InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC releases April enforcement actions, including flood insurance and BSA/AML violations
On May 25, the FDIC released a list of 35 administrative enforcement actions taken against banks and individuals in April. Civil money penalties were assessed against several individuals and one bank. The FDIC assessed a $5,000 civil money penalty against a New Jersey-based bank, citing violations of the Flood Disaster Protection Act for allegedly failing to ensure 20 properties were adequately covered by flood insurance for the term of the loan. Additionally, the FDIC issued two consent orders, one against a South Dakota-based bank for unsafe or unsound banking practices or violations of law or regulation. The FDIC ordered the bank to, among other things, (i) retain qualified management; (ii) develop an independent external loan review program; and (iii) develop a plan to address the weaknesses in the bank’s audit and internal controls. The second consent order alleges violations of the Bank Secrecy Act and anti-money laundering (BSA/AML) rules by a Maryland-based bank. The bank is ordered to, among other things, (i) perform an enhanced risk assessment of the bank’s operations; (ii) revise and implement internal controls for BSA/AML compliance; and (iii) take necessary steps to correct or eliminate all cited violations.
Also on the list are 11 Section 19 orders, which allow applicants to participate in the affairs of an insured depository institution after having demonstrated “satisfactory evidence of rehabilitation,” and four terminations of consent orders.
There are no administrative hearings scheduled for June 2018. The FDIC database containing all 35 enforcement decisions and orders may be accessed here.
Federal agencies issue disaster relief guidance for North Carolina, Indiana, and Hawaii
Department of Veterans Affairs (VA)
On May 16, the Department of Veterans affairs released Circular 26-18-10, requesting relief for veterans impacted by Hawaii’s volcanic eruptions and earthquakes. Among other things, the Circular (i) encourages loan holders to extend forbearance to borrowers in distress because of the storms; (ii) requests that loan holders establish a 90-day moratorium on initiating new foreclosures on loans affected by the major disaster; and (iii) waives late charges on affected loans. Previously on May 14, the VA released Circular 26-18-08 and Circular 26-18-09, which provide for similar relief in areas affected by severe storms and flooding in Hawaii and North Carolina.
FDIC
On May 16, the FDIC issued FIL-28-2018 to provide regulatory relief to financial institutions and facilitate recovery in areas of Indiana affected by severe storms and flooding from February 14 through March 4. The FDIC is encouraging institutions to consider, among other things, extending repayment terms and restructuring existing loans that may be affected by the natural disasters. Additionally, the FDIC notes that institutions may receive favorable Community Reinvestment Act (CRA) consideration for certain development loans, investments, and services in support of disaster recovery. The FDIC also issued FIL-29-2018, which provides similar guidance for financial institutions for areas of North Carolina affected by tornadoes and severe storms on April 15.
Find more InfoBytes disaster relief coverage here.
Federal banking agencies seek comments on proposal to revise regulatory capital rules
On May 14, the Federal Reserve Board, FDIC, and OCC published a joint notice and request for comment on a proposal to revise regulatory capital rules to, among other things, identify which credit loss allowances are “eligible for inclusion in regulatory capital” under changes made to U.S. generally accepted accounting principles (U.S. GAAP), described within Accounting Standards Update No. 2016-13 (ASU 2016-13). The proposed rulemaking would provide (i) banking organizations subject to the agencies’ regulatory capital rules with “the option to phase in the day-one adverse effects on regulatory capital that may result from the adoption of the new accounting standard;” (ii) amendments to certain regulatory disclosure requirements to reflect applicable changes to U.S. GAAP covered under ASU 2016-13; (iii) amendments to stress testing regulations, which would grant covered banking organizations that have adopted ASU 2016-13 an extension until the 2020 stress test cycle to “include the effect of ASU 2016-13 on their provisioning for purposes of stress testing;” and (iv) conforming amendments to other regulations referencing credit loss allowances. Comments must be submitted by July 13.
FDIC Chairman delivers remarks on the impact of technology in the business of banking
On May 7, FDIC Chairman, Martin J. Gruenberg, spoke at the Forum on the Use of Technology in the Business of Banking about the importance of understanding the ways in which emerging technology is positively affecting banking operations, while also recognizing associated risk management challenges. Gruenberg noted that the benefits of technology—such as reduced transaction costs, operational efficiency, payment speed improvements, and economic inclusion and access to mainstream banking—also pose challenges to financial institutions that may be amplified as new products and services are adopted. Challenges include: (i) cybersecurity risks; (ii) Bank Secrecy Act/anti-money laundering concerns; and (iii) various other consumer protection issues. Gruenberg also discussed the role of the FDIC’s Emerging Technology Steering Committee, which was established to address these issues, and its two working groups responsible for “monitoring trends, opportunities, and risks in this area, and evaluating impacts on banking, general safety and soundness, deposit insurance, financial reporting, economic inclusion, and consumer protection.” He stressed that the committee’s work will inform the agency’s “supervisory strategy for responding to opportunities and risks presented by the use of emerging technologies to supervised institutions.”
FDIC issues regulatory relief guidance for financial institutions in areas of Alabama affected by severe storms
On May 4, the FDIC issued a Financial Institution Letter, FIL-24-2018, to provide regulatory relief to financial institutions and facilitate recovery in areas of Alabama affected by severe storms and tornados. The FDIC is encouraging institutions to consider, among other things, extending repayment terms and restructure existing loans that may be affected by the natural disasters. Additionally, the FDIC notes that institutions may receive favorable Community Reinvestment Act (CRA) consideration for certain development loans, investments, and services in support of disaster recovery. The FDIC letter also contemplates regulatory relief for banks located in the affected areas.
Find continuing InfoBytes coverage on Disaster Relief here.
FDIC proposes information collection renewal for appraisal management companies
On May 2, the FDIC published a notice and request for comment in the Federal Register regarding the renewal of an existing information collection on the minimum requirements for appraisal management companies (AMCs). According to the notice, there is no significant change in the methodology or substance of the information collection; however, burden estimates for states and AMCs have been revised to include (i) “AMC Written Notice of Appraiser Removal from Network or Panel;” (ii) “Develop and Maintain a State Licensing Program;” (iii) “AMC Reporting Requirements (State and Federal AMCs);” and (iv) “State Reporting Requirements to the Appraisal Subcommittee.” The notice requests comment on, among other things, whether the information collection is necessary and ways to minimize the burden of the information collection on the respondents. Comments are due by July 2.
FDIC releases March enforcement actions, fines banks for flood insurance violations
On April 27, the FDIC released a list of 20 administrative enforcement actions taken against banks and individuals in March. Civil money penalties were assessed against several banks including one against a Michigan-based bank citing violations of the Flood Disaster Protection Act (FDPA) for allegedly: (i) failing twice “to obtain flood insurance on a building securing a designated loan at the time of origination”; (ii) failing to obtain flood insurance on a borrower’s behalf in multiple instances, in addition to twice failing to maintain adequate flood insurance; and (ii) failing to follow force placed flood insurance procedures for several loans. A second civil money penalty was assessed against a New Jersey-based bank for allegedly engaging in a pattern of violating requirements under the FDPA and the National Flood Insurance Act, which included (i) failing to notify borrowers that they were required to purchase flood insurance; and (ii) failing to obtain flood insurance on a borrower’s behalf in a timely fashion for those borrowers who failed to obtain insurance within 45 days after receiving notification.
Also on the list are seven Section 19 orders, which allow applicants to participate in the affairs of an insured depository institution after having demonstrated “satisfactory evidence of rehabilitation,” and six terminations of consent orders, among others.
There are no administrative hearings scheduled for May 2018. The FDIC database containing all 20 enforcement decisions and orders may be accessed here.
FDIC OIG releases Special Inquiry Report to address breach response plan
On April 16, the FDIC’s Office of Inspector General (OIG) released its Special Inquiry Report—“The FDIC’s Response, Reporting, and Interactions with Congress Concerning Information Security Incidents and Breaches”—which contains findings from an examination of the FDIC’s practices and policies related to data security, incident response and reporting, and Congressional interactions. The Special Inquiry Report is the culmination of a request made by the former Chairman of the Senate Committee on Banking, Housing, and Urban Affairs in 2016, and focuses on the circumstances surrounding eight information security incidents that occurred in 2015 and 2016—seven of which involved personally identifiable information and constituted data breaches. An eighth incident involved the removal of “highly sensitive components of resolution plans submitted by certain large systemically important financial institutions without authorization” by a departing FDIC employee.
According to the report, the OIG asserts that, among other things, the FDIC failed to (i) put in place a “comprehensive incident response program and plan” to handle security incidents and breaches; (ii) clearly document risk assessments and decisions associated with data incidents; (iii) fully consider the range of impacts on bank customers whose information was compromised; (iv) promptly notify consumers when an incident occurred and did not adequately consider notifications as a separate decision from whether it would provide credit monitoring services; (v) for at least one incident, failed to convey the seriousness of the breach; and (vi) provide timely, accurate, and complete responses to Congressional requests to gather information about how the agency was handling the incidents.
As a result of these findings, the OIG presented recommendations and timeframes for the FDIC to “address the systemic issues.” Recommendations include: (i) clearly defining roles and responsibilities within the FDIC Breach Response Plan, and establishing procedures “consistent with legal, regulatory, and/or operational requirements for records management”; (ii) establishing a separation between consumer breach notifications and the offer of credit monitoring services; (iii) adhering to established timeframes for reporting incidents to FinCEN when suspicious activity report information has been compromised; (iv) conducting an annual review of the Breach Response Plan to confirm that that the guidance has been consistently followed during the preceding year; (v) developing guidance and training to ensure that employees and contractors are fully aware of the legal consequences of removing any sensitive information from FDIC premises before they depart; (vi) ensuring that FDIC policies, procedures, and practices result in complete, accurate statements and representations to Congress, and updating and correcting prior statements and representations as necessary; (vii) clarifying “legal hold policies and processes”; and (viii) specifying that the Office of Legislative Affairs is responsible for “providing timely responses to Congressional requests and communicating with Congressional staff regarding those requests.”
The FDIC concurred with the recommendations and has completed corrective actions for two, with plans to address the remaining recommendations between June and December of this year. The FDIC has also agreed to keep the OIG informed of the progress made to address the identified performance issues.
Agencies seek OMB approval on November 2017 Call Report revisions
On April 11, the Federal Reserve Board, FDIC, and OCC—as members of the Federal Financial Institutions Examination Council (FFIEC)—published a joint notice and request for comment for OMB review and approval regarding revisions to the Consolidated Reports of Condition and Income (Call Reports) for financial institutions. The finalized changes modify Call Reports applicable to banks with (i) domestic offices only and less than $1 billion in total assets (FFIEC 051); (ii) domestic offices only (FFIEC 041); and (iii) domestic and foreign offices (FFIEC 031). The changes include removing or consolidating certain data items and adding a new or raising certain existing reporting thresholds in the three versions of the Call Report. Comments must be submitted by May 11. Subject to OMB approval, the revisions would take effect as of the June 30, 2018 report date. As previously covered by InfoBytes, the changes were originally proposed in November 2017.
Court denies national bank’s motion to dismiss FDIC action seeking deposit insurance payments
On April 4, the U.S. District Court for the District of Columbia denied a national bank’s motion to dismiss or strike an FDIC complaint seeking $1.12 billion in deposit insurance payments. In January 2017, the FDIC filed a complaint against the national bank for $542 million based on the bank’s alleged failure to pay sufficient mandatory assessments under the Federal Deposit Insurance Act (FDIA) for the second quarter of 2013 through the fourth quarter of 2014. In April 2017, the FDIC filed an amended complaint to add a claim of unjust enrichment and allege that the national bank owes an additional $583 million for underpayments predating the second quarter of 2013. In denying the bank’s motion, the court concluded that (i) the FDIC could plead alternative theories of liability at this stage and therefore could allege a claim for unjust enrichment even when an adequate legal remedy is available under the FDIA; (ii) the FDIC adequately pleaded a claim for unjust enrichment; and (iii) it was premature to determine if the FDIC’s FDIA and unjust enrichment claims are time-barred.