of the definition.

For an act or practice to be "not reasonably avoidable," consider whether it: interferes with the consumer's ability to effectively make decisions or to avoid the injury, prevents a consumer from comparison shopping or choosing advantageous alternatives, or is pervasive in the industry. If it is, regulators are more likely to find the practice unfair if there aren't alternatives.

When determining if an injury or potential injury has "offsetting benefits," consider whether it: provides lower prices to the consumer or a wider availability of products and services due to competition, or if the costs of society as a whole are high due to any increased burdens.


A "deceptive" act or practice is defined as one that:

Is misleading or likely to mislead. That said, the phrase "likely to mislead" can be subjective. A potentially deceptive act or practice may be considered "likely to mislead" when:

-- It omits key terms and conditions; and

-- Terms and conditions are present, but key requirements are obscured. For example: fine print, fast-paced oral deliver, or bait-and-switch communications.

- A reasonable customer would be mislead. That is, a consumer's interpretation of the statement or omission is not reasonable under the circumstances.

- A representation, omission or practice is material. When evaluating whether a representation, omission, act or practice is "material," consider the following:

-- Materiality is assessed by the ability of the consumer to make and understand a decision.

-- Deception of a consumer occurs if their understanding of cost or restrictions is not clear and concise.


An abusive act or practice is defined as one that materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service. In addition, an abusive act or practice is defined as one that takes unreasonable advantage of a consumer’s: lack of understanding of the material risks, costs or conditions of the product or service; inability to protect its interests in selecting or using a consumer financial product or service; or reasonable reliance on a covered person to act in the interests of the consumer.

To learn more UDAAP best practices, get this free Quick Guide to UDAAP Compliance!

UIGEA, Unlawful Internet Gambling Enforcement Act

Implemented by the FRB’s Reg GG, the UIGEA requires US financial institutions that are using designated payment systems to create and implement policies and procedures  that are “reasonably designed to prevent payments connected to unlawful Internet gambling.” It also makes it illegal for gambling businesses to knowingly accepting payments for unlawful, online bets or wagers.

For more information, please see the FDIC’s info sheet on the UIGEA.



V, Regulation V

Both the FRB’s and the CFPB’s Regulation V (Part 1022) implement the Fair Credit Reporting Act.

See also: Fair Credit Reporting Act


W, Regulation W

The FRB’s Regulation W provides guidance on transactions between member banks and their affiliates, as part of the Federal Reserve Act.

See also: Federal Reserve Act


A whistleblower, sometimes written as “whistle blower” or “whistle-blower,” is a person who shares information, with the public or authority figure, about another person or organization that engages in unlawful, immoral, or dishonest activities.

There are some legal protections for whistleblowers, but they incur risk in calling out behavior that is transgressive.


X, Regulation X

Both the CFPB and the FRB have a Regulation X:

  • The CFPB’s Regulation X (Part 1024) implements RESPA.
    • See also: RESPA
  • The FRB’s Regulation X provides guidance regarding borrowers of Securities Credit.
    • See also: Securities Exchange Act of 1934


Y, Regulation Y

The FRB’s Regulation Y provides guidance regarding bank holding companies and changes in bank control. In particular, it:

  • Regulates the acquisition of control of banks by companies and individuals;
  • Defines and regulates the non-banking activities in which bank holding companies and foreign banking organizations with US-based operations may engage; and
  • Establishes the procedures for securing approval for these transactions and activities.


Z, Regulation

The CFPB’s Regulation Z (Part 1026) implements the Truth in Lending Act.

See also: TILA

Download The Ultimate Compliance Glossary!