Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • FDIC, Fed issue new rules and guidance aimed to strengthen resolution planning at large banks

    On August 29, the FDIC and the Federal Reserve Board issued a joint press release inviting public comment on proposed guidance that serves to toughen requirements for non-G-SIB large bank holding companies’ resolution plans, or “living wills” that set forth strategies for rapid and orderly resolution under bankruptcy in the event of financial distress or failure. The proposed guidance, which includes guidance for both domestic triennial full filers and guidance for foreign triennial full filers, will generally apply to certain bank holding companies and foreign banking associations with between $250 billion and $700 billion in total assets. This guidance is separate from the guidance previously issued to the largest and most complex companies, which is already in place. The guidance (i) is organized around key areas of potential vulnerability, such as capital, liquidity, and operational capabilities; (ii) provides agency expectations for both single point of entry and multiple point of entry strategy needs; and (iii) proposes that foreign banking organizations develop U.S. resolution strategies that complement their global resolution plans. The proposed guidance will be published in the Federal Register, with comments due by November 30, 2023.

    Separately on August 29, the FDIC approved a notice of proposed rulemaking to enhance resolution planning for insured depository institutions (IDIs) with at least $100 billion in total assets. The proposed rule would strengthen existing IDI resolution planning requirements under 12 CFR § 360.10 and would require a resolution submission from covered IDIs every two years, with limited filings in between. Covered IDIs would be required to submit comprehensive resolution plans that would “enhance current IDI resolution planning requirements by incorporating useful elements of existing guidance and important lessons learned from past plan reviews and from past large bank resolutions, including those earlier this year.” Additionally, IDIs with total assets of at least $50 billion but less than $100 billion would submit more limited informational filings and would not be required to develop a resolution strategy. Comments on the proposed rule are due by November 30, 2023.

    Bank Regulatory Federal Issues Agency Rule-Making & Guidance FDIC Federal Reserve Compliance

  • Warren urges Fed to finalize capital requirements for large banks

    Federal Issues

    On August 29, Senator Elizabeth Warren (D-MA) sent a letter to the Fed regarding its recent notice of proposed rulemaking, urging them to “finalize the rules as quickly as possible.” In July, the Fed announced amendments to the regulatory capital requirements for large banking organizations that would implement the final components of the Basel III agreement (previously covered by InfoBytes here). Warren noted that she is concerned about the Fed’s intent to seek potential modifications as it could result in weakening the proposed rule. Warren also warned that big bank lobbyists has been “engaging in a full-court press to fend off higher capital requirements” before the release of the proposed rule, and that big banks lobbying expenditures were up 20 percent compared to the same period of time in the previous year, indicating a “clear effort to fend off stronger rules” following recent bank failures. The senator finally noted that the capital bank requirements are a threat to bank’s “massive payouts for executives and shareholders.”

    Federal Issues Federal Reserve U.S. Senate Basel Committee Compliance Capital Requirements

  • OCC updates bank accounting guidance

    On August 15, the OCC released an annual update to its Bank Accounting Advisory Series (BAAS) which is intended to address a variety of accounting topics and promote consistent application of accounting standards and regulatory reporting among OCC-supervised banks. The BAAS reflects updates to clarify the accounting standards issued by the Financial Accounting Standards Board related to, among other things, the elimination of recognition and the measurement of troubled debt restructurings by creditors, loan modifications, and credit losses. The August 2023 edition also includes answers to frequently asked questions from industry and bank examiners. Additionally, the OCC notes that the BAAS does not represent OCC rules or regulations but rather “represents the Office of the Chief Accountant’s interpretations of generally accepted accounting principles and regulatory guidance based on the facts and circumstances presented.”

    Bank Regulatory Federal Issues Agency Rule-Making & Guidance FASB Compliance OCC

  • CSBS announces Nonbank Model Data Security Law

    Privacy, Cyber Risk & Data Security

    The Conference of State Bank Supervisors (CSBS) recently released a comprehensive framework for safeguarding sensitive information held at nonbank financial institutions. CSBS’s Nonbank Model Data Security Law is largely based on the FTC’s updated Safeguards Rule, which added specific criteria for financial institutions and other entities, such as mortgage brokers, motor vehicle dealers, and payday lenders, to undertake when conducting risk assessments and implementing information security programs. (Covered by InfoBytes here.) Adopting the Nonbank Model Data Security Law allows for a streamlined and efficient approach to data security regulations for nonbank financial institutions, CSBS explained, adding that by leveraging the existing Safeguards Rule’s applicability to state covered nonbanks, the model law imposes minimal additional compliance burdens and ensures smoother implementation for financial institutions. States can also choose an alternative approach by requiring nonbank financial institutions to conform to the Safeguards Rule, CSBS said.

    The Nonbank Model Data Security Law outlines numerous provisions, which are intended to protect customer information, mitigate cyber threats, and foster a secure financial ecosystem. These include standards for safeguarding customer information, required elements that must be included in a nonbank financial institution’s information security program, and an optional section that requires entities to notify the commissioner in the wake of a security event. CSBS noted that because “the proposed rule on notification requirements for the FTC Safeguards Rule is still pending, the model law allows each state to establish their own customer threshold number, providing flexibility in determining the extent of impact that triggers the notification obligation.” CSBS also provided a list of resources for adopting the Nonbank Model Data Security Law.

    Privacy, Cyber Risk & Data Security State Issues CSBS Nonbank FTC Safeguard Rule Compliance

  • Agencies propose new capital requirements for biggest banks

    On July 27, the FDIC’s Board of Directors unveiled proposed interagency amendments to the regulatory capital requirements for the largest and most complex banks in the United States. The notice of proposed rulemaking (NPRM), issued jointly by the FDIC, OCC, and the Federal Reserve Board (and passed by an FDIC Board vote of 3-2 and a Fed vote of 4-2), would revise capital requirements for large banking organizations with at least $100 billion in assets, as well as certain banking organizations with significant trading activity. (See also FDIC fact sheet here.) The proposed changes would implement the final components of the Basel III agreement—recent changes made to international capital standards issued by the Basel Committee on Banking Supervision—as well as modifications made in response to recent bank failures in March, the agencies said.

    Specifically, the NPRM would implement standardized approaches for market risk and credit valuation adjustment risk by amending the way banks calculate their risk-weighted assets. According to FDIC FIL-38-2023, the new “expanded risk-based approach” would incorporate a standardized approach for credit risk and operational risk, a revised internal models-based approach, a new standardized measure for market risk, and a new revised approach for credit valuation adjustment. Banks subject to Category III and IV standards would also be required “to calculate their regulatory capital in the same manner as banking organizations subject to Category I and II standards, including the treatment of accumulated other comprehensive income, capital deductions, and rules for minority interest.” Additionally, the supplementary leverage ratio and the countercyclical capital buffer would be applied to banks subject to Category IV standards.

    The agencies said the proposed modifications are intended to:

    • Better reflect banks’ underlying risks;
    • Increase transparency and consistency by revising the capital framework in four main areas: credit, market, operational, and credit valuation adjustment risk;
    • Strengthen the banking system, by applying consistent capital requirements across large banks by requiring institutions to (i) include unrealized gains and losses from certain securities in capital ratios; (ii) comply with the supplementary leverage ratio requirement; and (iii) comply with the countercyclical capital buffer, if activated.

    The agencies predict that these changes will “result in an aggregate 16 percent increase in common equity tier 1 capital requirements for affected bank holding companies, with the increase principally affecting the largest and most complex banks.” The impact would vary by bank based on activities and risk profiles, the agencies stated, noting that most banks currently have enough capital to meet the proposed requirements. The NPRM would not amend capital requirements for smaller, less complex banks or for community banks. The agencies propose a three-year phased-in transition process beginning July 1, 2025, to provide banks sufficient time to accommodate the changes and minimize potentially adverse impacts. The changes would be fully phased in on July 1, 2028.

    Separately, the Fed also issued an NPRM on a proposal that would modify certain provisions relating to the calculation of the capital surcharge for the largest and most complex banks in order to “better align the surcharge to each bank’s systemic risk profile. . .by measuring a bank’s systemic importance averaged over the entire year, instead of only at the year-end value.”

    Comments on both NPRMs are due November 30.

    FDIC Chairman Martin Gruenberg stressed that “[e]nhanced resilience of the banking sector supports more stable lending through the economic cycle and diminishes the likelihood of financial crises and their associated costs.” Also voting in favor of the NPRM was CFPB Chairman and FDIC Board Member Rohit Chopra who expressed interest in feedback from the public on ways to simplify the methodologies used to calculate the requirements. Acting Comptroller of the Currency Michael also voted in favor and encouraged commenters “to include assumptions about capital distributions and competition from banks and other financial institutions in their analyses of the impacts of the proposal on lending and economic growth.”

    Voting against the new standards, FDIC Vice Chairman Travis Hill argued that while he supports strong capital requirements, he has several “concerns with the impact of excessive gold plating of international standards.” He stressed that the “proposal rejects the notion of capital neutrality and takes a starkly different path, ‘gold plating’ the new Basel standard in a number of ways and dramatically increasing capital requirements for banks with certain business models.”

    Bank Regulatory Agency Rule-Making & Guidance Federal Issues Federal Reserve FDIC OCC Capital Requirements Compliance Basel Committee

  • OCC releases recent enforcement actions

    On July 20, the OCC released a list of recent enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with such entities. Among the enforcement actions is a formal agreement with a California-based bank to update its BSA/AML compliance program. According to the agreement, the OCC identified deficiencies and violations relating to the bank’s compliance with BSA/AML laws and regulations. Among other things, the bank agreed to establish a compliance committee and revise its adherence to appropriate policies and procedures for collecting customer due diligence “when opening new accounts, when renewing or modifying existing accounts for customers, and when the [b]ank obtains event-driven information indicating that it needs to obtain updated customer due diligence information.” The bank also agreed to institute an “enhanced written risk-based program of internal controls and processes” to ensure an appropriate review of BSA/AML suspicious activity.

    Bank Regulatory Federal Issues OCC Enforcement Compliance Bank Secrecy Act Anti-Money Laundering Customer Due Diligence

  • FDIC revises NSF guidance

    On June 16, the FDIC updated its Supervisory Guidance on Multiple Re-Presentment NSF Fees to clarify its supervisory approach for addressing violations of law. This new guidance, FIL-32-2023, updates FIL-40-2022 (originally issued last August and covered by InfoBytes here), which warned supervised financial institutions that charging customers multiple non-sufficient funds (NSF) fees on re-presented unpaid transactions may increase regulatory scrutiny and litigation risk. The FDIC noted that since the issuance of FIL-40-2022, the agency has received additional data relating to the amount of consumer harm associated with NSF fees at particular institutions, as well as information regarding extensive, ongoing challenges institutions face to accurately identify re-presented transactions. Consequently, the FDIC made changes to its supervisory guidance to specify that it “does not intended to request an institution to conduct a lookback review absent a likelihood of substantial consumer harm.”

    Bank Regulatory Federal Issues FDIC Supervision NSF Fees Consumer Finance Compliance

  • Hsu tells banks to approach AI cautiously

    On June 16, Acting Comptroller of the Currency Michael J. Hsu warned that the unpredictability of artificial intelligence (AI) can pose significant risks to the financial system. During remarks presented at the American Bankers Association’s Risk and Compliance Conference, Hsu cautioned that banks must manage risks when adopting technologies such as tokenization and AI. Although Hsu reiterated his skepticism of cryptocurrency (covered by InfoBytes here), he acknowledged that AI and blockchain technology (where most tokenization efforts are currently focused) have the potential to present “significant” benefits to the financial system. He explained that trusted blockchains may improve settlement efficiency through tokenization of real-world assets and liabilities by minimizing lags and thereby reducing related frictions, costs, and risks. However, he warned that legal frameworks and risk and compliance capabilities for tokenizing real-world assets and liabilities at scale require further development, especially considering cross-jurisdictional situations and ownership and property rights.

    With respect to banks’ adoption of AI, Hsu flagged AI’s “potential to reduce costs and increase efficiencies; improve products, services and performance; strengthen risk management and controls; and expand access to credit and other bank services.” But there are significant challenges, Hsu said, including bias and discrimination challenges in consumer lending, fraud, and risks created from the use of “generative” AI. Alignment is also the core challenge, Hsu said, explaining that because AI systems are built to learn and may not do what they are programed to do, governance and accountability challenges may become an issue. “Who can and should be held accountable for misaligned, unexpected, and harmful outcomes?” Hsu asked, pointing to banks’ use of third parties to develop and support their AI systems as an area of concern.

    Hsu advised banks to approach innovation “responsibly and purposefully” and to proceed cautiously while keeping in mind three principles for managing risks: (i) innovate in stages, expand only when ready, and monitor, adjust and repeat; (ii) “build the brakes while building the engine” and ensure risk and compliance professionals are part of the innovation process; and (iii) engage with regulators early and often during the process and ask for permission, not forgiveness.

    Bank Regulatory Federal Issues Fintech OCC Artificial Intelligence Tokens Compliance Risk Management Blockchain

  • OCC warns banks to “guard against complacency” in risk management

    On June 14, the OCC released its Semiannual Risk Perspective for Spring 2023, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The agency reported that the overall strength of the federal banking system is sound but warned banks to remain diligent and maintain effective risk management practices over critical functions in order to withstand current and future economic and financial challenges.

    The OCC highlighted liquidity, operational, credit, and compliance risk as key risk themes in the report. Observations include: (i) in response to recent bank failures and investment portfolio depreciation, liquidity levels have been strengthened; (ii) credit risk remains moderate, however in certain commercial real estate segments, signs of stress are increasing (high inflation and rising interest rates are also causing credit conditions to deteriorate); (iii) operational risk, including persistent cyber threats, is elevated, while opportunities and risks are created by banks’ increased use of third parties and the digitalization of banking products and service; and (iv) compliance risk remains heightened as banks continue to navigate a dynamic environment where compliance management systems try to keep pace with evolving products, services, and delivery channel offerings.

    The report also discussed challenges banks face when trying to manage climate-related financial risks, as well as the importance of investing and aligning technology with banks’ business goals. Acting Comptroller of the Currency Michael Hsu urged banks “to ‘be on the balls of their feet’ with regards to risk management” and “guard against complacency.”

    Bank Regulatory Federal Issues OCC Risk Management Compliance Third-Party Risk Management Privacy Climate-Related Financial Risks

  • Bank to pay $1 billion to settle investors’ compliance claims

    Courts

    Last month, the U.S. District Court for the Southern District of New York preliminarily approved a securities litigation settlement that would require a national bank to pay $1 billion to resolve class claims that it misrepresented its progress in overhauling its internal controls and compliance processes. The required overhauls relate to consent orders entered between the bank and its regulators in 2018 concerning alleged improper banking practices and corporate oversight deficiencies. The settlement would resolve investors’ claims that the bank’s allegedly misleading statements artificially inflated the price of the bank’s common stock, which declined when additional information was revealed. The bank expressly denies that the lead plaintiffs “have asserted any valid claims,” and denies “any and all allegations of fault, liability, wrongdoing, or damages.” If granted final approval, the bank would be required to pay $1 billion into a fund to be distributed to certain affected investors.

    Courts Securities Compliance Class Action

Pages

Upcoming Events