Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 27, the FDIC released a list of administrative enforcement actions taken against banks and individuals in December. The FDIC made public nine orders, including “one order to pay civil money penalty, two consent orders, one combined personal consent order and order to pay, two Section 19 orders, four prohibition orders, and seven orders of termination of insurance.”
The actions included a civil money order against a Georgia-based bank related to violations of the Flood Disaster Protection Act. The FDIC determined that the bank had engaged in a pattern or practice of violations because it “made, increased, extended, or renewed loans secured by a building or mobile home located in a special flood hazard area or to be located in a special flood hazard area without providing timely notice to the borrower and/or the servicer as to whether flood insurance was available for the collateral.”
Additionally, the FDIC issued a consent order against a Texas-based bank alleging the bank engaged in “unsafe or unsound banking practices or violations of law or regulation relating to, among other things, weaknesses in board and management oversight of the information technology function.” The bank neither admitted nor denied the allegations but agreed, among other things, that it would develop a staffing analysis plan “to ensure sufficient resources are available with the knowledge [and] prerequisite skills commensurate with the risk profile and complexity of the Bank’s information technology  function.”
On January 20, the FDIC issued FIL-05-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Georgia affected by severe storms, straight-line winds, and tornadoes on January 12. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and encouraged institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements and instructs institutions to contact the Atlanta Regional Office for consideration.
On January 18, the FDIC issued guidance (see FIL-03-2023 and FIL-04-2023) to provide regulatory relief to financial institutions and help facilitate recovery in areas of Alabama affected by severe storms, straight-line winds, and tornadoes occurring on January 12, and in areas of California affected by severe winter storms, flooding, and landslides occurring from December 27 and continuing. The FDIC wrote that in supervising impacted institutions, it will consider the unusual circumstances those institutions face. The guidance suggested that institutions work with borrowers impacted by the severe weather to extend repayment terms, restructure existing loans, or ease terms for new loans “in a manner consistent with sound banking practices.” The FDIC noted that institutions may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The agency will also consider relief from certain reporting and publishing requirements.
On January 9, the FDIC issued FIL-02-2023 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Florida affected by Hurricane Nicole from November 7 to November 30. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and encouraged institutions to work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements.
On December 22, the Federal Reserve Board, FDIC, and OCC extended Regulation O relief for certain investment fund-controlled companies. The agencies issued a temporary no-action position in 2019 to allow time for the Federal Reserve, in consultation with the FDIC and OCC, “to consider whether to amend Regulation O to address concerns about unintended consequences of the application of Regulation O to companies that sponsor, manage, or advise investment funds and institutional accounts that invest in voting securities of banking organizations.” The interagency statement extends the no-action relief under Regulation O for another year to the sooner of either January 1, 2024, or the effective date of a final Federal Reserve rule revising Regulation O “that addresses the treatment of extensions of credit by a bank to fund complex-controlled portfolio companies that are insiders of the bank.” Specifically, the agencies state that action will not be taken against banks extending credit to fund complex-controlled portfolio companies that would otherwise violate Regulation O, provided the company controls (directly or indirectly) less than 15 percent of the bank’s voting securities (or 20 percent under certain circumstances) and has not or does not plan to place representatives in the bank or seek to exercise a controlling influence over the bank. Extensions of credit to these companies must be on “substantially the same terms as those prevailing for comparable transactions with unaffiliated third parties” and may not “involve more than normal risk of repayment or present other unfavorable features,” the agencies explained, noting that the relief applies only to fund complex-controlled portfolio companies, not the fund complexes.
On January 3, the FDIC, Federal Reserve Board, and OCC issued a joint interagency statement highlighting key risks banks should consider when choosing to engage in cryptocurrency-related services. Risks flagged by the agencies include: (i) the possibility of fraud and scams among crypto-asset sector participants; (ii) legal uncertainties related to custody practices, redemptions, and ownership rights; (iii) misleading disclosures made by crypto firms that may be unfair, deceptive, or abusive; (iv) volatility in crypto-asset markets, including the susceptibility of stablecoins to run risk, which could impact deposit flows; (v) contagion risks resulting from interconnections among crypto-asset participants that may present concentration risks for banks with exposure to the crypto-asset sector; (vi) lack of maturity in risk management and governance practices within the crypto-asset sector; and (vii) elevated risks associated with open, public, and/or decentralized networks.
The agencies commented that while they will continue to take a cautious approach to current or proposed crypto-asset-related activities (and are not prohibiting nor discouraging banks from providing crypto services to customers, as permitted by law or regulation), they currently “believe that issuing or holding as principal crypto-assets that are issued, stored, or transferred on an open, public, and/or decentralized network, or similar system is highly likely to be inconsistent with safe-and-sound banking practices.” Moreover, the agencies expressed “significant safety and soundness concerns with business models that are concentrated in crypto-asset-related activities or have concentrated exposures to the crypto-asset sector.” Agencies have developed processes for banks to engage in robust supervisory discussions with their supervisory office about any proposed or existing crypto-asset-related activities, the agencies advised, adding that before launching any activities, banks should take appropriate risk management measures and assess whether the activity can be performed in a safe and sound manner, is legally permissible, and complies with applicable laws and regulations. Additional statements will be released in the future by the agencies.
“The events of the past year have been marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector,” the agencies said as they stressed the importance of keeping crypto-asset risks that cannot be mitigated or controlled from migrating to the banking system.
The OCC separately issued a bulletin advising supervised banks to follow processes outlined in OCC Interpretive Letter 1179 (covered by InfoBytes here) before engaging in certain crypto-asset-related activities.
On December 30, the FDIC released a list of orders of administrative enforcement actions taken against banks and individuals in November. The FDIC made public nine orders consisting of “two consent orders; two orders terminating deposit insurance; three orders to pay civil money penalties; one order terminating consent order; and one Section 19 order.” Among the orders is a civil money penalty against a Wisconsin-based bank related to violations of the Flood Disaster Protection Act. The FDIC determined that the bank had engaged in a pattern or practice of violations that included the bank’s failure to: (i) obtain adequate flood insurance on the building securing a designated loan at the time of loan origination; (ii) obtain adequate flood insurance at the time of the origination; (iii) notify borrowers that the borrower should obtain flood insurance where a determination had been made that flood insurance had lapsed or a loan was not covered with the required amount of insurance; (iv) provide borrowers with a Notice of Special Flood Hazard and Availability of Federal Disaster Relief Assistance when making, increasing, extending or renewing a loan; and (v) provide borrowers with a Notice of Special Flood Hazard and Availability of Federal Disaster Relief Assistance within a reasonable time before the completion of the transaction. The order requires the payment of a $39,000 civil money penalty.
The FDIC also issued a civil money penalty against an Oregon-based bank for allegedly violating Section 8(a) of RESPA “by entering into mortgage lead generation arrangements with the operator of a real estate website and the operator of an online loan marketplace that were used to facilitate and disguise referral payments for mortgage business.” The FDIC also determined that the bank violated the FTC Act “by making deceptive and misleading representations in three of the bank’s prescreened offers of credit” and violated the FCRA “by obtaining the consumer reports of former loan clients with recent credit inquiries without a legally permissible purpose.” The order requires the payment of a $425,000 civil money penalty.
Additionally, the FDIC issued a consent order against a Tennessee-based bank alleging the bank engaged in “unsafe or unsound banking practices relating to weaknesses in capital, asset quality, liquidity, and earnings.” The bank neither admitted nor denied the allegations but agreed, among other things, that its board would “increase its participation in the affairs of the bank by assuming full responsibility for the approval of the bank’s policies and objectives and for the supervision of the bank’s management, including all the bank’s activities.” The bank also agreed to maintain a Tier 1 Leverage Capital ratio equal to or greater than 8.50 percent and a Total Capital ratio equal to or greater than 11.50 percent. The FDIC also issued a consent order against a New Jersey-based bank claiming the bank engaged in “unsafe or unsound banking practices relating to, among other things, management supervision, Board oversight, weaknesses in internal controls, interest rate sensitivity, and earnings.” The bank neither admitted nor denied the allegations but agreed, among other things, that it would retain a third-party consultant “to develop a written analysis and assessment of the bank’s board and management needs (Board and Management Report) for the purpose of ensuring appropriate director oversight and providing qualified management for the bank.”
On December 19, the U.S. Senate confirmed Martin J. Gruenberg to be a board member and chairman of the FDIC. Gruenberg has served as acting chairman since former chair, Jelena McWilliams, resigned a year ago. Since joining the FDIC Board of Directors in 2005, Gruenberg has served as vice chairman, chairman, and acting chairman. Prior to joining the FDIC, Gruenberg served on the staff of the Senate Banking Committee as senior counsel of the full committee, and as staff director of the Subcommittee on International Finance and Monetary Policy. (Covered by InfoBytes here.)
The senators also voted to confirm Travis Hill as vice chairman and Jonathan McKernan as an FDIC board member. As previously covered by InfoBytes, during his tenure at the FDIC, Hill previously served as senior advisor to the chairman and deputy to the chairman for policy. Prior to that, Hill served as senior counsel at the Senate Banking Committee. Jonathan McKernan is a senior counsel at the FHFA and currently is on detail from the agency to the Senate Banking Committee where he is counsel on the minority staff. Previously, McKernan served as a senior policy advisor at the U.S. Treasury Department.
On January 5, Gruenberg was sworn in as the 22nd FDIC chairman. The same day, Hill was sworn in as vice chairman and McKernan as a board member.
On December 19, the Federal Reserve Board, FDIC, and OCC announced (see here and here) joint annual adjustments to the CRA asset-size thresholds used to define “small bank” and “intermediate small bank,” which are not subject to the reporting requirements applicable to large banks unless they choose to be evaluated as one. A “small bank” is defined as an institution that, as of December 31 of either of the prior two calendar years, had less than $1.503 billion in assets. An “intermediate small” bank is defined as an institution that, as of December 31 of both of the prior two calendar years, had at least $376 million in assets, and as of December 31 of either of the past two calendar years, had less than $1.503 billion in assets. The joint final rule takes effect on January 1, 2023.
On December 13, the FDIC held a meeting, during which board members approved a notice of proposed rulemaking (NPRM) to modernize and amend the rules “governing the use of the official FDIC sign and insured depository institutions’ (IDIs) advertising statements to reflect how depositors do business with IDIs today, including through digital and mobile channels.” According to the FDIC’s announcement, the NPRM would amend part 328 of its regulations by updating the requirements for when the FDIC’s official sign can be displayed. Institutions would also be required to use signs that differentiate insured deposits from non-deposit products across banking channels and provide disclosures to consumers alerting them to when certain financial products are not insured by the FDIC, are not considered deposits, and may lose value.
Acting Chairman Martin Gruenberg noted that there have not been major changes to these rules since 2006. FDIC board member and CFPB Director Rohit Chopra issued a statement in support of the NPRM, noting that the financial sector has evolved significantly since 2006, and “[b]anks increasingly offer uninsured products, physical branches look different, more than 65% of banked households primarily bank online or through their mobile phone, and convoluted bank-nonbank partnerships have proliferated.” He specifically highlighted several of the proposed changes, including: (i) requiring banks to physically segregate the parts of the branch used for accepting insured deposits from other areas where uninsured products are offered; (ii) requiring banks to display digital FDIC signs on their websites and mobile apps, including clear notifications on relevant pages where uninsured products are offered; (iii) requiring disclosures that deposit insurance does not protect against the failure of nonbanks and, if relevant, that pass-through deposit insurance coverage is not automatic or certain; and (iv) clarifying that crypto assets are uninsured, non-deposit products. Comments on the NPRM are due 60 days after publication in the Federal Register.
On the same day, the FDIC adopted proposed changes to the Guidelines for Appeals of Material Supervisory Determinations. The board solicited public comments in October on the proposed changes (covered by InfoBytes here). The revised Guidelines add the agency’s ombudsman to the Supervision Appeals Review Committee (SARC) as a non-voting member (the ombudsman will be responsible for monitoring the supervision process after a financial institution submits an appeal and must periodically report to the board on these matters). Materials under consideration by the SARC will have to be shared with both parties to the appeal (subject to applicable legal limitations on disclosure), while financial institutions will be allowed to request a stay of material supervisory determination during a pending appeal. Additionally, the division director is given the discretion to grant a stay or grant a stay subject to certain conditions, and institutions will be provided decisions in writing regarding a stay. The revised Guidelines take effect immediately.