Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 26, the OCC’s Committee on Bank Supervision released its bank supervision operating plan (Plan) for fiscal year 2019. The Plan outlines the agency’s supervision priorities and specifically highlights the following supervisory focus areas: (i) cybersecurity and operational resiliency; (ii) commercial and retail credit loan underwriting, concentration risk management, and the allowance for loan and lease losses; (iii) Bank Secrecy Act/anti-money laundering compliance; (iv) change management to address new regulatory requirements; and (v) internal controls and end-to-end processes necessary for product and service delivery.
The annual plan guides the development of supervisory strategies for individual national banks, federal savings associations, federal branches, federal agencies, and service providers.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes previously has covered.
OCC updates Comptroller’s Licensing Manual to revise public comment period calculation for business combination applicants
On July 30, the OCC released Bulletin 2018-22 announcing an updated version of its “Business Combinations” booklet of the Comptroller’s Licensing Manual. As previously covered in InfoBytes, the OCC released a revised version of the booklet last November, which included updates related to regulations addressing applications for national banks and federal savings associations proposing to execute a business combination. Current version 1.1 of the booklet incorporates minor technical corrections and includes a change in the public comment period calculation, which is “generally 30 days after the newspaper publication.” Among other things, the booklet provides a requirement that a notice “must be published three times in a newspaper of general circulation in the community or communities where the main or home offices of the banks involved in the transaction are located.” The OCC further advises applicants to consider the possibility of a processing delay in the event “significant or adverse comments” are received, and stresses potential delays should be a factored in when planning target dates for consummating a business combination.
On July 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. The new enforcement actions include cease and desist orders, civil money penalty orders, removal/prohibition orders, and terminations of existing enforcement actions. Two of the more notable actions by the OCC covered in this report are discussed below.
On May 31, the OCC issued a consent order against an international investment bank’s federal branches located in Stamford, Miami, and New York, which identified alleged deficiencies in the branches’ Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance programs. The alleged deficiencies include failure to adopt and implement adequate BSA/AML compliance programs and failure to file timely Suspicious Activity Reports. Among other things, the consent order requires the branches to (i) develop and implement an ongoing BSA/AML risk assessment program; (ii) adopt an independent audit program to conduct a review of the bank’s BSA/AML compliance program; (iii) submit a written progress report within 30 days after the end of each calendar quarter that details actions undertaken to ensure compliance with the consent order’s provisions; and (iii) ensure each branch has permanent, experienced BSA officers responsible for compliance functions. The bank has neither admitted nor denied the OCC’s findings, and a civil money penalty was not assessed against the branches.
In addition, on June 18 the OCC issued an order terminating a 2016 consent order against a national bank following the OCC’s determination that the bank had successfully completed the consent order’s requirements for complying with provisions of the Servicemembers Civil Relief Act.
Federal Reserve issues enforcement actions against New York branch of Pakistani bank, former bank employee
On July 12, the Federal Reserve Board released an enforcement action taken against a Pakistani bank’s New York branch concerning deficiencies in the branch’s Bank Secrecy Act/anti-money laundering (BSA/AML) compliance program. Under the terms of the written agreement, the branch is required to (i) submit a written governance plan to strengthen the board of director’s oversight of BSA/AML compliance; (ii) retain an independent third party to conduct a BSA/AML compliance review; (iii) submit a revised, written compliance program that complies with BSA/AML requirements; (iii) submit an enhanced, written customer due diligence program plan; and (iv) submit a revised program to ensure compliant suspicious activity monitoring and reporting. On a parallel basis, the Federal Reserve terminated an enforcement action taken against the branch in 2013.
The Federal Reserve also issued a separate enforcement action against a former bank employee for engaging in unsafe or unsound banking practices by concealing an unreconciled balance using improper accounting practices. The consent order of prohibition prohibits the former employee from, among other things, participating in any manner in the conduct of the affairs of any insured depository institution, holding company, or subsidiary of an insured depository institution.
On June 20, the New York Department of Financial Services (NYDFS) announced a $205 million settlement with a global banking firm to resolve allegations that the bank engaged in unsafe and unsound practices in its foreign exchange (FX) trading business. According to the consent order, the bank did not implement and maintain sufficient controls to identify and prevent unsafe and unsound activities conducted by certain FX traders. Among other things, the order states that FX traders (i) used electronic chatrooms to coordinate trading activity with competitors to improperly affect FX prices; (ii) engaged in a practice known as “jamming the fix,” which entails accumulating a large trading position and subsequently making aggressive trades with the intention of moving the fix price in a desired direction; (iii) disclosed confidential customer information to competitors through electronic chatrooms; and (iv) mislead customers by hiding markups on trades. In addition to the fine, the bank is required to improve its internal controls and programs to comply with applicable New York State and federal laws and regulations, submit a written plan to improve its compliance risk management program, and provide an enhanced written internal audit program.
On May 3, the Georgia governor signed into law an act amending provisions of the Official Code of Georgia applicable to the state’s Department of Banking and Finance (Department) and financial institutions generally, including banks, credit unions, licensed sellers of payment instruments, and mortgage lenders and brokers. Among other things, HB 780 grants the Department and/or its commissioner (i) powers to authorize state chartered financial institutions to exercise powers authorized by federal law but not authorized under state law; (ii) the authority to remove individuals employed by state chartered financial institutions, including officers and directors; and (iii) the ability to establish a process for state chartered financial institutions to “exercise rights and powers authorized solely under federal law.” HB 870 also amends the Official Code of Georgia to provide for the Department’s licensing of mortgage lenders and brokers. The law took effect on May 3, and does not apply to litigation pending as of March 9.
On May 10, Federal Reserve Board (Board) Chairman Jerome H. Powell responded to Senator Elizabeth Warren’s request concerning a formal commitment by the Board to vote on whether a national bank’s remediation plans to improve its compliance and operational risk management program meet the terms set forth by the Board’s February 2 order to cease and desist (Order). (See previous InfoBytes coverage here.) According to Powell, the decision to lift the asset growth restriction placed on the bank as part of the Order will be determined by a vote of the Board of Governors. In addressing an additional request made by Sen. Warren that the third-party review of the bank’s remedial actions required by the Order be publically released, Powell stated that when the third-party review is ready, “we will review that report to determine whether and to what extent the report can be publicly disclosed without impairing protected interests.” Powell noted that typically evaluations of that kind are not released to the public because they contain confidential supervisory information that would, if disclosed, “likely impair the effectiveness of the supervisory process,” among other things.
On May 1, the Federal Reserve Board (Fed) and the New York Department of Financial Services (NYDFS) announced (press releases available here and here) a combined nearly $110 million settlement with a global banking firm to resolve allegations that the bank engaged in unsafe and unsound practices in its foreign exchange (FX) trading business. According to consent orders issued by the Fed and NYDFS, the bank did not maintain sufficient policies and procedures to identify and prevent “unsafe and unsound” activities conducted by certain FX traders. Among other things, between 2008 and 2012 (NYDFS’ time frame goes through 2013), certain FX traders allegedly disclosed confidential customer information and trading activity with competitors through electronic chatrooms. NYDFS additionally alleged that the traders discussed coordinating their trading activities and other ways to manipulate currency prices to increase trading profits, and claimed that while the bank had policies in place intended to prevent such activity, the policies were not adequately enforced.
The bank did not admit to any wrongdoing in agreeing to the terms of the settlement, and the Fed and NYDFS noted the bank’s full cooperation with the investigations. In addition to the fine, the bank is prohibited from employing certain traders involved and is required to improve its internal controls and programs to comply with applicable New York State and federal laws and regulations, submit a written plan to improve its compliance risk management program, and provide an enhanced written internal audit program.
On March 12, the Federal Reserve Board (Fed) entered into a consent order with a Chinese bank (bank) and its New York branch (branch) in connection with alleged Bank Secrecy Act and anti-money laundering (BSA/AML) violations. According to the Fed’s order, a recent examination identified “significant deficiencies” in the branch’s BSA/AML compliance and risk management controls. The consent order requires, among other things, the bank and branch submit within 60 days: (i) a written governance plan to achieve compliance with BSA/AML requirements; (ii) a system to identify and assess risks associated with all products and customers, including “politically exposed persons”; (iii) an enhanced customer due diligence program plan; and (iv) a compliance program to ensure accurate suspicious activity monitoring and reporting. The bank and branch are further required to engage an independent third party acceptable to the Fed to review their dollar-clearing transaction activity in the second half of 2016 “to determine whether suspicious activity involving high-risk customers or transactions” was properly flagged. The order imposes no financial penalty.
On January 22, the New York Department of Financial Services (NYDFS) issued a reminder to all NYDFS-regulated banks, insurance companies, and other financial services institutions that the deadline to file cybersecurity certifications of compliance is February 15, 2018. Mandated by NYDFS’ cybersecurity regulation that went into effect March 1, 2017 (see previous InfoBytes coverage here), the certification covers the prior calendar year and must be filed electronically through the DFS cybersecurity portal. NYDFS Superintendent Maria T. Vullo also announced that going forward, cybersecurity will be incorporated into all department examinations, and cybersecurity-related questions will be added to NYDFS’ “first day letters” issued to commence examinations of financial services companies.
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at an American Bar Association webinar
- Kari K. Hall and Christopher M. Walczyszyn to speak on the "Understanding updates to Regulation CC to ensure effective check processing" at a National Association of Federal Credit Unions webinar
- Daniel P. Stipano to discuss "ACAMS Moneylaundering.com Year-End Compliance Review and 2020 Outlook" at an ACAMS webinar
- APPROVED Webcast: Periodic reporting made easier
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference