InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC releases enforcement actions
On March 17, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included is a cease and desist order against a New York-based bank for allegedly engaging in unsafe or unsound practices related to its information technology security and controls, as well as its information technology risk governance and board of director/management oversight of its corporate risk governance processes. The OCC also found alleged deficiencies (including unsafe or unsound practices) in the bank’s Bank Secrecy Act (BSA)/anti-money laundering risk management controls in the following areas: “internal controls, BSA officer, customer identification program, customer due diligence, enhanced due diligence, [] beneficial ownership,” and suspicious activity monitoring and reporting. The order requires the bank to, among other things, maintain a compliance committee, develop a corporate governance program to ensure appropriate board oversight, establish a written strategic plan and conduct an internal audit to assess the sufficiency of the bank’s internal controls program, implement information technology governance and security programs, and adopt an automated clearing house risk management program. The bank is also required to appoint a BSA officer to ensure adherence to the bank’s BSA/AML internal controls, conduct a suspicious activity review lookback, implement a customer information program that is reasonably designed to identify and verify beneficial owners of legal entity customers, and develop and adopt a BSA/AML model risk management process.
Fed to launch FedNow in July
On March 15, the Federal Reserve Board announced a July launch date for its FedNow Service. (Covered by a Special Alert here.) Beginning the first week of April, the Fed will start formally certifying participants, with early adopters completing a customer testing and certification program in preparation for sending live transactions through the system. The certification process “encompasses a comprehensive testing curriculum with defined expectations for operational readiness and network experience,” the Fed explained. “We couldn’t be more excited about the forthcoming FedNow launch, which will enable every participating financial institution, the smallest to the largest and from all corners of the country, to offer a modern instant payment solution,” said Ken Montgomery, First Vice President of the Federal Reserve Bank of Boston and FedNow program executive. “With the launch drawing near, we urge financial institutions and their industry partners to move full steam ahead with preparations to join the FedNow Service,” Montgomery added.
In addition to certifying early adopters for the July launch, the Fed said it will continue to engage with financial institutions and service providers to complete the testing and certification program throughout 2023 and beyond. FedNow “will launch with a robust set of core clearing and settlement functionality and value-added features,” the agency said, explaining that “[m]ore features and enhancements will be added in future releases to continue supporting safety, resiliency and innovation in the industry as the FedNow network expands in the coming years.”
Fed governor says transparency is key for promoting innovation in the banking system
On March 14, Federal Reserve Governor Michelle W. Bowman presented thoughts on innovation trends within the U.S. financial system during a conference held by the Independent Community Bankers of America. Bowman commented that innovation has always been a priority for banks of all sizes and business models, and that regulators—often accused of “being hostile to innovation” within the regulated financial system—are continually trying to learn and adapt to new technologies, which often introduce new risks and vulnerabilities. In order to address these challenges, which are often amplified for community banks, Bowman said banks must be prepared to make improvements to risk management, cybersecurity, and consumer compliance measures, and regulators—playing a complementary role—must ensure rules are clear and transparent. She further stressed that “[i]t is absolutely critical that innovation not distract banks and regulators from the traditional risks that are omnipresent in the business of banking, particularly credit, liquidity, concentration, and interest rate risk.” Noting that these types of risks are present in all bank business models, Bowman said they “can be especially acute for banks engaging in novel activities or exposed to new markets, including crypto-assets.”
Explaining that transparency is important for promoting a safe, sound, and fair banking system, particularly when it comes to innovation, Bowman stated that insufficient clarity or transparency or disproportionately burdensome regulations may “cause new products and services to migrate to the shadow banking system.” Bowman went on to discuss ways bank regulation and supervision can support responsible innovation, and highlighted unique challenges facing smaller banks, as well as key actions taken by regulators to date relating to crypto assets, third-party risk management, cybersecurity, Community Reinvestment Act reform, bank mergers, and overdraft fees, among others.
Fed issues Bank Term Funding Program FAQs
On March 13, the Federal Reserve Board issued FAQs on its Bank Term Funding Program, which launched March 12, to provide additional funding to eligible depository institutions in order to meet depositors’ needs. The program will serve as an additional source of liquidity against high-quality securities, and will eliminate the need for an institution to quickly sell those securities in times of stress. Loans of up to one year in length will be made available to “banks, savings associations, credit unions, and other eligible depository institutions pledging U.S. Treasuries, agency debt and mortgage-backed securities, and other qualifying assets as collateral.” The Fed said in its announcement that it “is closely monitoring conditions across the financial system and is prepared to use its full range of tools to support households and businesses, and will take additional steps as appropriate.”
Hsu presses for global supervision of crypto
On March 6, acting Comptroller of the Currency Michael J. Hsu commented that the collapse of a major cryptocurrency exchange has underscored a need for consolidated supervision of global cryptocurrency firms. Speaking before the Institute for International Banker’s Annual Washington Conference, Hsu offered thoughts on how to build and maintain trust in global banking. “To be trustworthy, global crypto firms need a lead regulator who has authority and responsibility over the enterprise as a whole,” Hsu said. “Until that is done, crypto firms with subsidiaries and operations in multiple jurisdictions will be able to arbitrage local regulations and potentially play shell games using inter-affiliate transactions to obfuscate and mask their true risk profile.” Hsu pointed out that in order to conduct business in the U.S. foreign banks must be supervised by a home country via “a lead regulator with visibility and authority over the entirety of the bank’s global activities.” In contrast, not a single crypto firm is currently subject to consolidated supervision, Hsu said.
Hsu drew comparisons between a now-defunct international bank that led to significant changes in how global banks are supervised and the collapsed crypto exchange, arguing that there are “striking similarities” between the two, including that both (i) “faced fragmented supervision by a combination of state, federal, and foreign authorities”; (ii) “lacked a lead or ‘home’ regulator with authority and responsibility for developing a consolidated and holistic view of the firms”; (iii) “operated across jurisdictions where there was no established framework for regulators to share information on the firms’ operations and risk controls”; and (iv) “used multiple auditors to ensure that no one could have a holistic view of their firms.” To close the gap in the crypto sector, Hsu said action “will have to take place outside of bank regulatory channels,” but noted that the Financial Stability Board and other international bodies have already “recognized the need for a comprehensive global supervisory and regulatory framework for crypto participants.”
FDIC issues January enforcement actions
On February 24, the FDIC released a list of administrative enforcement actions taken against banks and individuals in January. The FDIC made public 11 orders, including “four combined orders of prohibition and orders to pay civil money penalties, one 8(b) consent order, one order to pay civil money penalty, three orders of prohibition, one order terminating a Section 19 order, and one order terminating consent order.”
The actions include a civil money order against a Pennsylvania-based bank related to alleged violations of the Flood Disaster Protection Act (FDPA). The FDIC determined that the bank had engaged in a pattern or practice of violating the FDPA by failing to provide required notices of lender-placed flood insurance to borrowers in 16 instances.
Additionally, the FDIC issued a consent order against an Iowa-based bank alleging the bank engaged in “unsafe or unsound banking practices and violations of law or regulations” relating to, among other things, its process for testing a proposed debit/prepaid card program. The FDIC stipulated that before starting the testing phase of any new debit card program or similar program, the bank “must develop, adopt, and implement an effective program addressing anti-money laundering (AML) / combating the financing of terrorism (CFT) controls” for the new program and conduct an independent assessment. The bank is also ordered to revise its AML/CFT policy and conduct a review of its information security program to ensure it reflects current risks.
Agencies warn banks of crypto-asset liquidity risks
On February 23, the FDIC, Federal Reserve Board, and OCC released a joint statement addressing bank liquidity risks tied to crypto-assets. The agencies warned that using sources of funding from crypto-asset-related entities may expose banks to elevated liquidity risks “due to the unpredictability of the scale and timing of deposit inflows and outflows.” The agencies addressed concerns related to deposits placed by crypto-asset-related entities for the benefit of end customers where the deposits may be influenced by the customer’s behavior or crypto-asset sector vulnerabilities, rather than the crypto-asset-related entity itself, which is the bank’s direct counterparty. The agencies warned that the “uncertainty and resulting deposit volatility can be exacerbated by end customer confusion related to inaccurate or misleading representations of deposit insurance by a crypto-asset-related entity.” The agencies also addressed issues concerning deposits that constitute stablecoin-related reserves, explaining that the stability of these types of deposits may be dependent on several factors, including the “demand for stablecoins, the confidence of stablecoin holders in the stablecoin arrangement, and the stablecoin issuer’s reserve management practices,” and as such, may “be susceptible to large and rapid outflows stemming from, for example, unanticipated stablecoin redemptions or dislocations in crypto-asset markets.”
The agencies’ statement reminded banking organizations to apply effective risk management controls when handling crypto-related deposits, commensurate with the associated liquidity risk of those deposits. The statement suggested certain effective risk management practices, which include: (i) understanding the direct and indirect drivers of potential deposit behavior to ascertain which deposits are susceptible to volatility; (ii) assessing concentrations or interconnectedness across crypto deposits, as well as the associated liquidity risks; (iii) incorporating liquidity risks or funding volatility into contingency funding planning; and (iv) performing robust due diligence and ongoing monitoring of crypto-asset-related entities that establish deposit accounts to ensure representations about these types of deposit accounts are accurate. The agencies further emphasized that banks are required to comply with applicable laws and regulations, including brokered deposit rules, as applicable, and Call Report filing requirements. The joint statement also reminded banks that they “are neither prohibited nor discouraged from providing banking services to customers of any specific class or type, as permitted by law or regulation.”
As previously covered by InfoBytes, the agencies issued a statement in January highlighting key risks banks should consider when choosing to engage in cryptocurrency-related services.
Fed revises Bank Holding Company Supervision Manual
The Federal Reserve Board recently updated sections of the Bank Holding Company Supervision Manual. (Changes to the manual were last made in November 2021.) The manual provides guidance for conducting inspections of bank holding companies and their nonbank subsidiaries, as well as savings and loan holding companies. “The supervisory objectives of the inspection program are to ascertain whether the financial strength of the bank holding company is being maintained on an ongoing basis and to determine the effects or consequences of transactions between a holding company or its nonbanking subsidiaries and its subsidiary banks,” the Fed explained. Included among the changes are updates to sections on the supervision of savings and loan holdings companies; supervision of holding companies with less than $10 billion in total consolidated assets; liquidity planning and positions applicable to large financial institutions; holding company ratings applicability and inspection frequency; supervision of subsidiaries related to nondeposit investment products; control and ownership of bank holding company formations; asset securitization risk management and internal controls; retail-credit classification; supervision of savings and loan holding companies; and Bank Holding Company Act exemptions. A new section—“Formal Corrective Actions”—revises previous guidance to include entities against which the Fed has statutory authority to take formal enforcement actions. The section also provides additional information on enforcement actions for Bank Secrecy Act and anti-money laundering compliance failures, as well as details on interagency enforcement coordination. The section further clarifies that the Fed “does not issue an enforcement action on the basis of a ‘violation’ of or ‘non-compliance’ with supervisory guidance.” Minor technical changes were made throughout the manual as well. A detailed summary of changes is available here.
Agencies propose Call Report revisions
On February 22, the FDIC, Federal Reserve Board, and the OCC announced the publication of a joint notice and request for comment proposing changes to three versions of the Call Report (FFIEC 031, FFIEC 041, and FFIEC 051), as well as changes to the Report of Assets and Liabilities of U.S. Branches and Agencies of Foreign Banks (FFIEC 002), as applicable. Section 604 of the Financial Services Regulatory Relief Act of 2006 mandates agency review of information collected in the Call Reports “to reduce or eliminate any requirement to file certain information or schedules if the continued collection of such information or schedules is no longer necessary or appropriate.” The proposed changes would eliminate and consolidate certain items in the Call Reports based on an evaluation of responses to a user survey addressing the Call Report schedules. The agencies are also requesting comments on certain technical clarifications made last year concerning the reporting of certain debt securities issued by Freddie Mac and proposed Call Report process revisions. The proposed changes if approved, will take effect as of the June 30, 2023, report date. Comments are due April 24.
OCC revises guidance on change in bank control
On February 16, the OCC released an updated version of the “Change in Bank Control” booklet of the Comptroller’s Licensing Manual. According to OCC Bulletin 2023-7, the revised licensing booklet—which outlines OCC policies and procedures regarding filings by persons who wish to acquire control of a national bank or federal savings association “through the purchase, assignment, transfer, pledge, exchange, succession, or other disposition of voting stock”—removes references to outdated guidance, provides current references to relevant guidance, and makes other minor modifications and corrections throughout. The booklet applies to all national banks, federal savings associations, and federal branches and agencies of foreign banking organizations.
Pages
Upcoming Events
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit