InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
NYDFS Issues New Guidance on Banks' Incentive Compensation Arrangements
On October 11, the New York Department of Financial Services (NYDFS) issued new guidance regarding incentive compensation arrangements, advising “all regulated banking institutions that no incentive compensation may be tied to employee performance indicators, such as the number of accounts opened, or the number of products sold per customer, without effective risk management, oversight and control.” At a minimum, the guidance requires that a bank’s incentive compensation arrangement address the following principles: (i) balance between risks and rewards; (ii) effective controls and risk management; and (iii) effective corporate governance. NYDFS stated that a bank’s lack of compliance with the guidance will be reflected in its regulatory examination rating and may result in additional regulatory action.
The NYDFS’s recently released guidance comes in the wake of a September action taken jointly by the OCC and the CFPB over a bank’s alleged sales practices under which, in an effort to meet sales goals and earn financial rewards under the bank’s incentive compensation program, employees purportedly opened deposit and credit card accounts for consumers without obtaining those consumers’ consent.
FDIC Releases Summer 2016 Supervisory Insights
The FDIC recently released its Summer 2016 Supervisory Insights, which in addition to providing an overview of newly released supervisory guidance and regulations, includes the following two articles: “De Novo Banks: Economic Trends and Supervisory Framework” and “‘Matters Requiring Board Attention’ Underscore Evolving Risks in Banking.” The first article summarizes (i) trends in de novo formation; (ii) the application process for deposit insurance; (iii) the FDIC’s supervisory approach to de novo institutions; and (iv) FDIC initiatives intended to “support the development, submission, and review of proposals to organize new institutions.” According to the FDIC Director Doreen Eberley, the “entry of new institutions helps to preserve the vitality of the banking sector, fill critical gaps in local banking markets, and provide credit services to communities that may not currently have a local financial institution.” The second article discusses Matters Requiring Board Attention (MRBA), which are identified in written reports of examinations (ROEs) and communicated to banks as significant operational issues warranting improvement. According to the FDIC, from 2014 through 2015, board and management issues were the most frequently listed MRBAs. For example, nearly half of the board and management-related MRBAs concern “corporate governance issues attributable to incomplete or ineffective policies,” while approximately 31% address audit concerns. Based off MBRA trends discussed in the article, the FDIC emphasized “the need for strong risk management policies and practices, particularly as credit volumes continue to increase during this current economic expansion.”
FDIC Seeks Comments on Proposed Guidance for Third-Party Lending
On July 29, the FDIC issued FIL-50-2016 to request comments on the agency’s proposed Guidance for Third-Party Lending, which aims to “set forth safety and soundness and consumer compliance measures FDIC-supervised institutions should follow when lending through a business relationship with a third party.” Pursuant to the proposed guidance, third-party lending would be defined as “a lending arrangement that relies on a third party to perform a significant aspect of the lending process.” Intended to supplement the FDIC’s 2008 Guidance for Managing Third-Party Risk, the proposed guidance seeks to establish specific expectations for third-party lending arrangements. FIL-50-2016 includes 10 questions related to (i) the proposed definition of third-party lending and the scope of the guidance; (ii) the potential risks arising from the use of third parties, with a particular emphasis on risks associated with third-party lending programs; (iii) the proposed expectations for establishing a third-party lending risk management program, including expectations around strategic planning policy development, risk assessment, due diligence and ongoing oversight, model risk management, vendor oversight, and contract structuring and review; (iv) supervisory considerations, including, but not limited to, credit underwriting and administration, loss recognition practices, and consumer compliance; and (v) the proposed examination procedures, which would establish “a 12-month examination cycle for institutions with significant third-party lending programs, including for those institutions that may otherwise qualify for an 18-month examination cycle.” Comments on the proposed guidance, with a particular emphasis on the questions posed in FIL-50-2016, are due by October 27, 2016.
OCC Updates Comptroller's Handbook to Include New Corporate and Risk Governance Booklet
On July 29, the OCC released the “Corporate and Risk Governance” booklet to update, consolidate, and rescind various booklets in the Comptroller’s Handbook. The new booklet is intended to provide examiners with a summary of corporate and risk governance, related risks, the board’s and management’s respective roles and responsibilities in corporate and risk governance, and examination procedures. The new booklet identifies the following as the primary risk categories associated with corporate and risk governance: (i) strategic; (ii) reputation; (iii) compliance; and (iv) operational. The booklet advises banks to maintain corporate and risk governance structures and practices that align with their changes in size, risk profile, and complexity. According to the booklet, an effective corporate and risk governance framework is key to the safe and sound operation of a financial institution and stimulates public confidence in the financial system.
OCC Releases Semiannual Risk Perspective Report
On July 11, the OCC released its Semiannual Risk Perspective for Spring 2016, which generally provides an overview of supervisory concerns for the federal banking system and specifically presents data as of December 31, 2015 in the following areas: (i) operating environment; (ii) bank performance; (iii) key risk issues; and (iv) regulatory actions. Similar to the fall 2015 report, the current report identifies cybersecurity, third-party vendor management, business continuity planning, TRID, and BSA/AML compliance, among other things, as key areas of potential operational and compliance risk. Further, the report highlights the new Military Lending Act rule, effective October 3, 2016, as a new key potential risk. According to the report, the OCC’s supervisory priorities for the next twelve months will generally remain the same; moreover, the outlook for the OCC’s Large Bank Supervision and Midsize and Community Bank Supervision operating units will remain broadly similar.
OCC to Host Risk Governance and Credit Workshops
On August 16, the OCC will host a Risk Governance workshop intended to provide directors of national community banks and federal savings associations with information to measure and manage risk. On August 17, the OCC will also host a Credit Risk workshop. Each workshop will take place in Kansas City, Missouri and will be limited to 35 registrants.
OCC Updates Comptroller's Handbook to Include New Student Lending Booklet
On May 9, the OCC updated its Comptroller’s Handbook to include a new booklet titled “Student Lending.” Despite banks having to alter their private student lending strategies as a result of the 2008 financial crisis, the OCC’s booklet maintains that banks can still benefit from the wider array of consumer products and the broader business model that the private student lending industry offers. The new booklet contains information related to banks’ participation in the private student lending industry, including, but not limited to:
- Inherent credit, interest rate, liquidity, price, operational, compliance, strategic, and reputation risks in the industry.
- Unique aspects of private student loans, such as the “significant time lag between loan advances and repayment, and the student borrower’s lack of certainty in finding a stable, reliable primary source of repayment after graduation.”
- Regulatory expectations for safe and sound operations, cautioning that banks should adhere to the credit underwriting and documentation standards as stated in 12 CFR 30, appendix A, “Safety and Soundness Standards.”
- Risk management practices, reminding banks that use third parties to market, solicit, or originate private student loans to have in place risk management frameworks that include due diligence in selecting third parties, written contracts that have been vetted for duties, obligations, and responsibilities of all parties (compensation parameters included), and ongoing monitoring and quality assurance programs.
Designed for examiners to use in their examination and supervision of banks involved in the private student lending industry, the booklet outlines two sets of examination procedures: (i) primary examination, when an examiner’s objective is to “assess risk level, evaluate the quality of risk management, and determine the aggregate level and direction of risk of the bank’s student lending activities”; and (ii) supplemental examination, when examiners “determine whether student lending marketing activities are consistent with the bank’s business plans, strategic plans, and risk appetite, and that appropriate controls and systems are in place before the bank rolls out new products or new-product marketing initiatives.” Finally, the booklet advises examiners reviewing banks’ student lending activities to “remain alert for lending practices and product terms that could indicate discriminatory, unfair, deceptive, abusive, or predatory issues.”
FFIEC Updates IT Examination Handbook
On April 29, the FFIEC updated its IT Examination Handbook, revising its Retail Payment Systems booklet to include an Appendix E, Mobile Financial Services. The Retail Payment Systems booklet consists of guidance intended to help examiners evaluate financial institutions’ and third-party providers’ management of risks associated with retail payment systems. Appendix E is designed to address risk management associated with mobile financial services (MFS): “Appendix E contains guidance pertaining to [MFS] risks that supplements existing booklet guidance on other retail payment topics, such as electronic payments related to credit cards and debit cards, remote deposit capture and changes in technology or retail payment systems.” Appendix E outlines risk management practices for the following MFS technologies: (i) short message service/text messaging; (ii) mobile-enabled web sites and browsers; (iii) mobile applications; and (iv) wireless payment technologies. In addition to MFS technologies, Appendix E also addresses management strategies related to (i) risk identification; (ii) risk measurement; (iii) risk mitigation; and (iv) monitoring and reporting.
OCC Releases Risk Appetite Statement
On April 12, the OCC released its Risk Appetite Statement (Statement) summarizing the agency’s largely conservative approach toward managing risks to the OCC’s mission, the financial system, and consumers. The Statement sets forth the OCC’s risk management principles and risk tolerance levels – low, medium, or high – pertaining to the following interrelated categories: (i) supervision; (ii) human capital; (iii) strategic; (iv) reputation; (v) technology; (vi) operational; (vii) legal; (viii) external; and (ix) financial. Significantly, the Statement notes that the OCC maintains a “low [risk] appetite for supervisory processes that do not ensure bank management soundly manages risk, provides fair access to financial services, treats consumers fairly, and complies with applicable laws and regulations.” By contrast, according to the Statement, the OCC has a moderate risk appetite with respect to allowing its staff to exercise flexibility in supervisory judgment, supervisory plan execution, and inter- and intra-agency collaboration, in an effort to “remain nimble in meeting the challenges of an evolving banking landscape.”
FDIC Provides Commentary on Responsibilities and Duties of Banks' Boards of Directors
On April 5, the FDIC issued a special Corporate Governance Edition of its Supervisory Insights publication titled, “21st Century Reflections on the FDIC Pocket Guide for Directors.” The new edition provides guidance to community bank boards of directors as well as an expanded, community bank-focused commentary on the FDIC Pocket Guide for Directors, which was issued in 1988. It covers a range of topics, such as the proper roles of directors and officers, as well as objectives for the development of policies and procedures for risk management and strategic planning. While the existing version of the Pocket Guide remains unchanged, this edition of Supervisory Insights incorporates more recent guidance and resources that the FDIC has provided since 1988. For example, the FDIC emphasizes that, “[i]n addition to covering areas outlined in the Pocket Guide and Safety and Soundness Standards, community bank directors should ensure that senior management has established appropriate risk management policies and procedures in Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) compliance, information technology and cyber risk, and compliance with Community Reinvestment Act and consumer protection laws and regulations.”