Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • OCC Updates Guidance on Violations of Laws and Regulations in Comptroller’s Handbook

    Federal Issues

    On May 23, the OCC issued OCC Bulletin 2017-18 announcing updated guidance on its policies and procedures regarding violations of laws and regulations for its examiners. The updates will be reflected in its “Bank Supervision Process,” “Community Bank Supervision,” “Federal Branches and Agencies Supervision,” and “Large Bank Supervision” booklets as well as other sections of the Comptroller’s Handbook and internal guidance. According to the Bulletin, an International Peer Review Report from 2013 noted that the OCC could improve its supervisory effectiveness. In response, the OCC released Bulletin 2014-52 to address the report’s concerns. These latest updates are an extension of the 2014 Bulletin to support the OCC’s mission of ensuring a safe and sound federal banking system by “emphasizing timely detection and correction of violations before they affect a bank’s condition.”

    The OCC’s updated guidance implements certain goals and practices, including:

    • ensuring the consistency of the purpose, processes, and procedures within and across all OCC lines of business, including: community, midsize, and large banks; federal branches and agencies; and banks overseen by the OCC’s Special Supervision group;
    • communicating violations using a consistent format such as: (i) using legal citation and description; (ii) summarizing relevant statutory or regulatory requirements; (iii) including facts supporting the violation and root causes; (iv) outlining required corrective actions; and (v) noting commitments to corrective action by board and management;
    • reinforcing the importance of timely and thorough follow-up and tracking of bank management’s corrective actions and milestones;
    • conveying the relationship of violations to “matters requiring attention, CAMELS/ITCC or ROCA ratings, and the bank’s risk appetite and profile;” and
    • emphasizing the need for examiners to timely and effectively communicate with the bank’s board of directors and management team as well as with OCC supervisors.

    The policy goes into effect July 1, 2017.

    Federal Issues OCC Bank Supervision Community Banks

  • DOL Announces No Additional Delay for Fiduciary Rule

    Securities

    On May 22, the U.S. Department of Labor (DOL) issued a news brief providing  Fiduciary Rule guidance in anticipation of the upcoming June 9 partial effectiveness date. The Fiduciary Rule—a 2016 final rule expanding the definition of who qualifies as a “fiduciary” under ERISA and the Internal Revenue Code—will go into effect as planned with full implementation on January 1, 2018. DOL Secretary Alexander Acosta wrote in a Wall Street Journal op-ed that the Administrative Procedures Act, which governs federal rulemaking, would not allow a further delay. “We...have found no principled legal basis to change the June 9 date while we seek public input,” Acosta wrote. “Respect for the rule of law leads us to the conclusion that this date cannot be postponed.” The DOL’s release also includes Frequently Asked Questions, which provides clarification on the release dates of the provisions and related prohibited transaction exemptions. Although Acosta declined to authorize a further delay, he said that the DOL will continue its review of the final rule pursuant to the President’s February 3 Presidential Memorandum on Fiduciary Duty Rule. (See previous InfoBytes summary here.)

    Notably, the DOL asserted that its general approach to implementation will be marked by an emphasis on compliance assistance (rather than citing violations and imposing penalties). Accordingly, during the phased implementation period, the DOL will not pursue claims against “fiduciaries who are working diligently and in good faith to comply with the fiduciary duty rule and exemptions,” or treat those fiduciaries as being in violation of the fiduciary duty rule and exemptions.

    Securities Department of Labor DOL Fiduciary Rule

  • NYDFS Issues Interpretative Guidance Regarding Banking Law Approval Requirements

    Agency Rule-Making & Guidance

    On May 22, the New York State Department of Financial Services (NYDFS) announced it was issuing interpretative guidance regarding the New York Banking Law requirement that mandates prior NYDFS approval for an acquisition or change of control of a banking institution. The guidance was released in response to a request by the New York Bankers Association amid concerns that some investors have been developing non-transparent methods of acquiring and controlling banking institutions without obtaining NYDFS’ review and approval. According to the guidance, “control” is achieved by having direct or indirect power to direct or cause the direction of a banking institution’s management and policies through the ownership of voting stocks or otherwise, and that control is achieved when individuals or entities work together or act in concert to acquire control of a banking institution but with each individual or entity staying below the threshold required for seeking NYDFS’ prior review and approval. The Superintendent of Financial Services, Maria T. Vullo issued a reminder to state-chartered banks that “all proposed changes of control in any banking institution must be submitted to the Department for prior approval under our mandate to safeguard the institutions we supervise and regulate, and to protect the public they serve.”

    The guidance was released the same day Vullo testified at a New York State Assembly hearing on the “Practices of the Online Lending History,” which sought to “explore . . . predatory online lending practices which need to be mitigated, and potential regulatory or legislative action which may be needed to address [this issue].” Vullo urged legislators to clarify the statutory definition of “making loans” to include a wider range of companies and “to include situations where an entity, in addition to soliciting a loan, is arranging or facilitating the funding of a loan, or ultimately purchasing or acquiring the loan.”

    Agency Rule-Making & Guidance Online Lending NYDFS

  • New York AG Settles Charges with Tech Company Over WiFi Lock Vulnerabilities

    Privacy, Cyber Risk & Data Security

    On May 22, New York Attorney General Eric T. Schneiderman announced that a Utah-based tech company agreed to settle allegations that, among other things, its wireless doors and padlocks failed to protect consumers’ personal information, leaving consumers vulnerable to hacking and theft. This action marks the first time the Attorney General’s office has taken legal action against a wireless security company for failing to protect private data. Results from an August 2016 study, conducted by independent security researchers, reveal that the tech company’s Bluetooth-enabled locks “transmitted passwords between the locks and the user’s smartphone . . . without encryption” and also contained “weak default passwords.” Both issues allowed perpetrators to intercept passwords and undo the locks. Under the terms of the settlement, the company agreed to reform its data security practices and implement a comprehensive security program.

    Privacy/Cyber Risk & Data Security Enforcement State Attorney General

  • California-Based Financial Institution Reaches Agreement with DOJ, Forfeits More Than $97 Million for Bank Secrecy Act Violations

    Financial Crimes

    On May 22, the U.S. Department of Justice announced that a California-based financial institution and its parent company have agreed to forfeit over $97 million to resolve an investigation into alleged Bank Secrecy Act (BSA) violations. The May 18 agreement between the Bank and the DOJ included a Statement of Facts in which the Bank admitted to criminal violations for willfully failing to maintain an effective anti-money laundering compliance program with appropriate policies, procedures, and controls to guard against money laundering, as well as willfully failing to file suspicious activity reports (SARs). It further admitted that from at least 2007 until at least 2012, it processed more than 30 million remittance transactions to Mexico with a total value of more than $8.8 billion, but, while its monitoring system issued more than 18,000 alerts involving more than $142 million in potentially suspicious remittance transactions, it conducted fewer than 10 investigations and filed only nine SARs. Notably, the nine SARs covered only 700 transactions totaling overall approximately $341,307. Furthermore, the financial institution recognized that over the same time period it needed to improve its monitoring of its money services businesses’ (MSBs) remittances but failed to provide appropriate staffing and resources, which led to its BSA department being unable to “conduct appropriate transaction monitoring.” This resulted in a failure to file SARs on suspicious remittance transactions. Although the financial institution recognized the need to enhance its monitoring process as early as 2004, it continued to expand its MSB business without adding staffing resources and failed to make necessary improvements to its transaction monitoring controls.

    However, the DOJ stated its decision to enter into a non-prosecution agreement with the financial institution was based on evidence of extensive remedial actions. According to the DOJ’s press release, the financial institution devoted significant resources to remediation of its BSA and anti-money laundering (AML) deficiencies, exited its MSB business entirely, and ultimately ceased all banking operations. It was further credited for its cooperation with the DOJ’s criminal investigation by: (i) providing factual presentations; (ii) voluntarily making available foreign-based employees for interviews in the U.S.; (iii) producing foreign documents without implicating foreign data privacy laws; and (iv) collecting, analyzing, and organizing voluminous evidence and information for the DOJ. Under the terms of the agreement, the financial institution and its parent company have agreed to fully cooperate in this and any future DOJ investigations relating to violations of the BSA and AML statutes, as well as report, for a period of one year, any evidence or allegations of such violations. The parent company has also agreed to report to the DOJ “regarding [the] implementation of compliance measures to improve oversight of its subsidiaries’ BSA compliance.”

    Financial Crimes Anti-Money Laundering Bank Secrecy Act DOJ SARs

  • U.S. Retailer Settles States’ Investigation Over 2013 Data Breach, Fined $18.5 Million in Settlement

    Privacy, Cyber Risk & Data Security

    On May 23, a major U.S. retailer reached an $18.5 million settlement with 47 states and the District of Columbia to resolve the states’ investigation into the retailer’s 2013 data breach, which affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. According to multiple state attorneys general, this represents the largest multistate data breach deal to date. According to the states’ investigation, the November 2013 security breach occurred when cyberattackers accessed the retailer’s customer service database to install malware that was able to capture consumers’ personal information, including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, CVV1 codes, and encrypted debit PINs. Under the terms of the Assurance of Voluntary Compliance, the retailer agreed to do the following, including:

    • develop, implement, and maintain a comprehensive Information Security Program (Program) and required safeguards;
    • employ an executive or officer with information security experience responsible for executing the Program and advising the CEO and Board of Directors of security-related issues;
    • develop and implement risk-based policies and procedures for auditing vendor compliance with the Program;
    • maintain and support software on its network for data security purposes;
    • maintain appropriate encryption policies, particularly as they pertain to cardholder and personal information data;
    • segment its cardholder data environment from the rest of its computer network;
    • undertake steps to control access to its network, including implementing password rotation policies and two-factor authentication;
    • deploy and maintain a file integrity monitoring solution; and
    • hire a third-party to conduct a comprehensive security assessment.

    The majority of the terms last five years.

    States involved issued press releases announcing their portions of the settlement. California Attorney General Xavier Becerra stated that California will be receiving more than $1.4 million from the settlement, the largest share of any state. Illinois, which co-led the investigation with the state of Connecticut, will receive more than $1.2 million from the settlement, according to Attorney General Lisa Madigan, who stated, “Today’s settlement . . . establishes industry standards for companies that process payment cards and maintain secure information about their customers.” Connecticut Attorney General George Jepsen noted that the retailer “deserves credit for its actions in response to this breach, including its cooperation with our investigation and negotiations that led to this settlement. I'm also hopeful that this settlement will serve to inform other companies as to what is expected of them in terms of the security of their consumers' information.”

    Privacy/Cyber Risk & Data Security Enforcement State Attorney General

  • SFO Charges Additional Individual Defendant in Connection with German-Based Company North Sea Investigation

    Financial Crimes

    The United Kingdom’s Serious Fraud Office (SFO) has reportedly charged the former chief commercial officer of a German-based company with two counts of conspiracy to make corrupt payments to assist the company with attaining or retaining contracts for freight forwarding services to the North Sea oil exploration project Jasmine. The former executive is the seventh individual charged, in addition to the company, with violations of section 1 of the UK Prevention of Corruption Act 1906 and section 1 of the Criminal Law Act 1977 for alleged conduct between January 2010 and May 2013 in connection with the Jasmine project.

    The charges follow on the heels of separate corruption charges against the company and other individuals related to an Angolan project. Last July, the SFO charged the company and seven individuals with violation of section 1 of the Prevention of Corruption Act 1906 and section 1 of the Criminal Law Act 1977 through conspiring to make corrupt payments between January 2005 and December 2006 to an agent of the Angolan state oil company, Sonangol, in order to facilitate the company’s freight forwarding business operations and contracts in Angola.

    Financial Crimes FCPA Enforcement Action UK Prevention of Corruption Act UK Serious Fraud Office

  • Treasury Secretary Mnuchin Testifies Before Senate Banking Committee, Provides Overview of Policies and Goals

    Federal Issues

    On May 18, the Senate Committee on Banking, Housing, and Urban Affairs held a hearing entitled “Domestic and International Policy Update” with U.S. Treasury Secretary Steven Mnuchin—his first hearing since being sworn in. Committee Chairman Mike Crapo (R-Idaho) opened the full committee hearing asserting that “[w]e want our nation’s banks to be well-capitalized and well-regulated, without being drowned by unnecessary compliance costs. Undue regulation chills innovation and imposes significant and unnecessary costs and burdens on financial institutions and companies, often disproportionately on smaller ones.” Sen. Crapo further stressed that “[h]ousing finance reform remains the most significant piece of unfinished business following the crisis, and it is important to build bipartisan support for a path forward.” Ranking member Sherrod Brown (D-Ohio) likewise delivered opening remarks. Sen. Brown stated that regulation improvements for banks, shadow banks, and the financial services industry must be “based on facts” and that a better way to improve the economy and create jobs would be through “an effective means like infrastructure investment” rather than the “thoroughly discredited” trickle down approach.

    Mnuchin was the only witness at the May 18 hearing, offering testimony and answering questions concerning, among other things, (i) currency manipulation; (ii) the establishment of a “Monitoring List” of closely watched economies; (iii) comprehensive tax reform (stating that a goal of 3 percent GDP or higher is “achievable if we make historic reforms to both taxes and regulation”); (iv) regulatory reform (noting that the Treasury’s initial report will offer “recommendations to provide relief for community banks and make regulations more efficient and effective and appropriately tailored”); (v) imposing sanctions and efforts to combat terrorist activities and financing; and (vi) housing finance reform (maintaining that Treasury plans to work with Congress to ensure both ample credit for housing and that taxpayers are not put at risk).

    Mnuchin faced questions from several Senators after he testified, including Sens. Jon Tester (D-Mont.), Catherine Cortez Masto (D-Nev.), and Bob Corker (R-Tenn). In response Sen. Tester’s question as to whether Mnuchin could commit that the President’s tax relief plan would not add to the debt, Mnuchin replied that “any plan that we put forward we believe should be paid for with economic growth.” Sen. Cortez Masto asked what the Treasury was doing about the Trump Administration’s lack of focus on policies supporting American consumers and homeowners, questioning, “Why doesn’t President Trump’s Executive Order that rolls back Wall Street reforms mention consumer or investor protection even once? Why doesn’t it direct you to consider the financial needs of borrowers, students, service-members, seniors, homeowners?” Accordingly, Sen. Corker asked whether Mnuchin is "strongly committed to finally dealing with housing finance reform in an appropriate way,” to which Mnuchin replied, “My strong preference is to do it through congressional action.”

    Federal Issues Department of Treasury Senate Banking Committee

  • Florida Attorney General Rolls Out Military Consumer Protection Program; CFPB Publishes Annual Servicemember Report

    Consumer Finance

    On May 17, Attorney General Pam Bondi announced a new consumer protection program designed to spread awareness and help prevent deceptive business practices affecting military and veteran communities. The Military and Veterans Assistance Program (MVAP) will provide resources and information to consumers on emerging scams and other consumer protection related issues, as well as encourage open communication among local, state, and federal partners to help ensure complaints are handled appropriately.

    On May 16, the CFPB’s Office of Servicemember Affairs (OSA) published its fifth annual servicemember report, The Office of Servicemember Affairs: Charting our course through the military lifecycle, and a follow-up blog post outlining the work the office has conducted over the past five years and the work it intends to do in the future. The structure of the report—designed to be presented within the construct of the “military lifecycle”—presents the ways that “many common and some uniquely-military consumer issues . . . fit within that continuum.” Under the Dodd-Frank Act, OSA monitors servicemember complaints about consumer financial products or services and coordinates with the efforts of federal and state agencies to improve measures and provide assistance. As of April 1, 2017, the OSA reports that it has handled approximately 74,800 complaints submitted by servicemembers, veterans, and their families since July 2011, of which 42 percent related to debt collection, 18 percent to mortgages, and 11 percent to credit reporting. In total, the OSA claims it has provided approximately $3.3 million in monetary relief to military consumers who submitted complaints to the CFPB.

    Consumer Finance State Attorney General Consumer Education Servicemembers

  • OIG Recommends CFPB Improve Enforcement Data Security

    Consumer Finance

    On May 15, the Office of Inspector General for the Consumer Financial Protection Bureau issued findings in a report entitled The CFPB Can Improve Its Practices to Safeguard the Office of Enforcement’s Confidential Investigative Information (the Report), stemming from an evaluation to determine whether the Bureau has effective controls to manage and safeguard access to Confidential Investigative Information (CII). The Report found that the Bureau’s practices could be improved. According to the findings, the Bureau’s Office of Enforcement (Office) allowed 113 unique users to have access to databases in which there was CII—which may include personally identifiable information—about companies that were subject to reviews by enforcement staff. Of those 113 users, 72 were still employed by the CFPB but did not have a need for access to that information, the report said.

    Specifically, the OIG determined users continued to have access to at least one electronic application when it was no longer relevant to the performance of the users’ assigned duties. The OIG also cited instances of improper handling and safeguarding of sensitive information and inconsistent naming conventions for matters across its four electronic applications and two internal drives, which impeded the Office’s ability to verify, maintain, and terminate access to files. The OIG noted in the report that during its assessment the Office took several steps to correct these issues.

    The OIG presented the following recommendations: (i) enhance practices for managing access rights to matter folders; (ii) improve the handling of printed sensitive information; and (iii)establish a standard naming convention for electronically stored information.

    Consumer Finance CFPB Federal Reserve OIG

Pages

Upcoming Events