InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Federal Reserve Issues Guidance Regarding Roles of Bank Boards, Requests Comments on New SIFI Rating System
Guidance Regarding Roles of Bank Boards.
On August 3, the Federal Reserve (Fed) took an important step towards easing the heavy regulatory burden placed on the boards of directors at the largest U.S. banking organizations, when it issued for public comment a corporate governance proposal intended to “enhance the effectiveness of boards of directors” and “refocus the Federal Reserve supervisory expectations for the largest firms’ boards of directors on their core responsibilities, which will promote the safety and soundness of the firms.”
The proposal is a result of a multi-year review conducted by the Fed of practices of boards of directors, particularly at the largest banking institutions. The Fed focused on the challenges boards face, the factors that make boards effective, and the ways in which boards influence the safety and soundness of their firms and promote compliance within. The key takeaways of this review included:
- supervisory expectations for boards of directors and senior management have become increasingly difficult to distinguish;
- boards devote a significant amount of time satisfying supervisory expectations that do not directly relate to board’s core responsibilities; and
- boards of large financial institutions face significant information flow challenges, which can result in boards being overwhelmed by the complexity and quantity of information received.
The Fed expects that these issues can be remediated by allowing banks to refocus on their core responsibilities, including: (i) developing the firm’s strategy and risk tolerance; (ii) overseeing senior management and holding them accountable for effective risk management and compliance; (iii) supporting the independence of the firm’s independent risk management and internal audit functions; and (iv) adopting effective governance practices.
In April, Fed Governor Jerome Powell indicated that the financial crisis led to a “broad increase in supervisory expectations” for these boards of directors, but cautioned that the Fed needs to “ensure that directors are not distracted from conducting their key functions by overly detailed checklist of supervisory process requirements.” Explaining that the Fed was reassessing its supervisory expectations for boards, Powell stated “it is important to acknowledge that the board’s role is one of oversight, not management.”
The proposed guidance better distinguishes the supervisory expectations for boards from those of senior management, and includes new criteria by which the Fed will assess bank boards. The Fed describes effective boards as those which:
- set clear, aligned, and consistent direction regarding the firm’s strategy and risk tolerance;
- actively manage information flow and board discussions;
- hold senior management accountable;
- support the independence and stature of independent risk management and internal audit; and
- maintain a capable board composition and governance structure.
The proposal also clarifies expectations regarding internal communications within firms for communicating supervisory findings internally, stating that for all supervised firms, most supervisory findings should be communicated to the firm's senior management for corrective action, rather than to its board of directors. Such findings would only be directed to the board for corrective action when the board needs to address its corporate governance responsibilities or when senior management fails to take appropriate remedial action.
While the proposal does not address all of the post-crisis challenges faced by bank boards, it is a welcome message to the industry that the Fed recognized the need to recalibrate their expectations. The proposal also identifies existing supervisory expectations for boards of directors that could be eliminated or revised and notes that the Fed intends to continue assessing whether its expectations of bank boards require further changes.
New SIFI Rating System.
On August 3, the Fed also issued for public comment a new risk rating system for Large Financial Institutions (“LFI”s) that would replace the RFI rating system for bank holding companies with total consolidated assets of $50 billion or more; non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $50 billion or more; and U.S. intermediate holding companies of foreign banking organizations established pursuant to the Fed’s Regulation YY. (The Fed will continue to use the same RFI rating system that has been in place since 2004 to evaluate community and regional bank holding companies.)
The LFI rating system is designed to evaluate LFIs on whether they possess sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. The system would consist of three chief components:
- Governance and Controls
- board of directors
- management of core business lines and independent risk management and controls and
- recovery planning (for domestic bank holding companies subject to LISCC);
- Capital Planning and Positions; and
- Liquidity Risk Management and Positions.
The Governance and Control component would evaluate a LFI’s effectiveness in ensuring that the firm’s strategic business objectives are safely within the firm’s risk tolerance and ability to manage the accordant risk. The component will focus on LFIs’ effectiveness in maintaining strong, effective and independent risk management and control functions, including internal audit and compliance, and providing for ongoing resiliency.
The second and third components are intended to incorporate LFI supervision activities, including CCAR and CLAR, which will be directly reflected within the respective component ratings–resulting in a more comprehensive supervisory approach than the RFI rating system which did not incorporate the results of those supervisory activities.
Each LFI would receive a component rating using a multi-level scale (Satisfactory/Satisfactory Watch, Deficient-1 and Deficient-2). “Satisfactory Watch” would indicate that a firm is generally considered safe and sound, however certain issues require timely resolution. Any Deficiency rating would result in that LFI being considered less than “well managed.”
NYDFS Launches New Cybersecurity Portal, Sets Compliance Deadlines
On July 31, the New York Department of Financial Services (NYDFS) announced the launch of an online cybersecurity portal for businesses to securely report cybersecurity events as required by the state’s cybersecurity regulation that took effect March 1. (See previous InfoBytes summary here.) The regulation, Cybersecurity Requirements for Financial Services Companies, requires all banks, insurance companies, and other financial services institutions regulated by NYDFS to establish and maintain cybersecurity programs to safeguard consumers’ private data. The cyber portal is designed to facilitate easy reporting of cybersecurity events and will allow regulated entities to file compliance certifications. Starting August 28, 2017, all entities required to comply with NYDFS cybersecurity regulations “must file certain notifications to the [Financial Services] Superintendent including notices of certain cybersecurity events within 72 hours from a determination that a reportable event has occurred.” A cybersecurity event is reportable if it: (i) “impacts the covered entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body”; or (ii) “has a reasonable likelihood of materially harming any material part of the normal operation(s) of the covered entity.” Additionally, covered entities are required to file a certificate of compliance confirming compliance for the previous calendar year no later than February 15, 2018.
OCC, Federal Reserve Solicit Public Comments on Volcker Rule
On August 2, the OCC announced it is seeking public comments on ways to improve regulations implementing the Volcker Rule, however the agency stressed it is not seeking comment on changes to the underlying statute. The draft notice outlines issues with the rule, which bans banks from engaging in proprietary trading and restricts their ownership of certain funds, explaining that there is “broad recognition that the final rule [implementing the Volcker Rule] should be improved both in design and in application.” Referring to the Treasury Department’s June 2017 report, which identified problems with the design of the final rule and offered recommendations for revision, the OCC’s notice asked for suggestions on how to improve implementation with the understanding that any revisions would require a joint undertaking by the OCC, Board of Governors of the Federal Reserve System, the FDIC, and consultation with the SEC and the CFTC. Specifically, the notice seeks comments in the following four areas: (i) scope of entities subject to the final rule; (ii) proprietary trading prohibitions; (iii) covered fund prohibitions; and (iv) requirements for compliance program and metrics reporting.
Comments must be received within 45 days from publication in the Federal Register.
Separately, on August 2, the Board of Governors of the Federal Reserve System (Fed) issued a notice seeking comment on whether to extend for three years the Reporting, Recordkeeping, and Disclosure Requirements Associated with Proprietary Trading and Certain Interests in and Relationships with Covered Funds (Regulation VV). Regulation VV imposes information reporting requirements on certain banks engaged in significant trading activities, to ensure compliance with the Volcker Rule. Among other things, the Fed invited comment on whether the proposed collection of information is necessary and has practical utility, and ways to enhance the quality, utility, and clarity of the collected information, while minimizing the burden on respondents. In its notice, the Fed stated that the information collection “is required in order for covered entities to obtain the benefit of engaging in certain types of proprietary trading or investing in, sponsoring, or having certain relationships with a hedge fund or private equity fund, under the restrictions set forth in [the Volcker Rule].”
Comments must be received by October 2, 2017.
President Trump Signs Into Law New Sanctions Against North Korea, Iran, and Russia
On August 2, President Trump signed into law a bipartisan bill placing new sanctions on Iran, Russia, and North Korea. The House passed the sanctions by a vote of 419-3, while the Senate cleared it 98-2. The Countering America's Adversaries Through Sanctions Act (H.R. 3364) is comprised of three bills:
- Korean Interdiction and Modernization of Sanctions Act. The sanctions modify and increase President Trump’s authority to impose sanctions on persons in violation of certain United Nations Security Council resolutions regarding North Korea. Specifically, U.S. financial institutions shall not “knowingly, directly or indirectly,” facilitate or maintain correspondent accounts with North Korean or other foreign financial institutions that provide services to North Korea, or execute a transfer of funds or property “that materially contributes to any violation of an applicable United National Security Council resolution.” A foreign government that provides to or receives from North Korea a defense article or service is prohibited from receiving certain types of U.S. foreign assistance. The sanctions concern: (i) shipping and cargo restrictions; (ii) cooperation between North Korea and Iran pertaining to the countries’ weapon programs; (iii) forced labor and trafficking victims, including goods produced by forced labor; and (iv) foreign persons that employ North Korean forced laborers. Furthermore, the Secretary of State is directed to submit a determination regarding whether North Korea meets the criteria for designation as a state sponsor of terrorism no later than 90 days after the Act has been enacted.
- Countering Iran's Destabilizing Activities Act of 2017. The sanctions—intended to deter Iranian activities and threats affecting the U.S. and key allies—include: (i) assessments of Iran’s conventional force capabilities such as its ballistic missile or weapons of mass destruction programs; (ii) prohibitions on the sale or transfer of military equipment and sanctions against Iran’s Islamic Revolutionary Guard Corps and any affiliated foreign persons; (iii) programs to be undertaken by the U.S. and other foreign governments to counter destabilizing activities; and (iv) prohibitions on any activity that provides “financial, material, technological, or other support for goods or services in support” of the identified programs or persons. The sanctions also block any property or interests in property of any designated person “if such property and interests in property are in the [U.S.], come within the [U.S.], or are or come within the possession or control of a [U.S.] person.” The law allows President Trump to impose sanctions against persons committing human rights violations against Iranian citizens, and also grants him the ability to “temporarily waive the imposition or continuation of sanctions under specified circumstances.”
- Countering Russian Influence in Europe and Eurasia Act of 2017. Under the new sanctions, notwithstanding sanctions passed under President Obama’s administration, Congress will review President Trump’s proposed actions to terminate or waive sanctions with respect to Russia and determine whether the actions will or will not “significantly alter [U.S.] foreign policy with regard to the Russian federation.” Additionally, the President may, at his discretion, waive specified cyber- and Ukraine-related sanctions if submitted to the appropriate congressional committees and “is in the vital national security interests of the [U.S.].” The sanctions concern the following: (i) cybersecurity; (ii) crude oil projects; (iii) Russian and foreign financial institutions; (iv) corruption; (v) human rights abuses; (vi) evasion of sanctions; (vii) transactions with Russian intelligence or defense sectors; (viii) pipeline developments; (ix) privatization of state-owned assets by the Russian federation; and (v) arms and related material transfers to Syria. The sanctions further detail financial transaction loan and credit restrictions between U.S. and international financial institutions and sanctioned persons—including directives related to financing new debt—and place prohibitions on sanctioned financial institutions. Among other things, the sanctions direct the development of a national strategy for combating the financing of terrorism and other types of illicit financing.
UNCITRAL Adopts Legal Framework for Electronic Records Use
On July 13 the United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on Electronic Transferable Records (MLETR). If broadly enacted by nations, the MLETR would provide uniform legal framework for the use of electronic records in connection with transferable records—including bills of lading, bills of exchange, promissory notes and warehouse receipts. By establishing uniform standards under which electronic records of such documents may be the equivalent to paper, the MLETR has the potential to streamline international commerce and provide a higher level of security over paper documents. The model law, among other things, addresses standards for establishing control of an electronic record as the equivalent of possession of a paper instrument, as well as guidance for establishing the reliability of systems and methods used for the generation and transfer of such records. Like the UETA and ESIGN in the United States, the MLETR is meant to be technology-neutral and is designed to work within the framework of existing laws governing transferable records. The full text of the final MLETR and an accompanying Explanatory Note (akin to official comments) will be available here.
Fourth Circuit Affirms SCRA Does Not Apply to Mortgage Loan Incurred During Service
In an opinion handed down on July 17, the U.S. Court of Appeals for the Fourth Circuit ruled that the Servicemembers Civil Relief Act (SCRA) does not apply to a mortgage loan obligation incurred during a borrower’s military service, even if the obligation was incurred during an earlier, distinct period of military service. At issue was the SCRA’s requirement that lenders obtain a court order before foreclosing on or selling property owned by a current or recent servicemember if the mortgage obligation “originated before the period of the servicemember’s military service.”
The case concerned a borrower who had financed the purchase of a house while serving in the Navy. After his discharge from the Navy, he defaulted on his mortgage loan. The borrower then enlisted in the Army, and shortly thereafter, the bank sold the borrower’s house—without prior court approval—at a foreclosure sale. The borrower signed a move-out agreement and addendum that affirmatively waived “any rights and protections provided by [SCRA] with respect to” the deed and foreclosure sale.
More than five years after the foreclosure sale, the borrower filed a lawsuit against the bank, alleging that the foreclosure sale was invalid under SCRA. The district court granted summary judgment for the bank, ruling that “[b]ecause it is undisputed that [the borrower’s] mortgage originated while he was in the military, that obligation does not qualify under [SCRA].” Specifically, the district court reasoned that the SCRA is “designed to ensure that servicemembers do not suffer financial or other disadvantages as a result of entering the service . . . by shielding servicemembers whose income changes as a result of their being called to active duty, and who therefore can no longer keep up with obligations negotiated on the basis of prior levels of income.” “Such a change in income and lifestyle,” the district court explained, “was not a factor in [the borrower’s] case, as the mortgage at issue here originated while he was already in the service.”
The Fourth Circuit adopted the district court’s reasoning in a 2-1 decision. In dissent, Judge King contended that the majority’s ruling was contrary to the SCRA’s plain, unambiguous language. Judge King further reasoned that, even if the SCRA’s language was ambiguous, the borrower would still prevail because the SCRA must be liberally construed to protect servicemembers.
Of note, because of its ruling, the district court did not address the bank’s alternative argument that the borrower had waived his rights under the SCRA by executing the addendum to his move-out agreement.
CFPB Fines National Bank $4.6 Million for FCRA Violations
On August 2, the CFPB ordered a national bank to pay $4.6 million for allegedly failing to establish adequate policies and procedures for providing consumer deposit account information to nationwide specialty consumer reporting agencies (NSCRAs). The consent order alleges that the bank violated the Fair Credit Reporting Act and Regulation V by failing to provide consumers the results of investigations into their disputes and by withholding the contact information for the consumer reporting company supplying the information used to deny a checking account application. Pursuant to the consent order, in addition to the civil money penalty, the bank must (i) implement policies and procedures to ensure NSCRAs receive accurate consumer deposit account information; (ii) provide consumers with the results of its dispute investigations concerning information furnished to NSCRAs; and (ii) give consumers NSCRA contact information in situations of adverse action.
FTC to Use Consumer Complaints to Help End Robocalls
On August 1, the FTC announced a new initiative to help stop the practice of illegal robocalls. According to the FTC, more than 1.9 million complaints regarding unwanted robocalls were received from January through May of this year, making it the FTC’s number one complaint category. Under the new initiative, using information received from consumer complaints, the FTC will release reported robocall phone numbers each day to telecommunications carriers and other industry partners currently implementing call-blocking solutions and will include information such as the date and time the call was received and the nature of the call. “The consumer complaint data is crucial because many of today’s call-blocking solutions rely on ‘blacklists’—databases of telephone numbers that have received significant consumer complaints—as one way to determine which calls should be blocked or flagged before they reach consumers’ phones,” the FTC stated.
CFPB Monthly Complaint Report Focuses on Consumer Complaint Process
On August 1, the CFPB released a special edition of its monthly complaint report, highlighting company and consumer responses to the Bureau’s consumer complaint process. According to the Bureau, it has handled over 1.2 million complaints from 2011 through July 1 of this year. In the last three years, debt collection, credit reporting, and mortgage complaints were the top three consumer complaint categories. The report illustrates the handling of a consumer complaint:
- Consumer Resource Centers answer questions about consumer financial products and services and provide status updates on existing complaints;
- The CFPB states that companies receive complaints typically within a day, and that within 15 days, consumers generally receive a response in one of the following four categories: (i) closed with monetary relief; (ii) closed with non-monetary relief; (iii) closed with explanation; and (iv) closed. The Bureau states that companies have provided “timely responses to approximately 97% of complaints”;
- Consumers can check the status of their complaints through the Bureau’s portal, review responses received from the company, and provide feedback on the company’s response.
Consumer feedback, the CFPB stated, primarily concerns disputes regarding companies’ responses. Among the dispute categories, 23 percent related to mortgages, 22 percent to consumer loans, and 20 percent to credit cards. The Bureau reported that negative and positive feedback is used to improve the complaint process.
SEC Reaches Settlement with Broker-Dealer Over Alleged Sale of Unregistered Stocks and Failure to File SARs
On July 28, the SEC announced it had reached a settlement in an administrative proceeding against a broker-dealer firm for allegedly selling hundreds of millions of unregistered penny stock shares and failing to file Suspicious Activity Reports (SARs) for over $24.8 million in suspicious transactions with the Financial Crime Enforcement Network. Bank Secrecy Act regulations require a broker-dealer to file SARs if it “knows, suspects, or has reason to suspect that the transaction . . . involves funds derived from illegal activity or is intended . . . to hide or disguise funds” to evade anti-money laundering (AML) rules. A broker-deal must also file SARs if there is no apparent lawful purpose for the transaction or if the transaction is to facilitate criminal activity. According to the settlement, the firm’s actions violated the Securities Act and Exchange Act. In addition to being censured and agreeing pay a $200,000 penalty, the firm will no longer accept the deposit of stocks valued under $5.00 and will retain an independent consultant to assist with mandatory enhancements to the firm’s AML policies and procedures.