Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On May 1, the Federal Reserve Board (Fed) announced it would extend the initial compliance dates for certain parts of its single-counterparty credit limit rule (SCLL), which was approved in 2018 and limits a U.S. bank holding company’s or foreign banking organization’s credit exposure to another counterparty. As previously covered by InfoBytes, the Fed initially proposed the extension last November. Under the extension, the largest foreign banks subject to the single-counterparty credit limit rule will have until July 1, 2021 to comply, while smaller foreign banks will not be required to comply until January 1, 2022.
On March 30, the SEC announced a $450,000 award to a whistleblower in an enforcement action. According to the formal order, the whistleblower—who had compliance-related responsibilities at the company at issue in the enforcement action—suffered “unique hardships” after first attempting to report concerns within the company’s internal compliance structure. The whistleblower then reported the information to the SEC following the required 120-day time waiting period, which ultimately provided assistance to the SEC’s investigation and successful enforcement action. The SEC stated in its press release that this is the third whistleblower award given to an individual with compliance or internal audit responsibilities. As of March 30, the SEC has awarded 77 individuals a total of approximately $396 million in whistleblower awards since its first award in 2012.
On April 2, SEC Chairman Jay Clayton issued a statement outlining the SEC’s approach to its allocation of resources, oversight, and rulemaking agenda. As previously covered by InfoBytes, the SEC issued guidance last month providing temporary relief and assistance to market participants impacted by the Covid-19 pandemic, including relief from certain notarization requirements and filing deadline extensions. Clayton noted, however, that despite these challenges, the SEC recognized that it is imperative that issuers keep investors equipped with material information, and accordingly has urged public companies to “continue to evaluate their obligations to make materially accurate and complete disclosures in accordance with the federal securities laws.” Among other things, Clayton also reiterated that, while public comments closed recently on several proposed rulemaking actions, the SEC will “not take final action on these items in the coming weeks to allow potential commenters more time to submit comments for consideration if needed.” The SEC does not expect to move forward on any of these proposed actions prior to May 1.
Relatedly, Clayton discussed Regulation Best Interest (Reg BI) and Form CRS, which establish new standards of conduct for broker-dealers and related persons when recommending securities transactions or investment strategies to retail customers. Clayton highlighted the extensive engagement efforts related to the implementation of Reg BI and Form CRS, and encouraged continued engagement with investors and other market participants on these regulatory enhancements. Clayton noted that, in light of these engagement efforts, the June 30 compliance date remains appropriate, and provided a number of resources to assist firms in understanding the new requirements and implementation process.
On March 25, the SEC announced that publicly traded companies have an additional 45 days, subject to certain conditions, to file annual and quarterly reports in an effort to help businesses whose operations may be affected by Covid-19. Disclosure reports due between March 1 and July 1 will be eligible for extensions if companies can justify the need, the SEC stated in the announcement, which supersedes and extends a previously issued order on March 4. To qualify for an extension, “companies must continue to convey through a current report a summary of why the relief is needed in their particular circumstances for each periodic report that is delayed.” In addition, the SEC issued orders (see here and here) that will give certain investment funds and investment advisors more time to meet filing and delivery requirements and more flexibility to avoid in-person meetings. These orders broaden and extend relief that the SEC announced earlier this month (covered by InfoBytes here). The announcement also provides public company disclosure guidance as well as additional information with respect to certain obligations under various securities laws.
On February 27, the SEC announced a settlement with a national bank to resolve allegations that two of its investment entities failed to monitor sales of exchange-traded funds (ETFs) to retail investors. The SEC alleged in its order that the bank’s compliance policies and procedures and supervisory processes were unable to adequately prevent and detect unsuitable recommendations of single-inverse ETFs, which allegedly led to bank investment advisors making recommendations to certain clients who were unaware of the risk of losses when ETFs are held long term. While the bank neither admitted nor denied the SEC’s findings, it agreed to pay a $35 million penalty and distribute funds to affected clients. The bank also agreed to cease and desist from engaging in any future violations of the relevant provisions.
On February 3, NYDFS announced it intends to take enforcement action through an administrative proceeding against several check cashing entities for alleged violations of New York Banking Law and federal laws and regulations related to the business of check cashing. According to NYDFS, examinations revealed multiple concerns related to the entities’ Bank Secrecy Act/anti-money laundering (BSA/AML) program and transaction monitoring, including (i) inaccurate books and records; (ii) cashing post-dated checks; (iii) insufficient BSA/AML compliance; and (iv) inadequate risk-assessment procedures and customer identification and Know Your Customer programs. NYDFS also stated that management at the identified entities failed to implement effective controls to mitigate and manage BSA/AML compliance programs and Office of Foreign Assets Control risks despite “repeated criticism of the entities’ performance.”
NYDFS conducted a subsequent investigation, which found additional alleged violations that circumvented Federal and state banking laws, such as (i) hiring undisclosed employees who were paid “off the books”; (ii) conducting an unlicensed mobile check-cashing business; and (iii) and engaging in an illegal check-cashing scheme that structured transactions and falsified business records to give the appearance that checks were cashed on multiple dates, when in fact they were all cashed on a single date. The administrative proceeding to revoke the entities’ licenses and seek civil penalties will begin February 24.
On January 27, the CFPB published a policy statement announcing a new designation for certain guidance material. The non-binding “Compliance Aids” are intended to assist financial institutions when complying with laws and regulations, but are not rules, and are therefore exempt from the Administrative Procedures Act’s notice and comment rulemaking requirements. According to the Bureau, while the Compliance Aids may include practical suggestions for entities, the Bureau notes that “[w]here there are multiple methods of compliance that are permitted by the applicable rules and statutes, an entity can make its own business decision regarding which method to use, and this may include a method that is not specifically addressed in a Compliance Aid. In sum, regulated entities are not required to comply with the Compliance Aids themselves. Regulated entities are only required to comply with the underlying rules and statutes.” The policy statement is effective February 1.
On January 9, the Federal Reserve Board announced that it entered into a cease and desist order on December 30 with a Texas state-chartered bank due to “significant deficiencies” in the bank’s Bank Secrecy Act (BSA) and anti-money laundering (AML) compliance program that were discovered in its latest examination of the bank. The requirements set out for the bank in the order include:
- Board oversight. The bank must submit a board-approved, written plan to improve oversight of BSA/AML requirements.
- BSA/AML compliance program. The bank must submit a written BSA/AML compliance program that includes BSA/AML training; independent testing of the compliance program; management of the program by a qualified compliance officer with adequate staffing support; BSA/AML compliance internal controls; and a BSA/AML risk assessment of the bank, its products and services, and its customers.
- Customer due diligence. The bank must submit a revised customer due diligence program that includes policies and procedures to ensure accurate client account information; a plan to bring existing accounts into compliance with due diligence requirements; a method to assign risk ratings to account holders; policies and procedures to ensure proper customer information is obtained according to the risk of the account holder; and risk-based monitoring procedures and updates to accounts.
- Suspicious activity monitoring and reporting. The bank must submit a written suspicious activity monitoring and reporting program that includes a documented process for establishing monitoring rules; policies and procedures for review of monitoring rules; customer and transaction monitoring; and policies and procedures for the review of suspicious activity.
In January, the NCUA issued a letter to board of directors and chief executive officers at federally insured credit unions outlining the agency’s 2020 supervisory priorities. Top supervisory priorities include:
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML). Examinations will continue to focus on customer due diligence and beneficial ownership requirements. The NCUA will also collaborate with law enforcement and banking regulators on initiatives such as updates to the FFIEC’s BSA/AML examination manual and enforcement guidelines, guidance concerning politically exposed persons, and measures for improving suspicious activity and currency transaction report filing procedures.
- Consumer Financial Protection. Based on a rotating regulation review cycle, NCUA examiners will review compliance (at a minimum) with the following regulations: the Electronic Fund Transfer Act, Fair Credit Reporting Act, Gramm-Leach-Bailey (Privacy Act), Payday Alternative Lending and other small dollar lending, Truth in Lending Act, Military Lending Act, and the Servicemembers Civil Relief Act.
- Cybersecurity. In 2020 the NCUA will continue conducting cybersecurity maturity assessments for credit unions with assets over $250 million and will begin to assess those with assets over $100 million. In addition, the NCUA intends to pilot new procedures—scaled to an institution’s size and risk profile—to evaluate critical security controls during examinations between maturity assessments.
- LIBOR Cessation Planning. Examiners will assess credit unions’ planning related to the discontinuation of LIBOR. According to the NCUA, credit unions should “proactively transition away from instruments using LIBOR as a reference rate.”
Other areas of focus include credit risk, current expected credit losses, liquidity risk, and modernization updates. The extended examination cycle will continue to apply to qualifying credit unions.
On December 9, the CFPB released a special edition of its fall 2019 Supervisory Highlights, focusing on recent supervisory findings in the areas of consumer reporting and information furnishing to consumer reporting companies (CRCs). This is the second special edition to focus on consumer reporting issues, and follows a report that the Bureau released in March 2017 covered by InfoBytes here. According to the Bureau, recent supervisory reviews of FCRA and Regulation V compliance have identified new violations as well as compliance management system (CMS) weaknesses at CFPB-supervised institutions. However, the Bureau noted that examiners have also observed significant improvements, such as continued investment in FCRA-related CMS.
Highlights of the supervisory findings include:
- Recent examples of CMS weaknesses and FCRA/Regulation V violations (where corrective action has either been taken or is currently being taken) in which one or more (i) mortgage loan furnishers did not maintain policies and procedures “appropriate to the nature, size, complexity, and scope of the furnisher’s activities”; (ii) auto loan furnishers’ policies and procedures failed to provide sufficient guidance for investigating indirect disputes containing allegations of identity theft; (iii) debt collection furnishers’ policies and procedures failed to differentiate between FCRA disputes, FDCPA disputes, or validation requests, leading to a lack of consideration for applicable regulatory requirements when handling these matters; and (iv) deposit account furnishers lacked written policies and procedures for furnishing or validating the information provided to specialty CRCs.
- Examiners found that one or more furnishers provided information they knew, or had reasonable cause to believe, was inaccurate. Examples include inaccurate derogatory status codes due to coding errors and unclear addresses for consumers to submit disputes.
- Examiners discovered several instances where furnishers failed to send prompt notifications to CRCs after determining that information previously furnished was inaccurate, including situations where furnishers failed to promptly update or correct information after consumers paid charged-off balances in full or discharged them in bankruptcy.
- Examiners found that some furnishers reported the incorrect date of the first delinquency in connection with their responsibility to provide notice of delinquent accounts to CRCs.
- Examiners found several instances where furnishers failed to investigate disputes, complete investigations in a timely manner, or notify consumers of certain determinations related to “frivolous or irrelevant” disputes.
The Bureau also discussed supervisory observations concerning CRC compliance with FCRA provisions, and commented that CRCs continue to (i) improve procedures concerning the accuracy of information contained in consumer reports; (ii) implement improvements to prevent consumer reports from being furnished to users who lack a permissible purpose; (iii) strengthen procedures to “block information that a consumer has identified as resulting from an alleged identity theft”; and (iv) investigate and respond to consumer disputes.
- Daniel R. Alonso to moderate an interactive roundtable at the Latin Lawyer and GIR Connect: Anti-Corruption & Investigations Conference
- APPROVED Checkpoint Webcast: You have license renewal questions, we have answers
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- Daniel R. Alonso to discuss anti-money-laundering at FELABAN Spanish-language webinar “Perspective for banks: LAFT, FINCEN, OFAC, Cryptocurrency”
- Daniel R. Alonso to discuss "What’s new in BSA/AML compliance?" at the Institute of International Bankers Regulatory Compliance Seminar
- Jon David D. Langlois to discuss "Regulatory update: What you need to know under the new boss; It won’t be the same as the old boss" at the IMN Residential Mortgage Service Rights Forum (East)
- Benjamin B. Klubes to discuss “Creating a Fantastic Workplace Culture”
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek