InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Buckley Sandler Insights: Fed's LFI Risk Management Principles Open for Comments
On January 4, the Federal Reserve (Fed) issued for public comment proposed guidance setting forth core principles of effective risk management for Large Financial Institutions (“LFI”s) (“Risk Management proposal”). Given that it is increasingly likely that Congress will release financial institutions with assets below $250 billion from “SIFI” designation, the Fed’s guidance yesterday is a further effort to ensure that risk at LFIs will continue to be managed well even after many of them are no longer subject to other SIFI obligations. The proposal would apply to domestic bank holding companies and savings and loan holding companies with total consolidated assets of $50 billion or more; the U.S. operations of foreign banking organizations (“FBOs”) with combined U.S. assets of $50 billion or more; and any state member bank subsidiary of these institutions. The proposal would also apply to any systemically important nonbank financial company designated by the Financial Stability Oversight Council (“FSOC”) for Fed supervision. The proposed guidance clarifies the Fed’s supervisory expectations of these institutions’ core principals with respect to effective senior management; the management of business lines; and independent risk management (“IRM”) and controls.
The Risk Management proposal is part of the Fed’s broader initiative to develop a supervisory rating system and related guidance that would align its consolidated supervisory framework for LFIs. Last August, the Fed issued for public comment two related proposals: a new rating system for LFIs (“proposed LFI rating system”) and guidance addressing supervisory expectations for board directors (“Board Expectations proposal”). (See previous InfoBytes coverage on the proposals.) The proposed LFI rating system is designed to evaluate LFIs on whether they possess sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. With regard to the Board Expectations proposal, the January 4 proposal establishes supervisory expectations relevant to the assessment of a firm’s governance and controls, which consists of three chief components: (i) effectiveness of a firm’s board of directors, (ii) management of business lines, independent risk management and controls, and (iii) recovery planning. This guidance sets forth the Fed’s expectations for LFIs with respect to the second component—the management of business lines and IRM and controls, and builds on previous supervisory guidance. In general, the proposal “is intended to consolidate and clarify the [Fed’s] existing supervisory expectations regarding risk management.”
The January 4 release delineates the roles and responsibilities for individuals and functions related to risk management. Accordingly, it is organized in three parts: (i) core principals of effective senior management; (ii) core principals of the management of business lines; and (iii) core principles of IRM and controls.
Senior Management
The Risk Management proposal defines senior management as “the core group of individuals directly accountable to the board of directors for the sound and prudent day-to-day management of the firm.” Two key responsibilities of senior management are overseeing the activities of the firm’s business lines and the firm’s IRM and system of internal control. The proposed guidance highlights the principle that: Senior management is responsible for managing the day-to-day operations of the firm and ensuring safety and soundness and compliance with internal policies and procedures, laws and regulations, including those related to consumer protection.
Management of Business Lines
The proposal refers to “business line management” as the core group of individuals responsible for prudent day-to-day management of a business line and accountable to senior management for that responsibility. For LFIs that are not subject to supervision by the Large Institution Supervision Coordinating Committee (“LISCC”) these expectations would apply to any business line where a significant control disruption, failure, or loss event could result in a material loss of revenue, profit, or franchise value, or result in significant consumer harm.
A firm’s business line management should:
- Execute business line activities consistent with the firm’s strategy and risk tolerance.
- Identify, measure, and manage the risks associated with the business activities under a broad range of conditions, incorporating input from IRM.
- Provide a business line with the resources and infrastructure sufficient to manage the business line’s activities in a safe and sound manner, and in compliance with applicable laws and regulations, including those related to consumer protection, as well as policies, procedures, and limits.
- Ensure that the internal control system is effective for the business line operations.
- Be held accountable, with business line staff, for operating within established policies and guidelines, and acting in accordance with applicable laws, regulations, and supervisory guidance, including those related to consumer protection.
Independent Risk Management and Controls
The Risk Management proposal describes core principles of a firm’s independent risk management function, system of internal control, and internal audit function. The guidance does not prescribe in detail the governance structure for a firm’s IRM and controls. While the guidance does not dictate specifics regarding governance structure, it does set forth requirements with respect to the roles of the Chief Risk Officer and Chief Audit Executive:
- The CRO should establish and maintain IRM that is appropriate for the size, complexity, and risk profile of the firm.
- The Chief Audit Executive should have clear roles and responsibilities to establish and maintain an internal audit function that is appropriate for the size, complexity and risk profile of the firm.
The proposal requires that a firm’s IRM function be sufficient to provide an objective, critical assessment of risks and evaluates whether a firm remains aligned with its stated risk tolerance. Specifically, a firm’s IRM function should:
- Evaluate whether the firm’s risk tolerance appropriately captures the firm’s material risks and confirm that the risk tolerance is consistent with the capacity of the risk management framework.
- Establish enterprise-wide risk limits consistent with the firm’s risk tolerance and monitor adherence to such limits.
- Identify and measure the firm’s risks.
- Aggregate risks and provide an independent assessment of the firm’s risk profile.
- Provide the board and senior management with risk reports that accurately and concisely convey relevant, material risk data and assessments in a timely manner.
With regard to internal controls, the proposed guidance builds upon the expectations described in the Fed’s Supervisory Letter 12-17. A firm should have a system of internal control to guide practices, provide appropriate checks and balances, and confirm quality of operations. In particular, the guidance states that a firm should:
- Identify its system of internal control and demonstrate that it is commensurate with the firm’s size, scope of operations, activities, risk profile, strategy, and risk tolerance, and consistent with all applicable laws and regulations, including those related to consumer protection.
- Regularly evaluate and test the effectiveness of internal controls, and monitor functioning of controls so that deficiencies are identified and communicated in a timely manner.
With respect to internal audit, the proposed guidance does not expand upon the Fed’s expectations; rather it references existing supervisory expectations. The proposed guidance highlights that a firm should adhere to the underlying principle that its internal audit function should examine, evaluate, and perform independent assessments of the firm’s risk management and internal control systems and report findings to senior management and the firm’s audit committee.
Comments on the Fed’s proposed guidance are due by March 15.
FinCEN updates Bank Secrecy Act FAQs
Recently, the Financial Crimes Enforcement Network (FinCEN) updated its “Answers to Frequently Asked Bank Secrecy Act (BSA) Questions.” The December update provided the following, among other things: (i) “depository institutions are not required to file a Designation of Exempt Person form . . . with respect to the transfer of currency to or from any of the 12 Federal Reserve Banks” (in accordance with amended 31 CFR 1020.315); (ii) guidelines for filing the Designation of Exempt Person form; and (iii) guidance concerning the types of identifying information financial institutions should obtain when a federal, state or local government official engages in a transaction over a certain amount in an official capacity. FinCEN stated that “the answers are not meant to be comprehensive, apply to all factual situations, or to replace or supersede the BSA regulations.”
Agencies Release CRA Asset-Size Threshold Adjustments
On December 21, the Federal Reserve, the OCC, and the FDIC (collectively, the “Agencies”) jointly announced the adjusted thresholds for asset-size used to define “small” and “intermediate small” banks and savings associations under the Community Reinvestment Act (CRA). Effective January 1, 2018, a small bank or savings association will be defined as an institution that, as of December 31 of either of the past two calendar years, had assets of less than $1.252 billion. Additionally, an “intermediate small” bank or “intermediate small” savings association will be defined as an institution with at least $313 million and less than $1.252 billion in assets as of December 31 of either of the past two calendar years. The agencies published the annual adjustments in the Federal Register on December 27.
Federal Reserve Issues Final Rules Reflecting Credit and Interest Rate Increases
On December 20, the Federal Reserve Board (Fed) issued a final rule amending Regulation A (Extensions of Credit by Federal Reserve Banks) to reflect its December 13 approval of a one-quarter percent increase in the primary credit rate at each Federal Reserve Bank. Additionally, because the formula for the secondary credit rate references the primary rate, the secondary credit rate also increased by one-quarter percentage point. The rate changes took effect on December 14, and the final rule became effective on December 20.
The same day, the Fed also issued a final rule amending Regulation D (Reserve Requirements of Depository Institutions) to reflect its December 13 approval of a one-quarter percent increase to the “rate of interest paid on balances maintained to satisfy reserve balance requirements (“IORR”) and the rate of interest paid on excess balances (“IOER”) maintained at Federal Reserve Banks by or on behalf of eligible institutions.” The rate changes took effect on December 14, and the final rule became effective on December 20.
Federal Reserve Issues Consent Order to Bank for BSA/AML Compliance Deficiencies
On December 14, the Federal Reserve Board (Fed) entered into a consent order with an international bank regarding alleged deficiencies in the bank’s New York branch (Branch) Bank Secrecy Act and other anti-money laundering (BSA/AML) compliance and risk management. The consent order also relates to a 2009 written agreement among the bank, the Branch and the predecessor of the New York State Department of Financial Services, which cited BSA/AML compliance and risk management deficiencies identified by examiners in regards to the Branch’s correspondent banking services and U.S. dollar funds transfer clearing. In 2016, a Fed examination found that the bank and the Branch had not achieved full compliance with the requirements in the 2009 agreement.
The 2017 order, among other things, requires the bank and Branch to submit a written governance plan to achieve compliance with BSA/AML requirements, and to engage an independent third party acceptable to the Fed to conduct and report on a comprehensive review of Branch’s BSA/AML compliance. Within 60 days of the report findings, the bank and Branch must submit an enhanced compliance program plan, an enhanced customer due diligence program plan, and a program to ensure accurate suspicious activity monitoring and reporting.
Federal Reserve Repeals Reg C and Amends Reg M to Reflect CFPB Rulemaking Authority
The Federal Reserve Board (Fed) issued a final rule on December 22 to repeal Regulation C, Home Mortgage Disclosure (HMDA), and a proposed rule to amend Regulation M, Consumer Leasing Act (CLA) to reflect the transfer of certain rulemaking authority to the CFPB. Regulation C is being repealed because the CFPB has issued its own final HMDA rules (previously covered by InfoBytes here) that supersede the Fed’s version. The proposed amendments to Regulation M implement the Dodd-Frank Act’s provisions on transferring CLA rulemaking authority to the CFPB, with the exception of retaining the Fed’s authority to issue rules for motor vehicle dealers that are predominantly engaged in the sale/leasing and servicing of motor vehicles and are not otherwise subject to the CFPB’s regulatory authority.
The repeal of Regulation C is effective 30 days after publication in the Federal Register. Comments on the proposed amendments to Regulation M are due by March 5, 2018.
Financial Regulators Issue Joint Supervisory Guidance for Disaster Areas; VA Announces Wildfire Relief
On December 15, the FDIC, Fed, OCC, and NCUA issued Interagency Supervisory Examiner Guidance for Institutions Affect by a Major Disaster (Guidance). The Guidance provides information on assessing the financial condition of institutions affected by a “major disaster with individual assistance” as declared by the President. The Guidance also encourages institutions affected by such disasters to discuss relevant issues with their examiners and notes that the supervisory agencies will consider extending report filing deadlines and rescheduling exams. Additionally, the Guidance states that examiners should consider factors related to the disaster, such as asset losses and staffing issues, when assessing capital adequacy and management capability requirements. And when considering the supervisory response to an institution that receives a lower component or composite rating, the Guidance provides that examiners should recognize the extent to which any weaknesses are related to the major disaster.
The Department of Veterans Affairs (VA), on December 12, announced additional special relief following the California wildfires in Circular 26-17-42. The Circular encourages VA loan holders to extend forbearance to borrowers affected by the wildfires and VA loan servicers to continue solicitation of the VA Disaster Loan Modification program (as previously covered by InfoBytes here). Additionally, for affected borrowers and loans, the Circular suggests that loan holders follow the 90-day foreclosure moratorium and that servicers consider waiving late charges and suspending credit reporting. The Circular is effective until January 1, 2019.
Find continuing InfoBytes coverage on Disaster Relief here.
Federal Reserve Requests Comments on Proposals Seeking Transparency Increases in Stress Testing Programs
The Federal Reserve Board (Fed) issued a request for comments on three proposals designed to increase stress testing transparency while also testing the resiliency of large, complex banks. Earlier in June, Fed Chair Janet Yellen underscored the Fed’s understanding of the need to provide transparency in its Comprehensive Capital Analysis and Review (CCAR) process and stress test scenarios. (See previous InfoBytes coverage here.) The first December 7 proposal, “Enhanced Disclosure of the Models Used in the Federal Reserve’s Supervisory Stress Test,” announces the Fed’s plans to publicly release, for the first time, information concerning the models and methodologies used during supervisory stress tests, including those applied in the CCAR, including:
- “enhanced descriptions of supervisory models, including key variables;”
- “modeled loss rates on loans grouped by important risk characteristics and summary statistics associated with the loans in each group;” and,
- “portfolios of hypothetical loans and the estimated loss rates associated with the loans in each portfolio.”
The information will offer banks expanded details as to how the Fed’s models treat different types of loans under stress, along with insight into the determination of annual stress test results.
The second request for comments concerns the “Stress Testing Policy Statement,” which elaborates on prior disclosures and outlines details on the principles and policies that govern the Fed’s development, implementation, and validation of its stress testing models.
Finally, the Fed issued a proposed policy statement to request comments on introduced amendments to the design of its annual hypothetical economic scenarios framework. The “Amendments to Policy Statement on the Scenario Design Framework for Stress Testing” is intended to enhance transparency and provide clarification on hypothetical economic scenarios, including the direction of housing prices, as well as the Fed’s commitment to exploring additional variables to test for funding risks.
All comments must be received by January 22, 2018.
Senate Banking Committee Approves Financial Regulatory Relief Bill
On December 5, the Senate Banking Committee approved bill S. 2155, Economic Growth, Regulatory Relief, and Consumer Protection Act, which would alter certain financial regulations under the Dodd-Frank Act of 2010. While not as sweeping as previous legislative relief proposals (see previous InfoBytes coverage on House Financial CHOICE Act of 2017), the bill was introduced and passed the Committee with bipartisan support. The bill’s highlights include, among other things:
- Consumer Access to Credit. The bill deems mortgage loans held in portfolios by insured institutions with less than $10 billion in assets to be “qualified mortgages” under TILA, and removes the three-day waiting period for TILA-RESPA Integrated Disclosures if the second credit offer is a lower rate. The bill also instructs the CFPB to provide “clearer, authoritative guidance” on certain issues such as the applicability of TRID to mortgage assumptions and construction-to-permanent loans. Additionally, the bill eases appraisal requirements on certain mortgage loans and exempts small depository institutions with low mortgage originations from certain HMDA disclosure requirements.
- Regulatory Relief for Certain Institutions. The bill exempts community banks from Section 13 of the Bank Holding Company Act if they have, “[i] less than $10 billion in total consolidated assets, and [ii] total trading assets and trading liabilities that are not more than five percent of total consolidated assets” – effectively allowing for exempt banks to engage in the trading of, or holding ownership interests in, hedge funds or private equity funds. Additionally, the bill raises the threshold of the Federal Reserve’s Small Bank Holding Company Policy Statement and the qualification for certain banks to have an 18-month examination cycle from $1 billion to $3 billion.
- Protections for Consumers. Included in an adopted “manager’s amendment,” the bill requires credit bureaus to provide consumers unlimited free security freezes and unfreezes. The bill also limits certain medical debt information that can be included on veterans’ credit reports.
- Changes for Bank Holding Companies. The bill raises the threshold for applying enhanced prudential standards from $50 billion to $250 billion.
The bill now moves to the Senate, which is not expected to take up the package before the end of this year.
Fed Fines Kansas State Bank for Alleged Deceptive Mortgage Acts
On November 28, the Federal Reserve Board (Fed) announced it had entered into a consent order with a Kansas state bank over allegations that the bank engaged in deceptive mortgage origination practices in violation of the FTC Act. Specifically, the order alleges that the bank told borrowers that they were paying for discount points that would lower their interest rate, but did not in fact provide those borrowers an interest rate reflective of the price paid for the discount points or, in some cases, a reduced rate at all. The Fed’s order requires the bank to pay restitution to the affected borrowers, but did not impose a further civil money penalty. The bank has decided to terminate all operations of its national mortgage business by year-end 2017.