InfoBytes Blog

Federal Reserve Board Announces Consumer Division Director's Retirement

On January 3, the Federal Reserve Board announced that Sandra Braunstein, the director of the Division of Consumer and Community Affairs, will retire on April 1, 2014. Ms. Braunstein has led the division for 10 years, part of her nearly 27 years of service with the Federal Reserve Board. During her time leading the division, the Federal Reserve developed a new regulatory framework for credit cards and established new regulatory protections for consumers in the residential mortgage market. Ms. Braunstein also oversaw the creation of mortgage foreclosure mitigation and neighborhood stabilization programs, and played a key role in the transition of division staff and resources to the CFPB.

Federal Reserve

Federal Agencies Issue Statement On Subjecting TruPS CDOs To Volcker Rule

On December 27, in response to substantial criticism and legal action by banking trade groups, the Federal Reserve Board, the OCC, the FDIC, and the SEC stated that they are reviewing whether it is appropriate and consistent with the provisions of the Dodd-Frank Act (DFA) not to subject pooled investment vehicles for Trust Preferred Securities (TruPS), such as collateralized debt obligations backed by TruPS, to the prohibitions on ownership of covered funds in section 619 of the DFA, as implemented by the recently finalized Volcker Rule. Community banks and their trade group representatives state that the Volcker rule treatment of TruPS conflicts with a separate section of the DFA that requires TruPS issued by depository institution holding companies to be phased out of such companies’ calculation of Tier 1 capital, but provides for the permanent grandfathering of TruPS issued before May 19, 2010, by certain holding companies with total consolidated assets of less than $15 billion. The banks assert that banking entities investing in pooled TruPS are facing “unexpected and precipitous write-downs” that are not justified by any safety and soundness concern, and that the resulting write-downs are actually causing safety and soundness concerns. The agencies promised to address the matter by January 15, 2014.

FDIC Federal Reserve OCC SEC

Federal Reserve Board Issues Guidance On Risk Transfers

On December 20, the Federal Reserve Board issued SR 13-23, which clarifies the Federal Reserve’s supervisory expectations when assessing a firm’s capital adequacy in certain circumstances when the risk-based capital framework may not fully capture the residual risks of a transaction. The letter states that, while the Federal Reserve generally views a firm’s engagement in risk-reducing transactions as a sound risk management practice, there are certain risk-reducing transactions for which the risk-based capital framework may not fully capture the residual risks that a firm faces on a post-transaction basis. The letter addresses two specific characteristics of risk transfer transactions that give rise to this concern: (i) a firm transfers the risk of a portfolio to a counterparty that is unable to absorb losses equal to the risk-based capital requirement for the risk transferred; or (ii) a firm transfers the risk of a portfolio to an unconsolidated, “sponsored” affiliate entity. The letter stresses that bank supervisors will strongly scrutinize risk transfer transactions that result in substantial reductions in risk-weighted assets, including in supervisors’ assessment of a firm’s overall capital adequacy, capital planning, and risk management through the Comprehensive Capital Analysis and Review. The Federal Reserve may in certain cases determine not to recognize a transaction as a risk mitigant for risk-based capital purposes. Supervisors will evaluate whether a firm can adequately demonstrate that the firm has taken into account any residual risks in connection with the transaction.

Federal Reserve Capital Requirements

Prudential Regulators Address Impact Of QM Lending On CRA Ratings

On December 13, the Federal Reserve Board, the FDIC, the OCC, and the NCUA issued an interagency statement to clarify safety and soundness expectations and CRA considerations in light of the CFPB’s ability-to-repay/qualified mortgage rule. The statement emphasizes that institutions may originate both QM and non-QM loans based on their business strategies and risk appetites and that residential mortgage loans “will not be subject to safety-and-soundness criticism based solely on their status as QMs or non-QMs.” Acknowledging that some institutions may choose to originate only or predominantly QM loans, the agencies state that, consistent with recent guidance concerning the fair lending implications of QM-only lending, “the agencies that conduct CRA evaluations do not anticipate that institutions’ decision[s] to originate only QMs, absent other factors, would adversely affect their CRA evaluations.”

FDIC CFPB Federal Reserve OCC NCUA CRA Qualified Mortgage Agency Rule-Making & Guidance

Banking Regulators Finalize Social Media Guidance

On December 11, the FFIEC, on behalf of the CFPB, the FDIC, the OCC, the Federal Reserve Board, the NCUA, and the State Liaison Committee, released final guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by federally supervised financial institutions and nonbanks supervised by the CFPB. The guidance was finalized largely as proposed. However, in response to stakeholder comments, the regulators clarified certain provisions. For example, the final guidance clarifies that traditional emails and text messages, on their own, are not social media. The final guidance also explains that to the extent consistent with other applicable legal requirements, a financial institution may establish one or more specified channels that customers must use for submitting communications directly to the institution, and that a financial institution is not expected to monitor all Internet communications for complaints and inquiries, but should take into account the results of its own risk assessment in determining the appropriate approach regarding monitoring and responding to communications. The regulators also clarified that the guidance is not intended to provide a “one-size-fits-all” approach; rather financial institutions are expected to assess and manage the risks particular to the individual institution, taking into account factors such as the institution’s size, complexity, activities, and third party relationships. The final guidance also contains further discussion regarding the application of certain laws and regulations to social media activities, such as the Community Reinvestment Act. Finally, consistent with other recent regulatory initiatives, the final guidance clarifies that prior to engaging with a prospective third party an institution should evaluate and perform due diligence appropriate to the risks posed.

FDIC CFPB Federal Reserve OCC NCUA FFIEC Social Media Agency Rule-Making & Guidance

Agencies Finalize Exemptions To Higher-Priced Mortgage Loan Appraisal Requirements

On December 12, the Federal Reserve Board, the CFPB, the FDIC, the FHFA, the NCUA, and the OCC, issued a final rule supplementing their January 2013 interagency appraisal rule. As described in detail in our Special Alert, the January 2013 rule amended Regulation Z to require creditors to obtain appraisals for a subset of loans called Higher-Priced Mortgage Loans (HPMLs) and to notify consumers who apply for these loans of their right to a copy of the appraisal. Those new requirements take effect January 18, 2014.

The supplemental final rule, which takes effect on the same date, exempts certain transactions from the HPML appraisal requirements. First, all loans secured in whole or in part by a manufactured home are fully exempt until July 18, 2015. After that date: (i) transactions secured by a new manufactured home and land are exempt only from the requirement that the appraisal include a physical review of the interior of the property; (ii) transactions secured by an existing manufactured home and land are not exempt from any HPML appraisal requirements; and (iii) transactions secured by a manufactured home but not land are exempt from all HPML appraisal requirements, provided the creditor provides the consumer with certain specified information about the home’s value. Second, the supplemental final rule exempts streamlined refinances—i.e. refinancing transactions where the holder of the successor credit risk also held the credit risk of the original credit obligation—so long as the consumer does not take any cash out and the new loan does have negative amortization, interest only, or balloon payments. Third, the supplemental final rule exempts “small dollar” transactions of $25,000 or less, indexed annually for inflation.

FDIC CFPB Federal Reserve OCC NCUA FHFA Appraisal

Federal, State Authorities Announce Coordinated Economic Sanctions Enforcement Actions Against Foreign Bank

On  December 11, the Federal Reserve Board, the Treasury Department’s Office of Foreign Assets and Controls (OFAC), and the New York Department of Financial Services (DFS) announced that a foreign bank agreed to pay $100 million to resolve federal and state investigations  into the bank’s practices concerning the transmission of funds to and from the U.S. through unaffiliated U.S. financial institutions, including by and through entities and individuals subject to the OFAC Regulations. The investigations followed a voluntary review by the bank of its U.S. dollar transactions, the results of which it submitted to federal, state, and foreign authorities. The federal and state authorities alleged that the bank engaged in payment practices that interfered with the implementation of U.S. economic sanctions, including by removing material references to U.S.-sanctioned locations or persons from payment messages sent to U.S. financial institutions. They assert the alleged failures resulted from inadequate risk management and legal review policies and procedures to ensure that activities conducted at offices outside the U.S. comply with applicable OFAC Regulations. As part of the resolution, the bank consented to a Federal Reserve cease and desist order and civil money penalty order, pursuant to which the bank must pay $50 million, continue to enhance its compliance controls, and retain an independent consultant to conduct an OFAC compliance review. A separate settlement with OFAC requires the bank to pay $33 million, which will be satisfied as part of the payment to the Federal Reserve. The DFS order  assesses an additional $50 million penalty. The DFS highlighted that, as part of its cooperation with authorities, the bank took disciplinary action against individual wrongdoers, including through dismissals.

Federal Reserve Enforcement Sanctions OFAC NYDFS

Federal Agencies Finalize Volcker Rule

On December 10, the Federal Reserve Board, the OCC, the FDIC, the SEC, and the CFTC issued a final rule to implement Section 619 of the Dodd-Frank Act, the so-called Volcker Rule. Section 619 was a central component of the Dodd-Frank Act reforms, and the final rule and its preamble are lengthy and complex. The Federal Reserve Board released a fact sheet, as well as a guide for community banks. Generally, the final rule implements statutory requirements prohibiting certain banking entities from (i) engaging in short-term proprietary trading of any security, derivative, and certain other financial instruments for a banking entity's own account, (ii) owning, sponsoring, or having certain relationships with a hedge fund or private equity fund, (iii) engaging in an exempted transaction or activity if it would involve or result in a material conflict of interest between the banking entity and its clients, customers, or counterparties, or that would result in a material exposure to high-risk assets or trading strategies, and (iv) engaging in an exempted transaction or activity if it would pose a threat to the safety and soundness of the banking entity or to the financial stability of the U.S. Exempted activities include: (i) market making; (ii) underwriting; (iii) risk-mitigating hedging; (iv) trading in certain government obligations; (v) certain trading activities of foreign banking entities; and (vi) certain other permitted activities. The compliance requirements under the final rules vary based on the size of the institution and the scope of activities conducted. Those with significant trading operations will be required to establish a detailed compliance program, which will be subject to independent testing and analysis, and their CEOs will be required to attest that the program is reasonably designed to achieve compliance with the final rule. The regulators state that the final rules reduce the burden on smaller, less-complex, institutions by limiting their compliance and reporting requirements. The rule takes effect on April 1 2014; however, the Federal Reserve Board announced that banking organizations covered by section 619 will not be required to fully conform their activities and investments until July 21, 2015.

FDIC Dodd-Frank Federal Reserve OCC SEC CFTC

Federal Reserve Board Seeks Additional Comment On Electronic Returned Checks Processing

On December 12, the Federal Reserve Board issued a revised proposed rule that would, among other things, encourage depositary banks to receive, and paying banks to send, returned checks electronically. The revised proposal is intended to address comments the Board received in response to a 2011 proposal to amend subparts C and D of Regulation CC. The Board is now seeking comment on two alternative frameworks for return requirements. Under the first, the expeditious-return requirement currently imposed on paying and returning banks for returned checks would be eliminated; a paying bank returning a check would be required to provide the depositary bank with a notice of nonpayment of the check—regardless of the amount of the check being returned—only if the paying bank sends the returned check in paper form. Under the second, the current expeditious-return requirement—using the current two-day test—would be retained for checks being returned to a depositary bank electronically via another bank, but the notice-of-nonpayment requirement would be eliminated. The Board is proposing to retain, without change, the current same-day settlement rule for paper checks. In addition, the Board is also requesting comment on applying Regulation CC’s existing check warranties to checks that are collected electronically and on new warranties and indemnities related to checks collected electronically and to electronically-created items. Comments are due by May 2, 2014.

Payment Systems Federal Reserve

Special Alert: Federal Reserve Board Guidance on Managing Outsourcing Risks Mirrors Recent OCC Guidance

On December 5, 2013, the Federal Reserve Board (FRB or the Fed) issued Supervision and Regulation Letter 13-19, which details and attaches the Fed’s Guidance on Managing Outsourcing Risk  (FRB Guidance).  The FRB Guidance sets forth risks arising out of the use of service providers and the regulatory expectations relating to risk management programs. It is substantially similar to OCC Bulletin 2013-29, which the Office of the Comptroller of the Currency (OCC) issued on October 30, 2013.

The FRB Guidance supplements existing guidance relating to risks presented by Technology Service Providers (TSPs) to reach service providers that perform a wide range of business functions, including, among other things, appraisal management, internal audit, human resources, sales and marketing, loan review, asset and wealth management, procurement, and loan servicing.

While a complete roadmap of the FRB Guidance would be largely duplicative of our recent Special Alert relating to the OCC Bulletin 2013-29, key supervisory and enforcement themes emerge from a comparison of the two guidance documents.  Like the OCC, the Fed signals broadly that failure to effectively manage the use of third-party service providers could “expose financial institutions to risks that can result in regulatory action, financial loss, litigation, and loss of reputation.” The Fed also emphasizes the responsibility of the Board of Directors and senior management to provide for the effective management of third-party relationships and activities.  It enumerates virtually the same risk categories as the OCC, including compliance, concentration, reputational, operational, country, and legal risks, though its discussion of those risks is slightly less comprehensive.

The FRB Guidance makes clear that service provider risk management programs should focus on outsourced activities that are most impactful to the institution’s financial condition, are critical to ongoing operations, involve sensitive customer information, new products or services, or pose material compliance risk. While the elements comprising the service provider risk management program will vary with the nature of the financial institution’s outsourced activities, the Fed’s view is that effective programs usually will include the following:

• Risk assessments: Institutions should evaluate the implications of performing an activity in-house versus having the activity performed by a service provider and also consider whether outsourcing an activity is consistent with the strategic direction and overall business strategy of the organization. This section of the FRB Guidance closely aligns with the section titled “Planning” in OCC Bulletin 2013-29.

• Due diligence and selection of service providers: Institutions should address the depth and formality of due diligence of prospective service providers consistent with the scope, complexity, and importance of the planned outsourcing arrangement. The Fed emphasizes processes designed to diligence a potential service provider’s (i) business background, reputation, and strategy; (ii) financial performance and condition; and (iii) operations and internal controls. This section is less detailed, but nonetheless consistent with the section titled “Due Diligence and Third-Party Selection” in OCC Bulletin 2013-29.

• Contract provisions and considerations: Service provider contracts should cover certain topics, including, but not limited to: (i) the scope of services covered; (ii) cost and compensation; (iii) right to audit; (iv) performance standards; (v) confidentiality and security of information; (vi) indemnification; (vii) default and termination; (viii) limits on liability; (ix) customer complaints; (x) business resumption and contingency plan of the service provider; and (xi) use of subcontractors. The key provisions noted generally mirror the “Contract Negotiation” section of OCC Bulletin 2013-29.

• Incentive compensation review: Institutions should establish an effective process to review and approve any incentive compensation arrangements that may be embedded in service provider contracts to avoid encouraging “imprudent” risk-taking. While OCC Bulletin 2013-29 does not break out incentive compensation as a separate program feature (it is included among factors to be considered in due diligence and selection), it does identify the need for banks to review whether fee structure and incentives would create burdensome upfront fees or result in inappropriate risk-taking by the third party or the bank.

• Oversight and monitoring of service providers: Institutions should set forth the processes for measuring performance against contractually-required service levels and key the frequency of performance reviews to the risk profile of the service provider. This section of the FRB Guidance, consistent with the “Ongoing Monitoring” section of OCC Bulletin 2013-29, also recommends the creation of escalation protocols for underperforming service providers and monitoring of service provider financial condition and internal controls, which may also trigger escalation if the service provider’s financial viability or adequacy of its control environment are compromised during the course of the relationship.

• Business continuity and contingency plans: Institutions should develop plans that focus on critical services and consider alternative arrangements in the event of an interruption. The Fed specifically notes that financial institutions should: (i) ensure that a disaster recovery and business continuity plan exists with regard to the contracted services and products; (ii) assess the adequacy and effectiveness of a service provider’s disaster recovery and business continuity plan and its alignment to their own plan; (iii) document the roles and responsibilities for maintaining and testing the service provider’s business continuity and contingency plans; (iv) test the service provider’s business continuity and contingency plans on a periodic basis to ensure adequacy and effectiveness; and (v) maintain an exit strategy, including a pool of comparable service providers. Notably, OCC Bulletin 2013-29 addresses business continuity and contingency plans under third-party risk management, rather than as separate program features.

Finally, the FRB Guidance notes a number of “additional risk considerations” not singled out by OCC Bulletin 2013-29, which cover: (i) confidentiality of Suspicious Activity Report (SAR) reporting functions; (ii) compliance by foreign-based service providers with U.S. laws, regulations, and regulatory guidance; (iii) prohibitions against outsourcing internal audit functions in violation of Sarbanes-Oxley; and (iv) alignment of outsourced model risk management with existing Fed Guidance on Model Risk Management (SR 11-7).

Questions regarding the matters discussed in this Alert may be directed to any of our lawyers listed below, or to any other BuckleySandler attorney with whom you have consulted in the past.

• Jeffrey P. Naimon, (202) 349-8030
• Christopher M. Witeck, (202) 349-8051
• Elizabeth E. McGinn, (212) 600-2370
• Jon David Langlois, (202) 349-8045

Federal Reserve OCC Bank Compliance Vendors Bank Supervision