InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC formally rescinds CRA rule
On December 14, the OCC issued a final rule rescinding its 2020 Community Reinvestment Act Rule (2020 Rule) and replacing it with a rule based largely on the prior rules adopted jointly by the federal banking agencies in 1995, as amended (1995 Rules). (See also OCC Bulletin 2021-16.) According to the OCC, the “action is intended to facilitate the ongoing interagency work to modernize the CRA regulatory framework and promote consistency for all insured depository institutions.” As previously covered by a Buckley Special Alert, the 2020 Rule was intended to modernize the regulatory framework implementing the CRA and provided for at least a 27-month transition period for compliance based on a bank’s size and business model, among other things.
In September, the OCC solicited comments on a proposal to rescind the 2020 Rule (NPRM) and issued a series of frequently asked questions discussing the rulemaking process and providing a general timeline on the transition from the 2020 Rule (covered by InfoBytes here and here). The FAQs addressed questions including concerns related to the transition period for tracking activities that qualify under the 2020 Rule but would not qualify should the 1995 Rules be reinstated. The OCC announced that after reviewing transition issue comments received on the NPRM, the final rule had been adopted largely without modification. The final rule carries a compliance date of January 1, 2022, for all national banks and federal and state savings associations, with the exception of the final rule’s public file and public notice provisions, which have a delayed compliance date of April 1, 2022. According to the OCC, transitioning back to the 1995 Rules should carry a limited burden as the June 2020 Rule had only been partially implemented.
The OCC further noted that “strategic plans approved under the June 2020 Rule may remain in effect” but that “these plans must comply with the provisions of the final rule, as applicable.” Also, since the final rule stipulates that a bank’s record of helping to meet the credit needs of its assessment area(s) will be taken into consideration, “provisions in strategic plans that include goals for activities outside a bank’s assessment area(s) will no longer be applicable, and the OCC will no longer evaluate these activities when assessing the bank’s performance.” Additionally, the OCC stated that the new rule is intended to limit the CRA burden on banks, bank communities, and examiners while ensuring that insured depository institutions can “meet the credit needs of their entire communities, including low- and moderate-income [] neighborhoods,” consistent with safe and sound operations.
Chopra discusses DIF restoration plan
On December 14, CFPB Director Rohit Chopra expressed concerns with the FDIC’s current plan to “restore the Deposit Insurance Fund to the statutory minimum in 2028.” The Federal Deposit Insurance Act requires the development and adoption of a Deposit Insurance Fund (DIF) Restoration Plan (Plan) when the fund’s reserve ratio drops below 1.35 percent or is expected to within six months. According to the FDIC, “[e]xtraordinary growth in insured deposits during the first and second quarters of 2020 caused the reserve ratio to decline below the statutory minimum as of June 30, 2020.” The FDIC Board adopted the Plan in September 2020 to restore DIF’s levels to at least 1.35 percent by September 30, 2028, but noted during the Plan’s semiannual update for 2021 that “the overall economic outlook has strengthened relative to when the Plan was first adopted in September 2020,” and that “the banking system continues to appear better positioned to withstand losses when compared to prior periods of stress.” FDIC Chair Jelena McWilliams also commented that since it is difficult to predict deposit trends and potential losses, the agency will continue to monitor this space.
Chopra cautioned that “[g]iven the significant uncertainty in the projections embedded in this plan—and the ultimate goal to have the Deposit Insurance Fund well exceed the 1.35% statutory minimum—we must continue to carefully analyze this plan to probe whether any amendments are necessary prior to the next semi-annual update to the Board of Directors.” He further noted that the 2008 financial crisis highlighted the importance of “countercyclical policy,” and that “regulatory and supervisory safeguards should be strengthened in stronger economic times, when risks tend to build in the financial system and when bank profits are robust.”
Chopra releases statement on bank merger policy conflict
On December 14, after his first public meeting as a Member of the Board of Directors of the FDIC, CFPB Director Rohit Chopra issued a statement detailing the circumstances leading up to the request for information (RFI) that seeks public comment on revising the FDIC’s framework for vetting proposed bank mergers. Chopra’s statement follows an FDIC statement (covered by InfoBytes here) refuting a request for review of bank merger policies announced in a CFPB blog post. In his December 14 statement, Chopra challenged the view that only the FDIC Chairperson has the right to raise matters for discussion in board meetings and explained how the Directors had “circulated a draft Request for Information on the Bank Merger Act with the intention of releasing it jointly with the Office of the Comptroller of the Currency.” Chopra noted the draft RFI “was not a draft rule or guidance document – it was largely a series of questions to solicit input, given the President’s reasonable request, the need to incorporate the Dodd-Frank Act’s amendments, and the long-term trend in consolidation.” Chopra further stated that it “should have been a no-brainer where consensus could easily be achieved,” but due to “the General Counsel’s improper assertion that the Chairperson had implicit veto power, the draft was not given appropriate attention.”
Chopra called for “immediate[]” resolution of the conflict, adding that “[a]bsent a return to legal reality and constructive engagement, board members will need to take further steps to exercise independence from management and to ensure sound governance of the [FDIC].”
The same day, acting Comptroller of the Currency Michael J. Hsu released a statement supporting “the view of the majority of the FDIC Board members that the Bank Merger Act (BMA) guidelines are ripe for review,” noting that his particular focus is on “the financial stability prong, given large bank merger trends and my experience in the 2008 financial crisis with too-big-to-fail firms.” Hsu also stated that he “voted for the Request for Information (RFI) on the BMA due to the inability to reach compromise and urgency on the financial stability issue,” and he expressed concerns that “legal or procedural quicksand may ultimately limit our ability to act on this issue in a timely manner.”
CFPB publishes fall 2021 rulemaking agenda
On December 13, the Office of Information And Regulatory Affairs released the CFPB’s fall 2021 rulemaking agenda. According to a Bureau announcement, the information released represents regulatory matters the Bureau plans to pursue during the period from November 2, 2021 to October 31, 2022. Additionally, the Bureau stated that the latest agenda reflects continued rulemakings intended to further its consumer financial protection mission and help advance the country’s economic recovery from the Covid-19 pandemic. Promoting racial and economic equity and supporting underserved and marginalized communities’ access to fair and affordable credit continue to be Bureau priorities.
Key rulemaking initiatives include:
- Small Business Rulemaking. This fall, the Bureau issued its long-awaited proposed rule (NPRM) for Section 1071 regulations, which would require a broad swath of lenders to collect data on loans they make to small businesses, including information about the loans themselves, the characteristics of the borrower, and demographic information regarding the borrower’s principal owners. (Covered by a Buckley Special Alert.) The NPRM comment period goes through January 6, 2022, after which point the Bureau will review comments as it moves to develop a final rule. Find continuing Section 1071 coverage here.
- Consumer Access to Financial Records. The Bureau noted that it is working on rulemaking to implement Section 1033 of Dodd-Frank in order to address the availability of electronic consumer financial account data. The Bureau is currently reviewing comments received in response to an Advance Notice of Proposed Rulemaking (ANPR) issued fall 2020 regarding consumer data access (covered by InfoBytes here). Additionally, the Bureau stated it is monitoring the market to consider potential next steps, “including whether a Small Business Review Panel is required pursuant to the Regulatory Flexibility Act.”
- Property Assessed Clean Energy (PACE) Financing. As previously covered by InfoBytes, the Bureau published an ANPR in March 2019 seeking feedback on the unique features of PACE financing and the general implications of regulating PACE financing under TILA (as required by Section 307 of the Economic Growth, Regulatory Relief, and Consumer Protection Act, which amended TILA to mandate that the Bureau issue certain regulations relating to PACE financing). The Bureau noted that it continues “to engage with stakeholders and collect information for the rulemaking, including by pursuing quantitative data on the effect of PACE on consumers’ financial outcomes.”
- Automated Valuation Models (AVM). Interagency rulemaking is currently being pursued by the Bureau, Federal Reserve Board, OCC, FDIC, NCUA, and FHFA to develop regulations for AVM quality control standards as required by Dodd-Frank amendments to FIRREA. The standards are designed to, among other things, “ensure a high level of confidence in the estimates produced by the valuation models, protect against the manipulation of data, seek to avoid conflicts of interest, require random sample testing and reviews,” and account for any other appropriate factors. An NPRM is anticipated for June 2022.
- Amendments to Regulation Z to Facilitate LIBOR Transition. As previously covered by InfoBytes, the Bureau issued a final rule on December 7 to facilitate the transition from LIBOR for consumer financial products, including “adjustable-rate mortgages, credit cards, student loans, reverse mortgages, [and] home equity lines of credit,” among others. The final rule amended Regulation Z, which implements TILA, to generally address LIBOR’s eventual cessation for most U.S. dollar settings in June 2023, and establish requirements for how creditors must select replacement indices for existing LIBOR-linked consumer loans. The final rule generally takes effect April 1, 2022.
- Reviewing Existing Regulations. The Bureau noted in its announcement that it decided to conduct an assessment of a rule implementing HMDA (most of which took effect January 2018), and referred to a notice and request for comments issued last month (covered by InfoBytes here), which solicited public comments on its plans to assess the effectiveness of the HMDA Rule. Additionally, the Bureau stated that it finished a review of Regulation Z rules implementing the Credit Card Accountability Responsibility and Disclosure Act of 2009, and that “[a]fter considering the statutory review factors and public comments,” it “determined that the CARD Act rules should continue without change.”
Notably, there are 14 rulemaking activities that are listed as inactive on the fall 2021 agenda, including rulemakings on overdraft services, consumer reporting, student loan servicing, Regulation E modernization, abusive acts and practices, loan originator compensation, and TILA/RESPA mortgage disclosure integration.
FDIC refutes CFPB’s bank merger policy announcement
On December 9, the FDIC issued a statement refuting a request for review of bank merger policies announced in a CFPB blog post. According to a joint statement issued by FDIC Board member Martin J. Gruenberg and Rohit Chopra (who has an automatic board seat as Director of the CFPB), the FDIC Board of Directors voted to launch a public comment period on updating the FDIC’s regulatory implementation of the Bank Merger Act. Gruenberg and Chopra indicated that the Board members taking part in this action have approved a Request for Information and Comment on Rules, Regulations, Guidance, and Statements of Policy Regarding Bank Merger Transactions, which would seek public input on the FDIC’s approach to considering prudential factors in acting on a bank merger application, specifically related to “whether bright line minimum standards for prudential factors should be established, and if so, what minimum standards for which prudential factors.” In his blog post, Chopra noted that the Bureau is particularly interested in how the assessment of a bank merger’s impact on families and businesses in local communities would work in practice, and how should regulators ensure a merger does not increase the risk of bank failure or otherwise disrupt the economy should the bank face financial distress. According to the Gruenberg and Chopra joint statement, the Board’s action authorizes the FDIC’s executive secretary to publish the RFI in the Federal Register, upon which a 60-day window for comments will commence.
Shortly following the release of the joint statement, the FDIC released a statement disputing that any action had been approved, stressing that it “has longstanding internal policies and procedures for circulating and conducting votes of its Board of Directors, and for issuing documents for publication in the Federal Register.” Adding that “[i]n this case, there was no valid vote by the Board, and no such request for information and comment has been approved by the agency for publication in the Federal Register,” the FDIC commented that “[n]otwithstanding the actions taken today, the FDIC expects this time-honored tradition of collegiality and comity to continue.”
FFIEC updates BSA/AML examination manual
On December 1, the Federal Financial Institutions Examinations Council (FFIEC) published updated versions of three sections and one new section of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (Manual), which provides examiners with instructions for assessing a bank or credit union’s BSA/AML compliance program and adherence to BSA regulatory requirements. The new section is Introduction – Customers, and the revisions include the following updated sections: Charities and Nonprofit Organizations, Independent Automated Teller Machine Owners or Operators, and Politically Exposed Persons. The FFIEC noted that the “updates should not be interpreted as new instructions or as a new or increased focus on certain areas,” but rather are intended to “provide information and considerations related to certain customers that may indicate the need for bank policies, procedures, and processes to address potential money laundering, terrorist financing, and other illicit financial activity risks.” In addition, the Manual itself does not establish requirements for financial institutions, which are found in applicable statutes and regulations. (See also FDIC FIL-12-2021 and OCC Bulletin 2021-10.) As previously covered by InfoBytes, in June, the FFIEC updated the following sections of the Manual: International Transportation of Currency or Monetary Instruments Reporting, Purchase and Sale of Monetary Instruments Recordkeeping, Reports of Foreign Financial Accounts, and Special Measures.
Agencies discuss crypto-asset next steps
On November 23, the FDIC, OCC, and Federal Reserve Board issued a joint statement summarizing a recent series of interagency “policy sprints” focused on crypto-assets. During the policy sprints, the agencies conducted preliminary analysis on issues related to banking organizations’ potential involvement in crypto-asset-related activities, and identified and assessed key risks related to safety and soundness, consumer protection and compliance. The agencies also, among other things, analyzed the applicability of existing regulations and guidance on this space and identified several areas where additional public clarity is needed. Throughout 2022, the agencies intend to provide greater clarity on whether certain crypto-asset-related activities conducted by banking organizations are legally permissible. The agencies also plan to expand upon their safety and soundness expectations related to: (i) crypto-asset safekeeping and traditional custody services; (ii) ancillary custody services; (iii) facilitation of customer purchases and the sale of crypto-assets; (iv) loans collateralized by crypto-assets; (v) issuance and distribution of “stablecoins”; and (vi) activities involving a bank’s holding of crypto-assets on its balance sheet. The joint statement, which does not alter any current regulations, also states that the agencies plan to “evaluate the application of bank capital and liquidity standards to crypto-assets for activities involving U.S. banking organizations” and that the agencies will continue to monitor developments in this space as the market evolves.
FDIC releases October enforcement actions
On November 26, the FDIC released a list of administrative enforcement actions taken against banks and individuals in October. During the month, the FDIC issued three orders consisting of “one Order to Pay Civil Money Penalty, one Consent Order, and one Section 19 Order.” Among the orders is a civil money penalty imposed against an Arkansas-based bank based on allegations of deceptive practices related to misrepresenting the availability of Veterans Administration refinance loan terms. The bank, which did not admit or deny the violations, agreed to pay a $129,800 civil money penalty.
FDIC updates brokered deposit FAQs
On November 22, the FDIC released an update to the Questions and Answers Related to the Brokered Deposits Rule. The FDIC clarified in a new FAQ in conjunction with the updated Brokered Deposit framework that, with respect to the “facilitation” definition’s first prong, a “third party that has legal authority, contractual or otherwise, to direct another entity (e.g., custodial agent) to move a depositor’s funds or close a depositor’s account would meet the first prong of the ‘facilitation’ definition.” The FAQ specified, however, that such third parties would not meet this first prong if the third party directs another entity to move depositor funds or close a depositor’s account “based only upon either instructions or an approval received from the depositor for each occurrence and specific to each deposit account.” The FAQ further noted that third parties recommending the placement of funds in a particular deposit account may meet the second and/or third prong of the “facilitation” definition depending on various facts and circumstances.
New rule gives banks 36 hours to disclose cybersecurity incidents
On November 18, the FDIC, Federal Reserve Board, and the OCC issued a final rule intended to enhance information sharing about cyber incidents that may affect the U.S. banking system. The final rule, among other things, requires a banking organization to timely notify its primary federal regulator in the event of a significant computer-security incident within 36 hours after the banking organization determines that a cyber incident has taken place. The final rule notes that notification is required for incidents that have affected, in certain circumstances: (i) the viability of a banking organization’s operations; (ii) its ability to deliver banking products and services; or (iii) the stability of the financial sector. Additionally, the final rule requires a bank service provider to notify affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially dispute or degrade, a banking organization’s customers for four or more hours. The final rule further provides that the notification requirement for bank service providers is important since “banking organizations have become increasingly reliant on third parties to provide essential services,” which may also experience computer-security incidents that could affect the support services they provide to banking organization customers, along with other significant impacts. The rule is effective April 1, 2022, and banking organizations are expected to comply with the final rule by May 1, 2022.