Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On September 22, President Biden officially nominated Saule Omarova for Comptroller of the Currency. If confirmed, Omarova would be the first woman and person of color to serve as Comptroller. Currently Omarova is a professor of law at Cornell University and serves as Director of the Program on the Law and Regulation of Financial Institutions and Markets at Cornell’s Jack Clarke Institute for the Study and Practice of Business Law. Omarova’s academic expertise includes an expertise in issues related to the regulation of systemic risk and structural trends in financial markets. Prior to joining academia, Omarova also, among other things, served at the U.S. Department of Treasury as a Special Advisor for Regulatory Policy to the Under Secretary for Domestic Finance.
On September 22, the OCC issued Bulletin 2021-44 announcing versions 1.0 of the “Earnings” and “Regulatory Reporting” booklets of the Comptroller’s Handbook. The new booklets apply to national banks, federal savings associations, and federal branches and agencies of foreign banking organizations, as well as the OCC’s supervision of community banks. The revised “Earnings” booklet rescinds the “Analytical Review of Income and Expense” booklet issued in March 1990 (with examination procedures issued in March 1998). The revised “Regulatory Reporting” booklet rescinds the “Review of Regulatory Reports” booklet, which was also issued in March 1990. The “Earnings” booklet, among other things, “supplements the earnings core assessments and provides examiners with expanded procedures to use when reviewing earnings for a specific line of business or the bank as a whole.” The “Regulatory Reporting” booklet, among other things: (i) pertains to call reports and similar financial reports but not, for instance, annual reports or those concerning nonfinancial activities; (ii) highlights sound risk management principles regarding regulatory reporting; and (iii) provides examiners procedures regarding assessing activities for a bank’s regulatory reporting. Although the rating system for federal branches does not include an earnings rating, examiners perform an earnings review, tailored to the activities of the federal branch, and, as such, the “Earnings” booklet is helpful guidance.
On September 21, the CFPB published a notice and request for comments in the Federal Register seeking input on revisions to an existing, currently approved information collection, related to reporting terms of credit card plans and consumer and college credit card agreements. The notice relates to credit card data collected by the Bureau as required under TILA regarding agreements between issuers and consumers under a credit card account for open-end consumer credit plans, as well as “any college credit card agreements to which the issuer is a party and certain additional information regarding those agreements.” The data collections will enable the Bureau to provide “a centralized and searchable repository for consumer and college credit card agreements and information regarding the arrangements between financial institutions and institutions of higher education.” Comments must be received by October 21.
Recently, the CFPB updated its Supervision and Examinations Manual to include a new section, Compliance Management Review – Information Technology, to assist examiners when assessing an institution and its service providers’ IT controls as part of a compliance management systems (CMS) review. All institutions under the Bureau’s supervision and enforcement authority are required to have a CMS adapted to its business strategy and operations. Among other things, the new CMS-IT examination manual outlines the following five modules: (i) Module 1: Board and Management Oversight; (ii) Module 2: Compliance Program; (iii) Module 3: Service Provider Oversight; (iv) Module 4: Violations of Law and Consumer Harm; and (v) Module 5: Examiner Conclusions and Wrap-Up. Each module addresses the examination objectives of the relevant policies and procedures, including those related to the oversight and commitment to an institution’s CMS, change management, risk management, self-identification and corrective action, and consumer complaint responses. The modules also discuss appropriate training, monitoring, and auditing of the various stages of an effective CMS program.
On September 16, the U.S. District Court for the Southern District of Alabama granted a defendant tribal payday lender’s motion to dismiss and compel arbitration, ruling that an arbitration agreement in a loan contract is still valid even if an arbitration panel found the contracts were void. The plaintiff initiated an arbitration proceeding against the defendant alleging that payday loan contracts carrying interest rates between 200 and 830 percent were void because the defendant was not licensed under the Alabama Small Loans Act to extend such loans. An American Arbitration Association panel determined, among other things, that the defendant had waived any tribal sovereign immunity, “the transactions involved off-reservation commercial activities to which sovereign immunity does not apply,” and that the loans were entirely void because each of the loans was extended without a license. The plaintiff filed suit in state court to confirm the arbitration award and pursue a class action on the premise that the loans are usurious and should be declared void. The defendant removed the case to federal court and asked the court to dismiss the proposed class action and compel arbitration. The district court agreed with the defendant that the arbitration agreement in the voided loan contract remained binding despite the arbitrator’s earlier determination in the plaintiff’s favor. Specifically, the court disagreed with the plaintiff’s argument that the arbitrator’s determination meant that “no aspect of the contact survives,” stating that the plaintiff “overlooks a central tenet in binding precedential arbitration law: severability.” According to the court, “‘[a]s a matter of substantive federal arbitration law, an arbitration provision is severable from the remainder of the contract.’”
On September 21, the U.S. Treasury Department announced recent actions that are focused on confronting “criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and ransomware payment reporting to U.S. government agencies, including both Treasury and law enforcement.” As part of its continuing actions to counter the increasing threat of ransomware, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against a virtual currency exchange, pursuant to Executive Order 13694, as amended, for its alleged role in providing material support to the threat posed by criminal ransomware actors. As a result of the sanctions, all transactions by U.S. persons or in the U.S. that involve any property or interests in property of designated or otherwise blocked persons are generally prohibited. Additionally, OFAC issued an updated advisory, which highlights “the sanctions risks associated with ransomware payments in connection with malicious cyber-enabled activities and the proactive steps companies can take to mitigate such risks, including actions that OFAC would consider to be ‘mitigating factors’ in any related enforcement action.” Treasury also noted that FinCEN has engaged with industry, law enforcement, and others regarding the ransomware threat through the FinCEN Exchange public-private partnership (covered by InfoBytes here).
On September 17, President Biden signed a new Executive Order (E.O.), Imposing Sanctions on Certain Persons with Respect to the Humanitarian and Human Rights Crisis in Ethiopia, that declares a national emergency with respect to the humanitarian and human rights crisis in northern Ethiopia. The E.O. provides the Secretary of the Treasury, in consultation with the Secretary of State, with the authority “to impose a range of targeted sanctions on persons determined, among other things, to be responsible for or complicit in actions or policies that expand or extend the ongoing crisis or obstruct a ceasefire or peace process in northern Ethiopia or commit serious human rights abuse.” Concurrently, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued three new general licenses, GLs 1, 2, and 3, which authorize official activities associated with certain international organizations and entities, certain nongovernmental organizations’ activities, and certain transactions associated with the exporting or reexporting of agricultural commodities, food, medicine, and medical items. OFAC also published six related FAQs (see FAQs 922, 923, 924, 925, 926, and 927), which provide additional clarity concerning the non-application of OFAC’s 50 Percent Rule to property and interests in property of persons blocked pursuant to the new E.O., as well as guidance on activities authorized by the new GLs.
On September 21, the SEC filed a complaint against a Puerto-Rico based company and its two managing members (collectively, “defendants”) in the U.S. District Court for the District of Puerto Rico alleging that they offered and sold to retail investors the opportunity to share the profits of a purported Colombian gold mining operation. According to the SEC, the offering, which was unregistered with the Commission, was part of a fraudulent scheme that raised approximately $2.7 million. The complaint also alleges that one of the members and the company authorized advertisements that promised “exorbitant returns on the investment, and provided investors with false and misleading [decks] that misrepresented the status of the mining operations,” while the other member allegedly signed contracts with investors when he had knowledge that the company’s statements to investors were misleading. The SEC’s complaint alleges violations of the registration and anti-fraud provisions of the federal securities laws, specifically, the Securities Act of 1933 and the Securities Exchange Act of 1934. The complaint seeks a permanent injunction against the defendants, a permanent ban prohibiting the defendants’ participation in the issuance, purchase, offer, or sale of securities in an unregistered offering, disgorgement of ill-gotten gains, and civil penalties.
On September 20, the OCC announced a cease and desist order issued against a bank for alleged “unsafe or unsound practices” related to “technology and operational risk management,” in addition to the bank’s noncompliance with the OCC’s Interagency Guidelines Establishing Information Security Standards contained in Appendix B to 12 CFR Part 30. Without admitting to or denying the claims, the bank is required by the order to improve information technology and operational risk governance, technology risk assessments, internal controls, and staffing deficiencies. Specifically, the bank must develop an acceptable, written action plan outlining the remedial actions necessary to achieve compliance with the order by addressing the alleged unsafe or unsound practices and noncompliance, which must specify, among other things, a description of the corrective actions, reasonable and well-supported timelines, and those responsible for completing the actions. The order provides that the bank must also establish a Compliance Committee to quarterly submit: (i) “a description of the corrective actions needed to achieve compliance with each Article of the order”; (ii) the specific corrective actions undertaken to comply with each Article of the Order”; and (iii) “the results and status of the corrective actions.”
On September 20, the SEC brought its first regulation crowdfunding enforcement action against several entities and related individuals allegedly involved in a fraudulent scheme to sell nearly $2 million of unregistered securities through two crowdfunding offerings. According to the SEC’s complaint, two of the entities issued securities without registering with the SEC, while their principals diverted investor funds for personal use rather than using the funds for the disclosed purposes. These actions, the SEC claimed, violated the antifraud and registration provisions of the Securities Act of 1933 and Securities Exchange Act of 1934. Among other things, the SEC claimed that one of the individuals—“a driving force behind both offerings”—also allegedly concealed his participation in the offerings from the public to hide a past criminal conviction arising from a mortgage fraud scheme out of concern that it could deter prospective investors. The SEC also charged the crowdfunding platform that hosted the offering, and its founder and CEO, with violations of the Securities Act and Regulation Crowdfunding for ignoring red flags about the other defendants. The complaint seeks disgorgement plus pre-judgment interest, penalties, permanent injunctions, and officer and director bars. Director of the SEC’s Division of Enforcement, Gurbir S. Grewal, stressed the importance of full and honest disclosures in these types of offerings: “As companies continue to raise funds through crowdfunding offerings, we will hold issuers, gatekeepers and individuals accountable and enforce the protections in place for all investors.”
- Jeffrey P. Naimon to discuss “Regulators are gearing up: Are you ready?” at HousingWire Annual
- Amanda R. Lawrence and Elizabeth E. McGinn discuss “U.S. state privacy legislation – Are you compliant?” at the Privacy+Security Forum
- H Joshua Kotin to discuss “Modifications and exiting forbearance” at the National Association of Federal Credit Unions Regulatory Compliance Seminar
- Jonice Gray Tucker and Kari K. Hall to discuss “Consumer protection priorities in the Biden administration and beyond" at the SWABC and TBA 2021 Legal Conference
- Jonice Gray Tucker to discuss “Fintech trends” at the BIHC Network Elevating Black Excellence Regional Summit
- Jeffrey P. Naimon to discuss "Truth in lending” at the American Bar Association National Institute on Consumer Financial Services Basics
- John R. Coleman and Amanda R. Lawrence to discuss “Consumer financial services government enforcement actions – The CFPB and beyond” at the Government Investigations & Civil Litigation Institute Annual Meeting
- Jonice Gray Tucker to discuss "Consumer financial services" at the Practising Law Institute Banking Law Institute
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek