InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Agencies release annual CRA asset-size threshold adjustments
On December 19, the Federal Reserve Board, FDIC, and OCC announced (see here and here) joint annual adjustments to the CRA asset-size thresholds used to define “small bank” and “intermediate small bank,” which are not subject to the reporting requirements applicable to large banks unless they choose to be evaluated as one. A “small bank” is defined as an institution that, as of December 31 of either of the prior two calendar years, had less than $1.503 billion in assets. An “intermediate small” bank is defined as an institution that, as of December 31 of both of the prior two calendar years, had at least $376 million in assets, and as of December 31 of either of the past two calendar years, had less than $1.503 billion in assets. The joint final rule takes effect on January 1, 2023.
FDIC proposes signage amendments, issues revised guide on supervisory appeals process
On December 13, the FDIC held a meeting, during which board members approved a notice of proposed rulemaking (NPRM) to modernize and amend the rules “governing the use of the official FDIC sign and insured depository institutions’ (IDIs) advertising statements to reflect how depositors do business with IDIs today, including through digital and mobile channels.” According to the FDIC’s announcement, the NPRM would amend part 328 of its regulations by updating the requirements for when the FDIC’s official sign can be displayed. Institutions would also be required to use signs that differentiate insured deposits from non-deposit products across banking channels and provide disclosures to consumers alerting them to when certain financial products are not insured by the FDIC, are not considered deposits, and may lose value.
Acting Chairman Martin Gruenberg noted that there have not been major changes to these rules since 2006. FDIC board member and CFPB Director Rohit Chopra issued a statement in support of the NPRM, noting that the financial sector has evolved significantly since 2006, and “[b]anks increasingly offer uninsured products, physical branches look different, more than 65% of banked households primarily bank online or through their mobile phone, and convoluted bank-nonbank partnerships have proliferated.” He specifically highlighted several of the proposed changes, including: (i) requiring banks to physically segregate the parts of the branch used for accepting insured deposits from other areas where uninsured products are offered; (ii) requiring banks to display digital FDIC signs on their websites and mobile apps, including clear notifications on relevant pages where uninsured products are offered; (iii) requiring disclosures that deposit insurance does not protect against the failure of nonbanks and, if relevant, that pass-through deposit insurance coverage is not automatic or certain; and (iv) clarifying that crypto assets are uninsured, non-deposit products. Comments on the NPRM are due 60 days after publication in the Federal Register.
On the same day, the FDIC adopted proposed changes to the Guidelines for Appeals of Material Supervisory Determinations. The board solicited public comments in October on the proposed changes (covered by InfoBytes here). The revised Guidelines add the agency’s ombudsman to the Supervision Appeals Review Committee (SARC) as a non-voting member (the ombudsman will be responsible for monitoring the supervision process after a financial institution submits an appeal and must periodically report to the board on these matters). Materials under consideration by the SARC will have to be shared with both parties to the appeal (subject to applicable legal limitations on disclosure), while financial institutions will be allowed to request a stay of material supervisory determination during a pending appeal. Additionally, the division director is given the discretion to grant a stay or grant a stay subject to certain conditions, and institutions will be provided decisions in writing regarding a stay. The revised Guidelines take effect immediately.
OCC warns of crypto-asset and cybersecurity risks facing the federal banking system
On December 8, the OCC released its Semiannual Risk Perspective for Fall 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that, in the aggregate, banks “remain well capitalized” and have “ample liquidity and sound credit quality, although macroeconomic headwinds are a concern.” The OCC highlighted interest rate, operational, compliance, and credit risks as key risk themes. Observations include: (i) the rising rate environment has adversely impacted bank investment portfolios; (ii) operational risk, including evolving cyber risk, is elevated, with “threat actors continuing to target the financial services industry with ransomware and other attacks”; (iii) compliance risk remains heightened as banks navigate significant regulatory changes; and (iv) credit risk in commercial and retail loan portfolios remains moderate and demonstrates resiliency, “but signs of potential weakening in some segments warrant careful monitoring.”
The report discussed emerging risks related to innovation and the adoption of new products and services, including crypto-assets. Highlighting risks arising from banks’ expansion into digital offerings and the “heightened” threat of fraud risk associated with innovative peer-to-peer payment platforms, the OCC noted that banks should be “clearly communicating risks, educating customers on potential scams, and enhancing internal fraud monitoring capabilities” to mitigate threats and protect consumers. The report noted that “[b]anks may require additional or different controls to safeguard against fraud, financial crimes, violations of Bank Secrecy Act, anti-money laundering, and Office of Foreign Assets Control (BSA/AML/OFAC) requirements, and consumer protection or fair lending laws, or operational errors,” and should “maintain comprehensive operational resilience frameworks commensurate with the size and complexity of products, services, and operations being supported.”
The OCC reiterated the importance of taking a “careful and cautious approach” toward banks’ engagement with the crypto-related firms. Recent events in the crypto market have also “revealed a high degree of interconnectedness between certain crypto participants through a variety of opaque lending and investing arrangements,” which has led to “a high risk of contagion among connected parties.” The report noted that national banks and federal savings associations interested in engaging in crypto-asset activities should discuss the activities with their supervisory office before engaging the activities. Some activities may require a supervisory non-objection under OCC Interpretive Letter #1179.
The report cited risks related to cybersecurity and partnerships with fintech and other third parties. The OCC said it is applying a “heightened supervisory focus” to its scrutiny of banks’ oversight of third-party relationships and flagged an upward trend in ransomware attacks targeting banks’ service providers and other third parties. Partnering with fintechs to support operations or provide opportunities for customers to enter the digital asset market can “increase the risk of unfair or deceptive acts or practices because of the coordination, communication, and disclosure challenges involved in these partnerships,” the report said, adding that “[u]nclear or arbitrary partnership agreements may result in implementation breakdowns, untimely resolution of issues, or failure to deliver products or services as intended, and may result in significant customer remediation.” The OCC cautioned that banks must “conduct appropriate due diligence” before entering a partnership with a third party. “The scope and depth of due diligence, as well as ongoing monitoring and oversight of the third party’s performance, should be commensurate with the nature and criticality of the proposed activity.”
The report also discussed forthcoming climate risk management guidelines applicable to banks with more than $100 billion in total consolidated assets. As previously covered by InfoBytes, the OCC, Federal Reserve Board, and the FDIC announced they intend to issue final interagency guidance to promote consistency.
CFPB releases spring 2022 semi-annual report
On December 6, the CFPB issued its semi-annual report to Congress covering the Bureau’s work for the period beginning October 1, 2021 and ending March 31, 2022. The report, which is required by Dodd-Frank, addresses several issues, including complaints received from consumers about consumer financial products or services throughout the reporting period. The report highlighted that the Bureau, among other things, has: (i) conducted an assessment of significant actions taken by state attorneys general and state regulators related to federal consumer financial law; (ii) initiated 21 fair lending supervisory activities to determine compliance with federal laws, including ECOA, HMDA, and UDAAP prohibitions, and engaged in interagency fair lending coordination with other federal agencies and states; (iii) “encouraged lenders to enhance oversight and identification of fair lending risk and to implement policies, procedures, and controls designed to effectively manage HMDA activities, including regarding integrity of data collection”; and (iv) launched a new Diversity, Equity, Inclusion, and Accessibility Strategic Plan to increase workforce and contracting diversity.
In regard to supervision and enforcement, the report highlighted the Bureau’s public supervisory and enforcement actions and other significant initiatives during the reporting period. Additionally, the report noted rule-related work, including advisory opinions, advance notice of proposed rulemakings, requests for information, and proposed and final rules. These include rules and orders related to the LIBOR transition, fair credit reporting, Covid-19 mortgage and debt collection protections for consumers, small business lending data collection, and automated valuation model rulemaking.
Barr suggests stress test changes may be coming
On December 1, Federal Reserve Board Vice Chair for Supervision Michael S. Barr signaled changes may be coming to the supervisory stress test standards for large banks, as the Fed evaluates whether the test used to set capital requirements reflects an appropriately wide range of risks. Speaking during an American Enterprise Institute event, Barr commented that the Fed is also “considering the potential for stress testing to be a tool to explore different sources of financial stress and uncover channels for contagion that lead to unanticipated consequences.” He added that the use of “multiple scenarios or adapting the stress test in other ways to better account for the high degree of interconnectedness between banks and other financial entities could allow supervisors and banks to identify those conditions and take action to address them.” Financial stability risks posed by the nonbank sector are also a strong concern for regulators, Barr said, commenting that many of these firms are undercapitalized and engage in high-risk activities. He stressed that the migration of activities from banks to nonbanks should be monitored carefully, and cautioned against lowering bank capital requirements “in a race to the bottom,” particularly since nonbank financial market stress is often directly and indirectly transmitted to the banking system. Banks must have sufficient capital to remain resilient to those stresses, Barr said.
NYDFS proposes virtual currency firms to pay supervision fees
Recently, NYDFS announced it is seeking public comment on a proposed rule establishing how certain licensed virtual currency businesses would be assessed for the costs of their supervision and examination. According to NYDFS, the proposed regulation establishes a provision in the state budget granting NYDFS new authority to collect supervisory costs from virtual currency businesses that are licensed pursuant to the Financial Services Law, and will permit NYDFS “to continue adding top talent to its virtual currency regulatory team.” The proposed regulation states that it will apply only to licensed persons engaged in virtual currency business activity and that the fees will only cover the costs and expenses associated with NYDFS's oversight of each licensee. Specifically, the draft regulation states that a licensee's total annual assessment fee will be the “sum of its supervisory component and its regulatory component” and that each licensee will be billed five times per fiscal year. According to the regulation, there will be four quarterly fees, each approximately 25 percent of the anticipated annual amount, and a final fee based on the actual total operating cost for the fiscal year. Comments on the proposed regulation are due March 20.
Fed solicits feedback on proposed climate-related risk principles
On December 2, the Federal Reserve Board issued a notice requesting public comments on proposed Principles for Climate-Related Financial Risk Management for Large Financial Institutions. The proposed principles would provide a high-level framework for the safe and sound management of exposures to climate-related financial risks for the largest financial institutions (those with over $100 billion in total consolidated assets), as well as address the physical and transition risks associated with climate change. Notably the notice acknowledged that all financial institutions, regardless of size, can have material exposures to climate-related financial risks. Intended to support large financial institutions’ efforts in addressing climate-related financial risk management, the proposed principles cover six major areas related to: (i) governance; (ii) policies, procedures, and limits; (iii) strategic planning; (iv) risk management; (v) data, risk measurement, and reporting; and (vi) scenario analysis. The Fed noted that the proposed principles are substantially similar to those issued by the OCC and FDIC (covered by InfoBytes here and here), and said that the agencies intend to issue final interagency guidance to promote consistency. Comments on the proposed principles are due 60 days after publication in the Federal Register.
Governor Bowman stated that while she voted in favor of seeking input on the proposed principles, she reserves the right to vote against its finalization. She also emphasized that excluding financial institution with less than $100 billion in assets from the guidance “is appropriate based not only on the size of such firms, but also in light of the robust risk management expectations already applicable to such firms.”
However, Governor Waller issued a dissenting statement: “Climate change is real, but I disagree with the premise that it poses a serious risk to the safety and soundness of large banks and the financial stability of the United States. The Federal Reserve conducts regular stress tests on large banks that impose extremely severe macroeconomic shocks and they show that the banks are resilient.”
Treasury recommends closer supervision of fintech-bank partnerships
On November 16, the U.S. Treasury Department, in consultation with the White House Competition Council, released a report entitled Assessing Impacts of New Entrant Non-bank Firms on Competition in Consumer Finance Markets. The report is a product of President Biden’s July 2021 Executive Order, Promoting Competition in the American Economy, (covered by InfoBytes here), which, among other things, ordered Treasury to submit a report within 270 days on the effects on competition of large technology and other non-bank companies’ entry into the financial services space. Assessing Impacts of New Entrant Non-bank Firms on Competition in Consumer Finance Markets is the final report in a series of reports that assesses competition in various aspects of the economy. Among other things, the report found that while concentration among federally insured banks is increasing, new entrant non-bank firms, specifically “fintech” firms, are adding significantly to the number of firms and business models competing in consumer finance markets and appear to be contributing to competitive pressure. In addition to enabling new capabilities, fintech firms are also creating new risks to consumer protection and market integrity, according to the report. The report noted that non-bank firms could “pose risks by engaging in harmful regulatory arbitrage, conducting activities in a manner that inappropriately sidesteps safety and soundness and consumer protection law requirements applicable to an [insured depository institution].”
The report also noted that new entrant non-bank firms or their offerings may pose risks of reliability or fraud issues, in addition to data privacy risks and the potential for new forms of surveillance and discrimination. The report provided recommendations for regulators to encourage fair and responsible competition that benefits consumers and their financial well-being, including: (i) addressing market integrity and safety and soundness concerns by providing a clear and consistently applied supervisory framework for bank-fintech relationships; (ii) protecting consumers by robustly supervising bank-fintech lending relationships for compliance with consumer protection laws and their impact on consumers’ financial well-being; and (iii) encouraging consumer-beneficial innovation by supporting innovations in consumer credit underwriting designed to increase credit visibility, reduce bias, and prudently expand credit to underserved consumers.
CFPB issues fall supervisory highlights
On November 15, the CFPB released its fall 2022 Supervisory Highlights, which summarizes its supervisory and enforcement actions between January and June 2022 in the areas of auto servicing, consumer reporting, credit card account management, debt collection, deposits, mortgage origination, mortgage servicing, and payday lending. Highlights of the findings include:
- Auto Servicing. Bureau examiners identified instances of servicers engaging in unfair, deceptive, or abusive acts or practices connected to add-on product charges, loan modifications, double billing, use of devices that interfered with driving, collection tactics, and payment allocation. For instance, examiners identified occurrences where consumers paid off their loans early, but servicers failed to ensure consumers received refunds for unearned fees related to add-on products.
- Consumer Reporting. The Bureau found deficiencies in credit reporting companies’ (CRCs) compliance with FCRA dispute investigation requirements and furnishers’ compliance with FCRA and Regulation V accuracy and dispute investigation requirements. Examples include: (i) NCRCs that failed to report the outcome of complaint reviews to the Bureau; (ii) furnishers that failed to send updated information to CRCs following a determination that the information reported was not complete or accurate; and (iii) furnishers’ policies and procedures that contained deficiencies related to the accuracy and integrity of furnished information.
- Credit Card Account Management. Bureau examiners identified violations of Regulation Z related to billing error resolution, including instances where creditors failed to (i) resolve disputes within two complete billing cycles after receiving a billing error notice; (ii) conduct reasonable investigations into billing error notices due to human errors and system weaknesses; and (iii) provide explanations to consumers after determining that no billing error occurred or that a different billing error occurred from that asserted. Examiners also identified Regulation Z violations where credit card issuers improperly mixed original factors and acquisition factors when reevaluating accounts subject to a rate increase, and identified deceptive acts or practices related to credit card issuers’ advertising practices.
- Debt Collection. The Bureau found instances of FDCPA violations where debt collectors engaged in conduct that harassed, oppressed, or abused the person with whom they were communicating. The report findings also discussed instances where debt collectors communicated with a person other than the consumer about the consumer’s debt when the person had a name similar or identical to the consumer, in violation of the FDCPA.
- Deposits. The Bureau discussed how it conducted prioritized assessments to evaluate how financial institutions handled pandemic relief benefits deposited into consumer accounts. Examiners identified unfairness risks at multiple institutions due to policies and procedures that may have resulted in, among other things, (i) garnishing protected economic impact payments funds in violation of the Consolidated Appropriations Act of 2021; or (ii) failing to apply the appropriate state exemptions to certain consumers’ deposit accounts after receiving garnishment notice.
- Mortgage Origination. Bureau examiners identified Regulation Z violations and deceptive acts or practices prohibited by the CFPA. An example of this is when the settlement service had been performed and the loan originator knew the actual costs of those service, but entered a cost that was completely unrelated to the actual charges that the loan originator knew had been incurred, resulting in information being entered that was not consistent with the best information reasonably available. The Bureau also found that the waiver language in some loan security agreements was misleading, and that a reasonable consumer could understand the provision to waive their right to bring a class action on any claim in federal court.
- Mortgage Servicing. Bureau examiners identified instances where servicers engaged in abusive acts or practices by charging sizable fees for phone payments when consumers were unaware of those fees. Examiners also identified unfair acts or practices and Regulation X policy and procedure violations regarding failure to provide consumers with CARES Act forbearances.
- Payday Lending. Examiners found lenders failed to maintain records of call recordings necessary to demonstrate full compliance with conduct provisions in consent orders generally prohibiting certain misrepresentations.
CFPB finalizes nonbank supervisory rule
On November 10, the CFPB announced a final rule finalizing changes to a nonbank supervision procedural rule issued in April. As previously covered by InfoBytes, the Bureau announced earlier this year that it was invoking a “dormant authority” under the Dodd-Frank Act to conduct supervisory examinations of fintech firms and other nonbank financial services providers based upon a determination of risk. Specifically, the Bureau said it intends to use a provision under Section 1024 of Dodd-Frank that allows it to examine nonbank financial entities, upon notice and an opportunity to respond, if it has “reasonable cause” to determine that consumer harm is possible. Concurrently, the Bureau issued a request for public comment on an updated version of a procedural rule that implements its statutory authority to supervise nonbanks “whose activities the CFPB has reasonable cause to determine pose risks to consumers,” including potentially unfair, deceptive, or abusive acts or practices. Provisions outlined in the procedural rule would exempt final decisions and orders by the Bureau director from being considered confidential supervisory information, thus allowing the Bureau to publish the decisions on its website. Subject companies would be given an opportunity seven days after a final decision is issued to provide input on what information, if any, should be publicly released, the Bureau said.
After reviewing public comments received on the procedural rule, the Bureau incorporated certain changes to clarify the standard that the agency will apply when deciding what information is appropriate for public release, in whole or in part. The Bureau explained that information falling within Freedom of Information Act Exemptions 4 and 6 (which protect confidential commercial information and personal privacy) will not be published. Additionally, the Bureau said it may also choose to withhold information if the director determines there is other good cause to do so. The final rule also extends the deadline from seven to ten business days for nonbanks to submit input about what information should be released. The final rule will take effect upon publication in the Federal Register.
Notably, the Bureau emphasized that the “amended procedures only relate to the initial decision to extend supervision to a nonbank entity” and “do not affect the confidentiality of any ensuing supervisory examination or any other aspect of the supervisory process.”