Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • OCC releases February CRA evaluations for 31 banks, one “Needs to Improve”

    On March 1, the OCC released its Community Reinvestment Act (CRA) performance evaluations for last February. The OCC evaluated 31 national banks and federal savings associations under four ratings: Outstanding, Satisfactory, Needs to Improve, and Substantial Noncompliance. Of the 31 evaluations reported by the OCC, only one entity holds the lowest rating, a small bank in Indiana, which was rated “Needs to Improve.” Most entities were rated “Satisfactory,” and six entities were rated “Outstanding.” In an OCC FAQ regarding the implementation of the CRA, the OCC detailed how it evaluates and rates financial institutions by reviewing both the institution itself (such as its capacity, constraints, business strategies, competitors, and peers) and the community the institution it serves (such as its demographics, economic data, lending, investment, and service opportunities). 

    Bank Regulatory Supervision CRA OCC FAQs

  • FinCEN issues FAQs on PPP

    Federal Issues

    On January 12, FinCEN and the SBA issued FAQs on the Paycheck Protection Program (“PPP”), established under the CARES Act, to assist borrowers and lenders in interpreting the CARES act and the PPP Interim Final Rule. Among the issues addressed in the FAQs, FinCEN and the SBA provided guidance regarding whether under the CDD Rule, lenders are required to collect, certify, or verify beneficial ownership information for existing customers, stating that it is not necessary to re-verify “[i]f the PPP loan is being made to an existing customer, and the existing customer and the necessary information was previously verified. Additionally, FinCEN and the SBA addressed the question of whether a lender’s collection of the information required with respect to owners of 20% or greater interest in PPP applicants is sufficient to satisfy a lender’s obligation to collect beneficial ownership information under the Bank Secrecy Act. FinCEN and the SBA stated that for lenders with existing customers the lender does not need to reverify beneficial ownership information for owners that hold ownership interests of at least 20 percent, and with respect to new customers with the same ownership interest, all natural persons will need to provide the same information in order to satisfy BSA requirements. FinCEN also answered more FAQs on its April 2020 FAQs regarding the PPP on Second Draw PPP Loans, on BSA/AML compliances, and on SBA Procedural Notice 5000-835955, the last stating that a “PPP lender may reveal the existence of a SAR to the SBA when requesting a guaranty purchase (without charge-off) from the SBA.” 

    Federal Issues SBA FinCEN Department of Treasury PPP CARES Act Bank Secrecy Act Anti-Money Laundering Act of 2020

  • OCC issues State Small Business Credit Initiative 2.0 FAQs

    On January 8, the OCC issued Bulletin 2024-1, which provides responses to frequently asked questions regarding the state small business credit initiative (SSBCI). The SSBCI, run by the U.S. Department of the Treasury, facilitates access to capital for small businesses, supports credit and investment programs, and offers technical assistance for applying to SSBCI funding and other government programs. The FAQs address a variety of topics, including the types of credit and investment programs states may set up, including collateral support programs, capital access programs, and loan guarantee programs, among others; criteria to qualify as “underserved” for access to the credit; treatment of certain funds; program descriptions; and whether loans made through the program could be considered for Community Reinvestment Act purposes.

    Bank Regulatory Federal Issues OCC Small Business Lending FAQs

  • CFPB releases 2023 Ombudsman report

    Federal Issues

    On November 30, the CFPB Ombudsman’s Office published its annual report, which detailed inquiries handled by the office, included a new FAQ section, and described the second year of the Ombudsman’s post-examination survey of supervised entities. The Ombudsman reviewed some pertinent topics the CFPB faced in the past year, including recognizing imposter scams, distinguishing between new and duplicate consumer complaints, assisting consumers with diminished capacity, and helping the public contact the CFPB.

    In detail, and on recognizing imposter frauds, the Ombudsman provided CFPB resources and posted a blog on scam awareness in English and Spanish. On distinguishing between new and existing complaints, consumers expressed concern that the CFPB closed their cases without providing a reason or that the CFPB mistakenly identified complaints as duplicative. The report described the CFPB’s process for identifying duplicate complaints, noted consumers’ concerns, and indicated that the CFPB continues to review this issue. On assisting consumers with diminished capacity, the Ombudsman discussed challenges with third-party entities assisting with a case, as well as offering resources on power of attorney questions. And on helping the public contact the CFPB, the Ombudsman identified contact points that could improve, such as the CFPB’s website and telephone switchboard, and asked the CFPB to update the contact points. 

    Federal Issues CFPB FAQs Consumer Finance Ombudsman

  • Washington releases FAQs for My Health My Data Act

    Privacy, Cyber Risk & Data Security

    On June 20, the Washington attorney general published a series of Frequently Asked Questions (FAQs) related to the My Health My Data Act—a comprehensive health privacy law that provides broad restrictions on the use of consumer health data (covered by InfoBytes here). The FAQs include information on the law’s effective dates and applicability. According to the AG, “all persons, as defined in the Act, must comply with section 10 beginning July 23, 2023. Regulated entities that are not small businesses must comply with sections 4 through 9 beginning March 31, 2024. Small businesses, as defined in the Act, must comply with sections 4 through 9 beginning June 30, 2024. For sections 4 through 9, the effective dates apply to the entirety of the section and are not limited to the subsections in which the effective dates appear.” Additionally, the FAQs clarify that a business that is covered by the Act must provide a link to its consumer health data privacy policy on its homepage.

    The FAQs also address a potential conflict between Sections 6 and 9 of the Act regarding the right to delete and consumers’ authorizations to sell data, respectively. Section 9 mandates that any person, not just regulated entities, must obtain consumer authorization before selling or offering to sell their data. Both the seller and purchaser are required to retain a copy of the authorization, which may contain consumer health data for  six years. However, Section 6 stipulates that consumer health data should be deleted from a regulated entity’s network upon the consumer’s request. The FAQs advise that in cases where a consumer requests deletion under Section 6, any authorizations stored under Section 9 must be redacted to eliminate any information related to the data that was sold.

    Privacy, Cyber Risk & Data Security State Issues Washington Consumer Protection Medical Data State Attorney General

  • CFPB issues guidance on small business data collection

    Agency Rule-Making & Guidance

    On June 28, the CFPB released additional guidance to help financial institutions comply with the agency’s small-business lending data collection rule. The small business lending rule, which implements Section 1071 of the Dodd-Frank Act, requires financial institutions to collect and provide to the Bureau data on lending to small businesses with gross revenue under $5 million in their previous fiscal year. As previously covered by InfoBytes, the final rule prescribes a tiered compliance date schedule, with the earliest compliance date being October 1, 2024, for financial institutions that originate at least 2,500 covered small business loans in both 2022 and 2023 (financial institutions with lower origination amounts have later compliance dates).

    To aid financial institutions, the Bureau updated several frequently asked questions to provide additional clarity on who is covered by the small business lending rule and to explain that a financial institution that meets the origination threshold in each of the two immediately preceding calendar years is a covered financial institution, regardless of whether the financial institution has a branch or office in a metropolitan statistical area. The FAQs also (i) outline qualified covered credit transactions and exemptions; (ii) provide a detailed breakdown of the types of transactions a financial institution must count when determining whether it satisfies the origination threshold; (iii) discuss whether a financial institution that is not subject to HMDA reporting is required to count HMDA-reportable loans as covered originations; (iv) address how to count a covered origination if multiple financial institutions were involved in originating the covered credit transaction or when a covered credit transaction is extended to multiple borrowers but only one is a small business; and (v) explain methodologies financial institutions can use to calculate estimated covered originations. In conjunction with the FAQs, the Bureau also released a compliance aid providing additional information covered during a recent Bureau presentation.

    Agency Rule-Making & Guidance Federal Issues CFPB Small Business Lending Section 1071

  • SBA clarifies PPP eligibility of payroll costs

    Federal Issues

    On June 13, the SBA added question #72 to its Paycheck Protection Program (PPP) Frequently Asked Questions clarifying whether “the amounts paid by a borrower to a third-party payer for the third-party payer’s employees to operate the borrower considered eligible payroll expenses for the purpose of calculating the maximum loan amount.” Previous guidance released in 2020 (FAQ #10) relayed that “payroll documentation provided by the payroll provider that indicates the amount of wages and payroll taxes reported to the IRS by the payroll provider for the borrower’s employees will be considered acceptable PPP loan payroll documentation.” However, because FAQ #10 was issued three days after the PPP began accepting applications and there have been conflicting interpretations of the guidance, the SBA administrator determined additional clarification was necessary.

    After reviewing a September 2022 decision issued by the SBA Office of Hearings and Appeals, the administrator published FAQ #72, stating “payroll costs paid by a borrower to a third-party payer for the third-party’s employees to operate the borrower are eligible payroll costs for the purpose of calculating the borrower’s maximum loan amount, as long as the employees were not otherwise counted towards payroll costs on a PPP loan received by the third-party payer.” The administrator further explained that “payroll cost documentation which shows that a borrower paid a third-party payer for the employees of the third-party to operate the borrower will be permitted to support eligible payroll costs for the purpose of calculating the maximum loan amount as long as the employees were not otherwise counted towards payroll costs on another PPP loan, and all other PPP requirements are met, including the submission of payroll documentation that indicates the amount of wages and payroll taxes reported to the IRS by the third-party payer.”

    Federal Issues SBA Covid-19 CARES Act Small Business Lending

  • OFAC clarifies impact of sanctions on humanitarian assistance and trade

    Financial Crimes

    On June 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued a Fact Sheet for “Provision of Humanitarian Assistance and Trade to Combat COVID-19.” The Fact Sheet, among other things, highlights Treasury’s humanitarian-related or other general licenses (GL) issued to support people impacted by Covid-19 across Iran, Venezuela, North Korea, Syria, Cuba, and Russia. Relatedly, OFAC issued Iran-related GL N-2, Venezuela-related GL 39B, and Syria-related GL 21B to authorize transactions and activities related to the prevention, diagnosis, or treatment of Covid-19, as well as several amended FAQs.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Designations OFAC Sanctions Iran Syria North Korea Cuba Russia Venezuela Covid-19

  • OFAC expands Russian sanctions

    Financial Crimes

    The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced several actions targeting Russia’s attempts to circumvent or evade sanctions and implemented other economic measures to degrade the country’s capacity to wage its war against Ukraine. In coordination with the G7 and other international partners, OFAC implemented several new commitments to cut Russia off from revenue streams and key inputs needed to equip its military. The sanctions target 22 individuals and 104 entities with touchpoints in more than 20 countries or jurisdictions with involvement in the technology, energy, and financial services sectors. OFAC also expanded sanctions authorities to target new sectors of Russia’s economy and sever the country’s access to several new categories of services. Additional sanctions-related measures include the designation or identification as blocked property of nearly 200 individuals, entities, vessels, and aircraft by the State Department. Concurrently, the Commerce Department significantly expanded the territorial reach and categories covered by its export controls and added 71 entities to its Entity List to prevent Russia from accessing goods needed for its war.

    OFAC noted that it also expanded its Russia-related sanctions authorities through the issuance of a determination that identifies the architecture, engineering, construction, manufacturing, and transportation sectors of the Russian economy pursuant to Executive Order (E.O.) 14024. The determination complements existing sanctions authorities and allows for additional economic costs to be imposed on Russia and for sanctions to be imposed on any person determined to operate of have operated in any of the sectors. OFAC issued a second determination pursuant to E.O. 14071 (effective June 18) to prohibit the “exportation, reexportation, sale, or supply, directly or indirectly, from the United States, or by a United States person, wherever located, of architecture services or engineering services to any person located in the Russian Federation.” (See new OFAC FAQs and general licenses here.)

    Additionally, OFAC amended Directive 4 under E.O. 14024 “to require U.S. persons to report to OFAC any property in their possession or control in which the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, or the Ministry of Finance of the Russian Federation has an interest.”

    Earlier in the month, OFAC also announced sanctions against a Russian ransomware actor for being complicit in cyberattacks against U.S. law enforcement, businesses, and critical infrastructure. OFAC commented that analysis conducted by FinCEN found that “75 percent of ransomware-related incidents reported between July and December 2021 were linked to Russia, its proxies, or persons acting on its behalf.”

    As a result of the sanctions, all property and interests in property of the designated persons that are in the U.S. or in the possession or control of U.S. persons must be blocked and reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC’s announcement further noted that its regulations “generally prohibit” U.S. persons from participating in transactions with designated persons unless exempt or otherwise authorized by a general or specific license.

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations Russia Ukraine Ukraine Invasion Department of State Department of Commerce

  • OFAC announces new Sudan E.O., issues and amends several sanctions general licenses and FAQs

    Financial Crimes

    The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced several sanctions-related actions, including President Biden’s new Executive Order (E.O.) Imposing Sanctions on Certain Persons Destabilizing Sudan and Undermining the Goal of a Democratic Transition. The E.O. expands the scope of a 2006 Executive Order following the determination that recent events in Sudan “constitute[] an unusual and extraordinary threat to the national security and foreign policy of the United States.” The E.O. outlines specific prohibitions and provides that all property and interests in property that are in the U.S. or that later come in the U.S., or that are in the possession or control of any of the identified U.S. persons must be blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in. Concurrently, OFAC issued a new FAQ clarifying which sanctions authorities are applicable to Sudan and the Sudanese government.

    OFAC also issued Venezuela-related General License (GL) 42, which authorizes certain transactions related to the negotiation of settlement agreements with the IV Venezuelan National Assembly and certain other entities. The authorized transactions must relate to debt owed by the Venezuelan government, Petróleos de Venezuela, S.A., or any entity owned, directly or indirectly, 50 percent or more. GL 42 does not authorizes transactions involving the Venezuelan National Constituent Assembly convened by Nicolas Maduro or the National Assembly seated on January 5, 2021. OFAC also released three new related FAQs and one amended FAQ.

    Additionally, OFAC released cyber-related GL 1C, which authorizes certain transactions with Russia’s Federal Security Service that would normally be prohibited by the Weapons of Mass Destruction Proliferators Sanctions Regulations, and issued three amended cyber-related FAQs. A few days later, OFAC issued Russia-related GL 8G, which authorizes certain transactions related to energy that would otherwise be prohibited by E.O. 14024, involving certain entities, including Russia’s central bank. OFAC clarified that GL 8G does not authorize prohibited transactions related to (i) certain sovereign debt of the Russian Federation; (ii) the “opening or maintaining of a correspondent account or payable-through account for or on behalf of any entity subject to Directive 2 under E.O. 14024, Prohibitions Related to Correspondent or Payable-Through Accounts and Processing of Transactions Involving Certain Foreign Financial Institutions”; and (iii) or “[a]ny debit to an account on the books of a U.S. financial institution of the Central Bank of the Russian Federation,” among others.

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations Biden Sudan Venezuela Russia

Pages

Upcoming Events