InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC Releases Semiannual Risk Perspective Report
On July 11, the OCC released its Semiannual Risk Perspective for Spring 2016, which generally provides an overview of supervisory concerns for the federal banking system and specifically presents data as of December 31, 2015 in the following areas: (i) operating environment; (ii) bank performance; (iii) key risk issues; and (iv) regulatory actions. Similar to the fall 2015 report, the current report identifies cybersecurity, third-party vendor management, business continuity planning, TRID, and BSA/AML compliance, among other things, as key areas of potential operational and compliance risk. Further, the report highlights the new Military Lending Act rule, effective October 3, 2016, as a new key potential risk. According to the report, the OCC’s supervisory priorities for the next twelve months will generally remain the same; moreover, the outlook for the OCC’s Large Bank Supervision and Midsize and Community Bank Supervision operating units will remain broadly similar.
CFPB Takes Action Against North Dakota Payment Processor for Alleged Unauthorized Withdrawal Practices
On June 6, the CFPB filed a complaint against a North Dakota-based third-party payment processor and two of its senior executives for alleged violations of the Dodd-Frank Act’s prohibition against unfair acts and practices. Acting on behalf of its clients, the payment processor transferred funds electronically through a network called the Automated Clearing House, and in the process, according to the CFPB, the payment processor “ignored numerous red flags about the transactions they were processing, including repeated consumer complaints, warnings about potential fraud or illegality raised by banks involved in the transactions, unusually high return rates, and state and federal law enforcement actions against their clients.” The CFPB contends that the defendants failed to: (i) heed warnings, including federal and state enforcement actions taken against the defendants’ clients, from banks and consumers regarding potential fraud or unauthorized debits; (ii) adequately monitor and respond to “enormously” high return rates; and (iii) investigate “red flags” throughout its clients’ application processes that “should have caused it to… perform enhanced due diligence prior to accepting a client for processing.” Regarding the individuals’ involvement in the allegedly unlawful activity, the CFPB’s complaint alleges that both engaged in unfair acts and practices by “actively ignoring” a number of red flags associated with the payment processor’s business activities. The CFPB’s complaint seeks monetary relief, injunctive relief, and penalties.
FTC to Host Fourth Start with Security Event
On June 15, the FTC will host its fourth Start with Security event in Chicago, Illinois. Featuring agency representatives Todd Kossow, Maureen Ohlhausen, Cora Han, Jim Trilling, Steve Wernikoff, and Andrea Arias, as well as security experts from various industries, the Start with Security event is intended to provide companies with tips for implementing effective data security. The event will host the following four panels: (i) Building a Security Culture; (ii) Integrating Security into the Development Pipeline; (iii) Considering Security when Working with Third Parties; and (iv) Recognizing and Addressing Network Security Challenges. A full day event, the panels “will address how companies can create and prioritize a culture of security, how to integrate security into the development pipeline, what security issues to consider when a company works with third parties, and how to recognize and address network security challenges.”
As recently noted in its 2015 Annual Highlights report, the FTC’s Start with Security efforts, including its June 2015 Guide for Business, are part of the agency’s education outreach programs designed to promote good data security practices within businesses.
CSBS and Multi-State Mortgage Committee Report on 2015 Supervisory Efforts
The Conference of State Bank Supervisors (CSBS) and the Multi-State Mortgage Committee (MMC) issued a report to state regulators regarding its 2015 review of the supervisory structure around examination and risk assessment of non-bank mortgage loan servicers. Notable servicing examination findings outlined in the report include: (i) violations and deficiencies related to loan transfer activity, noting that a “significant portion of servicing examination findings are tied to the mortgage servicing requirements implemented into the [RESPA] and [TILA] in January of 2014”; (ii) ineffective oversight of sub-servicer activity and insufficient third party vendor management; and (iii) ineffective examination management procedures on the part of mortgage servicers, leading to delayed examination processes, as well as impeded regulatory oversight. The report further outlines origination examination findings, emphasizing RESPA violations related to Mortgage Servicing Agreements (MSAs) which typically include payments for promotional advertising services performed on behalf of the mortgage company. According to the MMC, MSA-related violations carry high risk. Additional MMC 2015 observations outlined in the report include, but are not limited to, the following: (i) state license engagement of third party providers overseen by federal regulators resulted in an increase of state/federal communications and information sharing, fostering a stronger regulatory framework; (ii) lapses in loan originator education may lead to significant deficiencies at the company level; (iii) whistleblower information provided to the MMC in 2015 played a large role in uncovering prohibited activity; and (iv) technological systems with incorrect programming continue to cause lenders to charge borrowers statutorily prohibited fees. Finally, the report briefly touches on the CSBS’ and the NMLS’s Mortgage Call Report Analytics Tool – designed to provide detailed information about the loan portfolio and financial condition of a company – and the State Coordinating Committee’s coordinated efforts with the CFPB to include the development of the Coordinated Examination Guidance tool, which is intended to provide “suggested best practices for coordinated examinations and a step-by-step listing of action items to be completed during a coordinated examination.”
FFIEC Updates IT Examination Handbook
On April 29, the FFIEC updated its IT Examination Handbook, revising its Retail Payment Systems booklet to include an Appendix E, Mobile Financial Services. The Retail Payment Systems booklet consists of guidance intended to help examiners evaluate financial institutions’ and third-party providers’ management of risks associated with retail payment systems. Appendix E is designed to address risk management associated with mobile financial services (MFS): “Appendix E contains guidance pertaining to [MFS] risks that supplements existing booklet guidance on other retail payment topics, such as electronic payments related to credit cards and debit cards, remote deposit capture and changes in technology or retail payment systems.” Appendix E outlines risk management practices for the following MFS technologies: (i) short message service/text messaging; (ii) mobile-enabled web sites and browsers; (iii) mobile applications; and (iv) wireless payment technologies. In addition to MFS technologies, Appendix E also addresses management strategies related to (i) risk identification; (ii) risk measurement; (iii) risk mitigation; and (iv) monitoring and reporting.