Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 23, the OCC released its Semiannual Risk Perspective for Spring 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that as “banks continue to navigate the operational- and market-related impacts of the pandemic along with substantial government stimulus, current geopolitics have tightened financial conditions and increased downside risk to economic growth.” However, the OCC noted that banks’ financial conditions remain strong and that banks are well-positioned to “deal with the economic headwinds arising from geopolitical events, higher interest rates and increased inflation.”
The OCC highlighted operational, compliance, interest rate, and credit risks as key risk themes in the report. Observations include: (i) operational risk, including evolving cyber risk, is elevated, with an observed increase in attacks on the financial services industry given current geopolitical tensions; (ii) compliance risk remains heightened as banks navigate the current operational environment, regulatory changes, and policy initiatives; and (iii) credit risk remains moderate, with banks facing certain areas of weakness and potential longer-term implications resulting from the Covid-19 pandemic, inflation, and direct and indirect effects of the war in Ukraine. Staffing challenges among banks also present risks, with challenges posed by “strong competition” in the labor market.
The report also discussed the importance of appropriate due diligence of new digital asset products and services. The OCC said that it “continues to engage on an interagency basis to analyze various crypto-asset use cases,” and is looking to “provide further clarity on legal permissibility, as well as safety and soundness and compliance considerations related to crypto-assets” in the banking industry.
The OCC further stated it “will continue to monitor the development of climate-related financial risk management frameworks at large banks,” and reported that “OCC large-bank examination teams will integrate the examination of climate-related financial risk into supervision strategies and continue to engage with bank management to better understand the challenges banks face in this effort, including identifying and collecting appropriate data and developing scenario analysis capabilities and techniques.”
On June 8, the OCC issued a notice in the Federal Register seeking comments concerning its information collection titled, ‘‘Bank Secrecy Act/Money Laundering Risk Assessment,’’ also known as the Money Laundering Risk (MLR) System. According to the notice, the MLR System “enhances the ability of examiners and bank management to identify and evaluate Bank Secrecy Act/Money Laundering and Office of Foreign Asset Control (OFAC) sanctions risks associated with banks’ products, services, customers, and locations.” The notice stated that the agency will collect MLR information for OCC supervised community and trust banks, and explained that the annual Risk Summary Form (RSF), which collects data about different products, services, customers, and geographies (PSCs), will include three significant changes in 2022. The changes in the 2022 RSF are: (i) the addition of six new PSCs; (ii) the addition of three new customer types under the money transmitters category; and (iii) the deletion of four existing PSCs. Comments close on August 8.
On May 26, FHFA announced a final rule that amends the Enterprise Regulatory Capital Framework by introducing new public disclosure requirements for Fannie Mae and Freddie Mac (GSEs). The final rule adds new quarterly quantitative and annual qualitative disclosures related to risk management, corporate governance, capital structure and capital requirements and buffers under the standardized approach. The final rule also aligns the GSEs’ disclosure requirements with many of the public disclosure requirements for large banking organizations under the regulatory capital framework adopted by banking regulators, and is intended to ensure the GSEs operate in a safe and sound manner “in particular during periods of financial stress.” “By allowing market participants to assess key information about the [GSEs] risk profiles and associated levels of capital, this final rule will promote transparency and encourage sound risk management practices at the [GSEs],” acting Director Sandra L. Thompson said.
On May 20, the FDIC released its 2022 Risk Review, summarizing emerging risks in the U.S. banking system observed during 2021 in four broad categories: credit risk, market risk, operational risk, and climate-related financial risk. According to the FDIC, the current risk review expands upon coverage in prior reports by examining operational risks to banks resulting from cyber threats, illicit finance, and climate-related financial risks. Monitoring these risks is among the agency’s top priorities, the FDIC said, explaining that the number of ransomware attacks in the banking industry increased in 2021, and that the “number and sophistication of cyber attacks also increased with remote work and greater use of digital banking tools.” Additionally, “threats from illicit activities continue to pose risk management challenges to banks.” The FDIC noted that the banking environment improved in 2021 as the economy recovered but stated that recovery was uneven across industries and regions. While “[f]inancial market conditions were generally supportive of the economy and banking industry in 2021,” they began to deteriorate in early 2022 with the onset of the Russian invasion of Ukraine, the FDIC said.
On May 13, the U.S. Treasury Department issued the 2022 National Strategy for Combatting Terrorist and Other Illicit Financing (2022 Strategy). As required by federal law, the 2022 Strategy describes current U.S. government efforts to combat domestic and international illicit finance threats from terrorist financing, proliferation financing, and money laundering, and discusses potential risks, priorities and objectives, as well as areas for improvement. Among other things, the 2022 Strategy reflects challenges posed by the Covid-19 pandemic, the increasing digitization of financial services, and rising levels of corruption and fraud. Specifically, Treasury noted that 2022 risk assessments highlights threats “posed by the abuse of legal entities, the complicity of professionals that misuse their positions or businesses, small-sum funding of domestic violent extremism networks, the effective use of front and shell companies in proliferation finance, and the exploitation of the digital economy.”
According to Treasury, the 2022 Strategy, along with the agency’s 2022 National Money Laundering Risk Assessment (covered by InfoBytes here), “will assist financial institutions in assessing the illicit finance risk exposure of their businesses and support the construction and maintenance of a risk-based approach to countering illicit finance for government agencies and policymakers.”
Specifically, to protect the U.S. financial system from corruption and other illicit finance threats, the 2022 Strategy outlined four priorities and 14 supporting actions to address these threats. These include:
- closing legal and regulatory gaps in the U.S. anti-money laundering/counter the financing of terrorism (AML/CFT) framework that are used to anonymously access the U.S. financial system through shell companies and all-cash real estate purchases;
- increasing the efficiency of the U.S. AML/CFT regulatory framework “by providing clear compliance guidance, sharing information appropriately, and fully funding supervision and enforcement”;
- enhancing the operational effectiveness of law enforcement, other U.S. government agencies, and international partnerships to prevent illicit actors from accessing safe havens; and
- enabling technological innovation while mitigating risk to stay ahead of new avenues for abuse through virtual assets and other new financial products, services, and activities.
The same day the U.S. and Mexico announced their commitment to establish a working group on anti-corruption, which will primarily focus on high-level strategic responses to public corruption. The announcement follows a recent agreement between delegates from the two countries to continue expanding information-sharing efforts to improve bilateral efforts for countering illicit finance.
On May 17, acting Comptroller of the Currency Michael J. Hsu stressed “[n]ow is the time for banks to take a fresh look at their exposures and take actions to adjust their risk positions—to ‘trim their sails,’ so to speak—ahead of potential uncertainty and volatility.” Hsu said banks should take action now to examine exposure and adjust risk profiles ahead of potential uncertainty and volatility in interest rates and loan performance. “Empowering risk managers and enforcing discipline in risk-taking will enable banks to better navigate the rate environment and will lower the chances of nasty surprises as quantitative tightening occurs,” Hsu stressed. Banks should also re-review their risk identification capabilities and assess the comprehensiveness of their counterparty credit risk management practices, paying close attention to areas where risk limits or other practices have been relaxed for “high-priority, high-growth clients, especially where increasing wallet share has been a goal.” He also cautioned banks against taking on too much risk associated with a single economic concentration, flagging commercial real estate and loans to non-depository financial institutions (including broker-dealers, asset managers, and investment funds) as specific areas where banks may suffer considerable losses when markets turn. Banks should also be careful not to relax underwriting standards, Hsu warned, pointing to some banks that have lowered their retail credit underwriting to obtain new customers and volume growth. “Actions today to defease high-impact tail risks can temper the need to go full ‘risk-off’ tomorrow, ensuring that the banking industry can remain a source of strength to the economy, as it has throughout the pandemic and recent market turbulence,” Hsu stated.
On May 11, FHFA announced its membership in the Network of Central Banks and Supervisors for Greening the Financial System, affirming its “commitment to making tangible progress toward addressing the impact of climate change on the nation's housing finance system.” Recognizing the increased risks to property presented from climate change, FHFA acting Director Sandra L. Thompson advised FHFA-regulated entities last year to designate climate change as a priority concern and actively consider its effects in decision-making processes. NGFS is an international group comprised of central banks and financial supervisors working to enhance the role of the financial system in managing risks and mobilizing capital for green and low-carbon investments in the context of environmentally sustainable development. The Federal Reserve Board, OCC, and FDIC, and the U.S. Treasury Department’s Federal Insurance Office have already joined NGFS.
On May 11, the FDIC, OCC, Federal Reserve Board, NCUA, and the Farm Credit Administration (the agencies) jointly issued revised, reorganized, and expanded interagency questions and answers (Q&As) regarding federal flood insurance laws. The revised Q&As supersede versions published in 2009 and 2011, and consolidate Q&As proposed by the agencies in 2020 and 2021 (covered by InfoBytes here). Reflecting significant changes to flood insurance requirements made by the Biggert-Waters Flood Insurance Reform Act and the Homeowner Flood Insurance Affordability Act, as well as regulations issued by the agencies to implement these laws, the revised Q&As consist of 144 Q&As (including 24 private flood insurance Q&As) covering a range of topics, including the escrow of flood insurance premiums, the detached structure exemption to the mandatory flood insurance purchase requirement, force placement procedures, and the acceptance of flood insurance policies issued by private insurers. The agencies also made non-substantive revisions to certain Q&As to provide more direct responses to questions asked, additional clarity, or make technical corrections. In response to concerns raised by several commenters, the agencies confirmed that they are providing the interagency Q&As “as guidance only,” and clarified that “all the Q&As apply to all policies, whether [National Flood Insurance Program] or a flood insurance policy issued by a private insurance company, unless otherwise noted in the Q&A.” Additionally, the agencies noted “that they are working individually and on an interagency basis to address financial risks associated with climate change consistent with the [a]gencies’ regulatory and supervisory authorities,” and therefore “decline to make changes to any of the Q&As in response to climate risk change.
The same day, the agencies issued Loans in Areas Having Special Flood Hazards; Interagency Questions and Answers Regarding Flood Insurance. The interagency questions and answers replace the 2009 and 2011 publications and consolidate Q&As proposed by the agencies in July 2020 and in March 2021. This bulletin rescinds: (i) OCC Bulletin 2009-26, Flood Disaster Protection Act: Revised Interagency Questions and Answers Regarding Flood Insurance; (ii) OCC Bulletin 2011-42, Flood Disaster Protection Act: Interagency Questions and Answers Regarding Flood Insurance’ (iii) OCC Bulletin 2020-69, Flood Disaster Protection Act: Proposed Revisions to Interagency Questions and Answers Regarding Flood Insurance; (iv) OCC Bulletin 2020-78, Flood Disaster Protection Act: Agencies Extend Comment Period on Proposed Revisions to Interagency Questions and Answers Regarding Flood Insurance; and (v) OCC Bulletin 2021-13, Flood Disaster Protection Act: Proposed Interagency Questions and Answers Regarding Private Flood Insurance.
Recently, the Federal Reserve updated a synthetic identity fraud mitigation toolkit offering new information regarding fraud detection technology and data sharing and discussing the value of fraud information sharing within the industry to help fight synthetic identity fraud. As previously covered by InfoBytes, in February, the Fed released the synthetic identity fraud mitigation toolkit intended to help financial institutions, businesses, and consumers improve awareness, detection, measurement, and mitigation of identity fraud. The recent updates in the toolkit provide guidance on enhancing organizations' ability to prevent and mitigate synthetic identity fraud using a variety of detection and prevention technologies and approaches. Topics contained in the toolkit include insights and downloadable resources covering, among other things: (i) the basics of synthetic identity fraud; (ii) how synthetic identities are used; (iii) when synthetics become a reality; (iv) detecting a synthetic identity; (v) validating identities; and (vi) identifying synthetics.
On April 27, acting Comptroller of the Currency Michael J. Hsu issued a statement regarding stablecoin standards after appearing before the Artificial Intelligence and the Economy: Charting a Path for Responsible and Inclusive AI symposium hosted by the U.S. Department of Commerce, National Institute of Standards and Technology, FinRegLab, and the Stanford Institute for Human-Centered Artificial Intelligence. According to Hsu, the internet has “technical foundations” that “provide for an open, royalty-free network.” He further noted that “[t]hose foundations did not emerge on their own. They were developed by standard setting bodies like IETF (Internet Engineering Task Force) and W3C (World Wide Web Consortium), which had representatives with differing perspectives, a shared public interest ethos, and a strong leader committed to the vision of an open and inclusive internet.” Hsu further stated that stablecoins do not have “shared standards and are not interoperable.” However, to make stablecoins “open and inclusive,” Hsu said that he believed that “a standard setting initiative similar to that undertaken by IETF and W3C needs to be established, with representatives not just from crypto/Web3 firms, but also from academia and government.” As previously covered by InfoBytes, Hsu discussed stablecoin policy considerations earlier this month in remarks before the Institute of International Economic Law at Georgetown University Law Center, calling for the establishment of an “intentional architecture” for stablecoins developed through principles of “[s]tability, interoperability and separability,” as well as “core values” of “privacy, security, and preventing illicit finance.”
- Daniel R. Alonso discussed “The importance of the FCPA in the world and its current impact” at a ‘Competitive Breakfast’ event sponsored by the international compliance firm Intedya
- Jedd R. Bellman discussed “The CFPB’s crackdown on collection junk fees and the growing anti-CFPB rhetoric” at an Accounts Recovery webinar
- Buckley Webcast: State supervision, enforcement, and multistate coordination
- Benjamin W. Hutten to discuss “Latest on AML regulations and impact of economic sanctions” at a Mortgage Bankers Association webinar
- Hank Asbill to discuss “Ethical issues at sentencing” at the 31st Annual National Seminar on Federal Sentencing
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar