InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Democrats ask OCC to rescind crypto guidance
On August 10, four U.S. Democratic Senators sent a letter to acting Comptroller of the Currency Michael Hsu urging the OCC to rescind November 2021 guidance permitting national banks to engage in certain cryptocurrency activities. According to the letter, the Senators “are concerned that the OCC’s actions on crypto may have exposed the banking system to unnecessary risk, and ask that [Hsu] withdraw existing interpretive letters that have permitted banks to engage in certain crypto-related activities.” The letter noted that the OCC unilaterally released interpretive letters related to cryptocurrencies in July 2020 (Interpretive Letter 1170), October 2020 (Interpretive Letter 1172), and January 2021 (Interpretive Letter 1174). In the letters, the Senators noted, the OCC determined that banks were permitted to engage in certain crypto-related activities, which include, among other things: (i) “providing cryptocurrency custody service for customers”; (ii) “holding deposits that serve as reserves for certain stablecoins”; and (iii) “operating independent node verification networks [] and stablecoins for payment activities.” The Senators argued that the letters “granted banks unfettered opportunity to engage in certain crypto activities and remain problematic” after the OCC issued another interpretive letter (Interpretive Letter 1179) under Hsu attempting to limit the risks posed by the policies set forth in the earlier letters. The Senators asked Hsu to provide information so that they can “better understand banks’ exposure to the crypto market” by August 24. The Senators also urged Hsu to work with the Fed and FDIC on replacing his agency’s existing crypto guidance with a more “comprehensive approach.”
Fed announces individual capital requirements for all large banks
On August 4, the Federal Reserve Board announced the individual capital requirements for all large banks, which are in part determined by the Board’s stress test results that provide a risk-sensitive and forward-looking assessment of capital needs. According to the Fed, the total common equity tier 1 (CETI) capital requirement for each bank is made up of several components, including a minimum CET1 capital requirement for all banks of 4.5 percent; a stress capital buffer that is determined from the supervisory stress test results and is at least 2.5 percent; and, if applicable, a capital surcharge for global systemically important banks (G-SIB) of at least 1 percent. The requirements are effective October 1.
Agencies seek comment on renewing FFIEC’s cybersecurity assessment tool
On August 8, the OCC, the Federal Reserve Board, the FDIC, and the NCUA (collectively, “Agencies”) issued a notice in the Federal Register soliciting comments on the renewal of the Federal Financial Institutions Examination Council’s cybersecurity assessment tool. According to the notice, the Agencies are seeking comment on, among other things: (i) “[w]hether the collection of information is necessary for the proper performance of the functions of the agencies, including whether the information has practical utility”; (ii) “[t]he accuracy of the Agencies’ estimates of the burden of the collection of information; (iii) how to “enhance the quality, utility, and clarity of the information to be collected”; and (vi) “minimize[ing] the burden of the collection on respondents.” Comments are due 30 days after publication in the Federal Register.
FDIC issues 2022 Supervisory Insights
On August 3, the FDIC released its summer 2022 issue of Supervisory Insights, which contains an article discussing financial performance and examination observations about commercial real estate (CRE) lending risk management practices and an article describing the application of capital, investment, and financial reporting requirements for the issuance of and investment in subordinated debt. The article, Commercial Real Estate: An Update on Bank Lending Amid the Evolving Pandemic Backdrop, discusses the financial performance of banks concentrated in CRE lending as well as examination observations about CRE lending risk management practices. The article also describes the FDIC’s forward-looking supervisory focus for banks with significant exposure in this sector. The FDIC noted that inflation, rising interest rates, and supply chain challenges are possible determinants of increased risk. The article, Subordinated Debt: Issuance and Investment Considerations, “is intended to help financial institutions better understand the applicable capital, investment, and financial reporting requirements for the issuance of and investment in subordinated debt.” According to the FDIC, a key takeaway of Subordinated Debt Investments is that “[i]nstitutions may generally only purchase investment grade subordinated debt securities that are permissible investments for national banks.”
FDIC, OCC announce disaster relief
On August 3, the FDIC issued FIL-38-2022 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Kentucky affected by severe storms, flooding, landslides and mudslides that began July 26 and is ongoing. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and suggested that institutions work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are done “in a manner consistent with sound banking practices.” The FDIC noted that institutions may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The agency will also consider relief from certain reporting and publishing requirements.
The same week the OCC issued a proclamation permitting OCC-regulated institutions, at their discretion, to close offices affected by flooding in Kentucky “for as long as deemed necessary for bank operation or public safety.” The proclamation directed institutions to OCC Bulletin 2012-28 for further guidance on actions they should take in response to natural disasters and other emergency conditions. According to the 2012 Bulletin, only bank offices directly affected by potentially unsafe conditions should close, and institutions should make every effort to reopen as quickly as possible to address customers’ banking needs.
Hsu discusses cybersecurity risks to financial sector
On August 2, acting Comptroller of the Currency Michael J. Hsu delivered remarks before the Joint Meeting of the Financial and Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council focusing on cybersecurity risks to the financial services sector. Hsu called for collaboration among public and private sector stakeholders to safeguard the financial services sector. Hsu noted that the financial services sector has done “a good job of building cyber defenses and working with law enforcement and the regulatory community to guard against attacks,” but warned that “we cannot be complacent.” He noted that the OCC has recently observed increases in cyberattack frequency and severity against financial institutions and service providers, and that cyberattacks, such as ransomware, have risks beyond financial loss. Hsu added that “disruption to financial services can significantly impact banks’ abilities to deliver critical services to their customers and has the potential to affect the broader economy.” He also stressed that banks “need to assess both the potential impact cyber incidents may have on their own institution and the impact a cyber disruption may have on the broader financial system.” He also stated that cybersecurity breaches have been caused or intensified by the failure to have effective controls in three areas: (i) authentication; (ii) systems configuration and patch management; and (iii) cyber response and resilience capabilities. Hsu concluded by emphasizing the OCC’s commitment “to working with CISA, our financial sector counterparts, and other sectors to ensure that we have strong partnerships across the government.”
Agencies seek comment on CRE loan statement
On August 2, the FDIC, OCC, and NCUA (collectively, “the agencies”) issued a notice in the Federal Register soliciting public comment on an updated policy statement regarding accommodations and workouts for commercial real estate (CRE) loans whose borrowers are experiencing financial difficulty. In 2009, the Policy Statement on Prudent Commercial Real Estate Loan Workouts was issued by the FFIEC, which the agencies view “as being useful for both agency staff and financial institutions in understanding risk management and accounting practices for [] CRE loan workouts.” Among other things, the statement would include (i) a new section on short-term loan accommodations; (ii) information about changes in accounting principles since 2009; and (iii) revisions and additions to examples of CRE loan workouts. The new updated statement would also “address relevant accounting changes on estimating loan losses and provide updated examples of how to classify and account for loans modified or affected by loan accommodations or loan workout activity.” Specifically, the agencies seek input on how the document reflects sound practices in CRE loan accommodation and what additional information can be included to optimize the guidance of managing CRE loan portfolios.
FDIC, Fed issue CDO against crypto brokerage firm
On July 28, the FDIC and the Federal Reserve Board issued a joint letter demanding that a crypto brokerage firm cease and desist from making false and misleading statements regarding the company’s FDIC deposit insurance status and take immediate corrective action to address these false statements. The agencies claimed that the firm made false and misleading representations online, including on its website, stating or suggesting that: (i) it is FDIC–insured; (ii) customers who invested with the firm’s cryptocurrency platform would receive FDIC insurance coverage for all funds provided to, and held by, the firm; and (iii) the FDIC would insure customers against the failure of the firm. The FDIC noted that the false and misleading statements Violate the FDIC Act. The FDIC demanded that the firm take corrective actions by removing the misrepresentations or false statements and provide written confirmation to the FDIC and Board of Governors that it has fully complied with the removal request within two days.
FDIC issues advisory on crypto companies’ deposit insurance claims
On July 29, the FDIC announced an advisory addressing certain misrepresentations about FDIC deposit insurance made by some crypto companies. The advisory, among other things, reminded insured banks that they must be aware of how FDIC insurance operates as well as the need to assess, manage, and control risks arising from third-party relationships, including those with crypto companies. The advisory noted that recently “some crypto companies have suspended withdrawals or halted operations," and that in certain cases, "these companies have represented to their customers that their products are eligible for FDIC deposit insurance coverage, which may lead customers to believe, mistakenly, that their money or investments are safe.” In dealing with crypto companies, the agency cautioned that “FDIC-insured banks should confirm and monitor that these companies do not misrepresent the availability of deposit insurance.” The FDIC also issued a Fact Sheet reminding the public that the FDIC only insures deposits held in insured banks and savings associations and only in the event of an insured bank’s failure. The FDIC does not insure assets issued by non-bank entities, such as crypto companies.
FDIC releases June enforcement actions
On July 29, the FDIC released a list of administrative enforcement actions taken against banks and individuals in June. During the month, the FDIC made public twelve orders consisting of “three consent orders, one order to pay civil money penalty, four orders of prohibition, one section 19 order, one order terminating consent order, two orders of termination of insurance, one Notice of Intention to Prohibit from Further Participation, Notice of Assessment of Civil Money Penalties, Findings of Fact and Conclusions of Law, Order to Pay, Notice of Hearing, and Prayer for Relief.” The FDIC imposed a civil money penalty against a Missouri-based bank for alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank “made, increased, extended or renewed a loan secured by a building or mobile home located or to be located in a special flood hazard area without providing timely notice to the borrower and/or the servicer as to whether flood insurance was available for the collateral.” The bank must pay a $7,000 civil money penalty.
The actions also include a consent order with a Georgia-based bank, which alleged that the bank violated “law or regulation related to weaknesses in the Bank’s compliance with the Bank Secrecy Act.” According to the consent order, the bank must, among other things: (i) “enhance its oversight of the Bank’s BSA/AML Compliance Program and assume full responsibility for the approval of sound BSA/AML policies, procedures, and processes”; (ii) “revise, adopt, and implement a written BSA/AML Compliance Program, including policies and procedures”; and (iii) “review and revise as appropriate its written policies, procedures, and processes for assessing the money laundering, terrorist financing, and other illicit financial activities risk profile of the Bank.”