I've been asked to put together a list of regulatory compliance concerns that will most likely impact banks in 2012 and beyond.

I'm thinking UDAAP has to be one that needs to be on the radar screen. Maybe Dodd-Frank. I'd like to hear some other thoughts and opinions.

Fair Lending Regulations (ADA, CRA/HMDA, ECOA, FHA, UDAAP)
Truth in Lending
Flood Disaster Protection Act
BSA/AML
HMDA
RESPA and Mortgage Law Reform
Electronic Fund Transfers - Esp. Overdraft Programs
Fraud

I agree totally with manimal's list.

I agree also, though I would move ODP programs to maybe third on the list as far as priority. Lots of talk at the CRA/Fair Lending Colloquium from the examiners on this issue. UDAAP is where it belongs...at the top!

I am hearing from colleagues at other banks that the regulators seem very focused on Vendor Management (oversight for compliance with GLBA, ID Theft, reviewing SAS70's, reviewing financial statements). We just had an external audit this month, and our auditor warned us that Vendor Management was definitely a hot button issue with the regulators recently.

Earlier in the year, I heard from everyone about being sure to have a 3-year risk-based audit plan in place for each business unit (i.e. IT, Compliance, etc.).

What kind of regulators....FDIC, FRB, state?

Ditto the suggestion on having a risk-based audit plan. Some banks are looking for ways to reduce audit expenses, but arbitrarily cutting back on audits without conducting a risk assessment to back-up your reasoning will likely get you into trouble with your regulators.

I agree with Dolly. The FDIC requires a 3 year "rolling" risk based audit plan. You have to update the plan annually. They are also very focused on Vendor Management and Vendor Risk.

Add "old business" to your list. Nothing fires up a regulator like repeat violations.

FDIC was just hear a month ago (S&S/BSA/IT)... blew by IT/Vendor Management... they were here for almost four weeks, and honestly, barely spent 2-3 hours with the IT folks. Didn't even bother with an IT person, just the EIC and another bumbling their way through the IT questionaire.

Our most recent exam was similar to JJ... the IT folks were in and out in under a week and didn't press too hard with Vendor Management.

Just came back from a conference. According to most of the speakers, hot buttons are UDAP and ODP if you are FDIC.

There's a (free) webinar coming up on this topic:

http://www.philadelphiafed.org/bank-resources/publications/consumer-compliance-outlook/outlook-live/

Thanks for the webinar info

I would think you'd put UDAP/UDAAP in its own category as it applies to lending and ops.