Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
In January, the NCUA issued a letter to board of directors and chief executive officers at federally insured credit unions outlining the agency’s 2020 supervisory priorities. Top supervisory priorities include:
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML). Examinations will continue to focus on customer due diligence and beneficial ownership requirements. The NCUA will also collaborate with law enforcement and banking regulators on initiatives such as updates to the FFIEC’s BSA/AML examination manual and enforcement guidelines, guidance concerning politically exposed persons, and measures for improving suspicious activity and currency transaction report filing procedures.
- Consumer Financial Protection. Based on a rotating regulation review cycle, NCUA examiners will review compliance (at a minimum) with the following regulations: the Electronic Fund Transfer Act, Fair Credit Reporting Act, Gramm-Leach-Bailey (Privacy Act), Payday Alternative Lending and other small dollar lending, Truth in Lending Act, Military Lending Act, and the Servicemembers Civil Relief Act.
- Cybersecurity. In 2020 the NCUA will continue conducting cybersecurity maturity assessments for credit unions with assets over $250 million and will begin to assess those with assets over $100 million. In addition, the NCUA intends to pilot new procedures—scaled to an institution’s size and risk profile—to evaluate critical security controls during examinations between maturity assessments.
- LIBOR Cessation Planning. Examiners will assess credit unions’ planning related to the discontinuation of LIBOR. According to the NCUA, credit unions should “proactively transition away from instruments using LIBOR as a reference rate.”
Other areas of focus include credit risk, current expected credit losses, liquidity risk, and modernization updates. The extended examination cycle will continue to apply to qualifying credit unions.
On December 12, the Federal Reserve Board (Fed) issued SR 19-15, “Revised Examination Guidelines for Representative Offices of Foreign Banks,” which is applicable to foreign banking organizations (FBOs) with U.S. representative offices (offices) subject to supervision by the Fed. According to the letter, Reserve Banks should examine offices of FBOs at least every 24 months, and ideally, at the same time as any examination of related U.S. branches or agencies. An office can be examined more often (i) based on state law examination requirements; (ii) if “supervisory concerns” exist regarding the foreign bank’s condition; and (iii) if the activities of the office are central to the FBO’s entire U.S. operations or if the office has a large number of employees. The letter provides guidelines for documentation of exam findings and for assignment of various ratings including compliance, risk management and operational controls. The Fed notes that “the type of documentation and rating should vary depending on the representative office’s activities and the significance of supervisory concerns.”
On November 14, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Business Continuity Management booklet, one of a series of booklets that make up the FFIEC Information Technology Examination Handbook. The revised booklet replaces the 2015 version, and provides enterprise-wise guidance for examiners on the principles of business continuity management and approaches toward business continuity planning and resilience, including those designed to “achieve safety and soundness, consumer financial protection, and compliance with applicable laws, regulations, and rules.” It also provides examination procedures intended to help examiners assess the effectiveness of business continuity and resilience frameworks for entities including depository financial institutions, nonbank financial institutions, bank holding companies, and third-party service providers.
The same day, the OCC also issued Bulletin 2019-57 to note that the revised booklet rescinds Bulletin 2015-9, “FFIEC Information Technology Examination Handbook: Strengthening the Resilience of Outsourced Technology Services, New Appendix for Business Continuity Planning Booklet.”
On October 3, the California Department of Business Oversight (DBO) issued guidance for state-chartered financial institutions that serve cannabis-related businesses. The guidance, which is intended to help financial institutions manage risks appropriately, addresses cannabis program governance and compliance with the Bank Secrecy Act (BSA), as well as cannabis banking guidance issued in 2014 by the Financial Crimes Enforcement Network (FinCEN). As previously covered by InfoBytes, FinCEN’s guidance—which includes federal law enforcement priorities still in effect that were taken from a now-rescinded DOJ memo—details the necessary elements of a customer due diligence program, ongoing monitoring and suspicious activity report filing requirements, and priorities and potential red flags. Notably, the DBO states that while it will not bring regulatory actions against state-chartered financial institutions “solely for establishing a banking relationship with licensed cannabis businesses,” it expects all financial institutions to comply with FinCEN’s BSA expectations and guidance to make appropriate risk assessments. The DBO also referred bank examiners to its September Cannabis Job Aid, which is intended to assist with the examination of financial institutions that may be banking cannabis-related businesses.
On September 30, the OCC issued updates to four booklets of the Comptroller’s Handbook: Bank Supervision Process, Community Bank Supervision, Federal Branches and Agencies Supervision, and Large Bank Supervision. Among other things, the updates include (i) the interim final rule for the expanded 18-month supervisory cycle for certain institutions (covered by InfoBytes here); (ii) a revised OCC report of examination policy based on the revised Federal Financial Institutions Examination Council report of examination policy; (iii) the revisions to the OCC’s enforcement action policies (covered by InfoBytes here); and (iv) changes to the OCC’s credit underwriting assessment.
On September 13, the CFPB released its summer 2019 Supervisory Highlights, which outlines its supervisory and enforcement actions in the areas of automobile loan origination, credit card account management, debt collection, furnishing, and mortgage origination. The findings of the report cover examinations that generally were completed between December 2018 and March 2019. Highlights of the examination findings include:
- Auto loan origination. The Bureau noted that one or more examinations found that guaranteed asset protection (GAP) products were sold to consumers with low loan-to-value (LTV) loans, resulting in those consumers purchasing a product that was not beneficial to them. The Bureau concluded these sales were an abusive practice, as “the lenders took unreasonable advantage of the consumers’ lack of understanding of the material risks, costs, or conditions of the product.”
- Credit card account management. The Bureau found several issues with credit card account servicing, including violations of Regulation Z for failing to clearly and conspicuously provide disclosures required by triggering terms in online advertisements and for offsetting consumers’ credit card debt against funds that the consumers had on deposit with the issuers without sufficient indication that the consumer intended to grant a security interest in those funds.
- Debt collection. The Bureau noted violations of the FDCPA’s prohibition on falsely representing the amount due when debt collectors claimed and collected interest that was not authorized by the underlying contracts between the debt collectors and the creditors.
- Credit information furnishing. The Bureau found multiple violations of the FCRA, including furnishers failing to complete dispute investigations within the required time period and failing to promptly send corrections or updates to all applicable credit reporting agencies after a determination that the information was no longer accurate.
- Mortgage origination. The Bureau noted that creditors had violated Regulation Z by disclosing inaccurate APRs for closed-end reverse mortgages and also by using a unit-period of one month instead of one year to calculate the total annual loan cost (TALC) rate and the future value of all advances, leading to inaccurate TALC disclosures.
The report notes that in response to most examination findings, the companies have taken, or are taking, remedial and corrective actions, including by identifying and compensating impacted consumers and updating their policies and procedures to prevent future violations.
Lastly, the report also highlights the Bureau’s recently issued rules and guidance.
On September 10, the FDIC announced updates to its Consumer Compliance Examination Manual (CEM). The CEM includes supervisory policies and examination procedures for evaluating financial institutions’ compliance with federal consumer protection laws and regulations. The recent updates include, among other things, (i) changes to the sections and questions of the Fair Lending Scope and Conclusions Memorandum; and (ii) incorporation of the private flood insurance final rule’s provisions pertaining to the mandatory and discretionary acceptance of private flood insurance by financial institutions.
On August 28, the CFPB updated its examination procedures for automobile finance in its Supervision and Examinations Manual. The procedures are comprised of seven modules and each examination will cover one or more modules. Prior to using the procedures, examiners will complete a risk assessment and examination scope memorandum, which will assist in determining which of the seven modules the exam will cover: (i) company business model; (ii) advertising and marketing; (iii) application and origination; (iv) payment processing and account maintenance; (v) collections, debt restructuring, repossession, and accounts in bankruptcy; (vi) credit reporting, information sharing, and privacy; and (vii) examiner conclusions and wrap-up.
On August 27, the FDIC issued Financial Institution Letter FIL-47-2019 announcing an update to its Risk Management Manual of Examination Policies to incorporate a new section titled “Risk-Focused, Forward-Looking Safety and Soundness Supervision.” According to the letter, the new section covers the FDIC’s “long-standing examination philosophy” that the focus of supervision should be on areas that present the greatest risk. The letter notes that the risk-focused approach is “forward-looking,” with the intent to look beyond the condition of an institution at a specific point in time to just how well the institution will be able to respond to a changing market and assist examiners in identifying and correcting “weaknesses in conditions or practices before they impact an institution’s financial condition.”
On August 22, the Federal Reserve Board (Fed) issued CA 19-10, which provides updates to the interagency examination procedures for the Flood Disaster Protection Act (FDPA). The updated guidance is applicable to all Fed-supervised institutions with total consolidated assets of $10 billion or less, and supersedes CA 16-1’s FDPA examination procedures. Specifically, the updated procedures address new sections from a final interagency rule issued in February concerning the acceptability of private flood insurance (previously covered by InfoBytes here). Additionally, the updated procedures provide guidelines for lending institutions when considering a mutual aid society flood protection plan. The Fed notes that “state member banks may not typically analyze mutual aid society plans in the course of their lending activities,” and reminds lenders that acceptance standards for mutual aid society plans will vary depending on the state.
- Andrew W. Schilling to moderate "Expectations of in-house counsel from their law firm partners" at the ACI's 7th Annual Advanced Forum on False Claims and Qui Tam
- Sasha Leonhardt to discuss "Cybersecurity basics for compliance staff" at a NAFCU webinar
- Buckley Webcast: Tips for navigating changes to the FHA recertification process
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference
- Kari K. Hall and Michelle L. Rogers to discuss "Overdrafts and regulatory trends" at the CLE Alabama Banking Law Update
- Kathryn L. Ryan to discuss "Industry open forum session on NMLS usage" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to discuss "Regulating innovative consumer lending products" at the NMLS Annual Conference & Training
- Daniel P. Stipano to moderate "Washington update" at the 17th Puerto Rican Symposium of Anti Money Laundering 2020 conference
- Melissa Klimkiewicz to discuss "Private flood insurance updates" at the MBA's Servicing Solutions Conference & Expo 2020
- APPROVED Checkpoint Webcast: CFL overview
- Sasha Leonhardt to discuss "MLA & SCRA" on a NAFCU webinar
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference