Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • SEC urges firms impacted by Covid-19 to review supervisory and compliance policies


    On August 12, the SEC’s Office of Compliance Inspections and Examinations issued a risk alert to broker-dealers and investment advisers (firms) impacted by the Covid-19 pandemic addressing observations and recommendations related to several categories, including investor asset protection; personnel supervision; practices related to fees, expenses, and financial transactions; investment fraud; business continuity; and protecting sensitive information. The alert recommends firms review—and where appropriate—modify supervisory and compliance policies and procedures as they deal with market volatility and technological challenges brought by the Covid-19 pandemic. The alert notes that firms may need to update their practices to address, among other things, (i) unusual or unscheduled investor withdrawals; (ii) staffers communicating or executing transactions off-site or on personal devices, or making securities recommendations tied to market sectors experiencing high volatility or fraud; and (iii) supervisors having less oversight and interaction with staff in remote environments, leading to difficulties in maintaining effective due diligence, conducting background checks when hiring, or overseeing requisite examinations. Additionally, firms are instructed to monitor potential conflicts of interest and fee errors when informing investors about the costs of services, investment products, and related compensation, while also ensuring recommendations are made in the “best interest of investors.” The alert also recognizes that “times of crisis or uncertainty can create a heightened risk of investment fraud through fraudulent offerings,” and advises firms to “be cognizant of these risks when conducting due diligence on investments and in determining that the investments are in the best interest of investors.” Firms and investors who suspect fraud are advised to contact the SEC and report the potential fraud.

    Securities SEC Examination Covid-19 Supervision Compliance

    Share page with AddThis
  • FINRA fines firm for failing to follow its own AML policies

    Financial Crimes

    On July 27, the Financial Industry Regulatory Authority (FINRA) entered into a Letter of Acceptance, Waiver and Consent (AWC), fining a California-based securities firm $50,000 for allegedly failing to implement and follow its own anti-money laundering (AML) compliance procedures. As a result, the firm allegedly failed to detect red flags concerning potentially suspicious activity and failed to investigate or report the activity in a timely manner. According to FINRA, a sales practice examination detected instances between November 2012 and December 2016 in which the firm failed to detect red flags in four related accounts, including suspicious activity related to: (i) the “ownership of multiple accounts without an apparent business purpose for multiple accounts”; (ii) an account owner with a “significant disciplinary history related to securities fraud”; (iii) possible manipulative trading activity; (iv) unusual, unexpected transfer activity between related accounts without an apparent business purpose; and (v) unexplained third-party wire transfers, inconsistent with expected account activity. FINRA stated that although the “firm’s AML procedures indicated that when the firm detected any red flags of potentially suspicious activity, it would determine whether and how to investigate further,” the firm failed to implement these measures. The firm neither admitted nor denied the findings set forth in the AWC agreement but agreed to pay the fine and address identified deficiencies in its programs to ensure compliance with its AML obligations.

    Financial Crimes FINRA Anti-Money Laundering Compliance

    Share page with AddThis
  • OCC: Banks may hold cryptocurrency for customers

    Agency Rule-Making & Guidance

    On July 22, the OCC issued an interpretive letter concluding that national banks and federal savings associations (collectively, “banks”) may hold cryptocurrency on behalf of customers so long as they effectively manage the risks and comply with applicable law. Specifically, the letter responds to a bank’s proposal to offer cryptocurrency custody services to its customers as part of its standard custody business. The OCC notes that “there is a growing demand for safe places, such as banks, to hold unique cryptographic keys associated with cryptocurrencies.” The letter emphasizes that the OCC “generally has not prohibited banks from providing custody services for any particular type of asset,” and providing cryptocurrency custody services “falls within [] longstanding authorities to engage in safekeeping and custody activities.”

    The OCC notes that while the custody services will not “entail any physical possession of the cryptocurrency,” OCC regulations authorize banks to provide through electronic means any activities that they are otherwise authorized to perform. Thus, because banks may perform custody services for physical assets, they are “likewise permitted to provide those same services via electronic means (i.e., custody of cryptocurrency).” Additionally, a bank with trust powers has the authority to hold cryptocurrencies in a fiduciary capacity, in the same way they manage other assets they hold as fiduciaries.

    The OCC reminds banks that they should develop and implement sound risk management practices, and specifically notes that “custody activities should include dual controls, segregation of duties and accounting controls.” Moreover, banks should “conduct a legal analysis to ensure the activities are conducted consistent with all applicable law,” noting that “[d]ifferent cryptocurrencies may also be subject to different OCC regulations and guidance outside of the custody context, as well as non-OCC regulations.”

    Agency Rule-Making & Guidance OCC Virtual Currency Compliance

    Share page with AddThis
  • OCC releases recent enforcement actions

    Federal Issues

    On July 16, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Included among the actions is a June 23 consent order, which resolves OCC claims that a California-based bank violated a 2016 consent order concerning Bank Secrecy Act/anti-money laundering compliance program deficiencies. According to the OCC, the bank failed to timely comply with the 2016 consent order and is required to pay a $100,000 civil money penalty. The list also includes a July 25 civil money penalty order against a New York-based bank, which requires the payment of $43,000 for an alleged pattern or practice of violations of the Flood Disaster Protection Act and its implementing regulations.

    Additionally, an Iowa-based bank and the OCC reached a formal agreement on June 16 for alleged unsafe or unsound practices related to, among other things, credit underwriting, credit administration, problem loan management, and real estate valuation practices. Among other conditions, the agreement requires the bank to (i) appoint a compliance committee to ensure adherence to the agreement’s provisions; (ii) establish a three-year strategic plan outlining goals and objectives related to the bank’s risk profile and liability structure; (iii) submit a commercial and retail credit underwriting and administration program to ensure the bank “analyzes credit and collateral information sufficient to identify, monitor, and report the [b]ank’s credit risk, properly account for loans, and assign accurate risk ratings in a timely manner”; (iv) implement programs providing for an annual review of loans, loan level stress testing, and problem loan management; (v) implement an exception tracking and reporting system; and (vi) establish an appraisal and evaluation program.

    Federal Issues OCC Enforcement Bank Secrecy Act Anti-Money Laundering Compliance Flood Insurance Underwriting

    Share page with AddThis
  • California Department of Business Oversight will monitor licensees’ compliance with face covering guidance

    State Issues

    The California Department of Business Oversight announced that it will monitor licensees’ compliance with face covering guidance issued by the California governor and the California Department of Public Health. All customers must be required to wear appropriate face coverings under circumstances outlined in the guidance, and those who refuse to comply and do not meet the outlined exemptions should be refused entry to banks, credit unions, and other places of business.

    State Issues Covid-19 California CDBO Licensing Compliance Bank Compliance Credit Union

    Share page with AddThis
  • OFAC settles with global e-commerce, digital service provider over multiple sanctions violations

    Financial Crimes

    On July 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $134,523 settlement with a Washington-based company that provides retail, e-commerce, and digital services worldwide. According to OFAC, due to deficiencies in the company’s sanctions screening process, between 2011 and 2018, the company provided goods and services to OFAC sanctioned persons; to persons located in the sanctioned region or countries of Crimea, Iran, and Syria; and “for persons located in or employed by the foreign missions of Cuba, Iran, North Korea, Sudan, and Syria.” Additionally, the company allegedly accepted and processed orders that primarily consisted of low-value retail goods and services from persons listed on OFAC’s List of Specially Designated Nationals and Blocked Persons who were blocked pursuant to sanctions regulations involving the Democratic Republic of Congo, Venezuela, Zimbabwe, among others. These apparent violations occurred “primarily because [the company’s] automated sanctions screening processes failed to fully analyze all transaction and customer data relevant to compliance with OFAC’s sanctions regulations,” OFAC stated, claiming the company also “failed to timely report several hundred transactions conducted pursuant to a general license issued by OFAC that included a mandatory reporting requirement, thereby nullifying that authorization with respect to those transactions.”

    In arriving at the settlement amount, OFAC considered various mitigating factors, including that the apparent violations were non-egregious and (i) the company voluntarily disclosed the violations and cooperated with the investigation; and (ii) the company has undertaken significant remedial efforts to address the deficiencies and to minimize the risk of similar violations from occurring in the future.

    OFAC also considered various aggravating factors, including that the company failed to exercise due caution or care to ensure its sanctions screening process was able to properly flag transactions involving blocked persons and sanctioned jurisdictions. “This case demonstrates the importance of implementing and maintaining effective, risk-based sanctions compliance controls,” OFAC stated. “[G]lobal companies that rely heavily on automated sanctions screening processes should take reasonable, risk-based steps to ensure that their processes are appropriately configured to screen relevant customer information and to capture data quality issues.”

    Financial Crimes OFAC Department of Treasury Settlement Sanctions Of Interest to Non-US Persons Compliance

    Share page with AddThis
  • OCC highlights key risks for federal banking system, says compliance risk elevated due to Covid-19

    Federal Issues

    On June 29, the OCC released its Semiannual Risk Perspective for Spring 2020, which reports on key risk areas that pose a threat to the safety and soundness of national banks and federal savings associations. In particular, the OCC focused this report on the financial impacts of the Covid-19 pandemic on the federal banking industry, emphasizing that weak economic conditions stemming from the shutdown will stress financial performances in 2020, and that banks should monitor elevated compliance risks that may occur as a result of their responses to the pandemic, including participating in the Paycheck Protection Program as well as forbearance and deferred payment programs. The report highlighted that the surge in consumer demands, government programs, and the modifications to operations due to remote work and the “short timelines for implementing changes placed additional strains on banks already operating in a stressed environment.” However, the report noted that, “[s]ome banks are leveraging innovative technologies and third parties, including fintech firms, to help manage these challenges,” and that “[b]ank risk management programs should maintain effective controls for third-party due diligence and monitoring and other oversight processes, operational errors, heightened cyber security risks, and potential fraud related to stimulus programs.” The report highlighted several areas of concern for banks, including (i) credit risk increases; (ii) interest rate risk, including risks related to the LIBOR cessation; (iii) operational risks related to banks’ Covid-19 response; (iv) heightened cyber risks; and (v) compliance risks related to Bank Secrecy Act/anti-money laundering laws, consumer compliance, and fair lending.

    Federal Issues OCC Covid-19 Risk Management Fintech Third-Party SBA Compliance

    Share page with AddThis
  • CFPB launches pilot advisory opinion program to provide regulatory clarity

    Agency Rule-Making & Guidance

    On June 18, the CFPB launched a pilot advisory opinion program (AO program) to allow entities to submit requests to the Bureau for written guidance in cases of regulatory compliance uncertainty. The pilot AO program procedural rule went into effect June 22, and states that the AO program—established in response to external stakeholder feedback encouraging the Bureau to provide written guidance—will primarily focus on clarifying ambiguities in Bureau regulations, although AOs may also clarify statutory ambiguities. The Bureau notes, however, that it will not issue AOs on matters that require notice-and-comment rulemaking or that are better addressed through that process, and does not intend to issue an AO that will change a regulation or replace a regulation or statute with a “bright-light standard that eliminates all the required analysis.” During the pilot, requests will not be accepted from third parties, such as trade associations or law firms, on behalf of unnamed entities. According to the Bureau’s announcement, it will select topics based on the program’s priorities, and, if appropriate, may publicly “issue an [AO] based on its summary of the facts presented that would be applicable to other entities in situations with similar facts and circumstances.”

    The pilot AO program will focus on the following four priorities: (i) providing consumers “with timely and understandable information to make responsible decisions”; (ii) identifying “outdated, unnecessary or unduly burdensome regulations in order to reduce regulatory burdens”; (iii) consistently enforcing federal consumer financial laws “in order to promote fair competition”; and (iv) “[e]nsuring markets for consumer financial products and services operate transparently and efficiently to facilitate access and innovation.”

    In determining the appropriateness of an AO, the Bureau will consider several factors, including whether (i) prior Bureau examinations have identified the issue as one that may benefit from additional regulatory clarity; (ii) the issue is “of substantive importance or impact or one whose clarification would provide significant benefit”; and/or (iii) the issue concerns an ambiguity not previously addressed through an interpretive rule or other authoritative source. Additionally, issues currently under investigation or enforcement likely will not be considered appropriate for an AO.

    A proposed procedural rule and information collection was also announced June 18, which requests comments on the proposed AO program. Comments must be received 60 days after publication in the Federal Register. The proposed AO program, following the conclusion of the pilot, will be fully implemented after the Bureau reviews the comments.  

    Agency Rule-Making & Guidance CFPB Compliance Regulation

    Share page with AddThis
  • CFPB updates HMDA Small Entity Compliance Guide

    Agency Rule-Making & Guidance

    On May 27, the CFPB issued an updated HMDA Small Entity Compliance Guide to reflect the changes made to Regulation C by the April final rule, which permanently raised coverage thresholds for collecting and reporting data about closed-end mortgage loans and open-end lines of credit (covered by InfoBytes here). The final rule, which amends Regulation C, increases the permanent threshold from 25 to 100 loans starting July 1, 2020, for both depository and nondepository institutions. The final rule also increases the permanent threshold for collecting and reporting data about open-end lines of credit from 100 to 200, but this change will not take effect until January 1, 2022, when the current temporary threshold of 500 open-end lines of credit expires. Beginning in 2022, both depository and nondepository institutions that meet this threshold must report data on open-end lines of credit by March 1 of the following calendar year. The Guide also notes the CFPB’s statement that, as of March 26, 2020, it “does not intend to cite in an examination or initiate an enforcement action against any institution for failure to report its HMDA data quarterly.”

    Agency Rule-Making & Guidance CFPB HMDA Compliance Mortgages

    Share page with AddThis
  • Arkansas Insurance Department issues bulletin to insurers regarding compliance and licensing

    State Issues

    On May 11, the Arkansas Insurance Department issued a bulletin regarding compliance and licensing for admitted and surplus lines insurance carriers doing business in Arkansas. Insurers and other regulated entities are advised that they must continue to expeditiously adjust claims during Covid-19. The bulletin also provides guidance on regulatory filing deadlines, the permissibility of electronic filings and signatures, the status of on-site examinations by the department, license renewals, and continuing education deadlines. 

    State Issues Covid-19 Arkansas Insurance Compliance Licensing ESIGN Fintech Examination

    Share page with AddThis


Upcoming Events