InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
CSBS and Multi-State Mortgage Committee Report on 2015 Supervisory Efforts
The Conference of State Bank Supervisors (CSBS) and the Multi-State Mortgage Committee (MMC) issued a report to state regulators regarding its 2015 review of the supervisory structure around examination and risk assessment of non-bank mortgage loan servicers. Notable servicing examination findings outlined in the report include: (i) violations and deficiencies related to loan transfer activity, noting that a “significant portion of servicing examination findings are tied to the mortgage servicing requirements implemented into the [RESPA] and [TILA] in January of 2014”; (ii) ineffective oversight of sub-servicer activity and insufficient third party vendor management; and (iii) ineffective examination management procedures on the part of mortgage servicers, leading to delayed examination processes, as well as impeded regulatory oversight. The report further outlines origination examination findings, emphasizing RESPA violations related to Mortgage Servicing Agreements (MSAs) which typically include payments for promotional advertising services performed on behalf of the mortgage company. According to the MMC, MSA-related violations carry high risk. Additional MMC 2015 observations outlined in the report include, but are not limited to, the following: (i) state license engagement of third party providers overseen by federal regulators resulted in an increase of state/federal communications and information sharing, fostering a stronger regulatory framework; (ii) lapses in loan originator education may lead to significant deficiencies at the company level; (iii) whistleblower information provided to the MMC in 2015 played a large role in uncovering prohibited activity; and (iv) technological systems with incorrect programming continue to cause lenders to charge borrowers statutorily prohibited fees. Finally, the report briefly touches on the CSBS’ and the NMLS’s Mortgage Call Report Analytics Tool – designed to provide detailed information about the loan portfolio and financial condition of a company – and the State Coordinating Committee’s coordinated efforts with the CFPB to include the development of the Coordinated Examination Guidance tool, which is intended to provide “suggested best practices for coordinated examinations and a step-by-step listing of action items to be completed during a coordinated examination.”
CSBS Publishes Annual Report
Recently, the Conference of State Bank Supervisors (CSBS) published its 2015 Annual Report to provide an overview of its activities and initiatives in 2015. The report highlights that, throughout 2015, state regulators (i) increased coordination and collaboration between state regulators and other stakeholders, including federal regulators and Congress; (ii) developed research and analytical tools, such as risk profiling tools to assist with the examination selection process, as well as tools to address emerging non-depository regulatory issues; (iii) developed “right-sized” policy solutions for an ever-changing financial services industry, acknowledging that “community banks play a vital and necessary role in [the] diverse financial services ecosystem”; and (iv) provided education and training for examiners and supervisors, noting that “more than 1,000 examiners from 43 agencies representing 41 states had been certified through the CSBS Certification Program.” Importantly, the report notes that cybersecurity remains a “major issue facing the financial services industry.” In an effort to encourage executive leadership and raise awareness, CSBS launched the Executive Leadership of Cybersecurity (ELOC) initiative, which emphasizes that cybersecurity is “more than a ‘back office’ issue, but an executive issue that requires CEO and Board level attention.”
OCC Updates Comptroller's Handbook to Include New Student Lending Booklet
On May 9, the OCC updated its Comptroller’s Handbook to include a new booklet titled “Student Lending.” Despite banks having to alter their private student lending strategies as a result of the 2008 financial crisis, the OCC’s booklet maintains that banks can still benefit from the wider array of consumer products and the broader business model that the private student lending industry offers. The new booklet contains information related to banks’ participation in the private student lending industry, including, but not limited to:
- Inherent credit, interest rate, liquidity, price, operational, compliance, strategic, and reputation risks in the industry.
- Unique aspects of private student loans, such as the “significant time lag between loan advances and repayment, and the student borrower’s lack of certainty in finding a stable, reliable primary source of repayment after graduation.”
- Regulatory expectations for safe and sound operations, cautioning that banks should adhere to the credit underwriting and documentation standards as stated in 12 CFR 30, appendix A, “Safety and Soundness Standards.”
- Risk management practices, reminding banks that use third parties to market, solicit, or originate private student loans to have in place risk management frameworks that include due diligence in selecting third parties, written contracts that have been vetted for duties, obligations, and responsibilities of all parties (compensation parameters included), and ongoing monitoring and quality assurance programs.
Designed for examiners to use in their examination and supervision of banks involved in the private student lending industry, the booklet outlines two sets of examination procedures: (i) primary examination, when an examiner’s objective is to “assess risk level, evaluate the quality of risk management, and determine the aggregate level and direction of risk of the bank’s student lending activities”; and (ii) supplemental examination, when examiners “determine whether student lending marketing activities are consistent with the bank’s business plans, strategic plans, and risk appetite, and that appropriate controls and systems are in place before the bank rolls out new products or new-product marketing initiatives.” Finally, the booklet advises examiners reviewing banks’ student lending activities to “remain alert for lending practices and product terms that could indicate discriminatory, unfair, deceptive, abusive, or predatory issues.”
FFIEC Updates IT Examination Handbook
On April 29, the FFIEC updated its IT Examination Handbook, revising its Retail Payment Systems booklet to include an Appendix E, Mobile Financial Services. The Retail Payment Systems booklet consists of guidance intended to help examiners evaluate financial institutions’ and third-party providers’ management of risks associated with retail payment systems. Appendix E is designed to address risk management associated with mobile financial services (MFS): “Appendix E contains guidance pertaining to [MFS] risks that supplements existing booklet guidance on other retail payment topics, such as electronic payments related to credit cards and debit cards, remote deposit capture and changes in technology or retail payment systems.” Appendix E outlines risk management practices for the following MFS technologies: (i) short message service/text messaging; (ii) mobile-enabled web sites and browsers; (iii) mobile applications; and (iv) wireless payment technologies. In addition to MFS technologies, Appendix E also addresses management strategies related to (i) risk identification; (ii) risk measurement; (iii) risk mitigation; and (iv) monitoring and reporting.
Federal Reserve Announces Off-Site Electronic Loan File Review Process
On April 19, the Federal Reserve issued a letter announcing a new off-site loan file review program available to banking institutions with less than $50 billion in total assets. According to the letter, recent technological advancements, i.e. secure data transmission and electronic file imaging, allow the Federal Reserve to collect and review loan file information off-site “without compromising the effectiveness of the examination process.” To determine if the off-site loan review program is appropriate for an institution, the Federal Reserve will consider the following: (i) if the institution uses a secure transmission method to submit the loan file data; (ii) if the institution can provide loan data and imaged documents that are legible, easily viewable, and properly organized; and (iii) if the loan files are sufficiently comprehensive, allowing examiners to reach a conclusion regarding the appropriate rating of a credit without requesting additional information. Regarding adjustments to the examination process of an off-site loan review, the letter cautions that examiners will need to allocate sufficient time before an examination begins to ensure loan file data was successfully transmitted to the Reserve Bank, and communicate with institutional management throughout the examination process. Finally, the letter discusses the scope of the off-site examination process verses that of an on-site examination process, noting that (i) certain portions of examination work will remain off-site regardless of whether the institution is participating in the new off-site program; and (ii) at examiners’ discretion, Reserve Banks “may hold either off-site or on-site discussions with the institution’s management regarding preliminary loan review findings such as the appropriateness of individual credit ratings assigned by [a state member bank or foreign banking organization] and the completeness of credit file documentation.”
SEC Announces Senior Staff Changes; New Office of Risk and Strategy
On March 8, the SEC announced a change in senior leadership, naming Robert M. Fisher the Managing Executive of the Office of Compliance Inspections and Examinations (OCIE). Succeeding Peter B. Driscoll, Fisher will be responsible for overseeing the OCIE’s business operations, technology servicers, examiner training, and Tips, Complaints and Referrals programs. The SEC also announced a new Office of Risk and Strategy within its Office of Compliance and Inspections and Examinations, naming Driscoll as its Chief Risk and Strategy Officer. The new office is intended to “consolidate and streamline the OCIE’s risk assessment, market surveillance, and quantitative analysis teams and provide operational risk management and organizational strategy for OCIE.” In his new role as Chief Risk and Strategy Officer, Driscoll will lead the Washington, D.C.-based Investment Adviser/Investment Company examination staff.
In a separate March 10 announcement, the SEC named Anthony S. Kelly Co-Chief of the Enforcement Division’s Asset Management Unit (Unit). Succeeding Julie Riewe, Kelly joins Marshall Sprung to lead the Unit, which focuses on misconduct by investment advisers, investment companies, and private funds.
Massachusetts Division of Banks Issues New Cybersecurity Exam Procedures
Recently, the Massachusetts Division of Banks released examination procedures that incorporate cybersecurity as a module in all of its examinations of banks and non-bank licensees. The procedures contain two separate workbooks. The first, NDIS IT/Information Security Examination Work-program, contains questions related to a Licensee’s (i) risk assessment and management oversight; (ii) written information security program; (iii) data security operations; (iv) business continuity and disaster recovery; (v) cybersecurity; and (vi) IT audit. Section VII of the workbook provides space for an examination summary, and Section VIII of the first workbook contains various links to examination resources, including, but not limited to, the FFIEC Interagency Guidelines Establishing Information Security Standards, and a copy of 201 CMR 17.00 – Standards for the Protection of Personal Information of Residents of the Commonwealth. The second, Non-Depository Institution Supervision Information Technology Officer’s Questionnaire, “contains questions covering significant areas of the Licensee’s [IT] function.”
Last year, the Division sent a communique to CEOs of regulated institutions encouraging them to do a cybersecurity assessment using the FFIEC tool and noted that it would be looking at those assessments in future examinations.
SEC Names Jane Jarcho Deputy Director of National Exam Program
On February 3, the SEC named Jane Jarcho Deputy Director of its Office of Compliance Inspections and Examinations (OCIE). Jarcho will continue to serve as the National Director of the OCIE’s Investment Adviser/Investment Company examination program, a role she assumed in 2013. As the head of the Investment Adviser/Investment Company examination program, Jarcho increased company examinations more than 27% and “targeted areas such as cybersecurity, never before examined investment advisers and investment companies, alternative mutual funds, fixed incomes, and retirement accounts.” Jarcho’s SEC career began in 1990 in the Division of Enforcement, where she held various positions, including Branch Chief, Senior Trial Counsel, and Assistant Regional Director. In 2008, Jarcho joined the OCIE; prior to being named National Director of the office, she served as Associate Director of the Investment Adviser/Investment Company examination program.
SEC Outlines 2016 Examination Priorities
On January 11, the SEC’s Office of Compliance Inspections and Examinations issued its Examination Priorities for 2016. The examination priorities, which address issues across a variety of financial institutions, include (i) protecting retail investors, including those planning for retirement, by undertaking examinations to review exchange-traded funds (ETFs) and ETF practices, variable annuity recommendations and disclosure, and potential conflicts and risks involving advisers to public pension funds; (ii) evaluating market-wide risks by, among other thing, continuing to focus on cybersecurity controls at broker-dealers and investment advisers; and (iii) using enhanced data analytics to assess anti-money laundering compliance, detect microcap fraud, and complete reviews of excessive trading. Additional areas of examination priority for 2016 include (i) municipal advisors; (ii) private placements; (iii) investment advisers and investment companies that have not yet been examined; (iv) private fund advisers; and (v) transfer agents.
FINRA Releases 2016 Regulatory and Examination Priorities Letter
On January 5, FINRA released a letter regarding its regulatory and examination priorities for 2016. The letter focuses on the following three broad issues within the securities industry: (i) culture, conflicts of interest and ethics; (ii) supervision, risk management and controls; and (iii) liquidity. Regarding FINRA’s assessment of firm culture, the letter notes that FINRA “will focus on the frameworks that firms use to develop, communicate, and evaluate conformance to their culture,” assessing five specific indicators of a firm’s culture, including (among others) whether policy or control breaches are tolerated. In connection with supervision and risk management, FINRA will focus its examination efforts on the following four areas that continue to affect firms’ business conduct and market integrity: (i) management of conflicts of interest; (ii) technology; (iii) outsourcing; and (iv) anti-money laundering. Finally, in connection with liquidity, FINRA plans to review firms’ contingency funding plans as they relate to their business models, noting that the framework for FINRA’s reviews will be driven by the effective practices contained in Regulatory Notice 15-33. Additional areas of regulatory and examination focus for FINRA in 2016 will include but are not limited to: (i) protecting seniors and vulnerable investors from fraud, sales practice abuse, and financial exploitation; (ii) private placements and Regulation A+ public offerings; (iii) financial and operational controls concerning exchange-traded funds and fixed-income prime brokerage; and (iv) market integrity.