InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FDIC releases October enforcement actions
On November 26, the FDIC released a list of administrative enforcement actions taken against banks and individuals in October. During the month, the FDIC issued three orders consisting of “one Order to Pay Civil Money Penalty, one Consent Order, and one Section 19 Order.” Among the orders is a civil money penalty imposed against an Arkansas-based bank based on allegations of deceptive practices related to misrepresenting the availability of Veterans Administration refinance loan terms. The bank, which did not admit or deny the violations, agreed to pay a $129,800 civil money penalty.
FDIC updates brokered deposit FAQs
On November 22, the FDIC released an update to the Questions and Answers Related to the Brokered Deposits Rule. The FDIC clarified in a new FAQ in conjunction with the updated Brokered Deposit framework that, with respect to the “facilitation” definition’s first prong, a “third party that has legal authority, contractual or otherwise, to direct another entity (e.g., custodial agent) to move a depositor’s funds or close a depositor’s account would meet the first prong of the ‘facilitation’ definition.” The FAQ specified, however, that such third parties would not meet this first prong if the third party directs another entity to move depositor funds or close a depositor’s account “based only upon either instructions or an approval received from the depositor for each occurrence and specific to each deposit account.” The FAQ further noted that third parties recommending the placement of funds in a particular deposit account may meet the second and/or third prong of the “facilitation” definition depending on various facts and circumstances.
New rule gives banks 36 hours to disclose cybersecurity incidents
On November 18, the FDIC, Federal Reserve Board, and the OCC issued a final rule intended to enhance information sharing about cyber incidents that may affect the U.S. banking system. The final rule, among other things, requires a banking organization to timely notify its primary federal regulator in the event of a significant computer-security incident within 36 hours after the banking organization determines that a cyber incident has taken place. The final rule notes that notification is required for incidents that have affected, in certain circumstances: (i) the viability of a banking organization’s operations; (ii) its ability to deliver banking products and services; or (iii) the stability of the financial sector. Additionally, the final rule requires a bank service provider to notify affected banking organization customers as soon as possible when the provider determines that it has experienced a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially dispute or degrade, a banking organization’s customers for four or more hours. The final rule further provides that the notification requirement for bank service providers is important since “banking organizations have become increasingly reliant on third parties to provide essential services,” which may also experience computer-security incidents that could affect the support services they provide to banking organization customers, along with other significant impacts. The rule is effective April 1, 2022, and banking organizations are expected to comply with the final rule by May 1, 2022.
Agencies end Covid mortgage servicing flexibility
On November 10, the OCC, Federal Reserve Board, CFPB, FDIC, NCUA, and state financial regulators issued a joint statement announcing the end to temporary supervisory and enforcement flexibility provided to mortgage servicers due to the Covid-19 pandemic by the agencies’ April 3, 2020 joint statement. As previously covered by InfoBytes, the April 2020 joint statement provided mortgage servicers greater flexibility to provide CARES Act forbearance of up to 180 days and other short-term options upon the request of borrowers with federally backed mortgages without having to adhere to otherwise applicable rules. The April 2020 joint statement also announced that agencies would not take supervisory or enforcement action against mortgage servicers for failing to meet certain timing requirements under the mortgage servicing rules provided that servicers made good faith efforts to provide required notices or disclosures and took related actions within a reasonable time period.
The agencies noted in their announcement that while the pandemic continues to affect consumers and mortgage servicers, servicers have had sufficient time to take measures to assist impacted consumers and develop more robust business continuity and remote work capabilities. Accordingly, the agencies “will apply their respective supervisory and enforcement authorities, when appropriate, to address any noncompliance or violations of the Regulation X mortgage servicing rules that occur after the date of this statement.” However, the agencies will take into consideration, when appropriate, “the specific impact of servicers’ challenges that arise due to the COVID-19 pandemic and take those issues in account when considering any supervisory and enforcement actions,” including factoring in the time it may take “to make operational adjustments in connection with this joint statement.”
The same day, the Bureau released a report titled Mortgage Servicing Efforts in Response to the Covid-19 Pandemic, summarizing efforts taken by the Bureau since the start of the pandemic to respond to the evolving needs of homeowners and CFPB-supervised entities. These responses include: (i) conducting prioritized assessments and targeted supervisory reviews; (ii) issuing reminders to servicers that being “unprepared is unacceptable”; (iii) implementing temporary procedural safeguards to allow borrowers time to explore options before foreclosure; (vi) analyzing consumer complaint data and conducting targeted reviews of high-risk complaints related to pandemic forbearances; (v) analyzing and releasing information relating to mortgage servicers’ pandemic responses; (vi) documenting research on the pandemic’s disproportionate impact on Black, Hispanic, and low-income communities; and (vii) partnering with other federal agencies to create online tools to provide information on CARES Act assistance and protections, as well as providing homeowner outreach materials. The Bureau noted it “will continue to monitor closely the performance of mortgage servicers to prevent avoidable foreclosures to the maximum extent possible and will not hesitate to take supervisory or enforcement action if warranted.”
Agencies adopt standardized approach for counterparty credit risk Call Report
On November 9, the FDIC, Federal Reserve Board, and the OCC announced the publication of final regulatory reporting changes in the Federal Register applicable to three versions of the Call Report (FFIEC 031, FFIEC 041, and FFIEC 051). In July, the agencies proposed to revise and extend the Call Report for three years, and requested public comments on proposed changes to clarify instructions for reporting of deferred tax assets (DTAs) and to add a new item related to the standardized approach for counterparty credit risk (SA–CCR). (See FIL-53-2021.) Following the comment period, the agencies are proceeding with the proposed SA-CCR-related reporting change to the Call Report, which will take effect with the December 31, 2021 report date, subject to approval by the Office of Management and Budget. However, proposed instruction revisions related to DTAs are not final as the agencies continue to consider comments received on the proposed rule on tax allocation agreements. (See FIL-29-2021.) Supervised financial institutions are encouraged to review the proposed regulatory change. Redline copies of the Call Report and related draft reporting instructions are available on the FFIEC’s webpage here.
OCC says synthetic banking providers require supervision
On November 3, acting Comptroller of the Currency Michael J. Hsu spoke before the American Fintech Council’s Fintech Policy Summit 2021 and warned that “[t]he rebundling of banking services by fintechs and the fragmented supervision of universal crypto firms pose significant medium- to long-term risks to consumers, businesses, and financial stability.” Hsu also noted that large “universal” cryptocurrency firms interested in offering a wide range of financial services should “embrace comprehensive, consolidated supervision” like that given to banks. “Crypto firms today are regulated at most only partially and selectively, with no single regulator having a comprehensive view of the firm as a whole,” Hsu stated, adding “[t]his warrants greater attention as crypto firms, especially the universals, get bigger, engage in a wider range of activities and risk-taking, and deepen their interconnectedness within the crypto ecosystem and with traditional finance.” Warning that these “synthetic banking providers” (SBPs) could create a “run risk” and regulatory arbitrage, Hsu stressed the importance of removing “the disparity between the rights and obligations of banks and the rights and obligations of synthetic banking providers by holding SBPs to banking standards.” He further warned that customers’ needs must be met in a way that is reliable, consistently safe, sound, and fair, and discussed several reasons why more SBPs have not sought to become banks, including that “regulators have been unpredictable with regards to chartering new banks and approving fintech acquisitions of banks.” Establishing a clear, shared approach to the bank regulatory perimeter related to emerging technologies can address this challenge, he advised.
Hsu also announced that the OCC concluded its review of recent bank charter applications and cryptocurrency-related interpretive letters and stated that the agency will communicate its determinations and feedback to bank charter applicants in the coming weeks. Findings from a “crypto sprint” done in conjunction with the FDIC and Federal Reserve will also be communicated shortly. “The content of these communications—on the chartering decisions, interpretive letters, and the crypto sprint—will be broadly aligned with the vision for the bank regulatory perimeter laid out here today,” Hsu stated.FDIC establishes MDI support office
On November 2, the FDIC announced the creation of a new office to support the agency’s ongoing strategic and direct engagement with Minority Depository Institutions (MDIs), Community Development Financial Institution banks (CDFIs), and other mission-driven banks, in addition to promoting private sector investments in low- and moderate-income communities. The announcement further noted that FDIC Chairman Jelena McWilliams has initiated several programs for the FDIC’s MDI program since 2018, which include: (i) creating the Mission-Driven Bank Fund to facilitate critical capital investments in FDIC-insured MDIs and CDFIs (covered by InfoBytes here); (ii) establishing the MDI Subcommittee of the Advisory Committee on Community Banking; and (iii) adopting new processes to facilitate preservation of the minority character of an MDI in the case of a failure.
Biden Administration releases stablecoin recommendations
On November 1, the U.S. Treasury Department announced that the President’s Working Group on Financial Markets (PWG), with the FDIC and the OCC (collectively, “agencies”), released a report on stablecoins, which are a kind of digital asset intended to maintain a stable value relative to the U.S. dollar. The report noted that stablecoins may be more widely used in the future as a means of payment, which Secretary of the Treasury Janet L. Yellen said could increase “risks to users and the broader system.” Additionally, Secretary Yellen considers current stablecoin oversight to be “inconsistent and fragmented.” Among other things, the report discussed gaps in regulatory authority to reduce these risks. The report recommended that Congress promptly enact legislation to address the risks of payment stablecoins and ensure that payment stablecoins and payment stablecoin arrangements are subject to consistent and comprehensive federal oversight and to “increase transparency into key aspects of stablecoin arrangements and to ensure that stablecoins function in both normal times and in stressed market conditions.” According to the announcement, “[s]uch legislation would complement existing authorities with respect to market integrity, investor protection, and illicit finance, and would address key concerns,” including: (i) risks to stablecoin users and stablecoin runs; (ii) payment system risk; and (iii) systemic risk and concentration of economic power.
While Congress examines legislation on stablecoin, the report recommended that the Financial Stability Oversight Council consider steps for addressing risks, such as “the designation of certain activities conducted within stablecoin arrangements as, or as likely to become, systemically important payment, clearing, and settlement (PCS) activities,” which would be subject to an examination and enforcement framework. The report also recommended that stablecoin issuers “comply with activities restrictions that limit affiliation with commercial entities,” to maintain the separation of banking and commerce. Additionally, the report discussed that, in addition to existing AML/CFT regulations, stablecoin arrangements and activities may implicate the jurisdiction of the SEC and/or CFTC. Therefore, to prevent misuse of stablecoins and other digital assets, the announcement noted that Treasury “will continue leading efforts at the Financial Action Task Force (FATF) to encourage countries to implement international AML/CFT standards and pursue more resources to support supervision of domestic AML/CFT regulations.”
The same day, Treasury released a fact sheet on the PWG report, which clarified, among other things, the purpose of the report, risks posed by stablecoins, and the agencies’ recommendations. In a statement released by OCC acting Comptroller of the Currency Michael J. Hsu, he emphasized his support for the recommendations highlighted in the report pointing out that, “[s]tablecoins need federal prudential supervision to grow and evolve safely.” In a statement released by CFPB Director Rohit Chopra, he noted that though the CFPB was not a member of the PWG, the Bureau “will be taking several steps related to this market,” such as the CFPB’s orders to six large U.S. technology companies seeking information and data on their payment system business practices (covered by InfoBytes here), among other things.
FDIC releases September enforcement actions
On October 29, the FDIC released a list of administrative enforcement actions taken against banks and individuals in September. During the month, the FDIC made public six orders consisting of “one Consent Order, two terminations of Consent Orders, one Order to Pay Civil Money Penalty, one Order Terminating Decision and Order to Cease and Desist, and one Order of Termination of Insurance.” Among the orders is an order to pay a civil money penalty imposed against a Nebraska-based bank related to alleged violations of the Flood Disaster Protection Act. Among other things, the FDIC claimed that the bank “[m]ade, increased, extended, or renewed loans secured by a building or mobile home located or to be located in a special flood hazard area without requiring that the collateral be covered by flood insurance,” and also allegedly “[f]ailed to comply with proper procedures for force-placing flood insurance in instances where the collateral was not covered by flood insurance at some time during the term of the loan.” The order requires the payment of a $24,000 civil money penalty.
The FDIC also issued a consent order to a Utah-based bank, which requires the bank to take measures to correct current alleged violations (and prevent future violations) of TILA, RESPA, E-Sign Act, ECOA, CRA, and TISA, as well as the statutes’ implementing regulations. The bank neither admitted nor denied the alleged violations but agreed to, among other things, develop a sound risk-based compliance program and implement an effective training program to ensure compliance.
OCC to focus supervisory efforts on non-SOFR rates after LIBOR ends
On October 26, acting Comptroller of the Currency Michael J. Hsu warned banks not to be complacent when transitioning away from LIBOR. Hsu reiterated that federal regulators will not allow new contracts that use LIBOR as a reference rate after December 31. Hsu stressed that banks must look outside of activities that directly involve LIBOR exposure, such as lending, derivatives activities, and market-making capacities, to screen for LIBOR exposure in other contexts, such as LIBOR-based loan participation interests or as part of an instrument for a bank’s investment or liquidity portfolio paying LIBOR-based income or otherwise reflecting LIBOR exposures. As previously covered by InfoBytes, the CFPB, Federal Reserve Board, FDIC, NCUA, and OCC recently released a joint statement providing supervisory considerations for institutions when choosing an alternative reference rate. Hsu addressed the use of these alternative reference rates and reminded banks that they are expected to be able to demonstrate that their replacement rate is robust and appropriately tailored to their risk profile. He further commented that because the Secured Overnight Financing Rate (SOFR) “provides a robust rate suitable for use in most products, with underlying transaction volumes that are unmatched by other alternatives,” the OCC will initially focus its supervisory efforts on non-SOFR rates.