InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC proposes signage amendments, issues revised guide on supervisory appeals process
On December 13, the FDIC held a meeting, during which board members approved a notice of proposed rulemaking (NPRM) to modernize and amend the rules “governing the use of the official FDIC sign and insured depository institutions’ (IDIs) advertising statements to reflect how depositors do business with IDIs today, including through digital and mobile channels.” According to the FDIC’s announcement, the NPRM would amend part 328 of its regulations by updating the requirements for when the FDIC’s official sign can be displayed. Institutions would also be required to use signs that differentiate insured deposits from non-deposit products across banking channels and provide disclosures to consumers alerting them to when certain financial products are not insured by the FDIC, are not considered deposits, and may lose value.
Acting Chairman Martin Gruenberg noted that there have not been major changes to these rules since 2006. FDIC board member and CFPB Director Rohit Chopra issued a statement in support of the NPRM, noting that the financial sector has evolved significantly since 2006, and “[b]anks increasingly offer uninsured products, physical branches look different, more than 65% of banked households primarily bank online or through their mobile phone, and convoluted bank-nonbank partnerships have proliferated.” He specifically highlighted several of the proposed changes, including: (i) requiring banks to physically segregate the parts of the branch used for accepting insured deposits from other areas where uninsured products are offered; (ii) requiring banks to display digital FDIC signs on their websites and mobile apps, including clear notifications on relevant pages where uninsured products are offered; (iii) requiring disclosures that deposit insurance does not protect against the failure of nonbanks and, if relevant, that pass-through deposit insurance coverage is not automatic or certain; and (iv) clarifying that crypto assets are uninsured, non-deposit products. Comments on the NPRM are due 60 days after publication in the Federal Register.
On the same day, the FDIC adopted proposed changes to the Guidelines for Appeals of Material Supervisory Determinations. The board solicited public comments in October on the proposed changes (covered by InfoBytes here). The revised Guidelines add the agency’s ombudsman to the Supervision Appeals Review Committee (SARC) as a non-voting member (the ombudsman will be responsible for monitoring the supervision process after a financial institution submits an appeal and must periodically report to the board on these matters). Materials under consideration by the SARC will have to be shared with both parties to the appeal (subject to applicable legal limitations on disclosure), while financial institutions will be allowed to request a stay of material supervisory determination during a pending appeal. Additionally, the division director is given the discretion to grant a stay or grant a stay subject to certain conditions, and institutions will be provided decisions in writing regarding a stay. The revised Guidelines take effect immediately.
FinCEN further extends FBAR filing deadline for certain individuals
On December 9, the Financial Crimes Enforcement Network (FinCEN) issued Notice 2022-1 to further extend the time for certain Report of Foreign Bank and Financial Accounts (FBAR) filings in light of the agency’s March 2016 notice of proposed rulemaking, which proposed to revise the Bank Secrecy Act’s implementing regulations regarding FBARs. (See previous InfoBytes coverage on the 2016 NPR here.) Specifically, one of the proposed amendments seeks to “expand and clarify the exemptions for certain U.S. persons with signature or other authority over foreign financial accounts,” but with no financial interest, as outlined in FinCEN Notice 2021-1 issued December 9, 2021. FinCEN noted that because the proposal has not been finalized, it is further extending the filing due date to April 15, 2024, for individuals who previously qualified for a filing due date extension under Notice 2021-1. All other individuals must submit FBAR filings by April 15, 2023.
CFPB proposes registry of nonbank repeat offenders
On December 12, the CFPB announced a proposed rule seeking to identify repeat financial law offenders by establishing a database of enforcement actions taken against certain nonbank covered entities. Specifically, the Bureau proposes to enhance market monitoring and risk-based supervision efforts by including all final public written orders and judgments (including any consent and stipulated orders and judgments) obtained or issued by any federal, state, or local government agency for violation of certain consumer protection laws related to unfair, deceptive, or abusive acts or practices in the database. Additionally, pursuant to Section 1024(b)(7) of the Consumer Financial Protection Act, the Bureau is also proposing that larger supervised nonbanks be required to submit annual written statements regarding compliance with each underlying order that is signed by an attesting executive with “knowledge of the entity’s relevant systems and procedures for achieving compliance and control over the entity’s compliance efforts.” Excluded from the registry will be insured depository institutions and credit unions, related persons, states, natural persons, and certain other entities.
Explaining that protecting American consumers is a shared effort spanning local, state, and federal authorities, CFPB Director Rohit Chopra stated that currently “readily accessible information is lacking about the identity of orders issued against nonbanks subject either to the CFPB’s market monitoring authority or to its supervisory authority across the various markets for consumer financial products and services.” The creation of a central repository of enforcement actions around the country for use in tracking and mitigating risks posed by repeat offenders and monitoring entities subject to agency and court orders will help the Bureau, the law enforcement community, and the public “limit the harms from repeat offenders,” the Bureau said in its announcement. The Bureau noted that it plans to share the database with other regulators and law enforcement agencies by making the registry public.
Comments on the proposal are due 60 days after publication in the Federal Register. The Bureau said the proposed registry would launch “no earlier than January 2024.”
CFPB issues HMDA technical amendment
On December 12, the CFPB issued a technical amendment to the HMDA Rule to reflect the closed-end mortgage loan reporting threshold of 25 mortgage loans in each of the two preceding calendar years. As previously covered by InfoBytes, in September, the U.S. District Court for the District of Columbia granted partial summary judgment to a group of consumer fair housing associations (collectively, “plaintiffs”) that challenged changes made in 2020 that permanently raised coverage thresholds for collecting and reporting data about closed-end mortgage loans and open-end lines of credit under HMDA. The 2020 Rule, which amended Regulation C, permanently increased the reporting threshold from the origination of at least 25 closed-end mortgage loans in each of the two preceding calendar years to 100, and permanently increased the threshold for collecting and reporting data about open-end lines of credit from the origination of 100 lines of credit in each of the two preceding calendar years to 200 (covered by InfoBytes here). The plaintiffs sued the CFPB in 2020, arguing, among other things, that the final rule “exempts about 40 percent of depository institutions that were previously required to report” and undermines HMDA’s purpose by allowing potential violations of fair lending laws to go undetected. (Covered by InfoBytes here.) As a result of the September 23 order, the threshold for reporting data about closed-end mortgage loans is 25, the threshold established by the 2015 HMDA Rule.
OCC warns of crypto-asset and cybersecurity risks facing the federal banking system
On December 8, the OCC released its Semiannual Risk Perspective for Fall 2022, which reports on key risks threatening the safety and soundness of national banks, federal savings associations, and federal branches and agencies. The OCC reported that, in the aggregate, banks “remain well capitalized” and have “ample liquidity and sound credit quality, although macroeconomic headwinds are a concern.” The OCC highlighted interest rate, operational, compliance, and credit risks as key risk themes. Observations include: (i) the rising rate environment has adversely impacted bank investment portfolios; (ii) operational risk, including evolving cyber risk, is elevated, with “threat actors continuing to target the financial services industry with ransomware and other attacks”; (iii) compliance risk remains heightened as banks navigate significant regulatory changes; and (iv) credit risk in commercial and retail loan portfolios remains moderate and demonstrates resiliency, “but signs of potential weakening in some segments warrant careful monitoring.”
The report discussed emerging risks related to innovation and the adoption of new products and services, including crypto-assets. Highlighting risks arising from banks’ expansion into digital offerings and the “heightened” threat of fraud risk associated with innovative peer-to-peer payment platforms, the OCC noted that banks should be “clearly communicating risks, educating customers on potential scams, and enhancing internal fraud monitoring capabilities” to mitigate threats and protect consumers. The report noted that “[b]anks may require additional or different controls to safeguard against fraud, financial crimes, violations of Bank Secrecy Act, anti-money laundering, and Office of Foreign Assets Control (BSA/AML/OFAC) requirements, and consumer protection or fair lending laws, or operational errors,” and should “maintain comprehensive operational resilience frameworks commensurate with the size and complexity of products, services, and operations being supported.”
The OCC reiterated the importance of taking a “careful and cautious approach” toward banks’ engagement with the crypto-related firms. Recent events in the crypto market have also “revealed a high degree of interconnectedness between certain crypto participants through a variety of opaque lending and investing arrangements,” which has led to “a high risk of contagion among connected parties.” The report noted that national banks and federal savings associations interested in engaging in crypto-asset activities should discuss the activities with their supervisory office before engaging the activities. Some activities may require a supervisory non-objection under OCC Interpretive Letter #1179.
The report cited risks related to cybersecurity and partnerships with fintech and other third parties. The OCC said it is applying a “heightened supervisory focus” to its scrutiny of banks’ oversight of third-party relationships and flagged an upward trend in ransomware attacks targeting banks’ service providers and other third parties. Partnering with fintechs to support operations or provide opportunities for customers to enter the digital asset market can “increase the risk of unfair or deceptive acts or practices because of the coordination, communication, and disclosure challenges involved in these partnerships,” the report said, adding that “[u]nclear or arbitrary partnership agreements may result in implementation breakdowns, untimely resolution of issues, or failure to deliver products or services as intended, and may result in significant customer remediation.” The OCC cautioned that banks must “conduct appropriate due diligence” before entering a partnership with a third party. “The scope and depth of due diligence, as well as ongoing monitoring and oversight of the third party’s performance, should be commensurate with the nature and criticality of the proposed activity.”
The report also discussed forthcoming climate risk management guidelines applicable to banks with more than $100 billion in total consolidated assets. As previously covered by InfoBytes, the OCC, Federal Reserve Board, and the FDIC announced they intend to issue final interagency guidance to promote consistency.
FDIC announces South Carolina disaster relief
December 9, the FDIC issued FIL-51-2022 to provide regulatory relief to financial institutions and help facilitate recovery in areas of South Carolina affected by Hurricane Ian from September 25 to October 4. The FDIC acknowledged the unusual circumstances faced by institutions affected by the storms and suggested that institutions work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans, provided the measures are done “in a manner consistent with sound banking practices.” Additionally, the FDIC noted that institutions “may receive favorable Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery.” The FDIC will also consider regulatory relief from certain filing and publishing requirements.
FTC, Florida permanently shut down grant funding operation
On December 8, the FTC and the Florida attorney general announced that a Florida-based grant funding company and its owner (collectively, “defendants”) will be permanently banned from offering grant-writing and business consulting services as a result of a lawsuit the regulators brought against the defendants in June. As previously covered by InfoBytes, the complaint alleged that the defendants violated the Consumer Protection Act, the FTC Act, and the Florida Deceptive Unfair Trade Practices Act by deceptively marketing their services to minority-owned small businesses. Among other things, the defendants (i) promised grant funding that did not exist and/or was never awarded; (ii) misled customers about the status of grant awards; and (iii) failed to honor a “money-back guarantee” and suppressed customer complaints. The defendants agreed to the terms of a proposed court order, which would ban them from providing grant-related services and business consulting, and prohibit them from making misrepresentations regarding advertised products or services. Defendants would also be required to turn over certain property to be sold in order to provide refunds to affected businesses. The proposed order also includes a more than $2 million monetary judgment, which is partially suspended due to defendants’ inability to pay.
Senators ask federal agencies about banks’ ties to crypto firms
On December 7, Senators Elizabeth Warren (D-MA) and Tina Smith (D-MN) sent letters to the heads of the Federal Reserve Board, FDIC, and OCC seeking information on how the agencies assess risks associated with banks’ relationships with cryptocurrency firms. The senators expressed concerns related to recent revelations that “crypto may be more integrated into the banking system than regulators are aware.” The senators asked the agencies a series of questions, including (i) whether the regulators plan to conduct a review of crypto firms’ relationships with banks; (ii) the names of regulated banks engaged in crypto-related activities, such as providing crypto custody services and acting as nodes to verify customer payments; and (iii) the estimated total dollar volume for each specific activity per bank. The responses were requested by December 21.
FCC orders companies to block student loan scam calls
On December 8, the FCC’s Enforcement Bureau ordered voice service providers to cease carrying robocalls related to known student loan scams and specifically designated a service believed to account for more than 40 percent of student loan robocalls in October. The FCC’s order provides written notice to all voice service providers regarding suspected illegal robocalls that have been made in violation of the TCPA, the Truth In Caller ID Act of 2009, or the TRACED Act. Specifically, the order “directs all U.S.-based voice service providers to take immediate steps to mitigate suspected illegal student loan-related robocall traffic.” The order further noted that if a provider fails to “take all necessary steps” to avoid carrying suspected illegal robocall traffic, the provider may be “deemed to have knowingly and willfully engaged in transmitting unlawful robocalls.” According to FCC Chairwoman Jessica Rosenworcel, the Commission is “cutting these scammers off so they can't use efforts to provide student loan debt relief as cover for fraud.”
Senators request information from California bank on its relationship with collapsed crypto exchange
On December 5, Senators Elizabeth Warren (D-MA), John Kennedy (R-LA), and Roger Marshall (R-KS) asked the CEO of a California-based bank for information regarding its relationship with several cryptocurrency firms founded by the CEO of a now-collapsed crypto exchange. In their letter, the senators pressed the CEO for an explanation for why the bank failed to monitor for and report suspicious transactions to the Financial Crimes Enforcement Network, and asked for information about how deposits it was holding on behalf of the collapsed exchange and related firm were being handled. The senators stressed that the bank has a legal responsibility under the Bank Secrecy Act to maintain an effective anti-money laundering program that may have flagged suspicious activity. “Your bank's involvement in the transfer of [the collapsed exchange’s] customer funds to [the related firm] reveals what appears to be an egregious failure of your bank’s responsibility to monitor for and report suspicious financial activity carried out by its clients,” the letter said. The senators asked the bank to respond to a series of questions by December 19.