Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FDIC issues 2022 Supervisory Insights

    On August 3, the FDIC released its summer 2022 issue of Supervisory Insights, which contains an article discussing financial performance and examination observations about commercial real estate (CRE) lending risk management practices and an article describing the application of capital, investment, and financial reporting requirements for the issuance of and investment in subordinated debt. The article, Commercial Real Estate: An Update on Bank Lending Amid the Evolving Pandemic Backdrop, discusses the financial performance of banks concentrated in CRE lending as well as examination observations about CRE lending risk management practices. The article also describes the FDIC’s forward-looking supervisory focus for banks with significant exposure in this sector. The FDIC noted that inflation, rising interest rates, and supply chain challenges are possible determinants of increased risk. The article, Subordinated Debt: Issuance and Investment Considerations, “is intended to help financial institutions better understand the applicable capital, investment, and financial reporting requirements for the issuance of and investment in subordinated debt.” According to the FDIC, a key takeaway of Subordinated Debt Investments is that “[i]nstitutions may generally only purchase investment grade subordinated debt securities that are permissible investments for national banks.”

    Bank Regulatory Federal Issues FDIC Supervision Commercial Lending

    Share page with AddThis
  • FDIC, OCC announce disaster relief

    On August 3, the FDIC issued FIL-38-2022 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Kentucky affected by severe storms, flooding, landslides and mudslides that began July 26 and is ongoing. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and suggested that institutions work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are done “in a manner consistent with sound banking practices.” The FDIC noted that institutions may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The agency will also consider relief from certain reporting and publishing requirements.

    The same week the OCC issuedproclamation permitting OCC-regulated institutions, at their discretion, to close offices affected by flooding in Kentucky “for as long as deemed necessary for bank operation or public safety.” The proclamation directed institutions to OCC Bulletin 2012-28 for further guidance on actions they should take in response to natural disasters and other emergency conditions. According to the 2012 Bulletin, only bank offices directly affected by potentially unsafe conditions should close, and institutions should make every effort to reopen as quickly as possible to address customers’ banking needs.

    Bank Regulatory Federal Issues FDIC OCC Disaster Relief Mortgages Consumer Finance CRA

    Share page with AddThis
  • Hsu discusses cybersecurity risks to financial sector

    Privacy, Cyber Risk & Data Security

    On August 2, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the Joint Meeting of the Financial and Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council focusing on cybersecurity risks to the financial services sector. Hsu called for collaboration among public and private sector stakeholders to safeguard the financial services sector. Hsu noted that the financial services sector has done “a good job of building cyber defenses and working with law enforcement and the regulatory community to guard against attacks,” but warned that “we cannot be complacent.” He noted that the OCC has recently observed increases in cyberattack frequency and severity against financial institutions and service providers, and that cyberattacks, such as ransomware, have risks beyond financial loss. Hsu added that “disruption to financial services can significantly impact banks’ abilities to deliver critical services to their customers and has the potential to affect the broader economy.” He also stressed that banks “need to assess both the potential impact cyber incidents may have on their own institution and the impact a cyber disruption may have on the broader financial system.” He also stated that cybersecurity breaches have been caused or intensified by the failure to have effective controls in three areas: (i) authentication; (ii) systems configuration and patch management; and (iii) cyber response and resilience capabilities. Hsu concluded by emphasizing the OCC’s commitment “to working with CISA, our financial sector counterparts, and other sectors to ensure that we have strong partnerships across the government.”

    Privacy, Cyber Risk & Data Security Bank Regulatory Federal Issues OCC

    Share page with AddThis
  • Agencies seek comment on CRE loan statement

    Agency Rule-Making & Guidance

    On August 2, the FDIC, OCC, and NCUA (collectively, “the agencies”) issued a notice in the Federal Register soliciting public comment on an updated policy statement regarding accommodations and workouts for commercial real estate (CRE) loans whose borrowers are experiencing financial difficulty. In 2009, the Policy Statement on Prudent Commercial Real Estate Loan Workouts was issued by the FFIEC, which the agencies view “as being useful for both agency staff and financial institutions in understanding risk management and accounting practices for [] CRE loan workouts.” Among other things, the statement would include (i) a new section on short-term loan accommodations; (ii) information about changes in accounting principles since 2009; and (iii) revisions and additions to examples of CRE loan workouts. The new updated statement would also “address relevant accounting changes on estimating loan losses and provide updated examples of how to classify and account for loans modified or affected by loan accommodations or loan workout activity.” Specifically, the agencies seek input on how the document reflects sound practices in CRE loan accommodation and what additional information can be included to optimize the guidance of managing CRE loan portfolios.

    Agency Rule-Making & Guidance Bank Regulatory FDIC OCC NCUA FFIEC Federal Register Commercial Lending

    Share page with AddThis
  • FDIC, Fed issue CDO against crypto brokerage firm

    On July 28, the FDIC and the Federal Reserve Board issued a joint letter demanding that a crypto brokerage firm cease and desist from making false and misleading statements regarding the company’s FDIC deposit insurance status and take immediate corrective action to address these false statements. The agencies claimed that the firm made false and misleading representations online, including on its website, stating or suggesting that: (i) it is FDIC–insured; (ii) customers who invested with the firm’s cryptocurrency platform would receive FDIC insurance coverage for all funds provided to, and held by, the firm; and (iii) the FDIC would insure customers against the failure of the firm. The FDIC noted that the false and misleading statements Violate the FDIC Act. The FDIC demanded that the firm take corrective actions by removing the misrepresentations or false statements and provide written confirmation to the FDIC and Board of Governors that it has fully complied with the removal request within two days.

    Bank Regulatory FDIC Federal Reserve Cryptocurrency Deposit Insurance FDI Act

    Share page with AddThis
  • FDIC issues advisory on crypto companies’ deposit insurance claims

    On July 29, the FDIC announced an advisory addressing certain misrepresentations about FDIC deposit insurance made by some crypto companies. The advisory, among other things, reminded insured banks that they must be aware of how FDIC insurance operates as well as the need to assess, manage, and control risks arising from third-party relationships, including those with crypto companies. The advisory noted that recently “some crypto companies have suspended withdrawals or halted operations," and that in certain cases, "these companies have represented to their customers that their products are eligible for FDIC deposit insurance coverage, which may lead customers to believe, mistakenly, that their money or investments are safe.” In dealing with crypto companies, the agency cautioned that “FDIC-insured banks should confirm and monitor that these companies do not misrepresent the availability of deposit insurance.” The FDIC also issued a Fact Sheet reminding the public that the FDIC only insures deposits held in insured banks and savings associations and only in the event of an insured bank’s failure. The FDIC does not insure assets issued by non-bank entities, such as crypto companies.

    Bank Regulatory FDIC Cryptocurrency Deposit Insurance Digital Assets Third-Party Risk Management Nonbank

    Share page with AddThis
  • FDIC releases June enforcement actions

    On July 29, the FDIC released a list of administrative enforcement actions taken against banks and individuals in June. During the month, the FDIC made public twelve orders consisting of “three consent orders, one order to pay civil money penalty, four orders of prohibition, one section 19 order, one order terminating consent order, two orders of termination of insurance, one Notice of Intention to Prohibit from Further Participation, Notice of Assessment of Civil Money Penalties, Findings of Fact and Conclusions of Law, Order to Pay, Notice of Hearing, and Prayer for Relief.” The FDIC imposed a civil money penalty against a Missouri-based bank for alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank “made, increased, extended or renewed a loan secured by a building or mobile home located or to be located in a special flood hazard area without providing timely notice to the borrower and/or the servicer as to whether flood insurance was available for the collateral.” The bank must pay a $7,000 civil money penalty.

    The actions also include a consent order with a Georgia-based bank, which alleged that the bank violated “law or regulation related to weaknesses in the Bank’s compliance with the Bank Secrecy Act.” According to the consent order, the bank must, among other things: (i) “enhance its oversight of the Bank’s BSA/AML Compliance Program and assume full responsibility for the approval of sound BSA/AML policies, procedures, and processes”; (ii) “revise, adopt, and implement a written BSA/AML Compliance Program, including policies and procedures”; and (iii) “review and revise as appropriate its written policies, procedures, and processes for assessing the money laundering, terrorist financing, and other illicit financial activities risk profile of the Bank.”

    Bank Regulatory FDIC Enforcement Anti-Money Laundering Bank Secrecy Act Flood Disaster Protection Act Financial Crimes

    Share page with AddThis
  • OCC updates statement on MDIs

    On July 27, the OCC announced the revision of its 2013 policy statement for minority depository institutions (MDI) to update and streamline descriptions of its policies, procedures, and programs. According to the announcement, the OCC observed an increase in interest from banks and other stakeholders in working with MDIs and the MDI designation process after Project REACh was formed in 2020, and after the Emergency Capital Investment Program was established by Congress for Covid-19 relief. These events prompted the OCC to review its 2013 policy statement on MDIs, and the revised policy statement is a result of that review. The OCC also released a Fact Sheet regarding the agency’s support for MDIs.

    Bank Regulatory OCC MDI

    Share page with AddThis
  • U.S.-UK financial regulators discuss bilateral issues

    Financial Crimes

    On July 26, the U.S. Treasury Department issued a joint statement covering the recently held sixth meeting of the U.S.-UK Financial Regulatory Working Group. Participants included officials and senior staff from both countries’ treasury departments, as well as regulatory agencies including the Federal Reserve Board, CFTC, FDIC, OCC, SEC, the Bank of England, and the UK’s Financial Conduct Authority. The Working Group discussed, among other things, (i) market developments since the Russian invasion of Ukraine; (ii) continuing international and bilateral cooperation; (iii) the international financial sector priorities at the G7, the G20, the Financial Stability Board (FSB), and the International Organisation of Securities Commissions (IOSCO); (iv) the risks associated with the Non-Bank Financial Intermediation (NBFI) sector and interconnectedness with other financial and non-financial actors; and (v) “the mutual desire to promote multilateral cooperation around risk management in global derivatives and banking markets.” The Working Group participants will continue to engage bilaterally on these issues and others ahead of the next meeting, planned for later this year.


    Financial Crimes Department of Treasury Of Interest to Non-US Persons UK Federal Reserve FDIC OCC SEC Bank Regulatory CFTC

    Share page with AddThis
  • OCC reports on cybersecurity and financial system resilience

    Privacy, Cyber Risk & Data Security

    Recently, the OCC released its annual report on cybersecurity and financial system resilience, which describes its cybersecurity policies and procedures, including those adopted in accordance with the Federal Information Security Modernization Act. According to the report, cybersecurity and operational resilience are “top issues for the federal banking system.” The OCC also noted that it has implemented regulations and standards requiring banks to implement information security programs and protect confidential information. For example, the Interagency Guidelines Establishing Standards for Safety and Soundness Standards “require insured banks to have internal controls and information systems appropriate for the size of the institution and for the nature, scope, and risk of its activities and that provide for, among other requirements, effective risk assessment and adequate procedures to safeguard and manage assets.” OCC regulations also, among other things, require banks to file Suspicious Activity Reports when a known or suspected violation of federal law or a suspicious transaction related to illegal activity, or a violation of the Bank Secrecy Act is detected. In regard to examination manuals, the OCC also noted that it uses a risk-based supervision process to evaluate banks’ risk management, identify material and emerging concerns, and require banks to take corrective action when warranted. The report also discussed current and emerging cybersecurity and resilience threats to the banking sector, which include ransomware, account takeover, supply chain risks, and geopolitical threats. Additionally, the OCC noted that it “monitor[s] longer-term technology developments, which may affect cybersecurity and resilience in the future.” The use of artificial intelligence, including machine learning, is one such development that may impact cybersecurity, according to the OCC.

    Privacy, Cyber Risk & Data Security OCC Bank Regulatory Bank Secrecy Act Artificial Intelligence

    Share page with AddThis