Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Agencies update CRA Covid-19 FAQs

    Federal Issues

    On March 8, the OCC, Federal Reserve Board, and the FDIC released updated Community Reinvestment Act (CRA) FAQs related to Covid-19. The FAQs, first issued last May (covered by InfoBytes here), provide guidance for financial institutions and examiners regarding CRA consideration for activities taken in response to the pandemic. Highlights of the five new FAQs include:

    • Banks cannot receive CRA service test consideration for Paycheck Protection Program (PPP)-related activities; however, the agencies recognize that because the PPP loan program responds to community credit needs, PPP activities will be considered under the CRA lending test when evaluating flexible or innovative lending programs offered by a bank.
    • Banks should not report PPP loans that have been rescinded or returned under the SBA’s safe harbor on their CRA loan register. Moreover, examiners will not consider these loans in their CRA evaluations of banks during the applicable time period.
    • PPP loans over $1 million in low- or moderate-income geographies or in distressed or underserved nonmetropolitan middle-income geographies “will be considered an eligible community development activity.”
    • As noted in a joint statement released by the agencies last year (covered by InfoBytes here), favorable CRA consideration will be given to banks providing retail banking services and retail lending activities that respond to the needs of affected low- and moderate-income (LMI) individuals, small businesses, and small farms consistent with safe and sound banking practices. These activities may include waiving ATM fees, overdraft fees, and early withdrawal penalties on certificates of deposit (CDs), or allowing LMI consumers to make draws from a HELOC during the repayment period. The agencies note that allowing LMI consumers “to make a withdrawal from an IRA as allowed under the CARES Act, or to draw on a HELOC during the draw period are routine banking services and, as such, are not eligible for CRA consideration.”
    • The agencies will consider community development services provided virtually by bank representatives on an individual level based on the event and the benefitted assessment area.

    Federal Issues Covid-19 CRA OCC Federal Reserve FDIC SBA CARES Act Bank Regulatory

    Share page with AddThis
  • Fed extends PPP Liquidity Facility through June 30

    Federal Issues

    On March 8, the Federal Reserve Board announced the extension of the Paycheck Protection Program Liquidity Facility (PPPLF) through June 30. The PPPLF was rolled out last year to provide liquidity to banks making loans to small businesses pursuant to the Small Business Administration’s Paycheck Protection Program at the start of the Covid-19 pandemic (covered by InfoBytes here). The Board noted, however, that the remaining Covid-19 lending facilities—the Commercial Paper Funding Facility, the Money Market Mutual Fund Liquidity Facility, and the Primary Dealer Credit Facility—will terminate March 31 as planned.

    Federal Issues Federal Reserve SBA Covid-19 Bank Regulatory

    Share page with AddThis
  • NYDFS, mortgage lender reach $1.5 million cyber breach settlement

    State Issues

    On March 3, NYDFS announced a settlement with a mortgage lender to resolve allegations that the lender violated the state’s cybersecurity regulation (23 NYCRR Part 500) by failing to report it was the subject of a cyber breach in 2019. Under Part 500.17, regulated entities are required to provide timely notice to NYDFS when a cybersecurity event involves harm to customers (see FAQs here). A July 2020 examination revealed that the cyber breach involved unauthorized access to an employee’s email account, which could have provided access to personal data, including social security and bank account numbers. NYDFS also claimed that the lender allegedly failed to implement a comprehensive cybersecurity risk assessment as required by 23 NYCRR Part 500. Under the terms of the consent order, the lender will pay a $1.5 million civil monetary penalty, and will make further improvements to strengthen its existing cybersecurity program to ensure compliance with 23 NYCRR Part 500. NYDFS acknowledged that the mortgage lender had controls in place at the time of the cyber incident and implemented additional controls since the incident. NYDFS also acknowledged the mortgage lender’s “commendable” cooperation throughout the examination and investigation and stated that the lender had demonstrated its commitment to remediation.

    State Issues State Regulators NYDFS Enforcement Privacy/Cyber Risk & Data Security Settlement Mortgages Data Breach 23 NYCRR Part 500 Bank Regulatory

    Share page with AddThis
  • FFIEC updates BSA/AML examination manual

    Agency Rule-Making & Guidance

    On February 25, the FFIEC published updated versions of four sections of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (Manual), which provides examiners with instructions for assessing a bank’s or credit union’s BSA/AML compliance program and compliance with BSA regulatory requirements. The revisions can be identified by a 2021 date on the FFIEC BSA/AML InfoBase and include the following updated sections: Assessing Compliance with Bank Secrecy Act Regulatory Requirements, Customer Identification Program, Currency Transaction Reporting, and Transactions of Exempt Persons. The FFIEC notes that the “updates should not be interpreted as new instructions or as a new or increased focus on certain areas,” but are intended to “offer further transparency into the examination process and support risk-focused examination work.” In addition, the Manual itself does not establish requirements for financial institutions as these requirements are found in applicable statutes and regulations. (See also FDIC FIL-12-2021 and OCC Bulletin 2021-10.)

    Agency Rule-Making & Guidance FDIC Federal Reserve OCC FFIEC NCUA Bank Secrecy Act Anti-Money Laundering Of Interest to Non-US Persons Financial Crimes Bank Regulatory

    Share page with AddThis
  • FDIC releases January enforcement actions

    Federal Issues

    On February 26, the FDIC released a list of administrative enforcement actions taken against banks and individuals in January. During the month, the FDIC issued 11 orders consisting of “two consent orders, two section 19 orders, two prohibition orders, two orders to pay civil money penalties, one order terminating consent order, and two orders terminating consent orders and orders for restitution.” Among the orders is a civil money penalty issued against a Tennessee-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claims that the bank (i) failed to provide required lender-placed flood insurance notices to borrowers about the availability of flood insurance under the National Flood Insurance Act; (ii) provided an incomplete lender-placed flood insurance notice to a borrower; (iii) allowed flood insurance to lapse during the terms of several loans without placing flood insurance on borrowers’ behalf; (iv) failed to maintain an adequate amount of flood insurance; and (v) failed to provide timely notice of special flood hazards and the availability of federal disaster relief assistance. The order requires the payment of a $4,000 civil money penalty.

    Federal Issues FDIC Enforcement Flood Insurance Flood Disaster Protection Act National Flood Insurance Act Mortgages Bank Regulatory

    Share page with AddThis
  • FDIC releases fair lending videos

    Agency Rule-Making & Guidance

    On February 23, the FDIC released nine technical assistance videos on fair lending compliance. The videos provide FDIC-supervised institutions with a high-level overview on ways to assess and mitigate fair lending risk and understand how examiners evaluate fair lending compliance. Information provided in the videos includes: (i) an overview of federal fair lending laws and regulations for bank directors and senior managers; (ii) ways a bank’s compliance management system can mitigate fair lending risk; (iii) a discussion on how FDIC examiners evaluate fair lending risk during consumer compliance examinations; and (iv) commentary on the following specific fair lending risk factors, one each for overt discrimination, underwriting, pricing, steering, redlining, and marketing.

    Agency Rule-Making & Guidance FDIC Examination Fair Lending Bank Regulatory

    Share page with AddThis
  • Agencies provide Texas winter storm guidance

    Federal Issues

    On February 22, the Federal Reserve Board, OCC, FDIC, NCUA, and the Conference of State Bank Supervisors issued a joint statement covering supervisory practices for financial institutions affected by winter storms in Texas. Among other things, the agencies called on financial institutions to “work constructively” with affected borrowers, noting that “prudent efforts” to adjust or alter loan terms in affected areas “should not be subject to examiner criticism.” Institutions facing difficulties in complying with any publishing and reporting requirements should contact their primary federal and/or state regulator. Additionally, the agencies noted that institutions may receive Community Reinvestment Act consideration for community development loans, investments, and services that revitalize or stabilize federally designated disaster areas. Institutions are also encouraged to monitor municipal securities and loans impacted by the winter storms.

    Additionally, HUD announced it will make disaster assistance available to Texas by providing foreclosure relief and other assistance to homeowners living in counties affected by the severe winter storms. Specifically, HUD is providing an automatic 90-day moratorium on foreclosures of FHA-insured home mortgages for covered properties in the affected counties and is making mortgage insurance available to those victims whose homes were destroyed or severely damaged. Additionally, HUD’s Section 203(k) loan program will allow individuals who have lost homes to finance the purchase of a house, or refinance an existing house along with the costs of repair, through a single mortgage. The program will also allow homeowners with damaged property to finance the rehabilitation of existing single-family homes.

    Federal Issues FDIC Federal Reserve CSBS NCUA OCC Disaster Relief HUD Mortgages FHA Bank Regulatory

    Share page with AddThis
  • Agencies propose Call Report asset threshold relief

    Agency Rule-Making & Guidance

    On February 18, the FDIC, Federal Reserve Board, and the OCC published a joint notice and request for comments on changes to three versions of the Call Report—FFIEC 031, FFIEC 041, and FFIEC 051. The reporting changes, first proposed by the agencies last year, will provide relief to financial institutions with under $10 billion in total assets as of December 31, 2019, by allowing them “to use the lesser of the total consolidated assets reported in its Call Report as of December 31, 2019, or June 30, 2020, when determining whether the institution has crossed certain total asset thresholds to report additional data items in its Call Reports for report dates in calendar year 2021.” The agencies also outline specific thresholds that limit certain eligibility for streamlined Call Reports or that require the reporting of certain additional data items. This relief will only be allowed for calendar year 2021. The agencies will also allow financial institutions that temporarily exceed the $10 billion total asset threshold to use the community bank leverage ratio framework in Call Report Schedule RC R from December 31, 2020, through December 31, 2021, provided the institution meets the other qualifying criteria for this framework. Comments on the proposed changes are due March 22.

    Agency Rule-Making & Guidance FDIC Federal Reserve OCC Call Report FFIEC Bank Regulatory

    Share page with AddThis
  • NYDFS: Global social media company must prevent app developers from transmitting users’ sensitive data

    State Issues

    On February 18, New York Governor Andrew M. Cuomo accepted a report detailing the findings of an NYDFS investigation into whether sensitive personal information, including medical and personal data, was shared with a global social media company by application and website developers without users’ consent or knowledge. In 2019, the governor directed NYDFS to perform an investigation into the company’s collection of sensitive personal data from smartphone apps after a media report emerged that claimed app developers regularly sent sensitive data to the company. According to the NYDFS press release, the report’s findings conclude, among other things, that inadequate controls at the company allowed sensitive data to be wrongfully shared, and that the company “did little to track whether app developers were violating its policies” and to date has taken “no real action against developers” that transmit the data. The report outlines various remedial measures the company has undertaken as a result of the investigation, including (i) building and implementing a screening system to identify and block sensitive information prior to entering the company’s system; (ii) enhancing app developer education to better inform developers that they are obligated to avoid transmitting sensitive data; and (iii) taking measures to provide users more control over data that is collected about them, including from off-company activity. The report also includes recommendations for the company to implement to better protect consumer privacy and ensure app developers “are fully aware of the prohibition” on transmitting sensitive data. The steps include that the company should “do more [] to prevent developers from transmitting sensitive data in the first place rather than simply relying so heavily on a back-end screening system.” The report also urges the company to “undertake significant additional steps to police its own rules” by putting in place appropriate consequences for doing so.

    State Issues NYDFS Privacy/Cyber Risk & Data Security State Regulators Consumer Protection Bank Regulatory

    Share page with AddThis
  • OCC releases recent enforcement actions

    Federal Issues

    On February 18, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included among the actions is a January 8 civil money penalty order against an Illinois-based bank, which requires the payment of $193,105 for an alleged pattern or practice of violations of the Flood Disaster Protection Act and its implementing regulations.

    Federal Issues OCC Enforcement Flood Disaster Protection Act Bank Regulatory

    Share page with AddThis

Pages