I will include a list of what is technically required but note, these regs do not say "annual" but that has been a best practice. If an area has a high turnover, more frequent training maybe required. Management would generally get a higher level of training than the employee who completes tasks, like completing CTRs as an example. Management may need to know about aggregate translations and that they need a CTR, but someone who completes the task needs to know how to complete a CTR for aggregate transactions. So even if everyone is together, training is not a one-size fits all affair.
1. BSA (12 CFR §21.21(c)(4) and §208.63(c)(4) Provide training for appropriate personnel. Include CIP.)
2. Bank Protection Act (12 CFR §21.3(a)(3) and §208.61(c)(1)(iii) Provide initial & periodic training)
3. Reg CC (12 CFR §229.19(f)provide each employee who performs duties subject to the requirements of this subpart with a statement of the procedures applicable to that employee)
4. Customer Information Security found at III(C)(2) (Pursuant to the Interagency Guidelines for Safeguarding Customer Information, training is required. Many banks allow for turnover and train as needed, imposing their own requirements on frequency.)
5. FCRA Red Flag (12 CFR 1022.90(e)(3) Train staff, as necessary, to effectively implement the Program;)
6. You should add to your list training of appropriate staff on any overdraft protection programs your bank offers, so that they are able to explain the programs' features, costs, and terms, and to explain other available overdraft products offered by your institution and how to qualify for them. That's one of the “best practices” listed in the Joint Guidance on Overdraft Protection Programs issued by the OCC, Fed, FDIC and NCUA in February 2005 (70 FR 9127, 2/24/2005), and reinforced by the FDIC in its FIL 81-2010 in November, 2010.
7. MLO training, A loan originator organization must for each of its individual loan originator employees who is not required to be licensed and is not licensed as a loan originator pursuant to § 1008.103 of this chapter or State SAFE Act implementing law provide periodic training covering Federal and State law requirements that apply to the individual loan originator’s loan origination activities. § 1026.36(f)(3)(iii) § 1026.36(f)(3)(iii)
The periodic training must:
a. Be sufficient in frequency, timing, duration, and content to ensure that the individual loan originator has the knowledge of State and Federal legal requirements that apply to the individual loan originator’s loan origination activities.
b. Take into consideration the particular responsibilities of the individual loan originator and the nature and complexity of the mortgage loans with which the individual loan originator works.
While Section 1026.36(f) does not prescribe rules for the frequency of training, the SAFE Act requirements for state licensed MLOs require annual training. It would be wise to borrow from this requirement as a minimum frequency.
8. Reg P - although there is not a specific requirement for training in the Reg, the FRB Exam Manual specifically lists "Adequacy and regularity of the institution's training program" as one of the factors to consideration in determining the adequacy of the financial institution's internal controls and procedures to ensure compliance with the privacy regulation.
And these do not state “annual.” Also, these may have stated training requirements, but many other regulations need special training whether this is stated in the regulation or not. At the top of your list, include:
1. USA PATRIOT Act
4. Reg D
5. Reg E
6. Reg Z
7. Fair Credit Reporting Act
10. Bank Bribery
11. For insiders, Reg O
Specific for directors, include:
1. BSA/AML program,
2. Fair Lending efforts, and the
3. CRA Program, results/status and
4. Overdraft guidance.