Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FDIC, OCC issue joint notice of heightened cybersecurity risk

    Federal Issues

    On January 16, the FDIC and the OCC announced (FDIC FIL-3-2020, OCC Bulletin 2020-5) the issuance of a joint statement on risk management of current heightened cybersecurity risks. The statement reminds supervised financial institutions to maintain preventative controls and update and test incident response and business continuity plans. It also sets out best practices in these areas for supervised financial institutions.

    The bulletin lists six “key controls” including:

    • Response, resilience and recovery capabilities. Maintain system backups and segment data to prevent spread of malicious activity across the network and to increase recovery capabilities. Incident and business resilience plans should set out cyber attack response and business continuity procedures and a data backup program should be set up and regularly tested. Cyber insurance coverage may further mitigate cyber risk exposure.
    • Identity and access management. Implement identity and access management controls to combat phishing attacks and prevent theft of login credentials. Incorporate risk-based authentication, limit user permissions, and continually monitor user accounts.
    • Network configuration and system hardening. Configure networks with appropriate security settings that are regularly updated. Update anti-malware and routinely test network technology for vulnerabilities.
    • Employee training. Provide continuous training to keep cybersecurity program employees abreast of new cyber threats and evolving social engineering tactics.
    • Security tools and monitoring. Maintain competent cybersecurity staff or service providers to monitor for the most current “threat and vulnerability information,” regularly review audit logs, and establish and test ability to “detect and respond to attacks.”
    • Data protection. Encrypt “sensitive and critical data,” which should also be accurately classified to ensure ease in identification.

    Federal Issues FDIC OCC Bank Supervision Risk Management Privacy/Cyber Risk & Data Security

  • Fed issues enforcement order for BSA/AML compliance

    Federal Issues

    On January 9, the Federal Reserve Board announced that it entered into a cease and desist order on December 30 with a Texas state-chartered bank due to “significant deficiencies” in the bank’s Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program that were discovered in its latest examination of the bank. The requirements set out for the bank in the order include:

    • Board oversight. The bank must submit a board-approved, written plan to improve oversight of BSA/AML requirements.
    • BSA/AML compliance program. The bank must submit a written BSA/AML compliance program that includes BSA/AML training; independent testing of the compliance program; management of the program by a qualified compliance officer with adequate staffing support; BSA/AML compliance internal controls; and a BSA/AML risk assessment of the bank, its products and services, and its customers.
    • Customer due diligence. The bank must submit a revised customer due diligence program that includes policies and procedures to ensure accurate client account information; a plan to bring existing accounts into compliance with due diligence requirements; a method to assign risk ratings to account holders; policies and procedures to ensure proper customer information is obtained according to the risk of the account holder; and risk-based monitoring procedures and updates to accounts.
    • Suspicious activity monitoring and reporting. The bank must submit a written suspicious activity monitoring and reporting program that includes a documented process for establishing monitoring rules; policies and procedures for review of monitoring rules; customer and transaction monitoring; and policies and procedures for the review of suspicious activity.

    Federal Issues Federal Reserve Bank Regulatory Bank Supervision Bank Secrecy Act Anti-Money Laundering Enforcement Compliance Customer Due Diligence SARs

  • Fed issues new fintech compliance bulletin

    Fintech

    On December 17, the Federal Reserve Board (Fed) released a new issue of the Consumer Compliance Supervision Bulletin focusing on supervisory insights into consumer compliance issues related to fintech to assist financial institutions with assessing and managing risk associated with technological innovation. Among the topics covered in the bulletin, are (i) managing risk with fintech collaborations—the Fed stresses the importance of creating strong policies and procedures, as well as board and senior management oversight, comprehensive and tailored training, and risk monitoring; (ii) managing UDAP risks with online and mobile banking platforms—the Fed recommends a focus on ensuring consistency and accuracy in disclosures on the platforms and the regular monitoring of complaints; and (iii) managing possible fair lending risks resulting from targeted online marketing—the Fed suggests careful monitoring over marketing activities and vendors, as well as close review of filters used with internet advertising to prevent excluding populations with legally protected characteristics. The bulletin will be featured on the agency’s new fintech page previously covered by InfoBytes here.

    Fintech Agency Rule-Making & Guidance UDAP Federal Reserve Bank Supervision Consumer Complaints

  • Fed announces fintech initiatives

    Agency Rule-Making & Guidance

    On December 17, the Federal Reserve Board (Fed) announced a new fintech website section created to engage with banks and other companies involved in fintech innovation. According to the announcement, the new section will highlight supervisory observations regarding fintech, provide a hub of information for interested stakeholders on innovation-related matters, and deliver practical tips for banks and other companies interested in engaging in fintech activity.

    Additionally, on February 26, 2020 the Fed will hold the first in a series of “fintech innovation office hours” in conjunction with the Federal Reserve Bank of Atlanta. According to the Fed, they intend to host “office hours” nationwide to provide opportunities, especially “helpful to community banks and their potential fintech partners,” and to speak to well-versed Fed staff members about concepts and advancements surrounding “emerging financial technologies.” The announcement provides a link for interested parties to sign up to participate.

    Agency Rule-Making & Guidance Federal Reserve Fintech Supervision Bank Supervision

  • New Fed exam guidelines issued for FBOs

    Agency Rule-Making & Guidance

    On December 12, the Federal Reserve Board (Fed) issued SR 19-15, “Revised Examination Guidelines for Representative Offices of Foreign Banks,” which is applicable to foreign banking organizations (FBOs) with U.S. representative offices (offices) subject to supervision by the Fed. According to the letter, Reserve Banks should examine offices of FBOs at least every 24 months, and ideally, at the same time as any examination of related U.S. branches or agencies. An office can be examined more often (i) based on state law examination requirements; (ii) if “supervisory concerns” exist regarding the foreign bank’s condition; and (iii) if the activities of the office are central to the FBO’s entire U.S. operations or if the office has a large number of employees. The letter provides guidelines for documentation of exam findings and for assignment of various ratings including compliance, risk management and operational controls. The Fed notes that “the type of documentation and rating should vary depending on the representative office’s activities and the significance of supervisory concerns.”

    Agency Rule-Making & Guidance Federal Reserve Examination Bank Supervision Supervision Foreign Banks

  • OCC updates four booklets in Comptroller’s Handbook

    Agency Rule-Making & Guidance

    On September 30, the OCC issued updates to four booklets of the Comptroller’s Handbook: Bank Supervision Process, Community Bank Supervision, Federal Branches and Agencies Supervision, and Large Bank Supervision. Among other things, the updates include (i) the interim final rule for the expanded 18-month supervisory cycle for certain institutions (covered by InfoBytes here); (ii) a revised OCC report of examination policy based on the revised Federal Financial Institutions Examination Council report of examination policy; (iii) the revisions to the OCC’s enforcement action policies (covered by InfoBytes here); and (iv) changes to the OCC’s credit underwriting assessment.

    Agency Rule-Making & Guidance OCC Bank Supervision Examination Enforcement Comptroller's Handbook

  • OCC consolidates supervision support

    Agency Rule-Making & Guidance

    On July 31, the OCC announced two new units, which consolidates bank supervision support, risk analysis, and oversight of national trust banks and significant service providers. One hundred and fifty staff members were realigned to create the news units, the OCC reported, with the intention of eliminating redundancies and “presenting a single voice to supervised institutions.” The OCC additionally noted that the agency’s Committee on Bank Supervision “will provide strategic direction and oversight to both units, and will review and approve strategic plans and initiatives, annual business plans or operating plans, and major projects and initiatives.”

    The first unit, Supervision System and Analytical Support, consists of OCC supervisory and policy unit teams that oversee supervisory information systems, data management, business intelligence, risk analysis, and supervision risk management. The second unit, Systemic Risk Identification Support and Specialty Supervision, includes lead experts from Large Bank Supervision and Midsize Bank Supervision, in addition to teams responsible for supervising trust companies from the Northeastern District National Trust Banks team and significant service providers from Bank Supervision Policy.

    The OCC further noted that Midsize and Community Bank Supervision and Large Bank Supervision will retain primary responsibility for overseeing the banks, savings associations, and federal branches and agencies of foreign banks that compose the federal banking system.

    Agency Rule-Making & Guidance OCC Bank Supervision

  • FDIC issues first Consumer Compliance Supervisory Highlights

    Federal Issues

    On June 13, the FDIC released a new publication, Consumer Compliance Supervisory Highlights, intended to provide information and observations related to the FDIC’s consumer compliance supervision activities in 2018. Specifically, the report covers approximately 1,200 consumer compliance examinations conducted by the FDIC in 2018. Overall, the FDIC noted that, “supervised institutions demonstrated strong and effective management of consumer compliance responsibilities.” The report identifies some of the most salient compliance issues identified by the FDIC during 2018, including (i) overdraft programs, which were found to be potentially unfair or deceptive when an institution used an “available balance method,” sometimes resulting in more overdraft fees than were appropriate because the institution assessed a fee when the transaction did not overdraw the account; (ii) RESPA anti-kickback violations, which concerned payments “disguised as above-market payments for lead generation, marketing services, and office space or desk rentals” or as marketing and advertising agreements; and (iii) Regulation E, where certain institutions were found to have incorrectly calculated consumer liability for unauthorized transfers, failed to resolve errors properly, or discouraged consumers from filing error resolution requests. The report also covers issues with skip-a-payment loan programs and the calculation of finance charges and disclosures related to lines of credit.

     

    Federal Issues FDIC Bank Supervision Examination RESPA Overdraft Regulation E

  • FDIC issues 2018 annual report

    Federal Issues

    On February 14, the FDIC released its 2018 Annual Report, which includes, among other things, the audited financial statements of the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund. The report also provides an overview of key FDIC initiatives, performance results, and other aspects of FDIC operations, supervision developments, and regulatory enforcement. Highlights of the report include: (i) the FDIC’s efforts to adopt and issue proposed rules on key regulations under the Economic Growth, Regulatory Relief and Consumer Protection Act (EGRRCPA); (ii) efforts to strengthen cybersecurity oversight and help financial institutions mitigate cyber risk; (iii) supervision focus on Bank Secrecy Act/Anti-Money Laundering compliance; and (iv) financial institution letters providing regulatory relief to institutions affected by natural disasters. The report also highlights the FDIC’s monitoring of financial technology developments through its various research groups and committees to better understand how technological efforts may affect the financial market. Lastly, the report covers the agency’s efforts to encourage de novo bank applications, including the December 2018 request for information soliciting comments on the deposit insurance applications process (covered by InfoBytes here).

    Federal Issues FDIC Bank Supervision EGRRCPA Bank Secrecy Act Anti-Money Laundering De Novo Bank Fintech Privacy/Cyber Risk & Data Security Deposit Insurance

  • FinCEN, OCC, FBI discuss BSA/AML regime modernization needs before Senate Banking Committee

    Federal Issues

    On November 29, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Combating Money Laundering and Other Forms of Illicit Finance: Regulator and Law Enforcement Perspectives on Reform” to discuss efforts to improve the Bank Secrecy Act/anti-money laundering (BSA/AML) regulatory, supervisory, and enforcement regime. Committee Chairman Mike Crapo, R-Idaho, opened the hearing by emphasizing the need for a continued dialogue on modernizing the BSA/AML regime to “encourage the innovation necessary to combat illicit financing while also encouraging regulators to focus on more tangible threats, and law enforcement to increase interagency cooperation and improve information sharing throughout the process.”

    Among other things, Financial Crimes Enforcement Network (FinCEN) Director Kenneth A. Blanco highlighted the following three key priorities as part of FinCEN’s “multi-prong approach” to the regulatory reform process: (i) examining and understanding the value and effectiveness of the BSA through data-driven analysis in conjunction with both considering changes to enhance efficiency (such as evaluating suspicious activity and currency transaction reporting requirements) and engaging with regulators through, for example, monthly meetings with the FFIEC’s Anti-Money Laundering Working Group; (ii) “promot[ing] responsible innovation and creative solutions to combat money laundering and terrorist financing” by exploring ways to collaborate with financial institutions to improve AML/countering the financing of terrorism compliance, fostering innovation, and leveraging technology while also minimizing vulnerabilities; and (iii) “[e]nhancing public-private partnerships that reveal and mitigate vulnerabilities” and sharing information with the private sector to help identify suspicious activity.

    OCC Compliance and Community Affairs Senior Deputy Comptroller Grovetta N. Gardineer discussed the agency’s efforts to enhance the efficiency of its current supervisory practices, and commented on how new technologies such as artificial intelligence and machine learning provide opportunities for banks to cut costs and identify suspicious activity. Gardineer also highlighted the OCC’s Money Laundering Risk System, which allows for the identification of potentially higher-risk community bank areas by “identifying the products and services offered by these institutions, as well as the customers and geographies they serve.” In addition, Gardineer offered recommendations for BSA amendments to improve supervisory efforts, such as (i) requiring a periodic review of BSA/AML regulations to identify those that may be outdated or burdensome; (ii) amending BSA safe harbor rules to clarify that a financial institution can file a suspicious activity report without being exposed to civil liability; and (iii) expanding safe harbor to permit information sharing beyond money laundering and terrorism financing between financial institutions without incurring liability. Moreover, Gardineer stated that FinCEN’s notice requirement with respect to information-sharing under section 314(b) of the USA Patriot Act should be eliminated or modified in order to enhance institutions’ ability to share information.

    FBI Criminal Investigative Division Section Chief Steven M. D'Antuono also discussed, among other things, the Treasury Department’s recent Customer Due Diligence Final Rule (see previous InfoBytes coverage here), and stated that the Rule is “a step toward a system that makes it difficult for sophisticated criminals to circumvent the law through use of opaque corporate structures.”

    Federal Issues OCC Bank Secrecy Act Anti-Money Laundering Bank Supervision Senate Banking Committee

Pages

Upcoming Events