Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • FDIC Updates Supervisory Guidance on Risk Management Examination Policies

    Agency Rule-Making & Guidance

    On July 26, the FDIC issued Financial Institution Letter FIL-31-2017 to announce updates to its Risk Management Manual of Examination Policies. The revisions, which incorporated guidance from the FDIC’s Board of Directors, updated the Report of Examination Instructions regarding matters requiring board attention and “deviations from the safety and soundness principles underlying statements of policy.” The revision also included updated instructions for examiners to use when complying with examination schedules. The letter applies to all FDIC-supervised financial institutions.

    Agency Rule-Making & Guidance FDIC Risk Management Bank Supervision Vendor Management

    Share page with AddThis
  • Legislation Reintroduced to Base SIFI Determination on Risk Rather Than Asset Size

    Federal Issues

    On July 19, Representative Blaine Luetkemeyer (R-Mo.) reintroduced legislation designed to overhaul the process used to manage systemic risk by basing the regulation of financial institutions on risk rather than asset size alone. As set forth in a press release issued by Rep. Luetkemeyer’s office, the Systemic Risk Designation Improvement Act of 2017 would replace the $50 billion threshold for designating a bank holding company as a Systemically Important Financial Institution (SIFI) with a series of standards for evaluating risk. The legislation would require the Federal Reserve to evaluate an “institution’s size, interconnectedness, substitutability, global cross-jurisdictional activity, and complexity” before designating it as a SIFI. The legislation was previously introduced in the House, but discussion was delayed to provide Rep. Luetkemeyer with time to propose a method for funding the proposed changes, which are estimated to cost more than $115 million. (See previous InfoBytes summary here.)

    “This legislation supports economic growth throughout the country because it will free commercial banks to make loans while allowing financial regulators the ability to apply enhanced standards on banks based on actual risk posed to the financial system–rather than on arbitrary asset size alone," Luetkemeyer pronounced.

    Federal Issues Federal Legislation Risk Management Regulator Enforcement SIFIs Bank Holding Companies

    Share page with AddThis
  • OFAC Settles with International Insurance Group over Charges of Violating Sanctions Programs

    Financial Crimes

    On June 26, the Treasury’s Office of Foreign Asset Control (OFAC) reached a settlement with an international financial services and insurance company based in New York for alleged violations of OFAC sanctions programs. OFAC claimed that the company “issued policies and insurance certificates, and/or processed claims and other insurance-related transactions that conferred economic benefit to sanctioned countries or persons and undermined the policy objectives of several U.S. economic sanctions programs.” Specifically, OFAC maintained the company violated the following sanctions programs: (i) Iranian Transactions and Sanctions Regulations, 31 C.F.R. Part 560 (ITSR); (ii) Weapons of Mass Destruction Proliferators Sanctions Regulations, 31 C.F.R. Part 544 (WMDPSR); (iii) Sudanese Sanctions Regulations, 31 C.F.R. Part 538 (SSR); and (iv) Cuban Assets Control Regulations, 31 C.F.R. Part 515 (CACR). The settlement requires the company to pay $148,698 to settle the claims, which the company voluntarily self-disclosed to OFAC.

    For others to avoid these issues, OFAC suggested that “the best and most reliable approach for insuring global risks without violating U.S. sanctions law is to insert in global insurance policies an explicit exclusion for risks that would violate U.S. sanctions laws.”

    Financial Crimes Federal Issues OFAC Insurance Sanctions Risk Management

    Share page with AddThis
  • OCC Releases Spring 2017 Semiannual Risk Report

    Agency Rule-Making & Guidance

    On July 7, the Office of the Comptroller of the Currency (OCC) announced the release of its Semiannual Risk Perspective for Spring 2017 indicating key risk areas for national banks and federal savings associations. Acting Comptroller of the Currency Keith Noreika pointed out in his remarks that, “[w]hile these are risks that the system faces as a whole, we note that the risks differ from bank to bank based on size, region, and business model. Compliance, governance, and operational risk issues remain leading risk issues for large banks while strategic, credit, and compliance risks remain the leading issues for midsize and community banks.”

    The report details the four top risk areas:

    • Elevated strategic risk—banks are expanding into new products and services as a result of fintech competition. According to the report, this competition is increasing potential risks. The OCC hopes to finish developing a special purpose banking charter for fintech companies soon.
    • Increased compliance risk—banks must comply with anti-money laundering rules and the Bank Secrecy Act in addition to addressing increased cybersecurity challenges and new consumer protection laws.
    • Upswing in credit risk—underwriting standards for commercial and retail loans have been relaxed as banks exhibit greater enthusiasm for risk and attempt to maintain loan market share as competition increases.
    • Rise in operational risk—banks face increasingly complex cyber threats while relying on third-party service providers, which may be targets for hackers.

    The report used data for the 12 months ending December 31, 2016.

    Agency Rule-Making & Guidance OCC Risk Management Consumer Finance Payments Consumer Lending Privacy/Cyber Risk & Data Security Anti-Money Laundering Military Lending Act Compliance Bank Regulatory

    Share page with AddThis
  • Fed Fines New York Bank $3 Million for Violating Regulatory Risk Capital Requirements

    Federal Issues

    On June 26, the Federal Reserve fined a New York-based bank $3 million for unsafe and unsound banking practices after the firm allegedly assigned a lower risk weighting to a portfolio of assets in violation of then-applicable Basel I regulatory risk capital requirements. According to the consent order, between 2010 and 2014, the bank consolidated a portfolio of collateralized loan obligations onto its balance sheet. It allegedly assigned a zero-risk weighting to the assets improperly, and therefore overstated its risk-based capital ratios and set aside less capital than it should have.

    Federal Issues Federal Reserve Banking Risk Management Capital Requirements Enforcement Basel

    Share page with AddThis
  • OCC to Host Operational Risk Workshop, Will Hold Innovation "Office Hours"

    Agency Rule-Making & Guidance

    On July 25, the OCC will host an operational risk workshop in Charleston, WV for directors of national community banks and federal savings associations supervised by the OCC. The workshop will focus on the key components of operational risk, governance, third-party risk, vendor management, and cybersecurity.

    Additionally, on July 24 through the 26, the OCC’s Office of Innovation will hold “Office Hours” in New York City for national banks, federal savings associations, and fintech companies to provide an opportunity for attendees to discuss matters related to financial technology, new products and services, bank or fintech partnerships, as well as other items related to financial innovation. Meeting requests are due by July 5 and may be submitted here.

    Agency Rule-Making & Guidance OCC Risk Management Vendor Management Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • OCC, Fed Supervisory Guidance on Model Risk Management Followed by FDIC

    Agency Rule-Making & Guidance

    On June 7, the FDIC issued Financial Institution Letter FIL-22-2017 announcing that, in order to provide consistency across institutions and agencies, it is adopting the 2011 model risk management supervisory guidance that was issued by the Federal Reserve (SR 11-7 ) and the OCC (OCC Bulletin 2011-12) thereby making the guidance applicable to certain FDIC-supervised institutions, namely those with $1 billion or more in total assets. The FDIC guidance defines the term “model” as “a quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates.” The FDIC indicated that banks’ heavy reliance on models in financial decision-making can come with costs, especially when the decisions are “based on models that are incorrect or misused.”

    According to the FIL, the guidance contains “technical conforming changes” that make it relevant to institutions that are regulated by the FDIC, such as a “revised definition of 'banks' to reflect the FDIC's supervisory authority.”

    Among other things, the FIL highlights that an effective model risk management framework should include the following:

    • “disciplined and knowledgeable development that is well documented and conceptually sound”;
    • “controls to ensure proper implementation”;
    • “processes to ensure correct and appropriate use”;
    • “effective validation processes”; and
    • “strong governance, policies, and controls.”

    For institutions with assets totaling less than $1 billion, the guidance will only apply in certain circumstances, such as when “the institution's model use is significant, complex, or poses elevated risk to the institution.”

    Agency Rule-Making & Guidance FDIC Risk Management OCC Federal Reserve Bank Supervision

    Share page with AddThis
  • OCC Supplement Answers Frequently Asked Questions Covering Third-Party Relationships: Risk Management Guidance

    Agency Rule-Making & Guidance

    On June 7, the OCC released Bulletin 2017-21, which provides answers to frequently asked questions from national banks and federal saving associations concerning third-party procedure guidance. The Bulletin, issued to supplement Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance” released October 30, 2013, highlights the OCC’s responses to the following topics:

    • defines third-party relationships and provides guidance on conducting due diligence and ongoing monitoring of service providers;
    • provides insight on how to adjust risk management practices specific to each relationship;
    • discusses ways to structure third-party risk management processes;
    • discusses advantages and disadvantages to collaboration between multiple banks when managing third-party relationships;
    • outlines bank-specific requirements when using collaborative arrangements;
    • provides information-sharing forums that offer resources to help banks monitor cyber threats;
    • discusses how to determine whether a fintech relationships is a “critical activity” and covers risks associated with engaging a start-up fintech company;
    • addresses ways in which banks and fintech companies can partner together to serve underbanked populations;
    • covers criteria to consider when entering into a marketplace lending arrangement with a nonbank entity;
    • clarifies whether OCC Bulletin 2013-29 applies when a bank engages a third-party to provide mobile payments options to consumers;
    • outlines the OCC’s compliance management requirements;
    • discusses banks’ rights to access interagency technology service provider reports; and
    • answers whether a bank can rely on the accuracy of a third-party’s risk management report.

    As previously covered in InfoBytes, the OCC released a supplement (Bulletin 2017-7) to Bulletin 2013-29 in January of this year identifying steps prudential bank examiners should take when assessing banks’ third-party relationship risks.

    Agency Rule-Making & Guidance OCC Vendor Management Risk Management Marketplace Lending Fintech Prudential Regulators

    Share page with AddThis
  • OCC to Host Workshops for Community Bank Directors in June

    Agency Rule-Making & Guidance

    On June 20 and 21, the OCC will be hosting two workshops in Nashville for directors of national community banks and federal savings associations supervised by the OCC. The June 20 “Credit Risk” workshop will focus on ways to identify trends and recognize problems within a loan portfolio. In addition, the workshop will discuss board and management roles, how to stay informed of changes in credit risk, and how to effect change. The June 21 “Operational Risk” workshop will focus on the key components of operational risk, and also cover governance, third-party risk, vendor management, and cybersecurity.

    Additionally, from June 26 to 28, the OCC will be hosting a “Building Blocks for Directors” workshop in Atlanta for directors, senior management team members, and other key executives of national community banks and federal savings associations supervised by the OCC. The workshop will: (i) focus on the duties and core responsibilities of directors and management; (ii) discuss major laws and regulations; and (ii) provide insight on the examination process.

    Agency Rule-Making & Guidance OCC Risk Management Vendor Management

    Share page with AddThis
  • OCC Updates Comptroller’s Handbook, Issues New Guidance for Evaluating Retail Lending Risk Management

    Agency Rule-Making & Guidance

    On April 12, the OCC issued Bulletin OCC 2017-15 announcing its new booklet, “Retail Lending,” which discusses retail lending risks and measures for evaluating retail credit risk management activities. The booklet, part of the Comptroller’s Handbook, applies to “examinations of all institutions engaged in retail lending” and supplements the following core assessment sections: “Large Bank Supervision,” “Community Bank Supervision,” and “Federal Branches and Agency Supervision.” According to the Bulletin, Examiners should reference this booklet when review beyond the core assessment is appropriate because the specific products, services, or activities “have a material impact on the risk profile and financial condition” of banks. The new booklet describes (i) “characteristics of an effective retail credit risk management framework”; (ii) “criteria examiners should consider when evaluating retail credit originations, account management, collections, and portfolio management activities and processes”; and (iii) “objectives of control functions commonly used in a retail lending business to measure performance, make decisions about risk, and assess the effectiveness of processes and personnel.”

    Agency Rule-Making & Guidance OCC Risk Management

    Share page with AddThis

Pages