InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
SEC charges broker-dealer with failure to file suspicious activity reports
On August 29, the SEC announced that it had brought charges against a Chicago-based broker-dealer. The SEC alleged that between August 2012 and September 2020 the broker-dealer failed to file over 400 hundred legally required suspicious financial transaction reports related to over-the-counter securities transactions executed in the broker-dealer’s alternative trading system (ATS). According to the SEC’s order, it was found that the broker-dealer did not establish an anti-money laundering surveillance program until September 2020, despite having thousands of high-risk microcap and penny stock securities transactions executed daily on its ATS.
Daniel R. Gregus, Director of the SEC’s Chicago Regional Office, stated, “All SEC-registered broker-dealers have the responsibility to comply with the requirements of the Bank Secrecy Act, including the obligation to file SARs.”
Without admitting or denying that it violated Section 17(a) of the Securities Exchange Act and Rule 17a-8, the broker-dealer agreed to a censure and a cease-and-desist order, along with a $1.5 million penalty.
FDIC, Fed issue new rules and guidance aimed to strengthen resolution planning at large banks
On August 29, the FDIC and the Federal Reserve Board issued a joint press release inviting public comment on proposed guidance that serves to toughen requirements for non-G-SIB large bank holding companies’ resolution plans, or “living wills” that set forth strategies for rapid and orderly resolution under bankruptcy in the event of financial distress or failure. The proposed guidance, which includes guidance for both domestic triennial full filers and guidance for foreign triennial full filers, will generally apply to certain bank holding companies and foreign banking associations with between $250 billion and $700 billion in total assets. This guidance is separate from the guidance previously issued to the largest and most complex companies, which is already in place. The guidance (i) is organized around key areas of potential vulnerability, such as capital, liquidity, and operational capabilities; (ii) provides agency expectations for both single point of entry and multiple point of entry strategy needs; and (iii) proposes that foreign banking organizations develop U.S. resolution strategies that complement their global resolution plans. The proposed guidance will be published in the Federal Register, with comments due by November 30, 2023.
Separately on August 29, the FDIC approved a notice of proposed rulemaking to enhance resolution planning for insured depository institutions (IDIs) with at least $100 billion in total assets. The proposed rule would strengthen existing IDI resolution planning requirements under 12 CFR § 360.10 and would require a resolution submission from covered IDIs every two years, with limited filings in between. Covered IDIs would be required to submit comprehensive resolution plans that would “enhance current IDI resolution planning requirements by incorporating useful elements of existing guidance and important lessons learned from past plan reviews and from past large bank resolutions, including those earlier this year.” Additionally, IDIs with total assets of at least $50 billion but less than $100 billion would submit more limited informational filings and would not be required to develop a resolution strategy. Comments on the proposed rule are due by November 30, 2023.
OCC allows institutions in Florida affected by Hurricane Idalia to temporarily close
On August 29, the OCC issued a proclamation permitting OCC-regulated institutions, at their discretion, to close offices in areas of Florida affected by Hurricane Idalia “for as long as deemed necessary for bank operation or public safety.” In issuing the proclamation, the OCC noted that only bank offices directly affected by potentially unsafe conditions should close, and that banks should make every effort to reopen as quickly as possible to address customers’ banking needs. The proclamation directs institutions to OCC Bulletin 2012-28 for further guidance on natural disasters and other emergency conditions.
Find continuing InfoBytes coverage on disaster relief here.
FDIC releases July enforcement actions, including breaches of fiduciary duty and FDPA violations
On August 25, the FDIC announced a list of administrative enforcement actions taken against banks and individuals in July. The 10 orders include “two orders that combined a prohibition order and order to pay CMP; one combined personal consent order and order to pay CMP; four prohibition orders; one order modifying a prohibition order; one order of termination of deposit insurance; and one order to pay CMP for pattern or practice violations of the Flood Disaster Protection Act.” The FDIC assessed a civil money penalty against a North Dakota-based bank for alleged violations of the Flood Disaster Protection Act and the National Flood Insurance Act including providing or extending loans secured by a building or mobile home situated in or intended for placement within an area with a recognized risk of flooding, without promptly notifying the borrower and/or the servicer about the availability of flood insurance for the asset.
Warren urges Fed to finalize capital requirements for large banks
On August 29, Senator Elizabeth Warren (D-MA) sent a letter to the Fed regarding its recent notice of proposed rulemaking, urging them to “finalize the rules as quickly as possible.” In July, the Fed announced amendments to the regulatory capital requirements for large banking organizations that would implement the final components of the Basel III agreement (previously covered by InfoBytes here). Warren noted that she is concerned about the Fed’s intent to seek potential modifications as it could result in weakening the proposed rule. Warren also warned that big bank lobbyists has been “engaging in a full-court press to fend off higher capital requirements” before the release of the proposed rule, and that big banks lobbying expenditures were up 20 percent compared to the same period of time in the previous year, indicating a “clear effort to fend off stronger rules” following recent bank failures. The senator finally noted that the capital bank requirements are a threat to bank’s “massive payouts for executives and shareholders.”
DOJ, Oklahoma bank agree to consent order over redlining
On August 28, the DOJ announced a settlement agreement to resolve allegations of redlining by an Oklahoma-based bank. According to the complaint, defendant allegedly engaged in redlining by refraining from providing home loans and other mortgage-related services, and also engaged in biased behavior, to deter individuals residing in or seeking credit within predominantly Black and Hispanic neighborhoods in Tulsa from pursuing mortgage opportunities. According to the proposed consent order, without admitting or denying the allegations, defendant agreed to (i) invest $1.15 million to increase credit opportunities in neighborhoods of color; (ii) invest at least $950,000 in a loan subsidy fund for predominantly Black and Hispanic neighborhoods in Tulsa; (iii) invest $100,000 for advertising, outreach and consumer education; (iv) invest $100,000 for community partnerships to improve access to residential mortgage credit services; (v) “open a new community-oriented loan production office in the historically Black area of Tulsa”; and (vi) assign at least two mortgage loan officers to solicit mortgage applications in predominantly Black and Hispanic neighborhoods in Tulsa, among other things.
The DOJ press release makes reference to the 1921 Tulsa Race Massacre. The bank's press release announcing the settlement responded by stating that “[a]s Oklahomans, we carry a profound sense of sorrow for the tragic events of the Tulsa Race Massacre over a century ago. It is with deep concern that we note the Justice Department’s decision to reference this distressing historical event in its complaint against our bank, established a mere 25 years ago.”
Fed issues enforcement action against state bank and its holding company
On August 17, the Fed announced an enforcement action against a state bank and its holding company for failing to comply with conditions imposed during the approval process for the bank to become a member of the Federal Reserve System and subsequent application for acquisition. Namely, the order provides that, among other conditions and limitations, the bank was required to provide advance notice of any change in its business plan, and was found to have changed the business plan without the requisite prior written approval. As part of the order, the bank will wind down its operations as part of a purchase agreement where it will sell its assets to a third-party bank and it will ensure the conservation of capital, preservation of cash assets, and will limit its business activities to only those necessary to consummate the purchase agreement.
SEC charges fintech investment adviser for misleading advertising
On August 21, the SEC announced charges against a New York-based fintech investment adviser for using hypothetical performance metrics in misleading advertisements, compliance failures that led to misleading disclosures, and failure to adopt policies concerning crypto asset trading by employees, among other things. These charges mark the first violation of the SEC’s amended marketing rule.
According to the order, the fintech investment adviser made misleading statements on its website by failing to include material information, and without having adopted and implemented required policies and procedures under the SEC’s marketing rule. The SEC also found that the company made conflicting disclosures regarding crypto assets custody and failed to adopt policies related to employee personal trading in crypto assets.
The company consented to the order finding that it violated the Advisers Act and without admitting or denying the SEC’s findings, entered into a cease-and-desist order, a censure, and agreed to pay $192,454 in disgorgement, prejudgment interest and an $850,000 civil penalty that will be distributed to affected clients.
NIST updates its Cybersecurity Framework
The National Institute of Standards and Technology (NIST) recently unveiled a proposed update to its Cybersecurity Framework, which was originally developed to provide information security guidelines for “critical infrastructure” like banking and energy industries. (Covered by InfoBytes here). The update includes a new, sixth pillar called “govern” that provides categories to facilitate executive oversight; manage enterprise risk (including supply chain risk); and effective alignment of enterprise resources, strategies, and risk, emphasizing that “cybersecurity is a major source of enterprise risk and a consideration for senior leadership.” This pillar will also guide organizations’ leadership in making internal decisions to support its cybersecurity strategy. The framework draft also updated its implementation guidance, especially for creating profiles that tailor guidance for certain situations. Additionally, NIST included implementation examples that are particularly beneficial for smaller firms. The framework’s lead developer, Cherilyn Pascoe, mentioned the framework has proven useful across many different sectors like small businesses and foreign governments, therefore it was updated to be a useful tool to sectors, regardless of type or size, outside of those designated as critical. A major goal of the updated version of the framework is to show organizations how to leverage existing technology frameworks, standards, and guidelines to implement NIST’s framework. Furthermore, the framework title changed from “Framework for Improving Critical Infrastructure Cybersecurity” to “The Cybersecurity Framework” to reflect its expanded inclusivity and wide adoption.
Public comments must be received by November 4.
DFPI finalizes small business UDAAP and data reporting rule
DFPI recently approved the final regulation for implementing and interpreting certain sections of the California Consumer Financial Protection Law (CCFPL) related to commercial financial products and services. After considering comments and releasing three rounds of modifications to Sections 1060, 1061, and 1062, the final regulation will, among other things, bring protections to small businesses seeking loans, by (i) defining and prohibiting unfair, deceptive, and abusive acts and practices in the offering or provision of commercial financing to small businesses, nonprofits, and family farms; and (ii) establishing data collection and reporting requirements.
Previous InfoBytes coverage on the (i) initial modifications to the CCFPL proposed regulation can be found here; (ii) the second round of CCFPL modifications proposal is found here; and (iii) the third iteration of the modified CCFPL proposal is located here.
This DFPI regulation was notably finalized on the heels of the CFPB’s finalized Section 1071 rule on small business lending data, which similarly will require financial institutions to collect and provide the Bureau data on lending to small businesses (covered by InfoBytes here)
Sections 1060, 1061, and 1062 will be effective on October 1.