Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 14, Maxine Waters (D-CA) and 22 other House Democrats issued a letter urging the new CFPB Director, Kathy Kraninger, to resume supervisory examinations of the Military Lending Act (MLA). As previously covered by InfoBytes, according to reports citing “internal agency documents,” the Bureau ceased supervisory examinations of the MLA, contending the law does not authorize the Bureau to examine financial institutions for compliance with the MLA. In response, a bipartisan coalition of 33 state Attorneys General sent a letter to then acting Director, Mick Mulvaney, expressing concern over the decision (covered by InfoBytes here).
The letter from Waters, who is expected to be the next chair of the House Financial Services Committee, and the other 22 Democratic members of the Committee, argues that “there is no question the [CFPB] has the authority and the responsibility to supervise its regulated entities for compliance with the MLA.” As support, the letter cites to the Bureau’s authority to oversee a “wide range of regulated entities,” the establishment of the Bureau’s Office of Servicemember Affairs, and the 2013 amendments to the MLA, which gave the Bureau the authority to enforce the act. The letter also points to the Bureau’s work obtaining $130 million in relief for servicemembers, veterans, and their families through enforcement actions, as well as the 109 complaints the Bureau has received from military consumers since 2011.
On December 10, the CFPB released a new proposed policy on No-Action Letters (NAL) and a new federal product sandbox. The new NAL proposal, which would replace the 2016 NAL policy, is “designed to increase the utilization of the Policy and bring certain elements more in line with similar no-action letter programs offered by other agencies.” The proposal consists of six sections. Highlights include:
- Description of No-Action Letters. The letter would indicate to the applicant, that subject to good faith, substantial compliance with the terms of the letter, the Bureau would not bring a supervisory or enforcement action against the recipient for offering or providing the described aspects of the product or service covered by the letter.
- Submitting Applications. The proposal includes a description of the items an application should contain and invites applications from trade associations on behalf of their members, and from service providers and other third parties on behalf of their existing or prospective clients.
- Assessment of Applications. The Bureau intends to grant or deny an application within 60 days of notifying the applicant that the application is deemed complete.
- Issuing No-Action Letters. NALs will be signed by the Assistant Director of the Office of Innovation or other members in the office, and will be duly authorized by the Bureau. The Bureau may revoke a NAL in whole or in part, but before the Bureau revokes a NAL, recipients will have an opportunity to cure a compliance failure within a reasonable period.
- Regulatory Coordination. In order to satisfy the coordination requirements under Dodd-Frank, the Bureau notes it is interested in partnering with state authorities that issue similar forms of no-action relief in order to provide state applicants an alternative means of also receiving a letter from the Bureau.
- Disclosure of Information. The Bureau intends to publish NALs on its website and in some cases, a version or summary of the application. The Bureau may also publish denials and an explanation of why the application was denied. The policy notes that disclosure of information is governed by the Dodd-Frank Act, FOIA and the Bureau’s rule on Disclosure of Records and Information, which generally would prohibit the Bureau from disclosing confidential information.
Notable changes from the 2016 NAL policy include, (i) NALs no longer have a temporal duration—under the new proposal, there is no temporal limitation except in instances of revocation; (ii) applicants are no longer are required to commit to sharing data about the product or service covered by the application; and (iii) the letters are no longer staff recommendations, but issued by authorized officials in the Bureau to provide recipients greater assurance of the relief.
The proposal also introduces the Bureau’s “Product Sandbox,” which offers substantially the same relief as the NAL proposal but also includes: (i) approvals under one or more of three statutory safe harbor provisions of TILA, ECOA, or the EFTA; and (ii) exemptions by order from statutory provisions of ECOA, HOEPA, and FDIA, or regulatory provisions that do not mirror statutory provisions under rulemaking authority. The proposal notes that two years is the expected duration for participation in the Sandbox, but similar to the no-action relief above, the no-action relief from the Sandbox program can be of unlimited duration—if approved under the sandbox program, “the recipient would be immune from enforcement actions by any Federal or State authorities, as well as from lawsuits brought by private parties.”
Comments on the proposals are due within 60 days of publication in the Federal Register.
NYDFS and international bank enter into second supplemental consent order over BSA/AML compliance deficiencies
On November 21, NYDFS and an international bank entered into a second supplemental consent order covering its settlement over alleged deficiencies in the bank’s Bank Secrecy Act/anti-money laundering and Office of Foreign Assets Control (OFAC) compliance program controls. As previously covered by Infobytes, in 2012, the bank agreed to engage an independent on-site monitor for 24 months to evaluate the New York branch’s BSA/AML and OFAC compliance programs and operations and was issued a $340 million civil money penalty. In 2014 NYDFS issued a subsequent consent order outlining the monitor’s findings, including reports of significant failures in the bank’s transaction monitoring. The 2014 order extended the engagement of the monitor for another two years, outlined remedial measures to address continued deficiencies, and required the bank to pay an additional $300 million civil money penalty. In April 2017, NYDFS and the bank entered into the first supplemental consent order to modify the 2012 and 2014 orders, acknowledging the bank made significant improvements in its BSA/AML compliance program but extended the monitor through December 2018 with all the other terms and conditions of the 2012 and 2014 consent orders remaining in full effect.
Now, beginning January 1, 2019, the second supplemental order issued by NYDFS requires the bank to engage an independent consultant, selected by the regulator, for a period of up to one year, with a possible extension of one additional year, to provide guidance for completing remediation called for in the 2012 and 2014 consent orders. In response to the second supplemental order, the bank stated it remained “committed to completing the remaining tasks necessary for that remediation.”
FDIC releases September enforcement actions, including breaches of fiduciary duty and BSA violations
On October 26, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in September. Included among the actions is a removal and prohibition and civil money penalty assessment issued against a bank’s president, CEO and board chairman (in his individual capacity as an institution-affiliated party) of a Florida-based bank for allegedly engaging in unsafe or unsound practices and breaches of fiduciary duty while employed by the bank. Among other claims, the respondent allegedly created a conflict of interest when he operated a consumer finance company, which he personally owned, out of one of the bank's branches. The FDIC contends that the respondent (i) operated the company through the utilization of bank property and staff without reimbursing the bank; (ii) issued loans to bank customers through the company; (iii) repaid the company using overdraft funds from customers’ bank accounts; and (iv) “caused the release and sale of bank collateral without full repayment to the bank when a portion of the sale proceeds were being used to pay on a finance company loan.” According to the FDIC, the respondent failed to disclose his actions to the bank’s board of directors as required by state law and a consent order the bank entered into in July 2010.
Additionally, a consent order was issued to a South Carolina bank related to alleged weaknesses in its Bank Secrecy Act (BSA) compliance program. The bank was ordered to, among other things, (i) revise and implement internal controls and policies and procedures for BSA compliance, including suspicious activity monitoring and reporting and customer due diligence procedures; (ii) perform an enhanced risk assessment of the bank’s operations; and (iii) take necessary steps to correct or eliminate all cited violations, such as conducting independent testing and implement effective BSA training programs.
There are no administrative hearings scheduled for November 2018. The FDIC database containing all 24 enforcement decisions and orders may be accessed here.
On October 22, the Federal Reserve Board (Board) entered into a written agreement with an Oklahoma state chartered bank, which outlines a compliance proposal to “maintain the financial soundness” of the bank. The agreement requires the bank to submit, within 60 days, written plans to improve various aspects of the bank’s functions including, but not limited to, (i) internal controls; (ii) credit risk management; (iii) liquidity and funds management; (iv) interest rate risk management; (v) information technology/cybersecurity; and (vi) BSA/AML compliance. The agreement also prevents the bank from extending, renewing, or restructuring any credit for any borrower whose loans or other extensions of credit were part of the Board’s examination critiques, without prior approval from the board of directors, who are required to document the reasons for the credit extension and certify its compliance with the terms of the agreement.
On August 24, 13 state banking supervisors sent a letter asking congressional leaders “to consider legislation that creates a safe harbor for financial institutions to serve state-compliant [marijuana] business, or entrusts sovereign states with the full oversight and jurisdiction of marijuana-related activity.” According to the letter, while 31 states, the District of Columbia, and two territories have legalized medical and/or recreational marijuana use as of August 1, many financial institutions choose not serve marijuana businesses due to a perceived threat of asset forfeitures or criminal penalties. The letter notes that this results in inadequate regulation, cash transactions that are difficult to track, “a diminished ability to identify operators acting to circumvent federal and state licensing and regulatory frameworks,” and concerns for public safety. In addition, according to the state regulators, the rescission of the 2013 “Cole Memo”—which outlined the DOJ’s marijuana enforcement priorities and was relied upon by a limited number of financial institutions—has led to greater uncertainty for banks that serve marijuana businesses. The letter also discusses the Financial Crimes Enforcement Network’s 2014 guidance—which clarifies expectations under the Bank Secrecy Act for financial institutions providing services to marijuana businesses—and further stresses that “the Rohrabacher amendment prohibiting federal funds being used to inhibit state medicinal marijuana programs [is] an impermanent approach that requires a permanent resolution.”
In July, and as previously covered in InfoBytes, the New York Department of Financial Services (NYDFS) issued guidance which encouraged New York state chartered banks and credit unions to consider establishing relationships with regulated and compliant medical marijuana and industrial hemp-related businesses operating in New York. NYDFS stated it will not impose any regulatory action on a New York financial institution that establishes a relationship with a regulated marijuana business as long as the institution also complies with other applicable guidance and regulations.
According to reports citing “internal agency documents,” acting Director of the CFPB Mick Mulvaney intends to cease supervisory examinations of the Military Lending Act (MLA), contending the law does not explicitly prescribe the Bureau the authority to examine financial institutions for compliance with the MLA. In 2013, amendments to the MLA granted enforcement authority to the same agencies with administrative enforcement power under TILA, including the Bureau, but these amendments did not also provide these same agencies with the statutory authority to supervise institutions for compliance with the MLA. The Bureau currently includes the MLA in the statutory- and regulation-based procedures section of the Supervision and Examination Manual and has not released a formal statement in response to reports of this supervisory change.
In August, the CFPB released an updated version of the Supervision and Examination Manual, which includes minor changes to the workpapers section of the examination process and an updated scope summary template. According to the manual, workpapers are the records documenting the review conducted by examiners to reach conclusions about the financial institution’s compliance with federal consumer protection laws. The manual emphasizes that “[a]ll information collected and all records created during the review that are used to support findings and conclusions could potentially be included in the workpapers” and all workpapers must be reviewed and signed off by the examiner in charge. The Bureau requires all workpapers and related documentation to be maintained in electronic form.
On July 24, the Washington Department of Financial Institutions adopted new mortgage-related provisions of the state’s Consumer Loan Act (CLA). In addition to technical changes and certain definition modifications, the rulemaking, among other things, (i) adds a requirement that if electronic records are stored using a closed service, the service must be located in the U.S. or its territories; (ii) prohibits certain servicing activities, such as receiving payments and collection activities, from being conducted outside the U.S. or its territories; and (iii) requires servicers to maintain a compliance management system with the functionalities that are described in the CFPB’s Supervision and Examination Manual. The rulemaking is effective September 1.
NYDFS encourages New York state chartered financial institutions to establish relationships with medical marijuana businesses
On July 3, the New York Department of Financial Services (NYDFS), at the direction of Governor Andrew Cuomo, released guidance encouraging New York state chartered banks and credit unions to consider establishing relationships with regulated and compliant medical marijuana and industrial hemp-related businesses operating in New York. According to the guidance, these businesses often rely solely on cash to conduct transactions, because of a lack of access to traditional financial services. The press release announcing the guidance cites to the New York Compassionate Care Act, enacted in 2014, which provides medical patients suffering from “debilitating symptoms and diseases” access to, under strict requirements, medical marijuana. NYDFS is encouraging New York financial institutions to form appropriate banking relationships with these business, because “[p]roviding access to regulated banking services is an essential part of taking the legal cannabis industry out of the shadows and establishing it as a transparent, regulated, tax-paying part of our economy, and a necessary part of fulfilling the goal of relieving the suffering of seriously ill patients.”
NYDFS will not impose any regulatory action on a New York financial institution that establishes a business relationship with legal medical marijuana and industrial hemp-related businesses, as long as the institution also complies with other applicable guidance and regulations, such as the Financial Crimes Enforcement Network’s 2014 guidance—which clarifies expectations under the Bank Secrecy Act (BSA) for financial institutions providing services to these businesses.
- Buckley Webcast: Tips for this year’s FHA annual recertification and what the shutdown means
- Jessica L. Pollet to discuss "Your career is impacting your life..." at the Ark Group Women Legal Conference
- Melissa Klimkiewicz to discuss "RESPA-compliant marketing" at NEXT
- Daniel P. Stipano to provide "Update on AML/SAR reporting and enforcement" at an Mortgage Bankers Association webinar
- Daniel P. Stipano to discuss "Dynamic customer due diligence and beneficial ownership from KYC to ongoing CDD and the new rule implementation" at the Puerto Rican Symposium of Anti-Money Laundering
- Jon David D. Langlois to discuss "Successors in interest updates" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Melissa Klimkiewicz to discuss "Servicing super session" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Moorari K. Shah to provide "Regulatory update – California and beyond" at the National Equipment Finance Association Summit
- Daniel P. Stipano to discuss "Lessons learned from ABLV and other major cases involving inadequate compliance oversight" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "A year in the life of the CDD final rule: A first anniversary assessment" at the ACAMS International AML & Financial Crime Conference