InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC revises guidance on change in bank control
On February 16, the OCC released an updated version of the “Change in Bank Control” booklet of the Comptroller’s Licensing Manual. According to OCC Bulletin 2023-7, the revised licensing booklet—which outlines OCC policies and procedures regarding filings by persons who wish to acquire control of a national bank or federal savings association “through the purchase, assignment, transfer, pledge, exchange, succession, or other disposition of voting stock”—removes references to outdated guidance, provides current references to relevant guidance, and makes other minor modifications and corrections throughout. The booklet applies to all national banks, federal savings associations, and federal branches and agencies of foreign banking organizations.
FDIC orders entities to stop making fraudulent deposit insurance representations
On February 15, the FDIC sent letters to four entities demanding that they stop making false or misleading representations about FDIC deposit insurance. Letters were sent to a cryptocurrency exchange and to a nonbank financial services provider demanding that the entities cease and desist from making false and misleading statements about FDIC deposit insurance and take immediate corrective action to address these statements. The FDIC also sent letters to two websites ordering them to remove similar false and misleading statements claiming that the crypto exchange and the nonbank financial services provider are FDIC-insured and that FDIC insurance will protect customers’ cryptocurrency or protect customers in the event of the nonbank’s failure. Under the Federal Deposit Insurance Act, persons are prohibited “from representing or implying that an uninsured product is FDIC-insured or from knowingly misrepresenting the extent and manner of deposit insurance.”
Bowman discusses bank and third-party cyber risk management expectations
On February 15, Federal Reserve Board Governor Michelle W. Bowman delivered remarks at the Midwest Cyber Workshop, during which she discussed topics related to third-party service provider reliance and regulatory expectations concerning cyber risk management. “While we expect banks to be in touch with us when an event happens, cyber events should not be the first time a cyber-risk conversation occurs between a bank and its regulator.” Community banks frequently cite cybersecurity as one of the top risks facing the banking industry, Bowman said, adding that bankers have mentioned difficulties in attracting and retaining the staff needed to mitigate cyber risk. She also noted that ransomware disproportionately impacts smaller banks that might not “have sufficient resources to protect against these attacks.”
Pointing out that banks are becoming increasingly reliant on third-party service providers, Bowman said regulators should “consider the appropriateness of shifting the regulatory burden from community banks to more efficiently focus directly on service providers.” Regulators have authority to do so under the Bank Service Company Act, Bowman said, adding that “[i]n a world where third parties are providing far more of these services, it seems to me that these providers should bear more responsibility to ensure the outsourced activities are performed in a safe and sound manner.” She also referenced a 2021 final rule that requires banks to timely notify their primary federal regulator in the event of a significant computer-security incident within 36 hours after the banking organization determines that a cyber incident has taken place (covered by InfoBytes here). The reporting process, Bowman said, is also intended to streamline small banks’ efforts to monitor service providers (which are required to notify a bank-designated point of contact at each affected customer bank when a computer-security incident has occurred).
“We look forward to working with you to assist in clarifying expectations, applying regulatory guidance or seeking feedback on cyber-risk management strategies,” Bowman said. “We encourage bank management teams to engage with regulatory points of contact whenever questions arise on cybersecurity matters just as with any other regulatory matter.”
Brainard resigns as Fed vice chair to join Biden economic team
On February 14, President Biden appointed Federal Reserve Board Vice Chair Lael Brainard to serve as Director of the National Economic Council (NEC). Touting Brainard’s domestic and international economic expertise, Biden said she will be the second female director of the NEC. Brainard submitted her resignation from the Fed the same day, effective on or around February 20. Brainard has been a Fed Board member since June 2014, and has served as vice chair since May 2022. During her time at the Board, Brainard “chaired multiple committees, including the Committee on Financial Stability, the Committee on Economic and Monetary Affairs, the Committee on Payments, Clearing, and Settlement, and the Committee on Board Affairs, among others.” Brainard also served as chair of the Federal Open Market Committee's communication subcommittee, and has represented the Board internationally, including at the Bank for International Settlements, the Group of Seven, and the Financial Stability Board.
Agencies cite need to update bank merger evaluation framework
On February 10, OCC Senior Deputy Comptroller and Chief Counsel Ben W. McDonough spoke before the OCC Banker Merger Symposium about the future of bank merger policy. Acting Comptroller of the Currency Michael J. Hsu’s prepared remarks, which were delivered on his behalf by McDonough, stressed the need to update the framework used for analyzing bank mergers. Hsu commented that without necessary enhancements, “there is an increased risk of approving mergers that diminish competition, hurt communities, or present systemic risks,” but cautioned that imposing a moratorium on bank mergers would inhibit growth and improvements that could benefit communities and increase competition. Hsu observed that “many experts have raised questions about the ongoing suitability of the current bank merger standards at a time of intense technological and societal change.” He noted that federal bank regulators currently use the Herfindahl–Hirschman Index (HHI) to assess market concentration—which, while transparent, empirically proven, and efficient—may not be as relevant since the bank merger guidelines were last updated in 1995. Hsu reflected that HHI—which is based solely on deposits—may now be “a less effective predictor of competition across product lines” due to the offering of other banking products, including online and mobile banking. Hsu also said that “the current framework for assessing the financial stability risks of bank mergers bears examining,” as “there is a resolvability gap for large regional banks in that our resolution tools may not be up to the task.” Additionally, Hsu pointed out that it is also critical to analyze a merger’s effects on the communities a bank serves, and that assessing each bank’s Community Reinvestment Act performance and ratings are just a starting point.
Separately, Federal Reserve Governor Michelle W. Bowman touched upon the topic of bank mergers during a speech before the American Bankers Association Community Banking Conference. Bowman discussed topics related to the Fed’s independence in bank regulation, predictability in bank merger applications, and tailoring of regulations and supervision. Among other things, Bowman commented that while the bank merger review framework is the same for all applications, each case varies widely, which “necessitates an in-depth review of each transaction on its own merits.” According to Bowman, “these reviews are most effective when the expectations of the regulators are clear in advance and the parties can reasonably anticipate the application review process.” She pointed to a recent increase in average processing times in the merger review process and expressed concerns about how delays may lead to increased operation risk, as well as fears that “the increase in average processing times will become the new normal.” Bowman said she believes that transparency between regulators and applicants can help to ensure clear expectations about certain potential delays.
Fed cautions banks regarding crypto risks
On February 10, Federal Reserve Board Governor Christopher J. Waller gave a speech on the cryptocurrency ecosystem and digital assets before attendees at the Global Interdependence Center Conference: Digital Money, Decentralized Finance, and the Puzzle of Crypto. Waller provided a broad overview of digital assets and digital ledger technologies and briefly discussed the use of smart contracts in peer-to-peer trading, as well as their potential to automate the execution of certain transactions in non-crypto-assets such as securities transactions. He also highlighted risks associated with another emerging technology—tokenization—which, he explained, “when combined with data vaults to securely store personal information, can be used to trade objects in a way that protects one’s identity from being exploited for profit.” Waller commented that these potential applications could also “lead to substantial productivity enhancements in other industries” beyond the crypto ecosystem.
Waller went on to express support for prudent innovation but expressed concerns about banks engaging in activities that expose them to a heightened risk of fraud, scams, and legal uncertainties. “As with any customer in any industry, a bank engaging with crypto customers would have to be very clear about the customers’ business models, risk-management systems, and corporate governance structures to ensure that the bank is not left holding the bag if there is a crypto meltdown,” Waller stated. “And banks considering engaging in crypto-asset-related activities face a critical task to meet the ‘know your customer’ and ‘anti-money laundering’ requirements, which they in no way are allowed to ignore.”
Agencies release hypothetical scenarios for 2023 bank stress tests
On February 9, the Federal Reserve Board and the OCC released hypothetical economic scenarios for use in the upcoming stress tests for covered institutions. The Fed released supervisory scenarios, which include baseline and severely adverse scenarios. According to the Fed, the stress test evaluates large banks’ resiliency by estimating losses, net revenue, and capital levels under hypothetical recession scenarios that extend two years into the future. The Fed’s stress test also features for the first time “an additional exploratory market shock to the trading books of the largest and most complex banks” to help the agency better assess the potential of multiple scenarios in order to capture a wider array of risks in future stress test exercises. The OCC also released the agency’s scenarios for covered banks and savings associations, which will be used during supervision and will assist in the assessment of a covered institution’s risk profile and capital adequacy.
Barr says AI should not create racial disparities in lending
On February 7, Federal Reserve Board Vice Chair for Supervision, Michael S. Barr, delivered remarks during the “Banking on Financial Inclusion” conference, where he warned financial institutions to make sure that using artificial intelligence (AI) and algorithms does not create racial disparities in lending decisions. Banks “should review the underlying models, such as their credit scoring and underwriting systems, as well as their marketing and loan servicing activities, just as they should for more traditional models,” Barr said, pointing to findings that show “significant and troubling disparities in lending outcomes for Black individuals and businesses relative to others.” He commented that “[w]hile research suggests that progress has been made in addressing racial discrimination in mortgage lending, regulators continue to find evidence of redlining and pricing discrimination in mortgage lending at individual institutions.” Studies have also found persistent discrimination in other markets, including auto lending and lending to Black-owned businesses. Barr further commented that despite significant progress over the past 25 years in expanding access to banking services, a recent FDIC survey found that the unbanked rate for Black households was 11.3 percent as compared to 2.1 percent for White households.
Barr suggested several measures for addressing these issues and eradicating discrimination. Banks should actively analyze data to identify where racial disparities occur, conduct on-the-ground testing to identify discriminatory practices, and review AI or other algorithms used in making lending decisions, Barr advised. Banks should also devote resources to stamp out unfair, abusive, or illegal practices, and find opportunities to support and invest in low- and moderate-income (LMI) communities, small businesses, and community infrastructure. Meanwhile, regulators have a clear responsibility to use their supervisory and enforcement tools to make sure banks resolve consumer protection weaknesses, Barr said, adding that regulators should also ensure that rules provide appropriate incentives for banks to invest in LMI communities and lend to such households.
OCC revises guidance on branch closings
On February 7, the OCC released an updated version of the “Branch Closings” booklet of the Comptroller’s Licensing Manual. According to OCC Bulletin 2023-6, the revised licensing booklet, which outlines policies and procedures for filings and customer notices relating to the closing of national bank and federal savings association branches, removes references to outdated guidance, provides current references, and makes other minor modifications and corrections throughout.
NYDFS implements state CRA revisions
On February 8, NYDFS announced the adoption of updates to the state’s Community Reinvestment Act (CRA) regulation. The final regulation implements amendments to Banking Law § 28-b, and allows the Department to obtain necessary data to evaluate how well regulated banking institutions are serving minority- and women-owned businesses in their communities. These findings will be integrated into institutions’ CRA ratings, NYDFS said. As previously covered by InfoBytes, NYDFS issued proposed revisions last October, announcing that the modifications are intended to minimize compliance burdens by making sure the regulation’s proposed language complements requirements in the CFPB’s proposed rulemaking for collecting data on credit access for small and minority- and women-owned businesses. The final regulation details how regulated institutions must collect and submit the necessary data to NYDFS while abiding by fair lending laws. Regulated institutions must inquire as to whether a business applying for a loan or credit is minority- or women-owned or both, and submit a report to the Department providing application details, such as the date of application, type of credit applied for and the amount, whether the application was approved or denied, and the size and location of the business. The final regulation also includes a form for regulated institutions to use to obtain the required data from business loan applications. NYDFS said it will publish a data submission template in the coming months for regulated institutions to use during CRA evaluations. The final regulation takes effect August 8, and provides for a compliance date six months following the publication of the Notice of Adoption in the State Register. Regulated institutions will also have an additional transition period of three months from the compliance date to comply with certain provisions.