InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC fines national bank for failing to fix BSA deficiencies
On January 4, the OCC issued a consent order assessing a $70 million civil money penalty against a national bank for failing to comply with the agency’s 2012 cease and desist consent order related to Bank Secrecy Act (BSA) and anti-money laundering (AML) deficiencies. The 2012 order cited the bank for, among other things, failing to file suspicious activity reports in a timely manner and weaknesses in controls related to its correspondent banking from deposit capture/international cash letter instrument activity. According to the OCC, the $70 million civil money penalty results from the bank’s failure “to complete corrective actions to address BSA/AML compliance issues as required by the [2012] order.”
NYDFS fines global money service $60 million for AML deficiencies
On January 4, New York Department of Financial Services (NYDFS) ordered one of the largest global money transfer services to pay $60 million for willfully failing to implement an effective anti-money laundering (AML) program. According to the consent order, between 2004 and 2012, three of the company’s New York locations allowed the company’s services to be used to pay debts to human traffickers based in China. Additionally, the order emphasizes that the company was aware of weaknesses in its compliance program for years and failed to implement controls that could have detected and prevented the payments in question. The NYDFS investigation resulted from a January 2017 settlement with the Department of Justice, which found that during the same time period (2004-2012), the company processed hundreds of thousands of transactions for company agents and others involved in an international consumer fraud scheme, as previously covered by InfoBytes. In addition to the fine, the order requires that the company put in place stricter AML compliance measures, including the creation of an Independent Compliance Committee of the Board of Directors.
Chair Giancarlo outlines CFTC approach to virtual currency regulation
On January 4, the Chair of the CFTC, J. Christopher Giancarlo, issued a statement emphasizing the CFTC’s commitment to effectively regulating virtual currency and reiterated the CFTC’s view that virtual currency is a “commodity,” as defined by the Commodity Exchange Act (CEA), and thus is subject to CFTC regulation. Giancarlo noted that it would be irresponsible to ignore virtual currency and that the CFTC is following steps to effectively and responsibly regulate the risks, specifically, “consumer education, asserting CFTC authority, surveilling trading in derivative and spot markets, prosecuting fraud, abuse, manipulation and false solicitation and active coordination with fellow regulators.” Giancarlo’s statement also noted an upcoming meeting of the CFTC Technology Advisory Committee to discuss virtual currencies on January 23.
The CFTC also published a backgrounder on the oversight of the virtual currency futures market, which describes the “heightened review” for the self-certification process as applied to virtual currency futures products, and explains the extent to which the CFTC “not only has clear legal authority, but now also will have the means to police certain underlying spot markets for fraud and manipulation.”
Agencies finalize plans to further streamline Call Reports
On January 3, the Federal Reserve Board, FDIC, and OCC (agencies)—as members of the Federal Financial Institutions Examination Council (FFIEC)—announced finalized plans to reduce data reporting requirements and other regulatory requirements associated with the Consolidated Reports of Condition and Income (Call Reports) for financial institutions. According to the FFIEC, after reviewing comments related to the joint June 2017 proposal, the finalized changes will include:
- Reducing or remove the reporting frequency for approximately seven percent of the data items required on the Call Report for small institutions, effective June 30, 2018; and
- Revising Call Report schedules to align with the changes in accounting for equity securities, effective March 21, 2018.
The FFIEC noted that the agencies will not proceed with their June 2017 proposal to revise the instructions for determining past due status.
In addition to the June 2017 proposal, previous requests for proposed burden-reducing Call Report revisions were submitted by the agencies in August 2016 and November 2017 (see InfoBytes’ coverage of the August request here and the November request here).
Buckley Sandler Insights: Fed's LFI Risk Management Principles Open for Comments
On January 4, the Federal Reserve (Fed) issued for public comment proposed guidance setting forth core principles of effective risk management for Large Financial Institutions (“LFI”s) (“Risk Management proposal”). Given that it is increasingly likely that Congress will release financial institutions with assets below $250 billion from “SIFI” designation, the Fed’s guidance yesterday is a further effort to ensure that risk at LFIs will continue to be managed well even after many of them are no longer subject to other SIFI obligations. The proposal would apply to domestic bank holding companies and savings and loan holding companies with total consolidated assets of $50 billion or more; the U.S. operations of foreign banking organizations (“FBOs”) with combined U.S. assets of $50 billion or more; and any state member bank subsidiary of these institutions. The proposal would also apply to any systemically important nonbank financial company designated by the Financial Stability Oversight Council (“FSOC”) for Fed supervision. The proposed guidance clarifies the Fed’s supervisory expectations of these institutions’ core principals with respect to effective senior management; the management of business lines; and independent risk management (“IRM”) and controls.
The Risk Management proposal is part of the Fed’s broader initiative to develop a supervisory rating system and related guidance that would align its consolidated supervisory framework for LFIs. Last August, the Fed issued for public comment two related proposals: a new rating system for LFIs (“proposed LFI rating system”) and guidance addressing supervisory expectations for board directors (“Board Expectations proposal”). (See previous InfoBytes coverage on the proposals.) The proposed LFI rating system is designed to evaluate LFIs on whether they possess sufficient financial and operational strength and resilience to maintain safe and sound operations through a range of conditions. With regard to the Board Expectations proposal, the January 4 proposal establishes supervisory expectations relevant to the assessment of a firm’s governance and controls, which consists of three chief components: (i) effectiveness of a firm’s board of directors, (ii) management of business lines, independent risk management and controls, and (iii) recovery planning. This guidance sets forth the Fed’s expectations for LFIs with respect to the second component—the management of business lines and IRM and controls, and builds on previous supervisory guidance. In general, the proposal “is intended to consolidate and clarify the [Fed’s] existing supervisory expectations regarding risk management.”
The January 4 release delineates the roles and responsibilities for individuals and functions related to risk management. Accordingly, it is organized in three parts: (i) core principals of effective senior management; (ii) core principals of the management of business lines; and (iii) core principles of IRM and controls.
Senior Management
The Risk Management proposal defines senior management as “the core group of individuals directly accountable to the board of directors for the sound and prudent day-to-day management of the firm.” Two key responsibilities of senior management are overseeing the activities of the firm’s business lines and the firm’s IRM and system of internal control. The proposed guidance highlights the principle that: Senior management is responsible for managing the day-to-day operations of the firm and ensuring safety and soundness and compliance with internal policies and procedures, laws and regulations, including those related to consumer protection.
Management of Business Lines
The proposal refers to “business line management” as the core group of individuals responsible for prudent day-to-day management of a business line and accountable to senior management for that responsibility. For LFIs that are not subject to supervision by the Large Institution Supervision Coordinating Committee (“LISCC”) these expectations would apply to any business line where a significant control disruption, failure, or loss event could result in a material loss of revenue, profit, or franchise value, or result in significant consumer harm.
A firm’s business line management should:
- Execute business line activities consistent with the firm’s strategy and risk tolerance.
- Identify, measure, and manage the risks associated with the business activities under a broad range of conditions, incorporating input from IRM.
- Provide a business line with the resources and infrastructure sufficient to manage the business line’s activities in a safe and sound manner, and in compliance with applicable laws and regulations, including those related to consumer protection, as well as policies, procedures, and limits.
- Ensure that the internal control system is effective for the business line operations.
- Be held accountable, with business line staff, for operating within established policies and guidelines, and acting in accordance with applicable laws, regulations, and supervisory guidance, including those related to consumer protection.
Independent Risk Management and Controls
The Risk Management proposal describes core principles of a firm’s independent risk management function, system of internal control, and internal audit function. The guidance does not prescribe in detail the governance structure for a firm’s IRM and controls. While the guidance does not dictate specifics regarding governance structure, it does set forth requirements with respect to the roles of the Chief Risk Officer and Chief Audit Executive:
- The CRO should establish and maintain IRM that is appropriate for the size, complexity, and risk profile of the firm.
- The Chief Audit Executive should have clear roles and responsibilities to establish and maintain an internal audit function that is appropriate for the size, complexity and risk profile of the firm.
The proposal requires that a firm’s IRM function be sufficient to provide an objective, critical assessment of risks and evaluates whether a firm remains aligned with its stated risk tolerance. Specifically, a firm’s IRM function should:
- Evaluate whether the firm’s risk tolerance appropriately captures the firm’s material risks and confirm that the risk tolerance is consistent with the capacity of the risk management framework.
- Establish enterprise-wide risk limits consistent with the firm’s risk tolerance and monitor adherence to such limits.
- Identify and measure the firm’s risks.
- Aggregate risks and provide an independent assessment of the firm’s risk profile.
- Provide the board and senior management with risk reports that accurately and concisely convey relevant, material risk data and assessments in a timely manner.
With regard to internal controls, the proposed guidance builds upon the expectations described in the Fed’s Supervisory Letter 12-17. A firm should have a system of internal control to guide practices, provide appropriate checks and balances, and confirm quality of operations. In particular, the guidance states that a firm should:
- Identify its system of internal control and demonstrate that it is commensurate with the firm’s size, scope of operations, activities, risk profile, strategy, and risk tolerance, and consistent with all applicable laws and regulations, including those related to consumer protection.
- Regularly evaluate and test the effectiveness of internal controls, and monitor functioning of controls so that deficiencies are identified and communicated in a timely manner.
With respect to internal audit, the proposed guidance does not expand upon the Fed’s expectations; rather it references existing supervisory expectations. The proposed guidance highlights that a firm should adhere to the underlying principle that its internal audit function should examine, evaluate, and perform independent assessments of the firm’s risk management and internal control systems and report findings to senior management and the firm’s audit committee.
Comments on the Fed’s proposed guidance are due by March 15.
Singapore-Based Shipyard Operator Agrees to $422 Million Penalty to Resolve Foreign Bribery Case
On December 22, 2017, Singapore-based shipyard operator and shipping vessel repair company, and its wholly owned U.S. subsidiary, agreed to pay a combined total penalty of $422 million to resolve foreign bribery charges by the DOJ. Authorities in the United States, Brazil, and Singapore alleged that the companies engaged in a decade-long scheme to pay tens of millions of dollars in bribes to officials in Brazil, including those of a state-owned oil company. As part of the resolution, the company entered into a deferred prosecution agreement while its U.S. subsidiary pleaded guilty, as did a former senior member of the company’s legal department. The settlement is one of the largest FCPA enforcement penalties and also represents DOJ’s first coordinated FCPA resolution with Singapore. The settlement represents a 25 percent reduction off the bottom of the applicable U.S. Sentencing Guidelines fine range due to substantial cooperation by the companies with the investigation and the taking of remedial measures, including disciplining employees and implementing an enhanced compliance system.
$2.95 Billion Settlement Reached in Brazilian Multinational Corporation Class Action
On January 3, 2018, a Brazilian multinational corporation announced that it has agreed to pay $2.95 billion to resolve the securities class action pending in the U.S. District Court for the Southern District of New York regarding the company’s well-known corruption scandal in Brazil. The class action claimed that investors were harmed by alleged corruption when contractors overcharged the company and kicked back some of the overcharges through bribes to the company's officials. Under the proposed settlement, the company has agreed to pay the funds in three installments. The agreement does not constitute any admission of wrongdoing or misconduct by the company and the company claims that this reflects its status as a victim of the acts uncovered in Operation Car Wash, as the corruption investigation in Brazil is known. The settlement agreement is still subject to approval by the District Court.
Past ScoreCard coverage related to the corruption allegations and investigation can be found here.
Mortgage servicer agrees to pay $45 million in nationwide settlement
On January 3, a mortgage servicer entered into a $45 million settlement with 49 state attorneys general and the District of Columbia for alleged mortgage servicing delinquencies. The settlement resolves a complaint, filed on the same day in the D.C. District Court, that alleges that between 2009 and 2012 the servicer, among other things, failed to (i) timely and accurately apply payments; (ii) maintain proper documentation to establish standing for foreclosure; (iii) respond to borrower complaints and reasonable requests for assistance; (iv) properly process loan modification applications; and (v) properly oversee third party vendors responsible for foreclosure operations. The $45 million settlement payment includes $30.4 million in restitution to homeowners; $5 million in attorney’s fees and investigative costs and fees payable to the state attorneys general whose offices led the investigation; and almost $9 million in administrative penalties to state mortgage regulators. In addition to the settlement payments, the settlement also requires the mortgage servicer to comply with a set of “Servicing Standards” outlined in the consent judgment and to submit quarterly reports to the state attorneys general Executive Committee for a period of three years.
In response to the settlement, the mortgage servicer stated that it admits no wrongdoing and is currently using the adopted new Servicing Standards.
Ninth Circuit Rules Banning Credit Card Surcharges Violates First Amendment
On January 3, the U.S. Court of Appeals for the Ninth Circuit issued an opinion affirming a district court decision that a California law banning credit card surcharges violated the First Amendment because it was an unconstitutional restriction of speech and unconstitutionally vague. California Civil Code Section 1748.1(a) prohibits retailers from imposing surcharges on customers who pay with credit cards, but allows businesses to offer discounts for cash or debit card payments. In 2014, plaintiffs challenged the constitutionality of the law, and the district court granted summary judgment in favor of the plaintiffs and permanently enjoined its enforcement, holding that the statute violated the First Amendment because it amounted to “a content-based restriction on commercial speech rather than an economic regulation.” The California Attorney General's Office appealed.
The Ninth Circuit affirmed the district court decision, finding that California Civil Code Section 1748.1(a) could not withstand intermediate scrutiny because (i) the plaintiffs’ speech was not misleading, (ii) Section 1748.1(a) failed to promote California’s interest in protecting consumers from deception, and (iii) Section 1748.1(a) was more extensive than necessary to achieve California’s stated interest for the regulation. Though the panel affirmed the district court’s ruling, it also modified the district court’s injunction to apply only to the plaintiffs, and only with respect to the specific pricing practice they seek to employ.
See previous InfoBytes coverage here on court decisions regarding credit card surcharges
Ninth Circuit Denies Arbitration, Lacks Jurisdiction to Review Anti-SLAPP Motion
On December 27, the U.S. Court of Appeals for the Ninth Circuit issued an opinion affirming the district court’s decision to deny the defendants’ request to compel arbitration against plaintiffs who elected to participate in the defendants’ administration of California’s “Bad Check Diversion Program” (BCD Program). The order is the result of two consolidated appeals from separate district court orders related to a putative class action lawsuit claiming that the defendants violated the federal Fair Debt Collection Practices Act (FDCPA) and California Unfair Competition Law in their administration of the BCD Program. The BCD Program, administered by private entities in agreement with a local district attorney, provides consumers accused of writing bad checks the opportunity for deferred prosecution. Under the BCD Program, the defendants sent notices on official district attorney letterhead offering the plaintiffs the chance to avoid criminal prosecution under California’s bad check statute if they participated in the BCD Program and paid specified fees. The notices also included an arbitration clause. In the class action lawsuit, plaintiffs alleged that defendants violated the law by misleading plaintiffs into thinking law enforcement sent the letters and by allegedly including false threats in the letters that implied that failure to pay would result in arrest or imprisonment.
In response to the lawsuit, defendants filed a motion under California’s Anti-SLAPP law, which protects defendants from strategic lawsuits against public participation (SLAPP), to strike the plaintiffs’ state law claims as well as a motion to compel arbitration pursuant to the arbitration clause in the notices. With respect to the defendant’s motion to compel arbitration, the panel opined that the BCD Program is not subject to Federal Arbitration Act (FAA) provisions because it is “an agreement between a criminal suspect and the local authorities about how to resolve a potential state-law criminal violation” rather than a “private or commercial contract.” In response to the defendants’ Anti-SLAPP motion, the appellate panel concluded that it “lacked jurisdiction to review the district court’s denial of defendants’ Anti-SLAPP motion because, under the terms of the state statute, such a denial in a case deemed [by the lower court] to be filed in the public interest is not immediately appealable.”
The panel remanded to the district court for further proceedings.