InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
California to allow banks to service licensed cannabis businesses
On September 29, the California governor approved AB 1525, which provides, among other things, that banks and accountants that provide financial services to cannabis businesses are not in violation of California law “solely by virtue of the fact that the person receiving the benefit of any of those services engages in commercial cannabis activity as a licensee.” The bill also allows licensed cannabis businesses to sign a waiver permitting state or local licensing and regulatory authorities to share “application, license, and other regulatory and financial information” with a designated financial institution “for the purpose of facilitating the provision of financial services for that licensee.”
OCC issues CRA compliance resources
On October 1, the OCC released three items in support of the implementation of the new Community Reinvestment Act (CRA) final rule. The three newly released items include: (i) a compliance guide for small banks; (ii) an initial illustrative list of qualifying activities; and (iii) a form to request consideration of items to be added to the list of qualifying activities. As previously covered by a Buckley Special Alert, the OCC’s rule, while technically effective October 1, provides for at least a 27-month transition period for compliance based on a bank’s size and business model. Large banks and wholesale and limited purpose banks will have until January 1, 2023 to comply, and small and intermediate banks that opt-in to the final rule’s performance standards will have until January 1, 2024.
FCC seeks comment on TCPA exemptions
On October 1, the FCC issued a Notice of Proposed Rulemaking (NPRM), seeking comment on exemptions already granted under the TCPA allowing certain entities and types of calls to be made using an automatic telephone dialing system. The FCC is required by Section 8 of The Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act) to ensure that any exemption granted under the TCPA “includes requirements with respect to: (i) the classes of parties that may make such calls; (ii) the classes of parties that may be called; and (iii) the number of such calls that may be made to a particular called party.” Section 8 of the TRACED Act requires the FCC to prescribe new regulations or amend existing regulations with regard to the TCPA exemptions no later than December 30, 2020. The FCC is seeking comment on the current nine exemptions, which include, among other things, financial-institution calls to a wireless number. The FCC notes that the current conditions under the financial institution exemption “appear to satisfy section 8 of the TRACED Act” because there are limitations on the class of calling parties, the class of called parties, and the number of calls (no more than three calls per event over a three-day period for each affected account).
Additionally, the FCC seeks comment on the exemption allowing commercial calls to residences that do not constitute telemarketing. The FCC notes that the current exemption does not appear to satisfy Section 8’s requirements, as there is not enough specificity of the class of party that makes the calls, nor is there a limit on the number of calls that can be made. The FCC proposes to alter this exemption into two types of classes of parties: informational and transactional callers and seeks comment on whether to limit the number of calls that can be made under this exemption.
Comments will be due 15 days after publication in the Federal Register.
Fed FAQs clarify bank control structure under BHC and HOLA
On September 30, the Federal Reserve Board issued several frequently asked questions related to its control and divestiture proceedings final control rule that took effect the same day. As previously covered by InfoBytes, in January the Fed revised the bank control framework to clarify the rules used to determine whether a company controls a bank or a bank controls a company pursuant to the Bank Holding Company Act (BHC Act) and the Home Owners' Loan Act (HOLA). Among other things, the Fed notes that it “does not expect” to revisit investment structures that had previously been reviewed prior to the effective date of the control rule, and would not require changes to investment structures “that represent a reasonable interpretation of [Fed] precedent at the time the structure was created.” The FAQs also discuss what constitutes a “limiting contractual right” with respect to a contractual provision between “a first company and a second company that requires the second company to conform its activities to the activities restrictions under the [BHC Act] or [HOLA],” along with whether the control rule differentiates “between limiting contractual rights based on the circumstances under which the right was created or the nature of the document in which the right resides.”
Fed proposes updates to capital planning requirements
On September 30, the Federal Reserve Board issued a notice of proposed rulemaking (NPRM) to tailor the requirements in the Fed’s capital plan rule applicable to large bank holding companies and U.S. intermediate holding companies of foreign banking organizations. The changes would conform the capital planning, regulatory reporting, and stress capital buffer requirements for firms with $100 billion or more in total assets (Category IV) with the tailored regulatory framework approved by the Fed last October (covered by InfoBytes here). The NPRM would also make additional changes to the Fed’s stress testing rules, stress testing policy statement, and regulatory reporting requirements related to “business plan change assumptions, capital action assumptions, and the publication of company-run stress test results for savings and loan holding companies” to be consistent with a final rule issued last year that amended resolution planning requirements for large domestic and foreign firms (covered by InfoBytes here). These changes include removing company-run stress test requirements and implementing biennial, rather than annual, supervisory stress tests for firms subject to Category IV standards. Additionally, the Fed seeks comments on its existing capital planning guidance for firms of all sizes. Notably, the Fed states that the NPRM would not affect the calculation of firms’ capital requirements. Comments on the NPRM are due November 20.
FinCEN, OFAC issue ransomware advisories
On October 1, the U.S. Treasury Department’s Office of Terrorism and Financial Intelligence issued two advisories to aid U.S. individuals and businesses in combating ransomware scams and attacks. In issuing the advisories, Treasury emphasized that “[e]fforts to detect and report ransomware payments are vital to prevent and deter cyber actors from deploying malicious software to extort individuals and businesses, and to hold ransomware attackers accountable for their crimes.” The advisory released by FinCEN, titled the Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments, provides information on the role of financial intermediaries in payments, ransomware trends and typologies, and related financial red flags indicators. Among other things, the advisory urges financial institutions to file suspicious activity reports when handling any transfer of funds related to a ransomware-related activity, and provides information on effectively reporting and sharing information related to ransomware attacks.
The advisory released by Treasury’s Office of Foreign Assets Control (OFAC), titled the Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, cautions that companies that facilitate ransomware payments to cyber actors on behalf of victims targeted by ransomware activities may face potential sanctions risks. Among other things, the advisory encourages financial institutions and other companies that engage with victims of ransomware attacks to implement risk-based compliance programs “to mitigate exposure to sanctions-related violations,” and to report such attacks to law enforcement. These sanctions compliance programs, OFAC emphasizes, “should account for the risk that a ransomware payment may involve [a specially designated national] or blocked person, or a comprehensively embargoed jurisdiction.” OFAC also cautions companies to consider whether they also need to comply with FinCEN’s regulatory obligations. Furthermore, the advisory provides U.S. government resources for reporting ransomware attacks, as well as guidance on factors OFAC generally considers when determining an appropriate enforcement response to an apparent violation.
Fed issues enforcement order for BSA/AML and OFAC regulation compliance
On October 1, the Federal Reserve announced an enforcement action against a Pennsylvania state-chartered bank for deficiencies in the bank’s Bank Secrecy Act (BSA), anti-money laundering (AML), and U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) regulations. The order requires the bank to submit, among other things, (i) a board-approved, written plan to improve oversight of BSA/AML requirements and OFAC regulations; (ii) a written BSA/AML compliance program; (iii) a revised customer due diligence program; (iv) a written suspicious activity monitoring and reporting program; and (iv) a written plan for independent testing of compliance with BSA/AML requirements. The bank was not assessed any monetary penalties.
CFPB releases TRID five-year lookback assessment
On October 1, the CFPB released the assessment report required by Section 1022(d) of the Dodd-Frank Act for the TILA-RESPA Integrated Disclosure Rule (TRID), concluding that the TRID Rule “made progress towards several of its goals.” The assessment report was conducted using the Bureau’s own research and external sources. In opening remarks, Director Kraninger noted that the Bureau was “unable to obtain or generate the data necessary” to include a cost-benefit analysis, but documented the benefits and costs when possible. In addition to studying the effectiveness of the TRID Rule, the report also summarized the public comments the Bureau received from its November 2019 request for information (covered by InfoBytes here).
The Bureau issued the TRID Rule in November 2013, and the Rule took effect on October 3, 2015. Among other things, the TRID Rule integrated TILA’s Good Faith Estimate (GFE) and RESPA’s settlement statement (HUD-1), as well as other Dodd-Frank required disclosures, into the “Loan Estimate” and “Closing Disclosure” forms. Key findings of the assessment include:
- The TRID disclosure forms improved borrower abilities to locate key mortgage information, and compare costs and features of different mortgage offers;
- Evidence was mixed as to whether the TRID disclosure forms improved borrower abilities to understand loan estimates and transactions, and the TRID Rule increased consumer shopping for mortgages;
- The median response for one-time costs for lenders of implementing the rule was roughly $146 per mortgage originated in 2015;
- Evidence was unclear regarding ongoing costs for lenders, noting that over the last decade, lenders’ costs have increased steadily, but the data does not show a clear increase from the time the TRID Rule took effect; and
- Purchases and refinances dropped notably (around 14 percent and eight percent, respectively) in the first two months after the effective date, and purchase closing times lengthened by about 13 percent. However, both changes returned to pre-TRID Rule amounts and durations.
Additionally, the Bureau released a Data Point report titled, “How mortgages change before origination,” which details how the terms and costs of a mortgage loan may change during the origination process. The Bureau examined about 50,000 mortgages originated between March 2016 and November 2017, and found, among other things, that (i) APR changes occurred in more than 40 percent of mortgages; (ii) loan amount and the loan to value ratio changed for nearly 25 percent of mortgages; and (iii) interest rate changed for eight percent of mortgages.
SEC: CARES Act, Federal Reserve facilities reduced impact of Covid-19 on U.S. credit market
On October 5, the SEC released issued a report addressing the economic effects of the Covid-19 pandemic on the U.S. credit markets. The report concludes that the immediate and multi-faceted actions taken by the Federal Reserve and under the CARES Act were instrumental in relieving stress in the credit market, stabilizing housing prices and sustaining consumer spending. The SEC will hold roundtable discussion with U.S. and international regulators on October 14 to discuss the report and related policy issues.
SEC has “record-setting” whistleblower fiscal year
On September 30, the SEC announced six new whistleblower awards to finish a “record-setting” fiscal year. In the first announcement, the SEC details an award of nearly $30 million to two whistleblowers. The first, received approximately $22 million for providing information that led SEC staff to open and investigation and subsequently “provided substantial, ongoing assistance.” The second whistleblower received approximately $7 million for providing “additional valuable information” during the investigation.
In the second announcement, the SEC details four whistleblower awards totaling nearly $5 million. In the first order, the SEC awarded a whistleblower almost $2.9 million for alerting the agency of “alleged wrongdoing, which would have been difficult to detect in the absence of [the information.” The second order awards a whistleblower more than $1.7 million for providing “ongoing and extensive assistance” to SEC staff. And the third order, awards nearly $400,000 to two whistleblowers for providing a joint tip and “continu[ed] corporation and assistance, including having numerous meetings and discussions with staff.”
Earlier on September 28, the SEC announced an over $1.8 million award to a whistleblower in connection with a successful agency enforcement action. The whistleblower—an unaffiliated company outsider—“expeditiously reported significant information to the Commission about ongoing securities law violations.” According to the SEC, the award illustrates the important role company outsider intelligence can play in halting ongoing violations.
The SEC announced on September 25 two separate whistleblower awards, totaling over $2.5 million, for information regarding overseas conduct. The first, an award for over $1.8 million, was given to a whistleblower for taking “personal and professional risks” by using an internal compliance system at a company to report information. The tip resulted in an internal investigation, revealing overseas conduct that “would otherwise have been hard to detect.” The company then subsequently reported the findings to the SEC. The second whistleblower was awarded $750,000 for reporting concerns internally about securities violations occurring overseas that led to a successful enforcement action.
The SEC has now paid a total of $562 million to 106 individuals since the inception of the program.