Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 15, the CFPB issued a small entity compliance guide summarizing the Bureau’s debt collection rule. As previously covered by InfoBytes, the Bureau issued a final rule last October amending Regulation F, which implements the Fair Debt Collection Practices Act (FDCPA), to address debt collection communications and prohibitions on harassment or abuse, false or misleading representations, and unfair practices. The guide provides a detailed summary of the October final rule’s substantive prohibitions and requirements, as well as a summary of key interpretations and clarifications of the FDCPA. The Bureau noted, however, that the current small entity compliance guide does not discuss (unless specifically noted otherwise) the CFPB’s final rule issued in December (covered by InfoBytes here), which clarified consumer disclosure requirements, provided a model validation notice, and addressed required actions prior to furnishing and prohibitions concerning the collection of time-barred debt. Updates will be made to the small entity compliance guide at a later date to include provisions related to the December final rule.
On December 22, the Federal Reserve Board announced an enforcement action against a Swiss bank for alleged Bank Secrecy Act/anti-money laundering (BSA/AML) compliance risk management deficiencies found during a 2019 examination of the bank’s New York branch. The consent order outlines a number of corporate compliance and governance measures that the bank is required to undertake, such as: (i) submitting a joint written plan by the board of directors, risk committee, and senior management within 90 days that outlines measures for strengthening their respective oversight of the bank’s U.S. operations’ compliance, including “provid[ing] for a sustainable governance framework that, at a minimum, addresses, considers, and includes actions to improve policies, procedures, and controls for BSA/AML compliance across the U.S. operations”; (ii) providing a written revised customer due diligence program for the New York branch within 90 days, which must outline measures such as risk-based policies and procedures to ensure complete and accurate customer information is collected, retained, and analyzed for all account holders; (iii) submitting a revised suspicious activity monitoring and reporting program demonstrating that the New York branch is engaging in timely suspicious activity monitoring and reporting; and (iv) implementing independent testing within the New York branch to ensure compliance with all applicable BSA/AML requirements.
On November 9, the OCC released its Semiannual Risk Perspective for Fall 2020, which reports on key risk areas that pose a threat to the safety and soundness of national banks and federal savings associations. In particular, the OCC noted the financial impacts of the Covid-19 pandemic on the federal banking industry, emphasizing that while economic activity rebounded in the third quarter, there is significant ongoing risk. The report discusses, as a special topic in emerging risks, growing trends in payment products and services. The report also highlights several key risk areas for banks: credit, strategic, operational, and compliance. Specifically, the report notes that credit risk is increasing as government assistance programs expire and the economic downturn has led to elevated unemployment levels. The report further notes that strategic risks affecting profitability is an emerging issue due to low interest rates, which historically have negatively affected profitability when low for a long period of time. Moreover, the report notes elevated operational risks due to complex operating environments with cybersecurity being a key concern. The increase in large-scale telework has created unique security and internal control challenges. Lastly, the report discusses elevated compliance risks due to the expedited implementation of a number of Covid-19-related assistance programs.
On October 20, the Federal Reserve Board, OCC, and FDIC (collectively, “federal bank regulatory agencies”) finalized two rules for large banks.
The federal bank regulatory agencies first announced a final rule intended to reduce interconnectedness within the financial system between the largest banking organizations and to minimize systemic risks stemming from failure of these organizations. As the federal bank regulatory agencies noted in their announcement, the final rule, Regulatory Capital Treatment for Investments in Certain Unsecured Debt Instruments of Global Systemically Important U.S. Bank Holding Companies, Certain Intermediate Holding Companies, and Global Systemically Important Foreign Banking Organizations; Total Loss-Absorbing Capacity Requirements, “prescribes a more stringent regulatory capital treatment for holdings of [total loss-absorbing capacity] (TLAC) debt.” U.S. global systemically important banking organizations (GSIBs) will be required, among other things, to deduct from their regulatory capital certain investments in unsecured debt instruments issued by foreign or U.S. GSIBs in order to meet minimum TLAC requirements and long-term debt requirements, as applicable. The final rule recognizes the systemic risks posed by banking organizations’ investments in covered debt instruments and “create[s] an incentive for advanced approaches [for] banking organizations to limit their exposure to GSIBs.” The final rule takes effect April 1, 2021.
The federal bank regulatory agencies also announced a second final rule, Net Stable Funding Ratio: Liquidity Risk Measurement Standards and Disclosure Requirements, which will implement a stable funding requirement for certain large banking organizations established by a quantitative metric known as the net stable funding ratio (NSFR). The NSFR will measure banking organizations’ level of stability, and will require that a minimum level of stable funding be maintained over a one-year period. According to the federal bank regulatory agencies, the NSFR is intended “to reduce the likelihood that disruptions to a banking organization’s regular sources of funding will compromise its liquidity position,” and is designed to “promote effective liquidity risk management, and support the ability of banking organizations to provide financial intermediation to businesses and households across a range of market conditions.” The final rule “applies to certain large U.S. depository institution holding companies, depository institutions, and U.S. intermediate holding companies of foreign banking organizations, each with total consolidated assets of $100 billion or more, together with certain depository institution subsidiaries” with “increases in stringency based on risk-based measures of the top-tiered covered company.” The final rule takes effect July 1, 2021.
On October 7, the OCC and Federal Reserve Board announced enforcement actions against a financial services firm and its national bank subsidiary (bank) to resolve alleged enterprise-wide risk management, data governance, and internal controls deficiencies. According to the OCC’s announcement, the bank allegedly engaged in unsafe or unsound banking practices by failing to “establish effective risk management and data governance programs and internal controls.” While neither admitting nor denying the allegations, the bank has agreed to pay a $400 million civil money penalty. Additionally, under the terms of the OCC’s cease and desist order, the bank must implement corrective measures to improve its risk management, data governance, and internal controls. The agency’s announcement states that the order further requires the bank “to seek the OCC’s non-objection before making significant new acquisitions and reserves the OCC’s authority to implement additional business restrictions or require changes in senior management and the bank’s board should the bank not make timely, sufficient progress in complying with the order.”
In conjunction with the OCC’s action, the Fed also announced a cease and desist order against the financial services firm, which identified ongoing deficiencies with respect to areas of compliance risk management, data quality management, and internal controls. Among other things, the Fed claims the firm also failed to adequately remediate “longstanding” deficiencies identified in previously issued consent orders, including in areas such as anti-money laundering compliance. The order requires the firm to enhance firm-wide risk management and internal controls, and imposes a series of deadlines for the firm to take measures to ensure compliance with the OCC’s order, enhance its compliance risk management programs, devise a plan to hold senior management accountable, and improve data quality management.
On October 1, the OCC released three items in support of the implementation of the new Community Reinvestment Act (CRA) final rule. The three newly released items include: (i) a compliance guide for small banks; (ii) an initial illustrative list of qualifying activities; and (iii) a form to request consideration of items to be added to the list of qualifying activities. As previously covered by a Buckley Special Alert, the OCC’s rule, while technically effective October 1, provides for at least a 27-month transition period for compliance based on a bank’s size and business model. Large banks and wholesale and limited purpose banks will have until January 1, 2023 to comply, and small and intermediate banks that opt-in to the final rule’s performance standards will have until January 1, 2024.
On October 1, the Federal Reserve announced an enforcement action against a Pennsylvania state-chartered bank for deficiencies in the bank’s Bank Secrecy Act (BSA), anti-money laundering (AML), and U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) regulations. The order requires the bank to submit, among other things, (i) a board-approved, written plan to improve oversight of BSA/AML requirements and OFAC regulations; (ii) a written BSA/AML compliance program; (iii) a revised customer due diligence program; (iv) a written suspicious activity monitoring and reporting program; and (iv) a written plan for independent testing of compliance with BSA/AML requirements. The bank was not assessed any monetary penalties.
On September 21, the OCC released Interpretive Letter 1172, stating that national banks may hold stablecoin in reserve accounts as a service to bank customers and may engage in activity incidental to receiving the deposits. According to the OCC, issuers of stablecoins—a type of cryptocurrency backed by an asset such as a fiat currency—have a desire to place assets in reserve accounts with national banks to “provide assurance that the issuer has sufficient assets backing the stablecoin in situations where there is a hosted wallet.” Hosted wallet, as defined by the OCC, is “an account-based software program for storing cryptographic keys controlled by an identifiable third party.” Because national banks are authorized to receive deposits and provide “permissible banking services to any lawful business they choose,” they may provide these services to issuers of stablecoins, as long as they comply with applicable laws and regulations. (In Interpretive Letter 1170, the OCC approved the holding of cryptocurrency on behalf of customers, covered by InfoBytes here.) Specifically, the OCC noted that national banks should ensure that deposit activities comply with the Bank Secrecy Act and anti-money laundering regulations. Moreover, a national bank must also “identify and verify the beneficial owners of legal entity customers opening accounts.” Lastly, the OCC emphasized that stablecoin reserves “could entail significant liquidity risks,” and national banks may consider entering into contractual agreements with stablecoin issuers to “verify and ensure that the deposit balances held by the bank for the issuer are always equal to or greater than the number of outstanding stablecoins issued by the issuer.” This guidance does not apply to stablecoin transactions involving un-hosted wallets.
Fed: Lenders must consider pre-pandemic condition when underwriting Main Street Lending Program loans
On September 18, the Federal Reserve Board, in conjunction with the FDIC and the OCC, revised the Main Street Lending Program (MSLP) FAQs (for-profit here, nonprofit here) to clarify underwriting expectations, supervisory expectations, and details regarding co-borrower loans. Specifically, the FAQs note that a lender is expected to “conduct an assessment of each potential borrower’s pre-pandemic financial condition and post-pandemic prospects” when reviewing an application to determine approval. Additionally, the FAQs state that Fed supervisors will “not criticize” lenders for originating loans in accordance with MSLP requirements, even when “such loans are considered non-pass at the time of origination,” provided the weaknesses are due to the Covid-19 pandemic and expected to be temporary. Finally, the FAQs include new details covering co-borrower loans, as the Federal Reserve Bank of Boston anticipates the MSLP will accept loans made to multiple co-borrowers starting next week.
On September 14, the Financial Crimes Enforcement Network (FinCEN) issued a final rule, under its sole authority, to remove the anti-money laundering (AML) program exemption for non-federally regulated banks. According to FinCEN, the rulemaking was prompted by the “gap in AML coverage” between banks that have a federal functional regulator and those that do not, which has created “a vulnerability to the U.S. financial system that could be exploited by bad actors.” The final rule would bring non-federally regulated banks that are currently required to comply with certain Bank Secrecy Act (BSA) obligations, such as filing currency transaction reports and suspicious activity reports to detect unusual activity, into compliance with the same standards applicable to all other banks. Specifically, the final rule outlines minimum standards for non-federally regulated banks to ensure the establishment and implementation of required AML programs, and extends customer identification program (CIP) requirements, as well as beneficial ownership requirements outlined in FinCEN’s 2016 customer due diligence (CDD) rule (covered by InfoBytes here), to banks not already subject to these requirements. FinCEN believes that non-federally regulated banks will be able to take a risk-based approach when tailoring their AML and CIP programs to fit their size, needs, and operational risks, and that those banks should be able to build on “existing compliance policies and procedures and prudential business practices to ensure compliance. . .with relatively minimal cost and effort.” The final rule takes effect November 16.
For more details, please see a Buckley Special Alert on the final rule.
- Daniel R. Alonso to moderate an interactive roundtable at the Latin Lawyer and GIR Connect: Anti-Corruption & Investigations Conference
- APPROVED Checkpoint Webcast: You have license renewal questions, we have answers
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel R. Alonso to discuss anti-money-laundering at FELABAN Spanish-language webinar “Perspective for banks: LAFT, FINCEN, OFAC, Cryptocurrency”
- Daniel R. Alonso to discuss "What’s new in BSA/AML compliance?" at the Institute of International Bankers Regulatory Compliance Seminar
- Jon David D. Langlois to discuss "Regulatory update: What you need to know under the new boss; It won’t be the same as the old boss" at the IMN Residential Mortgage Service Rights Forum (East)
- Benjamin B. Klubes to discuss “Creating a Fantastic Workplace Culture”
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek