InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Fed to launch CECL tool for community banks
On July 1, the Federal Reserve Board announced plans to launch a new tool to assist community banks with assets of less than $1 billion implement the Current Expected Credit Losses (CECL) accounting standard. The new spreadsheet-based tool, known as the “Scaled CECL Allowance for Losses Estimator” (or SCALE) will use publicly available regulatory and industry data and is intended to simplify CECL compliance for community banks. The SCALE tool will be launched during an “Ask the Fed” webinar on July 15.
CFPB focuses on racial bias in home appraisals
On July 2, the CFPB announced its prioritization of resources to focus on the role of racial bias in home appraisals. According to the CFPB, undervaluation of homes based on race further drives the racial wealth divide and overvaluation of homes also puts family wealth at risk, leading to higher rates of foreclosure. On June 15, the CFPB hosted a home appraisal bias event where the NCUA, OCC, and HUD discussed insights on the role of racial bias in home appraisals, which led to conversations on how to collaborate with stakeholders in eliminating racial bias and other inequities in housing. The Bureau also noted it is “pleased to participate” in President Biden’s new interagency initiative to address inequity in home appraisals. The announcement offers numerous tools, among other resources, such as a joint housing website for those needing help paying their mortgage or rent, particularly in light of the CDC’s moratorium expiring on July 31, and a link to HUD’s Fair Housing and Equal Opportunity office for victims of appraisal bias.
Fed announces flood insurance violations
On July 1, the Federal Reserve Board announced an enforcement action against a Tennessee-based bank for alleged violations of the National Flood Insurance Act (NFIA) and Regulation H. The consent order does not specify the number or the precise nature of the alleged violations of the NFIA or Regulation H, and the bank was assessed a $8,000 civil money penalty for an alleged pattern or practice of violations.
FDIC Chairman discusses innovation in banking
On June 29, FDIC Chairman Jelena McWilliams spoke at the “Fintech: A Bridge to Economic Inclusion” conference on technology’s role in creating and facilitating a more inclusive financial system. McWilliams noted that while the proportion of U.S. households that were banked in 2019 was 94.6 percent, 7 million households still reported no banking relationship. Moreover, she noted that “the rates for Black and Hispanic households who do not have a checking or savings account at a bank remain substantially higher than the overall ‘unbanked’ rate.” McWilliams discussed the FDIC’s multi-pronged approach to tackle the issue of financial inclusion, which includes: (i) looking at financial innovations in the private sector; (ii) taking steps, including hosting tech sprints, to identify solutions; (iii) coordinating with Minority Depository Institutions and Community Development Financial Institutions; and (iv) conducting targeted public awareness campaigns on the importance of having a banking relationship. In explaining the initiatives, McWilliams pointed out that encouraging the use of alternative data that is not usually found in consumer credit files can “help firms evaluate the creditworthiness of consumers who might not otherwise have access to credit in the mainstream credit system.” She also discussed the use of artificial intelligence, updating brokered deposits rulemaking, and establishing a public/private standard-setting organization for due diligence of vendors and for the technologies they develop. According to McWilliams, “FDiTech is also leading tech sprints to identify data, tools, and technology to help community banks meet the needs of the unbanked, including how to measure impact.” (Covered by InfoBytes here.) McWilliams concluded her remarks by explaining that “[a]lthough the FDIC has limited ability to address directly the issue of unbanked Americans, there are things that [it] can do – and which [it is] doing – to foster innovation across all banks and to reduce the regulatory cost of and barriers to innovation.”
Biden signs repeal of OCC’s “true lender” rule
On June 30, President Biden signed S.J. Res. 15, repealing the OCC’s “true lender” rule pursuant to the Congressional Review Act. Issued last year, the final rule amended 12 CFR Part 7 to state that a bank makes a loan when, as of the date of origination, it either (i) is named as the lender in the loan agreement, or (ii) funds the loan. The final rule also provided that if “one bank is named as the lender in the loan agreement and another bank funds the loan, the bank that is named as the lender in the loan agreement makes the loan.” (Covered by InfoBytes here.)
NYDFS issues ransomware guidance
On June 30, NYDFS announced new guidance for preventing ransomware attacks. In the guidance, NYDFS identified cybersecurity controls that decrease the risk of a ransomware attack. In examining ransomware incidents reported by its regulated entities over the past year and a half, NYDFS observed that incidents follow a similar pattern where “hackers enter a victim’s network, obtain administrator privileges once inside, and then use those elevated privileges to deploy ransomware, avoid security controls, steal data, and disable backups.” Following guidance from the Federal Bureau of Investigation, NYDFS recommended that companies avoid making ransomware payments if their networks are compromised. NYDFS also urged all regulated entities to prepare for a ransomware attack by implementing measures such as: (i) training employees in cybersecurity awareness; (ii) implementing a vulnerability and patch management program; (iii) utilizing multi-factor authentications and strong passwords; (iv) using monitoring and response to detect intruders; (v) and having a ransomware-specific incident response plan. NYDFS Superintendent Linda A. Lacewell noted that “[c]ybercriminals are not only extorting individual companies but also jeopardizing the stability of the financial services industry.”
FFIEC releases “Architecture, Infrastructure, and Operations” booklet
On June 30, the Federal Financial Institutions Examinations Council (FFIEC) published the “Architecture, Infrastructure, and Operations” booklet of the FFIEC Information Technology Examination Handbook, which provides guidance to examiners on assessing the risk profile and adequacy of an entity’s information technology architecture, infrastructure, and operations (AIO). According to FDIC FIL-47-2021, the booklet, among other things: (i) describes the principles and practices that examiners should review in order to assess an entity’s AIO functions; (ii) focuses on “enterprise-wide, process-oriented approaches regarding the design of technology within the overall enterprise and business structure, implementation of information technology infrastructure components, and delivery of services and value for customers”; and (iii) mentions “assessing an entity’s governance of common AIO-related risks, enterprise-wide IT architectural planning and design, implementation of virtual and physical infrastructure, and on assessing an entity’s related operational controls.” In addition, according to an OCC announcement, the booklet discusses how appropriate governance of the AIO functions and related activities can: (i) promote risk identification across banks, nonbank financial institutions, bank holding companies, and third-party providers; (ii) support implementation of effective risk management; (iii) assist management through the regular assessment of an entity’s strategies; and (iv) promote alignment and integration between the functions. The booklet replaces the Operations booklet issued in July 2004.
FinCEN issues first government-wide AML/CFT priorities
On June 30, the Financial Crimes Enforcement Network (FinCEN) issued the first government-wide priorities for anti-money laundering and countering the financing of terrorism (AML/CFT) policy (AML/CFT Priorities) pursuant to the Anti-Money Laundering Act of 2020 (AML Act). The AML/CFT Priorities were established in consultation with the Treasury Department’s Office of Foreign Assets Control, SEC, CFTC, IRS, state financial regulators, law enforcement, and national security agencies, and highlight key threat trends as well as informational resources to assist covered institutions manage their risks and meet their obligations under laws and regulations designed to combat money laundering and counter terrorist financing. According to the AML/CFT Priorities, the most significant AML/CFT threats currently facing the U.S. (in no particular order) are corruption, cybercrime, domestic and international terrorist financing, fraud, transnational criminal organization activity, drug trafficking organization activity, human trafficking and human smuggling, and proliferation financing. FinCEN further noted it will update the AML/CFT Priorities to highlight new or evolving threats at least once every four years as required under the AML Act, and issued a separate statement providing additional clarification for covered institutions.
Separately, the Federal Reserve Board, FDIC, NCUA, OCC, state bank and credit union regulators, and FinCEN also issued a joint statement providing clarity for banks on the AML/CFT Priorities. The statement emphasized that the publication of the AML/CFT Priorities “does not create an immediate change to Bank Secrecy Act (BSA) requirements or supervisory expectations for banks.” Rather, within 180 days of the establishment of the AML/CFT Priorities, FinCEN will promulgate regulations, as appropriate, in consultation with the federal functional regulators and relevant state financial regulators. The federal banking agencies noted that they intend to revise their BSA regulations as needed to address how the AML/CFT priorities will be incorporated into BSA requirements for banks, adding that banks will not be required to incorporate the AML/CFT Priorities into their risk-based BSA compliance programs until the effective date of the final revised regulations. However, banks may choose to begin considering how they intend to incorporate the AML/CFT Priorities, “such as by assessing the potential related risks associated with the products and services they offer, the customers they serve, and the geographic areas in which they operate.” Moreover, the statement confirmed that federal and state examiners will not examine banks for the incorporation of the AML/CFT Priorities into their risk-based BSA programs until the final revised regulations take effect.
NYDFS announces fair lending settlements with indirect auto lenders
On June 29, NYDFS announced settlements with two New York banks to resolve allegations that the banks violated New York Executive Law § 296-a while engaged in indirect automobile lending. NYDFS alleged that the banks’ practices resulted in members of protected classes paying higher interest rates that were not based on creditworthiness. According to NYDFS, the banks failed to monitor “dealers that were charging members of protected classes, namely race and ethnicity, more in discretionary Dealer Markups than borrowers identified as non-Hispanic White.”
Under the terms of the first consent order, the bank—which had voluntarily discontinued its indirect auto lending program in November 2017—agreed to pay a $275,000 civil money penalty, provide restitution to eligible impacted borrowers, and make a $50,000 contribution to local community development organizations. The second bank agreed to “move to a flat-fee business model in connection with indirect auto lending,” provide restitution to impacted borrowers, and undertake fair lending compliance remediation efforts to increase its monitoring of dealers participating in its indirect auto lending program. The consent order also requires the payment of a $350,000 civil money penalty.
FDIC outlines revised approach for insured depository institution resolution planning
On June 25, the FDIC announced PR-58-2021, which outlines a modified approach to implementing its rule requiring insured depository institutions (IDIs) with $100 billion or more in total assets (CIDIs) to submit resolution plans under the Federal Deposit Insurance Act. Among other things, the modified approach extends the resolution plan’s submission frequency to a three-year cycle and lays out new details regarding the FDIC’s emphasis on engagement with firms. The new approach “exempts filers from other content requirements that have been less useful or are obtainable through other supervisory channels.” In addition, on a case-by-case basis, the FDIC plans to “expressly exempt certain content requirements based on the FDIC’s evaluation of how useful or material the information would be in planning to resolve the specified CIDI.” Resolution plans will be submitted in two groups. The first group will contain IDIs whose top tier parent company is not regarded as a U.S. global systemically important bank or a category II banking organization. The second group encompass all other IDIs with $100 billion or more in total assets. For institutions with less than $100 billion in total assets, the moratorium on submission of IDI plans announced in November 2018 remains in effect.