InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Federal Reserve Board extends measures to ensure high level of resilience among large banks
On September 30, the Federal Reserve Board announced it would extend measures previously instituted to ensure that large banks maintain a high level of capital resilience in light of uncertainty introduced by the Covid-19 outbreak. The measures were extended for an additional quarter. Large banks (i.e. banks with more than $100 billion in total assets) will be prohibited from making share repurchases. Additionally, dividend payments will be capped and tied to a formula based on recent income. The announcement notes that the Board will conduct a second stress test later this year to further test the resiliency of large banks.
DOJ: Lender allegedly violated FIRREA, False Claims Act by forging certifications and using unqualified underwriters
On September 25, the DOJ filed a complaint against a lender alleging that it forged certifications and used unqualified underwriters to approve FHA-insured Home Equity Conversion Mortgages (HECMs) to increase its loan production in violation of the Financial Institutions Reform, Recovery and Enforcement Act and the False Claims Act. In addition, the DOJ claims that, because the lender allegedly did not employ enough direct endorsement underwriters to review each HECM loan endorsed for FHA mortgage insurance, it bypassed FHA’s underwriter requirements and (i) allowed “unqualified temporary contractors to underwrite, approve, and sign certifications for HECM loans”; (ii) “[f]orged signatures of qualified underwriters on certifications for other HECM loans” to create the appearance that they had been reviewed and approved by a qualified underwriter; (iii) pre-signed blank certifications representing that appraisals had been reviewed and approved; and (iv) used these forms and certifications to insure HECM loans that did not meet the underwriting requirements. The DOJ alleges that, accordingly, the FHA insured overvalued and underwater properties, which increased borrower expenses and raised the chances of default. The DOJ also asserts that the lender’s purported false claims for FHA mortgage insurance payments were material, as it led to the government making payments it would otherwise not have been required to make.
FinCEN Director encourages specificity in Covid-19 SARs filings
On September 29, FinCEN Director Kenneth A. Blanco spoke at the Association of Certified Anti-Money Laundering Specialists (ACAMS) virtual AML conference, noting that FinCEN has received over 91,000 suspicious activity reports (SARs) referencing Covid-19 and the federal stimulus programs under the CARES Act. Blanco stated that the vast majority (about 71 percent) of the Covid-19 SARs have come from depository institutions, while 17 percent have come from credit unions and five percent have come from the Money Services Business (MSB) industry. The securities and casino industries account for the final three percent. Blanco urged financial institutions to be “as specific as possible” when filling out their Covid-19-related SARs to ensure it gets to the right investigative team expeditiously. Blanco noted that “vague references to ‘stimulus’ or ‘CARES Act’ or ‘benefit,’” hinders the agency’s ability to get the SAR to the right team. Additionally, Blanco emphasized FinCEN’s advisories and guidance related to Covid-19 fraud (covered by InfoBytes here, here, and here) and encouraged the audience to review the agency’s dedicated Covid-19 webpage.
FDIC releases August enforcement actions
On September 25, the FDIC released a list of administrative enforcement actions taken against banks and individuals in August. During the month, the FDIC issued 13 orders, consisting of “one consent order under 8(b), four orders of prohibition under 8(e), and eight Section 19 orders.” The consent order, issued against a Kansas-based bank, relates to alleged violations of the Bank Secrecy Act (BSA). Among other things, the bank was ordered to (i) terminate all activity related to its foreign financial institution customers, including such activity as funds transfers, remote deposit capture, money service business remittances, Automated Clearing House transfers, and funds transfers to or from any foreign central bank accounts; (ii) establish a directors’ BSA/anti-money laundering (AML) compliance committee; (iii) implement a revised BSA compliance program to address BSA/AML deficiencies, including incorporating internal controls to assure ongoing compliance, as well as training for appropriate personnel; (iv) maintain a BSA/AML internal control structure, including suspicious activity monitoring and reporting, risk assessment, and customer due diligence; (v) contract with a third-party consulting firm to conduct an independent test of the bank’s BSA/AML compliance program; (vi) implement an effective, comprehensive BSA training program for appropriate personnel regarding specific compliance responsibilities; and (vii) conduct a look-back review to ensure certain reportable transactions and suspicious activities were appropriately identified and reported.
California AG, former FTC chairs argue about federal privacy law preemption during Senate committee hearing
On September 23, the Senate Committee on Commerce, Science, and Transportation held a hearing titled, “Revisiting the Need for Federal Data Privacy Legislation.” The hearing examined the current state of consumer data privacy and legislative efforts to provide baseline data protections for American consumers, and examined the lessons learned from the EU’s Global Data Protection Regulation (GDPR) and recently enacted state privacy laws. Witnesses included a number of former chairs and commissioners of the FTC, along with California Attorney General Xavier Becerra.
Becerra discussed the California Consumer Privacy Act (CCPA), which sets forth various requirements for businesses that collect, transfer, or sell a consumer’s personal information, and provides California residents several rights, including the right to know what data companies have collected on them and the right to ask to delete data or opt-out of its sale. (See continuing InfoBytes coverage on the CCPA here.) Concerning future federal privacy legislation, Becerra stressed that any such legislation should not preempt the work happening at the state level, and he urged the Committee “to favor legislation that sets a federal privacy-protection floor rather than a ceiling,” in order to allow states the opportunity to provide tailored protections for their residents. Becerra also stressed that the ideal federal legal framework would “recognize[] that privacy protections must keep pace with innovation,” and further addressed the need for a meaningful enforcement regime that respects the work undertaken by the states.
Former FTC chairs Jon Leibowitz and Maureen Ohlhausen, however, argued (see here and here) in favor of federal preemption. They suggested that a single national comprehensive privacy standard would be stronger and more comprehensive than existing regimes such as the CCPA and GDPR, and could better serve consumers even if it replaces state regulations. Both stressed that preempting state laws should not mean weakening protections for consumers. Moreover, both Leibowitz and Ohlhausen emphasized that federal privacy legislation should be technology- and industry-neutral, with rigorous standards backed by tough enforcement. Leibowitz also urged Congress to provide the FTC with the ability to impose civil penalties on violators for first-time offenses, and recommended that the FTC be granted the primary authority to administer the law and be given continued authority to provide redress directly to consumers. Former chair William Kovacic presented a different approach, which would establish a domestic privacy network to promote cooperation and coordination between federal and state privacy regulators to improve policy formation.
Other topics covered in the hearing included Chairman Roger Wicker’s (R-MS) recently introduced bill (S. 4626), known as the SAFE DATA Act, which would require businesses to be more transparent about their data collection, processing, and transfer activities, and give consumers more choices and control over their data. Among other things, the bill would preempt privacy laws in California and other states, except in regard to data breaches, and would not include a private right of action allowing consumers to sue over privacy violations.
FDIC announces disaster relief in connection with Hurricane Sally
On September 23, the FDIC issued FIL-92-2020 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Alabama affected by Hurricane Sally starting on September 14. In the guidance, the FDIC notes that, in supervising institutions affected by the hurricane, the FDIC will consider the unusual circumstances those institutions face. The guidance suggests that institutions work with impacted borrowers to, among other things, (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are “done in a manner consistent with sound banking practices.” Additionally, the FDIC notes that institutions may receive Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The FDIC states it will also consider relief from certain reporting and publishing requirements.
FTC settles with company posing as SBA lender
On September 25, the FTC announced a settlement with a Rhode Island-based company and its owner (defendants), resolving allegations that the defendants violated the FTC Act by claiming to be an approved lender for the Small Business Administration’s (SBA) Paycheck Protection Program (PPP) even though the defendants are neither affiliated with the SBA nor an SBA-authorized lender. As previously covered by InfoBytes, the FTC filed an action against the defendants in April, alleging that the defendants made deceptive statements on their websites, such as “WE ARE A DIRECT LENDER FOR THE PPP PROGRAM!,” and directly contacted small businesses claiming to represent the SBA in order to solicit loan applications on behalf of the businesses’ banks. The settlement prohibits the defendants from engaging in the conduct subject to the action, including misrepresenting that they are affiliated with the SBA and that they are authorized to accept or process applications on behalf of the SBA. Moreover, the defendants are prohibited from disclosing or benefitting from consumer information obtained prior to the settlement without express, informed consent from the consumer, and are subject to certain reporting and recordkeeping requirements.
OCC announces settlements with former senior executives over account openings
On September 21, the OCC announced settlements with three former senior executives of a national bank for their roles in the bank’s incentive compensation sales practices. According to consent orders (see here and here), the OCC alleged that two of the individuals either “knew or should have known” about the sales misconduct problem and its root cause, but allegedly failed to, among other things, appropriately consider concerns about the “unreasonably high sales goals” and the associated risks of incentivizing sales of secondary deposit products. The third individual—previously in charge of identifying human resource risks—allegedly approved incentive compensation plans that overly incentivized sales and failed to respond to or escalate information received about unreasonable sales goals. In addition to paying civil money penalties, the individuals—who did not admit or deny wrongdoing—have each agreed to cooperate with the OCC in any investigation, litigation, or administrative proceeding related to sales misconduct at the bank.
As previously covered by InfoBytes, in January, the OCC reached settlements with three other former senior executives in January for their alleged roles in the bank’s sales practices misconduct, and issued notices of charges against five others.
FHFA extends Covid-19 flexibilities until October 31
On September 24, the FHFA announced the extension of several loan origination guidelines put in place to assist borrowers during the Covid-19 pandemic. Specifically, FHFA has extended until October 31 existing guidelines related to: (i) GSE purchases of qualified single-family mortgages in forbearance that meet specific eligibility criteria; (ii) alternative appraisal requirements on purchase and rate term refinance loans; (iii) alternative methods for documenting income and verifying employment before loan closing; and (iv) expanding the use of power of attorney to assist with loan closings. The extensions are implemented in updates to Fannie Mae Lender Letters LL-2020-03, LL 2020-04, LL-2020-06, and Freddie Mac Guide Bulletin 2020-37.
OCC: Banks may hold stablecoins in reserve accounts
On September 21, the OCC released Interpretive Letter 1172, stating that national banks may hold stablecoin in reserve accounts as a service to bank customers and may engage in activity incidental to receiving the deposits. According to the OCC, issuers of stablecoins—a type of cryptocurrency backed by an asset such as a fiat currency—have a desire to place assets in reserve accounts with national banks to “provide assurance that the issuer has sufficient assets backing the stablecoin in situations where there is a hosted wallet.” Hosted wallet, as defined by the OCC, is “an account-based software program for storing cryptographic keys controlled by an identifiable third party.” Because national banks are authorized to receive deposits and provide “permissible banking services to any lawful business they choose,” they may provide these services to issuers of stablecoins, as long as they comply with applicable laws and regulations. (In Interpretive Letter 1170, the OCC approved the holding of cryptocurrency on behalf of customers, covered by InfoBytes here.) Specifically, the OCC noted that national banks should ensure that deposit activities comply with the Bank Secrecy Act and anti-money laundering regulations. Moreover, a national bank must also “identify and verify the beneficial owners of legal entity customers opening accounts.” Lastly, the OCC emphasized that stablecoin reserves “could entail significant liquidity risks,” and national banks may consider entering into contractual agreements with stablecoin issuers to “verify and ensure that the deposit balances held by the bank for the issuer are always equal to or greater than the number of outstanding stablecoins issued by the issuer.” This guidance does not apply to stablecoin transactions involving un-hosted wallets.