Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 7, the SEC’s Office of Compliance Inspections and Examinations (OCIE) announced the release of its 2020 Examination Priorities. The annual release of exam priorities provides transparency into the risk-based examination process and lists areas that pose current and potential risks to investors. OCIE’s 2020 examination priorities include:
- Retail investors, including seniors and those saving for retirement. OCIE places particular emphasis on disclosures and recommendations provided to investors.
- Information security. In addition to cybersecurity, top areas of focus include: risk management, vendor management, online and mobile account access controls, data loss prevention, appropriate training, and incident response.
- Fintech and innovation, digital assets and electronic investment advice. OCIE notes that the rapid pace of technology development, as well as new uses of alternative data, presents new risks and will focus attention on the effectiveness of compliance programs.
- Investment advisers, investment companies, broker-dealers, and municipal advisers. Risk-based exams will continue for each of these types of entities, with an emphasis on new registered investment advisers (RIA) and RIAs that have not been examined. Other themes in exams of these entities include board oversight, trading practices, advice to investors, RIA activities, disclosures of conflicts of interest, and fiduciary obligations.
- Anti-money laundering. Importance will be placed on beneficial ownership, customer identification and due diligence, and policies and procedures to identify suspicious activity.
- Market infrastructure. Particular attention will be directed to clearing agencies, national securities exchanges and alternative trading systems, and transfer agents.
- FINRA and MSRB. OCIE exams will emphasize regulatory programs, exams of broker-dealers and municipal advisers, as well as policies, procedures and controls.
On December 23, NYDFS issued an Industry Letter (Letter) directing its regulated depository and non-depository institutions, insurers, and pension funds to outline their plans for managing the risks associated with the potential impact of LIBOR’s likely cessation at the end of 2021. NYDFS seeks assurance that regulated institutions’ board of directors and senior management fully understand the associated risks, have developed appropriate plans, and have initiated actions to facilitate transition to an alternative reference rate. The Letter does not mandate use of any particular alternative rate, but notes that “the Alternative Reference Rates Committee . . ., convened by the FRB and the [Federal Reserve Bank of New York (FRBNY)], has chosen [the Secured Overnight Financing Rate published by the FRBNY] as its recommended alternative to U.S. dollar LIBOR.” The Letter requires NYDFS-regulated institutions to describe: (i) programs that will assess financial and non-financial transition risks; (ii) “processes for analyzing and assessing alternative rates, and the potential associated benefits and risks of such rates both for the institution and its customers and counterparties”; (iii) processes to communicate with customers and counterparties; (iv) plans and processes for “operational readiness, including related accounting, tax and reporting aspects of [the] transition” from LIBOR; and (v) their governance framework, including oversight by an institution’s board of directors or its equivalent governing authority. Institutions are required to submit their transition-risk management plans to NYDFS by February 7.
On December 9, the OCC released its Semiannual Risk Perspective for Fall 2019, identifying and reiterating key risk areas that pose a threat to the safety and soundness of national banks and federal savings associations, including credit, operational, and interest rate risks. While the OCC commented that “bank financial performance is sound,” it also advised that “[b]anks should prepare for a cyclical change while credit performance is strong,” emphasizing that “[c]redit risk has accumulated in many portfolios.” The OCC also highlighted that competition with nonbank mortgage and commercial lending could pose a risk as well.
Specific areas of concern that the OCC described include: elevation of operational risk as advances in technology and innovation in core banking systems result in a changing and increasingly complex operating environment; increased use of third-party service providers that contribute to continued threats of fraud; need for prudent credit risk management practices that include “identifying borrowers that are most vulnerable to reduced cash flows from slower than anticipated economic growth”; “volatility in market rates [leading] to increasing levels of interest rate risk”; LIBOR’s anticipated cessation and whether banks have started to determine the potential impact of cessation and develop risk management strategies; and strategic risks facing banks as non-depository financial institutions (NDFI) use evolving technology and expand data analysis abilities (the OCC commented that NDFIs “are strong competitors to bank lending models”). The OCC also noted that there is increased interest from banks in sharing utilities with NDFIs to implement Bank Secrecy Act/anti-money laundering compliance programs and sanctions processes and controls.
On August 28, the CFPB updated its examination procedures for automobile finance in its Supervision and Examinations Manual. The procedures are comprised of seven modules and each examination will cover one or more modules. Prior to using the procedures, examiners will complete a risk assessment and examination scope memorandum, which will assist in determining which of the seven modules the exam will cover: (i) company business model; (ii) advertising and marketing; (iii) application and origination; (iv) payment processing and account maintenance; (v) collections, debt restructuring, repossession, and accounts in bankruptcy; (vi) credit reporting, information sharing, and privacy; and (vii) examiner conclusions and wrap-up.
On August 27, the FDIC issued Financial Institution Letter FIL-47-2019 announcing an update to its Risk Management Manual of Examination Policies to incorporate a new section titled “Risk-Focused, Forward-Looking Safety and Soundness Supervision.” According to the letter, the new section covers the FDIC’s “long-standing examination philosophy” that the focus of supervision should be on areas that present the greatest risk. The letter notes that the risk-focused approach is “forward-looking,” with the intent to look beyond the condition of an institution at a specific point in time to just how well the institution will be able to respond to a changing market and assist examiners in identifying and correcting “weaknesses in conditions or practices before they impact an institution’s financial condition.”
On July 24, the OCC issued Bulletin 2019-37 to provide fraud risk management principles for all OCC-supervised institutions. The Bulletin supplements previously issued notices addressing corporate and risk governance, and focuses on fraud risk, operational risk, and the need for strong governance and sound risk management principles. According to the OCC, strong governance is vital to managing an institution’s exposure to fraud and must include a strong corporate culture that discourages imprudent risk-taking. However, the OCC noted that fraud risk management should be commensurate with the bank’s risk profile. The Bulletin highlights several preventative and detective controls, including (i) developing anti-fraud policies and procedures, such as ethics policies, codes of conduct, and identity theft programs; (ii) creating anti-fraud awareness campaigns; (iii) establishing fraud risk management training programs for employees and contractors and educating customers on preventative measures; (iv) implementing a system of controls intended to prevent employees and third parties from conducting fraudulent transactions, such as opening or closing of bank accounts; (v) conducting background investigations for new employees and periodic checks for existing employees and third parties; (vi) providing sound training and information security programs; and (vii) establishing processes for customer identification, customer due diligence, and beneficial ownership identification and verification. Additionally, the OCC stated that senior management should understand the institution’s exposure to fraud risk and associated losses.
On June 3, the Federal Reserve Board issued supervisory letter SR 19-9 to provide guidance on its enhanced process for determining the scope of safety-and-soundness examinations of community and regional state member banks (SMB). Under the “Bank Exams Tailored to Risk” (BETR) process, the Fed intends to “gauge the risk of a bank’s various activities [and] facilitate a more data-driven approach to the risk tailoring of supervisory work.” A SMB’s level of risk within individual risk dimensions—such as credit, liquidity, and operational risk—will be derived from a combination of surveillance metrics and examiner judgment.
Among other things, BETR’s objectives are to (i) apply appropriately streamlined examination work programs to identified low-risk activities, in order to conserve supervisory staff resources and minimize regulatory burden; (ii) direct enhanced supervisory resources and attention to identified high-risk activities; and (iii) implement average intensity examination work programs to moderate-risk activities. Examiners are to tailor examination procedures to the size, complexity, and risk profile of an SMB, with examiners focusing on “developing an appropriate assessment of bank management’s ability to identify, measure, monitor, and control risk.”
On April 9, Senators Elizabeth Warren (D-Mass) and Sherrod Brown (D-Ohio) released responses to inquiries sent last month to the Federal Reserve Board, the OCC, and the CFPB, which expressed, among other things, concern about the level of response taken by a national bank regarding its auto-lending practices, as well as the bank’s remediation plans and compliance risk management efforts. In response, the regulators individually discussed the bank’s progress to satisfy its obligations under existing consent orders.
Federal Reserve Chairman Jerome Powell wrote that the asset cap imposed on the bank will remain in place until the bank has implemented—to the Board’s satisfaction—remedies to address risk management breakdowns. Powell noted that the bank and the Board are comprehensively addressing the progress.
OCC Comptroller Joseph Otting emphasized that the agency continues “to monitor the bank’s work to remediate deficiencies” identified in previously issued orders, and commented that while the OCC is disappointed with the bank’s current corporate governance and risk management programs, it “is fully engaged and prepared to bring [the bank’s] matters to resolution.”
CFPB Director Kathy Kraninger stated that “while the Bureau is working with [the bank] to ensure its compliance with the consent order, I am not satisfied with the [b]ank’s progress to date and have instructed staff to take all appropriate actions to ensure the [b]ank complies with the consent order and [f]ederal consumer financial law.”
On September 26, the OCC’s Committee on Bank Supervision released its bank supervision operating plan (Plan) for fiscal year 2019. The Plan outlines the agency’s supervision priorities and specifically highlights the following supervisory focus areas: (i) cybersecurity and operational resiliency; (ii) commercial and retail credit loan underwriting, concentration risk management, and the allowance for loan and lease losses; (iii) Bank Secrecy Act/anti-money laundering compliance; (iv) change management to address new regulatory requirements; and (v) internal controls and end-to-end processes necessary for product and service delivery.
The annual plan guides the development of supervisory strategies for individual national banks, federal savings associations, federal branches, federal agencies, and service providers.
The OCC will provide updates about these priorities in its Semiannual Risk Perspective, as InfoBytes previously has covered.
On September 5, the FDIC released its summer 2018 issue of Supervisory Insights (see FIL-44-2018), which contains articles discussing bank lending to the oil and gas sector and an overview of bank credit risk grading systems. Information and analysis from examiner observations is presented in the article, “Credit Risk Grading Systems: Observations from a Horizontal Assessment.” Sixteen large state nonmember banks’ credit risk grading programs are analyzed for (i) their use of expert judgment based systems and/or quantitative scorecards and models to assign credit grades; (ii) data usage and retention needs; and (iii) governance and risk management frameworks established by grade definitions. The article advises that “a bank’s credit risk grading system should align with the bank’s size and complexity to facilitate accurate risk identification, measurement, monitoring, and reporting,” and should include internal systems to allow for effective risk assessment, timely and accurate reporting, and procedures for safeguarding and managing assets. In addition, the issue includes an overview of recently released regulations and supervisory guidance in its Regulatory and Supervisory Roundup.
- Jonice Gray Tucker to discuss "Trends in regulatory enforcement" at the ABA Banking Law Committee Meeting
- Jonice Gray Tucker to discuss "Fair access to credit in today’s innovative environment" at the ABA Banking Law Committee Meeting
- Andrew W. Schilling to moderate "Expectations of in-house counsel from their law firm partners" at the ACI's 7th Annual Advanced Forum on False Claims and Qui Tam
- Buckley Webcast: Tips for navigating changes to the FHA recertification process
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference
- Kathryn L. Ryan to discuss "Industry open forum session on NMLS usage" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to discuss "Regulating innovative consumer lending products" at the NMLS Annual Conference & Training
- Daniel P. Stipano to moderate "Washington update" at the 17th Puerto Rican Symposium of Anti Money Laundering 2020 conference
- APPROVED Checkpoint Webcast: CFL overview
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference