Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule to align Bank Secrecy Act (BSA) requirements applicable to most banks with the requirements applicable to banks lacking a “federal functional regulator.” In particular, the final rule will require all non-federally regulated banks — including private banks, non-federally insured credit unions, and certain trust companies — to establish and implement anti-money-laundering (AML) programs and customer identification programs (CIP).
On September 16, the Financial Crimes Enforcement Network (FinCEN) issued an Advance Notice of Proposed Rulemaking (ANPRM) soliciting comments on questions concerning potential regulatory amendments under the Bank Secrecy Act (BSA). According to the ANPRM, the proposed amendments “are intended to modernize the regulatory regime to address the evolving threats of illicit finance, and provide financial institutions with greater flexibility in the allocation of resources, resulting in the enhanced effectiveness and efficiency of anti-money laundering programs.” The ANPRM stems from FinCEN’s evaluation of recommendations received from the Bank Secrecy Act Advisory Group, which was established in 2019 to develop recommendations for strengthening the national AML regime. The ANPRM proposes, among other things, that all covered financial institutions subject to ALM program regulations would be required to maintain an “effective and reasonably designed” AML program that: (i) “assesses and manages risk as informed by a financial institution’s risk assessment, including consideration of [AML] priorities to be issued by FinCEN consistent with the proposed amendments”; (ii) “provides for compliance with [BSA] requirements”; and (iii) “provides for the reporting of information with a high degree of usefulness to government authorities.” The ANPRM also seeks comments on whether an explicit requirement for a risk assessment process should be established within the AML program regulations, as well as whether FinCEN’s director should issue a list of national AML priorities (tentatively titled “Strategic Anti-Money Laundering Priorities”) every two years. Comments are due by November 16.
On September 15, the CFPB released its “Outline of Proposals Under Consideration and Alternatives Considered” (Outline) for implementing the requirements of Section 1071 of the Dodd-Frank Act, which instructs the Bureau to collect and disclose data on lending to women and minority-owned small businesses. The detailed Outline describes the proposals under consideration and discusses other relevant laws, the regulatory process, and potential economic impacts. The Bureau also released a high-level summary of the Outline. Highlights of the proposals include:
- Scope. The Bureau is considering proposing that the data collection and reporting requirements would apply only to applications for credit by a small business. Financial institutions would not be required to collect and report data for women- and minority-owned businesses that are not considered “small,” as defined by the Small Business Act and the Small Business Administration’s (SBA) implementing regulations.
- Covered Lenders. The Bureau is considering proposing a broad definition of “financial institution” that would apply to a variety of entities engaged in small business lending, but is also considering proposing exemptions based on either a size-based (examples include $100 million or $200 million in assets), or activity-based threshold (examples range from 25 loans or $2.5 million to 100 loans or $10 million), or both.
- Covered Products. The Bureau is considering proposing exemptions from the definition of “credit” to include consumer-designated credit, leases, factoring, trade credit, and merchant cash advances.
- Application. Because an “application” would trigger requirements under Section 1071, the Bureau is considering proposing a definition that is largely consistent with Regulation B; however, the Bureau is also considering “clarifying circumstances,” such as inquiries/prequalifications, that would not be reportable.
- Data Points. The Bureau is considering a range of data points for collection, including, in addition to the mandatory data points required by Section 1071, “discretionary data points” to aid in fulfilling the purposes of Section 1071: “pricing, time in business, North American Industry Classification System (NAICS) code, and number of employees.”
- Privacy. The Bureau is considering using a “balancing test” for public disclosure of the data. Specifically, data “would be modified or deleted if its disclosure in unmodified form would pose risks to privacy interests that are not justified by the benefits of public disclosure.”
Additionally, the Bureau will convene a panel, as required by the Small Business Regulatory Enforcement Fairness Act (SBREFA), in October 2020 to “consult small entities regarding the potential impact of the proposals under consideration.” Feedback on the proposals is due no later than December 14.
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule, under its sole authority, to remove the anti-money laundering (AML) program exemption for non-federally regulated banks. According to FinCEN, the rulemaking was prompted by the “gap in AML coverage” between banks that have a federal functional regulator and those that do not, which has created “a vulnerability to the U.S. financial system that could be exploited by bad actors.” The final rule would bring non-federally regulated banks that are currently required to comply with certain Bank Secrecy Act (BSA) obligations, such as filing currency transaction reports and suspicious activity reports to detect unusual activity, into compliance with the same standards applicable to all other banks. Specifically, the final rule outlines minimum standards for non-federally regulated banks to ensure the establishment and implementation of required AML programs, and extends customer identification program (CIP) requirements, as well as beneficial ownership requirements outlined in FinCEN’s 2016 customer due diligence (CDD) rule (covered by InfoBytes here), to banks not already subject to these requirements. FinCEN believes that non-federally regulated banks will be able to take a risk-based approach when tailoring their AML and CIP programs to fit their size, needs, and operational risks, and that those banks should be able to build on “existing compliance policies and procedures and prudential business practices to ensure compliance. . .with relatively minimal cost and effort.” The final rule takes effect November 16.
For more details, please see a Buckley Special Alert on the final rule.
On September 10, the OCC issued Bulletin 2020-81 to address sound risk management principles concerning loan purchase activities. The OCC reminded banks that loan purchase activities “are subject to certain regulatory standards and long-standing risk management guidelines,” and that banks are expected to engage in these activities “in a safe and sound manner and in compliance with applicable accounting standards, laws, and regulations.” Banks should also ensure loan purchase activities align with strategic plans and are supported by sound risk management systems, the OCC added. The Bulletin includes examples of sound risk management of loan purchase activities, such as (i) developing well-defined strategic plans; (ii) conducting underwriting analysis and due diligence of loans prior to purchase; (iii) evaluating ways loan purchase activities may affect “credit, strategic, reputation, interest rate, liquidity, compliance, and operational risks”; and (iv) ensuring policies and procedures “support effective processes for engaging in loan purchase activities.” Other topics addressed include credit administration, such as due diligence and independent credit analysis, loan portfolio and pool purchases, and recourse arrangements. The OCC also emphasized that because entering into new, modified, or expanded products or services may alter a bank’s risk profile, “bank management should engage in sound risk management to identify, measure, monitor, and control the risks associated with new loan purchase activities.”
On September 9, the OCC announced an updated version of its “Federal Branches and Agencies” booklet of the Comptroller’s Licensing Manual. According to Bulletin 2020-80, the revised booklet clarifies and updates the OCC’s policies and processes covering the establishment, operations, and other corporate activities of federally licensed offices of foreign banks, including (i) notice and application filing requirements; (ii) decision factors and criteria; and (iii) removal of internal licensing procedures.
On September 4, HUD released the final rule amending agency’s interpretation of the Fair Housing Act’s disparate impact standard (also known as the “2013 Disparate Impact Regulation”). The final rule, among other things, seeks to (i) codify the burden-shifting framework from the 2015 Supreme Court ruling in Texas Department of Housing and Community Affairs v. Inclusive Communities Project, Inc. (covered by a Buckley Special Alert); (ii) create a uniform standard for determining when a policy or practice has a discriminatory effect in violation of the Fair Housing Act; and (iii) codify HUD’s position that its rule is not intended to infringe on the states’ regulation of insurance. Based on public feedback, the final rule largely adopts the August 2019 proposed rule (covered by InfoBytes here) with a number of clarifying and substantive changes.
A Special Alert from Buckley on the details of the final rule will soon be available.
On August 21, the FDIC announced a proposal to amend the agency’s Guidelines for Appeals of Material Supervisory Determinations (Guidelines) and establish a new, independent Office of Supervisory Appeals (Office) that would replace the current Supervision Appeals Review Committee. The new Office, which will have final authority to resolve appeals, would be independent from other divisions within the FDIC that have authority to issue material supervisory determinations. According to the release, to promote the Office’s independence, the FDIC intends to recruit externally and employ reviewing officials on a part-time or intermittent, time-limited basis. The proposal also includes modifications to the procedures and timeframes regarding when determinations underlying formal enforcement-related actions may be appealed.
Among other things, the proposal would update the Guidelines to clarify that for purposes of the supervisory appeals process, a formal enforcement-related action begins, and appeal rights are temporarily unavailable, when the FDIC: (i) initiates a formal investigation; (ii) issues a notice of charges or notice of assessment, as applicable; (iii) provides an institution with a draft consent order; or (iv) provides written notice stating “that the FDIC is reviewing the relevant facts and circumstances to determine whether a formal enforcement action is merited.” Under the proposal, should the FDIC provide written notice that it is determining whether a formal enforcement action is merited, the agency would be required to provide the institution with a draft consent order within 120 days, as well as an opportunity to engage in settlement negotiations. If the FDIC fails to provide the institution with a draft consent order within the initial 120-day period, supervisory appeal rights would become available to the institution. If a settlement is not reached, the FDIC would have 90 days to issue a notice of charges or assessment or open an order of investigation, or the institution’s supervisory appeal rights would be made available. In either case, once supervisory appeal rights are made available, the institution would have 60 days to file an appeal, which is consistent with the standard timeline for appealing a material supervisory determination. If the institution agrees to the consent order, “then the matter would be resolved and the need for an appeal would be obviated.”
If the proposal is adopted, institutions “would continue to be encouraged to make good-faith efforts to resolve disagreements with examiners or the appropriate regional office or division director.” However, if an institution is unable to resolve a disagreement regarding a material supervisory determination through such efforts, it would be able to appeal that determination to the Office.
Chairman Jelena McWilliams commented that the while the proposal retains several aspects of the existing appeals process—for example, the burden of proof on appeal will continue to rest with the institution—the “proposal seeks to establish a fair, independent process for a bank to appeal material supervisory decisions,” which is “key to promoting consistency among examiners across the country, ensuring accountability at the agency, and, ultimately, maintaining stability and public confidence in the nation’s financial system.” McWilliams added that she does not expect the proposed changes to result “in an avalanche of appeals.”
Comments on the proposal will be accepted until October 20.
On August 24, the FTC announced several Notices of Proposed Rulemaking (NPRM) intended to clarify that five Fair Credit Reporting Act (FCRA) rules promulgated by the FTC will now apply only to motor vehicle dealers. The NPRMs also propose non-substantive amendments to correspond to changes made to the FCRA by the Dodd-Frank Act, and will apply to the following rules:
- Address Discrepancy Rule. This rule requires users of consumer reports to implement policies and procedures for, among other things, handling notices of address discrepancy received from a nationwide consumer reporting agency (CRA) and furnishing an address for a consumer that a “user has reasonably confirmed as accurate to the CRA from whom it received the notice.” The proposed amendments narrow the scope of the rule to motor vehicle dealers excluded from CFPB jurisdiction.
- Affiliate Marketing Rule. This rule provides consumers the right to restrict a person from using certain information obtained from an affiliate to make solicitations to the consumer. While the proposed amendments narrow the scope of the rule to “motor vehicle dealers” excluded from CFPB jurisdiction, they retain the substantive provisions of the rule because they “addresses the relationship between covered motor vehicle dealers and their affiliates, which may not be motor vehicle dealers.”
- Furnisher Rule. Under this rule, furnishers are required to implement policies and procedures regarding the accuracy and integrity of the consumer information they provide to a CRA. The amendments propose changes including narrowing the rule’s scope to entities set forth in Dodd-Frank “that are predominantly engaged in the sale and servicing of motor vehicles, excluding those dealers that directly extend credit to consumers and do not routinely assign the extensions of credit to an unaffiliated third party.”
- Prescreen Opt-Out Notice Rule. This rule outlines requirements for those who use consumer reports to make unsolicited credit or insurance offers to consumers. The proposed amendments will narrow the scope of the rule to cover only motor vehicle dealers. The model form is unchanged from the previous model notice and is identical to the model notice used by the CFPB.
- Risk-Based Pricing Rule. Under this rule persons that use information from a consumer report to offer less favorable terms are required to provide a risk-based pricing notice to consumers about the use of such data. Under the proposed amendments, only motor vehicle dealers will be required to comply.
The FTC seeks feedback on the effectiveness of the five rules, including (i) whether there exists a continuing need for each rule’s specific provisions; (ii) what benefits have been provided to consumers under each rule; and (iii) should modifications be made to each rule in order to benefit consumers and businesses or to account for changes in relevant technology or economic conditions.
Comments are due 75 days after the NPRMs are published in the Federal Register.
On August 21, the CFPB released the Filing Instructions Guide for HMDA data collected in 2021 that must be reported in 2022. The guide states that there are no significant changes to the submission process and that the required data fields to be collected and reported have not changed. Instructions for quarterly reporting can be found in the Supplemental Quarterly Reporting Guide, which was issued the same day. As outlined in a statement issued in March (covered by InfoBytes here), institutions are reminded that as of March 26, 2020, and until further notice, the Bureau does not intend to cite in an examination or initiate an enforcement action against any institution for failure to report its HMDA data quarterly. However, entities should continue collecting and recording HMDA data in anticipation of making annual submissions.
- Daniel P. Stipano to discuss "Making customers whole: Trends in remediation and restitution expectations" at the American Bar Association Business Law Virtual Section Meeting
- Jonice Gray Tucker to discuss "Fairness gone viral: Fair lending considerations for financial institutions amid Covid-19" at the American Bar Association Business Law Virtual Section Meeting
- Daniel P. Stipano to discuss "High standards: Best practices for banking marijuana-related businesses" at the ACAMS AML & Anti-Financial Crime Conference
- Daniel P. Stipano to discuss "Wait wait ... do tell me! Where the panelists answer to you" at the ACAMS AML & Anti-Financial Crime Conference
- Matthew P. Previn and Walter E. Zalenski to discuss "Is valid when made ... valid?" at the Women in Housing & Finance Partner Series webinar
- Warren W. Traiger and Caroline K. Eisner to discuss "CRA modernization and the OCC final rule" at CBA Live
- Daniel R. Alonso to discuss "Transnational corruption: A chat with former U.S. federal prosecutors in New York" at Marval Live Talks
- Sherry-Maria Safchuk and Lauren Frank to discuss "New CFPB interpretation on UDAAP" at a California Mortgage Bankers Association Mortgage Quality and Compliance Committee webinar
- Thomas A. Sporkin to discuss "Managing internal investigations and advanced government defense" at the Securities Enforcement Forum
- Daniel R. Alonso to discuss "Independent monitoring in the United States" at the World Compliance Association Peru Chapter IV International Conference on Compliance and the Fight Against Corruption
- Jonice Gray Tucker to discuss "The future of fair lending" at the Mortgage Bankers Association Regulatory Compliance Conference
- Michelle L. Rogers to discuss "Major litigation" at the Mortgage Bankers Association Regulatory Compliance Conference
- Kathryn L. Ryan to discuss "Pandemic fallout – Navigating practical operational challenges" at the Mortgage Bankers Association Regulatory Compliance Conference
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute