Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 16, the FDIC issued an advance notice of proposed rulemaking (ANPR) and request for comment on modifications to its resolution planning framework (known as living wills) for insured depository institutions with over $50 billion in assets. According to the FDIC, the ANPR is considering three changes to streamline the process: (i) creating tiered planning requirements for living wills based on an institution’s size, complexity, and other factors; (ii) revising the frequency and required content of resolution plan submissions, including eliminating living will submission requirements for certain smaller and less complex institutions; and (iii) improving communication between the FDIC and banks on resolution planning. According to a statement issued by FDIC Chairman Jelena McWilliams, the ANPR also proposes two alternative concepts for consideration: “Broadly, either approach would require large, complex institutions to continue to submit periodic resolution plans, streamlined compared to the existing plans. Institutions that are relatively smaller and less complex but still subject to the rule would no longer need to submit actual plans, but would still be subject to periodic engagement and capabilities testing.” Comments on the ANPR are due 60 days after publication in the Federal Register.
On April 8, the Federal Reserve Board announced a notice of proposed rulemaking and request for comment (NPRM) seeking to modify its regulation of the regulatory capital requirements for U.S. subsidiaries of foreign banking organizations. Chairman Jerome Powell referred to a proposal issued last fall for refining regulations for domestic banking firms based on risk profiles (previously covered by InfoBytes here), and noted that “because the U.S. operations of most foreign banks tend to have a larger cross-border profile, greater capital markets activities, and higher levels of short-term funding, they often present greater risk than a simpler, more traditional domestic bank.”
The NPRM builds upon the Federal Reserve’s framework for U.S. firms announced last fall, and states that foreign banking organizations with $100 billion or more in U.S. assets would be assigned to one of three categories based on the size of their U.S. operations as well as the following risk-based indicators: “cross-jurisdictional activity, nonbank assets, off-balance sheet exposure, and weighted short-term wholesale funding.” Under the proposal, foreign banking organizations would be classified into the following three categories: (i) Category II: foreign banking organizations with U.S. assets exceeding $700 billion or $75 billion in cross-border activity; (ii) Category III: foreign banking organizations with more than $250 billion in U.S. assets that also exceed certain risk thresholds; and (iii) Category IV: foreign banking organizations with U.S. assets between $100 billion and $250 billion and minimal risk factors. Category I would be reserved for U.S.-based global systemically important banks.
A second proposal issued the same day by the Federal Reserve Board, the FDIC, and the OCC (collectively, the “Agencies”) requests comment on, among other things, whether the Agencies should extend standardized liquidity requirements to foreign banking organizations’ U.S.-based branches and agency networks as well as approaches for doing so.
Comments on both proposals are due June 21.
5th Circuit: District courts lack jurisdiction over claims arising from FDIC enforcement proceedings
On March 28, the U.S. Court of Appeals for the 5th Circuit held that federal district courts lacked subject matter jurisdiction over claims arising out of certain FDIC enforcement proceedings. According to the opinion, the FDIC brought two enforcement actions against the bank and its directors (plaintiffs), alleging violations of various banking laws and regulations, which resulted in civil money penalties and cease-and-desist orders. The plaintiffs petitioned the 5th Circuit for review. While the first appeal was pending, the plaintiffs filed a lawsuit in federal district court alleging the FDIC committed constitutional violations during the enforcement actions. Specifically, the plaintiffs alleged that the FDIC (i) targeted the bank due to the bank president’s age and denied it equal protection; and (ii) violated due process by preventing the plaintiffs from offering certain evidence and preventing the president’s ability to talk with his counsel at certain times. These allegations were raised and rejected during the FDIC’s second enforcement proceeding. The FDIC moved to dismiss the action for a lack of subject matter jurisdiction, asserting that the statutory review process precludes district court jurisdiction over actions arising from enforcement proceedings. The district court agreed and dismissed the action without prejudice, indicating that the bank could assert its claims in the district court on direct review of the agency’s final order. The bank appealed.
On appeal, the 5th Circuit noted that the language in the statute “virtually compels” it to concede that Congress intended to preclude district court jurisdiction over claims against the FDIC arising from enforcement proceedings. The appellate court then addressed whether the claims raised by the plaintiffs were the type of claims Congress intended to be reviewed within the statutory scheme. The appellate court determined that the Federal Deposit Insurance Act allows for “meaningful judicial review,” by authorizing review of challenges to a final agency order by a federal circuit court. Moreover, the court rejected the plaintiffs’ argument that its claims are “wholly collateral” to the administrative order because they did not challenge the merits of the order but rather, the claims “arise directly from alleged irregularities in the agency enforcement proceedings.” Lastly, the court found that the plaintiffs’ constitutional claims do not fall outside of the agency’s expertise. Based on the foregoing, the court found that the district court correctly dismissed the action.
On April 2, the FDIC, Federal Reserve Board, and the OCC (together, the “Agencies”) released a joint statement announcing a notice of proposed rulemaking (NPR) to limit the “interconnectedness” of large banking organizations and reduce systemic risk resulting from the failure of global systemically important bank holding companies (GSIBs), certain intermediate holding companies, and GSIB foreign banking organizations. Among other measures, the NPR proposes that, to discourage GSIBs and advanced approaches banking organizations (generally firms with total consolidated assets of $250 billion or more or at least $10 billion in on-balance sheet foreign exposure) from purchasing large amounts of unsecured debt issued by GSIBs, the Agencies propose to subject these investments “to deduction from the . . . organization’s own regulatory capital.” This debt, the Agencies note in the statement, is used to recapitalize the GSIB during bankruptcy or resolution as a result of failure, and the proposal is intended to reduce both interconnectedness within the financial system and systemic risk. Comments on the NPR are due 60 days after publication in the Federal Register.
On March 29, the FDIC Board of Directors approved proposals to amend two rules, which would simplify the process for making deposit insurance determinations in the event a bank enters receivership. The first proposal amends Part 370 of the FDIC’s Rules and Regulations for “Recordkeeping for Timely Deposit Insurance Determination,” to address issues raised during implementation of the final rule adopted in November 2016 (covered by InfoBytes here). Among other things, the proposal provides an optional one-year extension of the rule’s compliance date of April 1, 2020. The second proposal amends Part 330, which would allow satisfaction of proof of co-ownership for deposits of a joint account to be insured separately from deposits in respective individual accounts, to be established by other information contained in deposit account records, and not solely by signed signature cards of each co-owner. Comments on each proposal will be due within 30 days of publication in the Federal Register.
On April 2, the FDIC issued Financial Institution Letter FIL-19-2019 (Technology Service Provider Contracts), which describes examiner observations about gaps in financial institutions’ contracts with technology service providers (TSPs) that may require financial institutions to take additional steps to manage business continuity and incident response. Although not specifically referenced in FIL-19-2019, this latest FDIC guidance echoes themes set forth in the FDIC’s Office of Inspector General (OIG) Audit Report released in 2017 (covered in Infobytes here). Specifically, examiners noted contractual deficiencies in recent reports of examination, including failing to: (i) adequately define rights and responsibilities regarding business continuity and incident response, or provide sufficient detail to allow financial institutions to manage those processes and risks; (ii) consistently require TSPs to maintain a business continuity plan, establish data recovery standards, and commit to contractual remedies if the TSP missed a data recovery standard; (iii) sufficiently detail the TSP’s security incident responsibilities such as notifying the financial institution, regulators, or law enforcement; and (iv) clearly define key terms used in contractual provisions relating to business continuity and incident response.
FIL-19-2019 further stresses that supervised institutions are required to comply with the Interagency Guidelines Establishing Information Security Standards promulgated pursuant to the GLBA, which among other things sets forth expectations for managing TSP relationships through contractual terms and ongoing monitoring. The FDIC references prior guidance establishing regulatory expectations, including: (i) Guidance for Managing Third-Party Risk (FIL-44-2008, issued June 6, 2008); and (ii) the Business Continuity Booklet set forth in the FFIEC IT Examination Handbook, which was updated in February 2015 to include a new appendix specific to managing service provider risks (Appendix J: Strengthening the Resilience of Outsourced Technology Services). FIL-19-2019 also contains a reminder to depository institutions that the Bank Service Company Act requires depository institutions to provide written notice to their respective federal banking agency of contracts or relationships with TSPs that provide certain services, including check and deposit sorting and posting, computation and posting of interest, preparation and mailing of checks or statements, and other clerical, bookkeeping, accounting, statistical, or similar functions such as data processing, Internet banking, or mobile banking services.
On March 25, the OCC, Federal Reserve Board, FDIC, NCUA, and the Conference of State Bank Supervisors (collectively, the “agencies”) issued a joint statement providing guidance to financial institutions impacted by flooding in the Midwest. In the statement, the agencies encourage lenders to work with borrowers in impacted communities and to consider, among other things (i) modifying existing loans based on the facts and circumstances; and (ii) requesting expedited approval to operate temporary bank facilities if faced with operational difficulties. The agencies ask institutions to contact their appropriate federal and/or state regulator if they experience disaster-related difficulties complying with publishing or regulatory reporting requirements. The agencies further note that institutions may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The statement also provides links to previously issued examiner guidance for institutions affected by major disasters.
Find continuing InfoBytes coverage on disaster relief here.
On March 18, the FDIC published a final rule to rescind and remove 12 CFR Part 350, Disclosure of Financial and Other Information By FDIC-Insured State Nonmember Banks. Effective April 17, all insured state nonmember banks and insured state-licensed branches of foreign banks will no longer be subject to the annual disclosure statement requirement set out in the existing regulations. The FDIC’s rescission and removal is an attempt by the FDIC to simplify its regulations and “remov[e] unnecessary or redundant regulations.” The FDIC concluded that Part 350 is “outdated and no longer necessary” because information technology advancements now provide the public with direct access to information on the condition and performance of individual banks.
On March 15, the FDIC announced a settlement with an accounting firm to resolve a professional negligence action stemming from allegations that the firm failed to detect a massive mortgage fraud in its audits of an Alabama-based bank that failed in 2009. According to a July 2018 order entered by the U.S. District Court for the Middle District of Alabama, the court originally ruled that the accounting firm owed more than $625 million in damages for negligent audits. The court’s findings, among other things, determined that the firm “did not design its audits to detect fraud,” which prevented it from detecting the mortgage fraud scheme.
One member of the FDIC Board, Martin J. Gruenberg, released a statement noting that he “voted against authorizing the settlement because the settlement did not include a written admission of liability” from the accounting firm.
On March 15, five federal agencies—the FDIC, FHFA, Federal Reserve Board, OCC, and Farm Credit Administration (collectively, the “Agencies”)—adopted an interim final rule amending the agencies’ regulations that require swap dealers and security-based swap dealers under the Agencies’ respective jurisdictions to exchange margin with their counterparties for swaps that are not centrally cleared (Swap Margins Rule). The interim final rule seeks to address the situation where the United Kingdom withdraws from the European Union without a negotiated agreement and entities located in the U.K. transfer existing swap portfolios that face counterparties located in the E.U. over to affiliates located in the U.S. or the E.U. Specifically, the interim final rule provides that certain swaps under this situation will not lose their “legacy” status—will not trigger the application of the Swap Margin Rule—if carried out in accordance with the conditions of the rule. The interim final rule is effective immediately and the Agencies are accepting comments for 30 days after publication in the Federal Register.
- Buckley Webcast: Maintaining privilege in cross-border internal investigations
- Moorari K. Shah to discuss "State regulatory and disclosures" at the Equipment Leasing and Finance Association Legal Forum
- Daniel P. Stipano to discuss "The state of the BSA 2019: What’s working, what’s not, and how to improve it" at the West Coast Anti Money-Laundering Forum
- Buckley Webcast: The future of the Community Reinvestment Act
- Hank Asbill to discuss "Creative character evidence in criminal and civil trials" at the Litigation Counsel of America Spring Conference & Celebration of Fellows
- Buckley Webcast: Amendments to the CFPB's proposed debt collection
- Brandy A. Hood to discuss "Flood NFIP in the age of extreme weather events" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Michelle L. Rogers to discuss "UDAAP compliance" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Major state law developments" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Leveraging big data responsibly" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "State examination/enforcement trends" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- Benjamin K. Olson to discuss "LO compensation" at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference
- APPROVED Webcast: State and SAFE Act licensing requirements for banks
- John C. Redding to discuss "TCPA compliance in the era of mobile" at the Auto Finance Risk Summit
- Buckley Webcast: The next consumer litigation frontier? Assessing the consumer privacy litigation and enforcement landscape in 2019 and beyond
- Buckley Webcast: Data breach litigation and biometric legislation
- Buckley Webcast: Trends in e-discovery technology and case law
- Hank Asbill to discuss "Pay no attention to the man behind the curtain: Addressing prosecutions driven by hidden actors" at the National Association of Criminal Defense Lawyers West Coast White Collar Conference
- Daniel P. Stipano to discuss "Keep off the grass: Mitigating the risks of banking marijuana-related businesses" at the ACAMS AML Risk Management Conference
- Daniel P. Stipano to discuss "Mid-year policy update" at the ACAMS AML Risk Management Conference
- Benjamin W. Hutten to discuss "Requirements for banking inherently high-risk relationships" at the Georgia Bankers Association BSA Experience Program