InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC requests comments on registration of mortgage loan originators
On February 6, the OCC published a notice and request for comment in the Federal Register concerning its information collection entitled, “Registration of Mortgage Loan Originators.” Under the Secure and Fair Enforcement for Mortgage Licensing Act (SAFE Act), any person employed by a regulated entity, who is engaged in the business of residential mortgage loan origination, must register with the Nationwide Mortgage Licensing System and Registry (NMLS), obtain a unique identifier, and adopt policies and procedures to ensure compliance with the SAFE Act’s requirements. The NMLS is structured to, among other things, (i) improve information sharing between regulators; (ii) increase mortgage loan originator accountability; and (iii) provide consumers easy access to background information on mortgage loan originators, including publicly adjudicated disciplinary and enforcement actions. The OCC retains enforcement authority under the SAFE Act for financial institutions (including federal branches of foreign banks) with total assets of $10 billion or less. Comments on the notice must be received by April 9.
Federal Reserve blocks national bank’s growth, cites internal governance and risk management oversight failures
On February 2, the Federal Reserve Board (Fed) cited compliance breakdowns and widespread consumer abuses as the primary factors behind its decision to issue an order to cease and desist against a national bank. In addition to blocking the bank from growing beyond $1.95 trillion in assets until the Fed approves internal governance and risk management reforms, the order also requires the bank to take actions in the areas of board effectiveness, risk management program improvement, third party reviews of plans and improvements, and reports on progress. The bank must, among other things, (i) create “separate and independent reporting lines” to the chief risk officer and the board, and (ii) enhance risk management oversight and functions, which includes creating “an effective risk identification and escalation framework.” The bank concurrently agreed to replace four current board members in 2018, with three replaced by April. Notably, the order does not require the bank to cease current activities such as accepting customer deposits or making consumer loans.
The Fed also sent letters to the bank’s former lead independent director and former chair of the board of directors (see letters here and here) to address the “many pervasive and serious compliance and conduct failures” that occurred during their tenures. Citing ineffective oversight following awareness of alleged consumer abuses, the Fed stated that the former directors failed to initiate any serious inquiry or request that the board do so. Further, the Fed asserted that the former chair of the board continued to support the sales goals that were a major cause of the identified sales practice problems and failed to initiate a serious investigation or inquiry. A third letter sent to the current board of directors outlines steps the board must take to improve senior management reporting, maintain an effective risk management structure, and ensure compensation and other incentive programs are “consistent with sound risk management objectives and promote . . . compliance with laws and regulations.” (See here and here for previous InfoBytes coverage on the alleged improper sales practices.)
In response, the bank issued a press release stating it will commit to the Fed’s requirements and will provide a compliance plan for oversight, compliance, and operational risk management to the Fed within 60 days. The plan will also outline measures already completed by the bank, and if approved by the Fed, the bank will engage independent third parties to review its adoption and implementation of the plan.
Federal Reserve, FDIC, OCC release stress testing scenarios
On February 1, the Federal Reserve Board (Fed) published stress testing scenarios to be used when conducting the 2018 Comprehensive Capital Analysis and Review (CCAR) evaluations and stress test exercises for large bank holding companies and large U.S. operations of foreign firms. Instructions for participating banks also were released. According to the Fed, in an effort designed to “support the transition to stress testing,” foreign banks will only be required to participate in a “simplified global market shock” portion of the CCAR evaluation. As previously covered in InfoBytes, last December the Fed issued a request for comments on three proposals designed to increase stress testing transparency and resiliency of large, complex banks. This included a proposal to publicly release, for the first time, information concerning the models and methodologies used during supervisory stress tests, including those applied in the CCAR. According to the Fed’s press release, the qualitative and quantitative evaluations will be used to evaluate a bank’s ability to survive in times of economic stress and are broken into three scenarios with varying degrees of stress: baseline, adverse and severely adverse. The Fed reminded participating banks that capital plan and stress testing submissions are due by April 5.
The same day, the OCC issued its own stress testing scenarios for required OCC-supervised institutions with more than $10 billion in assets, and on February 2, the OCC released a notice and request for comments (notice) on revised templates to be used for stress test exercises performed by covered institutions with total consolidated assets of $50 billion or more. According to the notice, revisions would reduce the number of data items in the Supplemental Schedule by approximately half, and include (i) the elimination of two reporting schedules—the Regulatory Capital Transitions Schedule and the Retail Repurchase Exposures Schedule; (ii) the addition of new criteria for institutions subject to the global market shock evaluation; and (iii) clarification on how “Credit Loss Portion” and “Non-Credit Loss Portion” are reported in the summary schedule worksheets. Furthermore, under the revisions, savings associations would be eligible to use the simplified reporting requirements already available to other large, non-complex holding companies. The notice was published in the Federal Register on February 2 and comments are due by March 5.
Additionally, on February 6, the FDIC released economic scenarios developed in coordination with the Fed and the OCC for certain supervised financial institutions. According to the FDIC, the scenarios “include key variables that reflect economic activity, including unemployment, exchange rates, prices, income, interest rates, and other salient aspects of the economy and financial markets.”
Review procedures need enhancing according to GAO’s Regulatory Flexibility Act compliance report
On January 30, the Government Accountability Office (GAO) released its annual report on federal financial regulators’ compliance with the Regulatory Flexibility Act (RFA). Specifically, the report assessed whether certain regulators adhered to the RFA when drafting and implementing regulations that may affect small entities. Such regulators include the Federal Reserve, Commodity Futures Trading Commission, CFPB, FDIC, OCC, and SEC (collectively, the "agencies"). Under the RFA, the agencies must either (i) certify that a rule would not have a significant economic impact on a substantial number of small entities, or (ii) perform a regulatory flexibility analysis to assess the rule’s impact on small entities and “consider alternatives that may minimize any significant economic impact of the rule.” The report disclosed issues related to certifications. Examples included (i) providing incomplete disclosures of data sources or methodologies of economic analysis and impact; (ii) failing to provide definitions for criteria used to determine a “substantial number” or a “significant economic impact”; and (iii) relying on alternative and potentially outdated definitions of small entities. Additionally, GAO noted that many regulators were unable to provide supporting documentation for their analyses. GAO presented 10 recommendations for enhancing compliance procedures, and stressed that regulators should “develop and implement specific policies and procedures for consistently complying with RFA requirements and related guidance for conducting RFA analyses.” Specific recommendations for each agency are located here.
Agencies offer CRA credit for certain disaster relief efforts
On January 25, the FDIC, OCC, and the Fed (collectively “Agencies”) issued an interagency statement on the availability of Community Reinvestment Act (CRA) credit for financial institution activities that “help revitalize or stabilize the U.S. Virgin Islands and Puerto Rico, which were designated as major disaster areas by the President because of Hurricane Maria.” Provided financial institutions continue to be responsive to the community needs of their own CRA assessment areas, the Agencies will now give “favorable consideration” to community development activities, such as assistance to displaced people, in the areas impacted by Hurricane Maria. The Agencies state that they may give higher consideration to activities aimed at assisting the low- and moderate-income affected areas but that general consideration will be given regardless of median or personal income.
OCC announces recent enforcement actions and terminations, BSA/AML deficiencies targeted
On January 19, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such parties. The new enforcement actions include civil money penalty orders, cease and desist orders, prompt corrective action directives, and removal/prohibition orders. The list also includes recently terminated enforcement actions.
Civil Monetary Penalty. On December 27, the OCC issued a consent order (2017 Order) against a national bank’s South Dakota branch for violating a 2012 OCC issued consent order (2012 Order) related to deficiencies identified in the agency’s Bank Secrecy Act and anti-money laundering (BSA/AML) rules and regulations. According to the 2017 Order, the branch failed to timely comply with the 2012 Order, which required the branch to, among other things, (i) establish a Compliance Committee to oversee the branch’s adherence to the outlined provisions; (ii) submit, implement, and maintain an effective BSA/AML action plan; (iii) ensure the effective implementation of policies and procedures, which would fulfill BSA/AML and Office of Foreign Assets Control obligations; (iv) conduct a BSA/AML compliance program evaluation, risk assessment, and audit program; (v) develop appropriate customer due diligence policies and procedures, along with programs to ensure the timely identification and reporting of suspicious activity; (vi) develop practices governing the use of cash letter services and remote deposit capture; and (vii) conduct independent reviews of account and transaction activity. As a result, the 2017 Order requires the branch to pay a $70 million civil money penalty for failing to comply with the 2012 Order. The bank, while agreeing to the terms of the consent order, has not admitted or denied any wrongdoing.
OCC highlights supervisory priorities in fall 2017 semiannual risk report
On January 18, the OCC announced the release of its Semiannual Risk Perspective for Fall 2017, identifying key risk areas for national banks and federal savings associations. Top supervisory priorities will focus on credit, operational, and compliance risk. As previously discussed in the spring 2017 semiannual report, compliance risk continues to be an ongoing concern, particularly as banks continue to adopt new technologies to help them comply with anti-money laundering rules and the Bank Secrecy Act (BSA), in addition to addressing increased cybersecurity challenges and new consumer protection laws. (See previous InfoBytes coverage here.) The OCC commented that these types of risks can be mitigated by banks with “appropriate due diligence and ongoing oversight.”
Specific areas of particular concern include the following:
- easing of commercial credit underwriting practices;
- increasing complexity and severity of cybersecurity threats, including phishing scams that are the primary method of breaching bank data systems;
- using limited third-party service providers for critical operations, which can create “concentrated points of failure resulting in systemic risk to the financial services sector”;
- compliance challenges under the BSA; and
- challenges in risk management involving consumer compliance regulations.
The report also raises concerns about new requirements under the Military Lending Act along with pending changes to data collection under the Home Mortgage Disclosure Act, which could pose compliance challenges. It further discusses a new standard taking effect in 2020 for measuring expected credit losses, which “may pose operational and strategic risk to some banks when measuring and assessing the collectability of financial assets.”
The data relied on in the report was effective as of June 30, 2017.
Agencies adjust civil penalties for inflation
On January 12, the CFPB published a final rule adjusting upward the maximum amount of each civil penalty within their jurisdictions, as required by the Inflation Adjustment Act. As explained in the rule, the new maximum penalty amounts for 2018 are calculated by multiplying the corresponding 2017 penalty by a “cost-of-living adjustment” multiplier—which for 2018 has been set by the OMB at 1.02041—and then rounding to the nearest dollar. The new penalty amounts apply to civil penalties assessed after January 15, 2018.
In addition, the FDIC, the OCC, and the Federal Reserve recently issued similar Civil Penalty Inflation Adjustment notices.
OCC fines national bank for failing to fix BSA deficiencies
On January 4, the OCC issued a consent order assessing a $70 million civil money penalty against a national bank for failing to comply with the agency’s 2012 cease and desist consent order related to Bank Secrecy Act (BSA) and anti-money laundering (AML) deficiencies. The 2012 order cited the bank for, among other things, failing to file suspicious activity reports in a timely manner and weaknesses in controls related to its correspondent banking from deposit capture/international cash letter instrument activity. According to the OCC, the $70 million civil money penalty results from the bank’s failure “to complete corrective actions to address BSA/AML compliance issues as required by the [2012] order.”
Agencies finalize plans to further streamline Call Reports
On January 3, the Federal Reserve Board, FDIC, and OCC (agencies)—as members of the Federal Financial Institutions Examination Council (FFIEC)—announced finalized plans to reduce data reporting requirements and other regulatory requirements associated with the Consolidated Reports of Condition and Income (Call Reports) for financial institutions. According to the FFIEC, after reviewing comments related to the joint June 2017 proposal, the finalized changes will include:
- Reducing or remove the reporting frequency for approximately seven percent of the data items required on the Call Report for small institutions, effective June 30, 2018; and
- Revising Call Report schedules to align with the changes in accounting for equity securities, effective March 21, 2018.
The FFIEC noted that the agencies will not proceed with their June 2017 proposal to revise the instructions for determining past due status.
In addition to the June 2017 proposal, previous requests for proposed burden-reducing Call Report revisions were submitted by the agencies in August 2016 and November 2017 (see InfoBytes’ coverage of the August request here and the November request here).