InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Bank fined $140 million for BSA/AML compliance failures
On March 17, FinCEN announced a $140 million civil money penalty against a federal savings bank for violating the Bank Secrecy Act (BSA) and its implementing regulations from at least January 2016 through April 2021 by allegedly failing to implement and maintain an effective, reasonably designed anti-money laundering (AML) program. According to FinCEN, the bank “also admitted that it willfully failed to accurately and timely report thousands of suspicious transactions to FinCEN involving suspicious financial activity by its customers, including customers using personal accounts for apparent criminal activity.” The consent order further noted that in 2017, the OCC informed the bank that its AML program failed to meet all the requirements of the agency’s regulations. The bank agreed to overhaul its AML program but, according to the order, the bank has not yet met all of the terms of its commitments to address the deficiencies. FinCEN emphasized that the bank’s violations resulted “in millions of dollars in suspicious transactions flowing through the U.S. financial system without appropriate reporting,” and stressed “that growth and compliance must be paired, and AML program deficiencies, especially deficiencies identified by federal regulators, must be promptly and effectively addressed.”
The same day, the OCC announced a $60 million penalty against the bank for related violations resulting from the separate but coordinated investigation with FinCEN. Among other things, the consent order identified several deficiencies related to inadequate internal controls and risk management practices, suspicious activity identification, staffing, training, and third-party risk management. FinCEN’s announcement noted that “[a]s many of the facts and circumstances underlying the OCC’s civil penalty also form the basis of FinCEN’s Consent Order, FinCEN agreed to credit the $60 million civil penalty imposed by the OCC,” adding that, combined, the bank “will pay a total of $140 million to the U.S. Treasury for its violations, with $80 million representing FinCEN’s penalty and $60 million representing the OCC’s penalty.”
FINRA: Supervisory obligations rest with a firm’s business management, not the chief compliance officer
On March 17, FINRA issued Regulatory Notice 22-10 reminding member firms that meeting their supervisory obligations under Rule 3110 “rests with a firm’s business management, not its compliance officials.” According to FINRA, a firm’s chief compliance officer’s (CCO) role generally is advisory and not supervisory, and as such, an action will not be brought against a CCO under Rule 3110 for failure to supervise unless a firm confers to the CCO supervisory responsibilities, and the CCO then fails “to discharge those responsibilities in a reasonable manner.” Specifically, FINRA stated that supervisory liability will not apply to a firm’s CCO unless the CCO is responsible for either establishing, maintaining, and updating the firm’s supervisory procedures, or has been “expressly or impliedly designated” to enforce the firm’s compliance with its supervisory procedures. With respect to determining a CCO’s liability when the CCO is exercising supervisory responsibilities, FINRA added that it would apply a reasonableness standard to a CCO’s actions. A CCO may be more likely to be held liable should it be discovered that (i) the CCO “was aware of multiple red flags or actual misconduct” and then failed to take steps to address the issues; (ii) the CCO “failed to establish, maintain, or enforce a firm’s written procedures”; (iii) “the CCO’s supervisory failure resulted in violative conduct”; or (iv) the “violative conduct caused or created a high likelihood of customer harm.”
FINRA also listed factors that would weigh against charging the CCO, including: (i) the CCO was given insufficient resources to undertake his supervisory responsibilities; (ii) the CCO was overburdened with other responsibilities; (iii) the CCO’s supervisory responsibilities were poorly defined; (iv) the firm changed in such a way such that it would be appropriate to allow the CCO time to update procedures; and (v) the CCO attempted to fulfill his duties, including by escalating concerns to senior leadership. FINRA added that it will also consider whether to take action against a firm or the firm’s president (or another individual with more director supervisory responsibility) rather than the CCO and explained that in some instances a Cautionary Action Letter may be more appropriate than formal disciplinary action.
NYDFS fines money transmitter $8.25 million for AML compliance failures
On March 16, NYDFS announced the imposition of an $8.25 million fine on a money transmitter alleged to have violated anti-money laundering (“AML”) requirements and New York law by failing to adequately supervise local agents in New York City that processed an unusual volume of suspicious transactions to China. NYDFS conducted an examination and enforcement investigation, which found that the company “did not adequately oversee the activity of six agents that saw a large spike in transaction volume of business with China.” According to the investigation, there were roughly 7,500 transactions aggregating approximately $30 million in 2014. These figures rose to more than 25,000 transactions aggregating more than $100 million during the period between January 2016 and May 2017. Most of these transactions were processed by small, store-front independent agents—“a clear indicator of increased money laundering risk, particularly given that the destination was known to carry a high AML risk,” NYDFS stated, adding that the company should have also addressed risks resulting from a suspicious pattern of different senders transmitting money to the same recipient. NYDFS acknowledged that the company, when alerted to the increased transaction activity, severed its relationship with the problematic agents and implemented remedial measures to improve supervision of its agents. Under the terms of the consent order, the company will pay an $8.25 civil money penalty and is required to submit a report to NYDFS outlining enhancements made with respect to new and existing agents, suspicious activity reporting program, and special transaction limitations. Additionally, NYDFS announced that the company will also update the Department on improvements to the policies and procedures of its Bank Secrecy Act/AML compliance program and will provide data to NYDFS for ongoing monitoring purposes.
CFPB scrutinizes student loan servicers’ PSLF compliance
On February 18, the CFPB released a compliance bulletin warning student loan servicers to make sure they provide complete and accurate information to eligible borrowers about Public Service Loan Forgiveness (PSLF) benefits. The Bureau indicated that it will be paying close attention to servicers’ compliance with Dodd-Frank’s prohibition on unfair, deceptive, or abusive acts or practices. Last October, the Department of Education changed its PSLF program to now provide qualifying borrowers with a time-limited PSLF waiver that allows all payments to count towards PSLF regardless of loan program or payment plan. The waiver covers payments made on loans under the Federal Family Education Loan Program or Perkins Loan Program. (Covered by InfoBytes here.) However, Bureau supervisory findings revealed unfair or deceptive practices taken by servicers that have prevented many borrowers from making progress towards forgiveness. The Bureau emphasized that it expects servicers to comply with federal consumer financial protection laws when administering the new PSLF waiver and providing assistance to borrowers. The Bureau “will pay particular attention” to whether (i) servicers of any federal loan type provide complete and accurate information about the PSLF waiver in communications related to PSLF or loan consolidation; (ii) servicers have adequate policies and procedures to recognize when borrowers express interest in PSLF or the PSLF waiver (or where borrowers’ files otherwise demonstrate their eligibility), in order to direct borrowers to appropriate resources; and (iii) servicers take measures “to promote the benefits of the PSLF Waiver to borrowers who express interest or whose files otherwise demonstrate their eligibility.” The Bureau advised servicers to consider enhancing their compliance management systems to ensure borrowers receive accurate and complete information about the PSLF waiver and that their enrollment is facilitated.
OCC to host risk management workshops
On February 7, the OCC released its lineup of free, virtual workshops for boards of directors of community national banks and federal savings associations. Included as part of the workshops to be held this spring is a risk management series focusing on credit risk, operational risk, compliance risk, and risk governance. Another workshop will present guidance for directors and senior managers on building blocks for success. A schedule of the upcoming workshops and registration information is available here.
CFPB publishes 2022 reportable HMDA data reference chart
On January 27, the CFPB published the Reportable HMDA Data: A Regulatory and Reporting Overview Reference Chart for HMDA Data Collected in 2022. The chart serves as a reference tool for data points that are required to be collected, recorded, and reported under Regulation C, as amended by HMDA rules, which were most recently issued in April 2020 (covered by InfoBytes here). The chart also provides relevant regulation and commentary sections and guidance for when to report “not applicable or exempt.” The Bureau notes that the “chart does not provide data fields or enumerations used in preparing the HMDA loan/application register (LAR).” For additional information on preparing the HMDA LAR, financial institutions should consult FFIEC guidance here.
CFTC issues no-action letter on compliance date for swap data
On January 31, the CFTC issued a no-action letter on the compliance dates for the November 25, 2020 amendments to the swap data reporting rules. According to the letter, the CFTC’s Division of Data does not recommend that the Commission take enforcement action against market participants “for failure to comply with the Amendments before December 5, 2022, and for failure to comply with the Block and Cap Amendments before December 4, 2023, provided that the entity comply with the Parts 43, 45, 46, and 49 regulations that were in effect on January 1, 2021.” A statement released by CFTC Commissioner Dawn D. Stump noted that she “expect[s] market participants to work diligently toward resolving the operational and technological issues they have encountered in complying with the Amendments,” and that she hoped the efforts will “better align swap data reporting rules internationally [and] will at last permit much needed international deference among the various regulatory bodies who long ago committed to improving swap data for the benefit of these global markets.”
OCC seeks comments on compliance risk for reverse mortgages
On January 28, the OCC published a notice and request for comment in the Federal Register seeking feedback on the renewal of its guidance for managing compliance and reputation risks for reverse mortgage products. The OCC, along with the FDIC, Federal Reserve Board, and the NCUA issued final guidance in 2010 focusing on the need for institutions “to provide adequate information to consumers about reverse mortgage products, to provide qualified independent counseling to consumers considering these products, and to avoid potential conflicts of interest.” The 2010 guidance also addressed related policies, procedures, internal controls, third party risk management, training, and program maintenance. The current notice seeks feedback on (i) whether the collection of the information is necessary and carries a practical utility; (ii) the accuracy of the estimates of the information collection burden; (iii) methods for enhancing the quality, utility and clarity of the information to be collected; (iv) ways to minimize the information collection burden for respondents; and (v) “[e]stimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information.” Comments are due March 29.
CFPB issues HMDA filing reminders and tips
On January 18, the CFPB issued “reminders and tips” for preparing and uploading submission for 2021 HMDA data, which will close for on-time submissions on March 1. As previously covered by InfoBytes, the filing period for HMDA data collected in 2021 opened on January 1. According to the CFPB, filers are encouraged to utilize the 2021 Beta Platform to test their loan/application register files prior to submission, which is available on an ongoing basis. However, no data submitted on the Beta Platform will be considered for compliance with HMDA data reporting requirements. Regarding open-end thresholds, the threshold for reporting data about open-end lines of credit is 200 in each of the two preceding calendar years, which became effective January 1. The CFPB also noted, among other things, that: (i) the Legal Entity Identifier, used to register with the HMDA Platform and submit HMDA data must relate to the institution covered by Regulation C; (ii) an institution is required to report whether the obligation arising from a covered loan was, or for an application would have been, initially payable to the institution, except for purchased covered loans and transactions covered by a partial exemption; and (iii) users can use their existing credentials to log in to the 2021 HMDA Data Platform.
NYDFS puts CFDL compliance obligations on hold
On December 31, NYDFS announced that providers’ compliance obligations under the state’s Commercial Finance Disclosure Law (CFDL) will not take effect until the necessary implementing regulations are issued and effective. The CFDL was enacted at the end of December 2020, and amended in February 2021, to expand coverage and delay the effective date to January 1, 2022. (See S5470-B, as amended by S898.) Under the CFDL, providers of commercial financing, which include persons and entities who solicit and present specific offers of commercial financing on behalf of a third party, are required to give consumer-style loan disclosures to potential recipients when a specific offering of finance is extended for certain commercial transactions of $2.5 million or less. In October 2021, NYDFS published a notice announcing a proposed regulation (23 NYCRR 600) to implement the CFDL, which provided that the compliance date for the final regulation will be six months after the final adoption and publication of the regulation in the State Register (covered by InfoBytes here). Comments on the proposed regulation were due December 19. NYDFS noted in its announcement that “[i]n light of the significant feedback received, the Department is carefully considering the comments received and intends to publish a revised proposed regulation for notice-and-comment early in the new year.”