InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Agencies proposes SAR filing exemptions
On December 15, the FDIC issued a proposed rule (with accompanying Financial Institution Letter FIL-114-2020), which would amend the agency’s Suspicious Activity Report (SAR) regulation to permit additional, case-by-case, exemptions from SAR filing requirements. The proposed rule would allow the FDIC, in conjunction with the Financial Crimes Enforcement Network (FinCEN), to grant supervised institutions exemptions to SAR filing requirements when developing “innovative solutions to meet Bank Secrecy Act (BSA) requirements more efficiently and effectively.” The FDIC would seek FinCEN’s concurrence with an exemption when the exemption request involves the filing of a SAR for potential money laundering, violations of the BSA, or other unusual activity covered by FinCEN’s SAR regulation. The proposal allows the FDIC to grant the exemption for a specified time period and allows the FDIC to extend or revoke the exemption if circumstances change. The proposal is intended to reduce the regulatory burden on supervised financial institutions that are likely to leverage existing or future technologies to report suspicious activity in a different and innovative manner. Comments on the proposed rule must be submitted within 30 days of publication in the Federal Register.
The OCC also issued a proposal that would similarly allow the OCC to issue exemptions from SAR filing requirements to support national banks or federal savings associations developing innovative solutions intended to meet BSA requirements more efficiently and effectively.
FDIC finalizes industrial bank rules
On December 15, the FDIC approved a final rule (with accompanying fact sheet) that requires certain conditions and commitments for approval or non-objection to certain filings involving industrial banks and industrial loan companies (collectively, “industrial banks”), such as deposit insurance, change in bank control, and merger filings. The final rule is substantially similar to the proposed rule issued by the FDIC in March (covered by InfoBytes here) and applies to industrial banks whose parent company is not subject to consolidated supervision by the Federal Reserve Board. Specifically, the FDIC is now requiring a covered parent company to enter into written agreements with the FDIC and the industrial bank to: (i) address the company’s relationship with the industrial bank; (ii) require capital and liquidity support from the parent company to the industrial bank; and (iii) establish appropriate recordkeeping and reporting requirements. Additionally, the final rule requires prospective covered companies to agree to a minimum of eight commitments, which, for the most part, the FDIC has previously required as a condition of granting deposit insurance to industrial banks.
The final rule makes four substantive changes to the proposal: (i) requiring compliance from covered entities on or after the effective date of the rule rather than only after; (ii) requiring additional reporting regarding systems for protecting the security, confidentiality, and integrity of consumer and nonpublic personal information; (iii) increasing the threshold limiting the parent company’s representation on the board of the subsidiary industrial bank from 25 percent to less than 50 percent; and (iv) modifying the restrictions on appointments of directors and executives to apply only during the first three years of becoming a subsidiary of a covered parent company.
The final rule is effective April 1, 2021.
Agencies propose computer-security incident notification rule
On December 18, the FDIC, Federal Reserve Board, and the OCC (collectively, “agencies”) issued a joint notice of proposed rulemaking (NPRM), which would require supervised banking organizations to promptly notify their primary regulator within 36 hours of becoming aware that a “‘computer-security incident” that rises to the level of a ‘notification incident’” has occurred. Additionally, the NPRM would require bank service providers “to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.” According to the agencies, these “notification incidents” are significant computer-security incidents that have the potential to “jeopardize the viability of the operations of an individual banking organization,” and may impact the safety and soundness of stability of the banking organization, leading to a disruption in the delivery of bank products and services, among other things. The agencies stress, however, that the required notice is intended to serve as an early alert and not as an assessment of the incident. According to a statement released by FDIC Chairman Jelena McWilliams, only computer-security incidents that meet the definition of a “notification incident” must be reported—a figure which is estimated to be roughly 150 incidents a year, according to a review of supervisory data and suspicious activity reports.
Comments on the NPRM are due 90 days after publication in the Federal Register.
FDIC approves final brokered deposits rule, clarifies fintech partnerships
On December 15, the FDIC approved a final rule, which creates a new framework for brokered deposits by, among other things, establishing bright-line standards for determining the definition of a “deposit broker,” as well as a methodology for “analyzing whether deposits made through deposit arrangements qualify as brokered deposits, including those between insured depository institutions (IDIs) and third parties, such as financial technology companies.” Also released are two fact sheets on brokered deposits and interest rate restrictions (see here and here). The final rule follows a notice of proposed rulemaking issued last December (covered by InfoBytes here), which sought feedback on ways the agency could improve its brokered deposit regulation to ensure the “classification of a deposit as brokered appropriately reflects changes in the banking system, including banks’ use of new technologies to engage and interact with their customers.” The final rule also establishes a series of exceptions that will allow banks and their partners to determine whether they can avoid restrictions on brokered deposits, and will establish a process for entities to apply for a “primary purpose exception” if its relationship with an outside entity supplying deposits does not meet one of the final rule’s “designated exceptions.” Further, the FDIC noted that brokered deposit restrictions will not apply to banks that enter into exclusive deposit placement arrangements, such as those seen often between fintech companies and a partner bank, because, according to a statement released by FDIC Chairman Jelena McWilliams, “[e]ntities who place deposits with only one bank are less likely to present the types of funding stability risks that may arise when deposit brokers place deposits at a range of banks.” Further, the final rule amends the methodology for calculating the interest rate restrictions applicable to less than well capitalized IDIs, and changes the methodology for calculating the national rate and national rate cap for specific deposit products.
Acting Comptroller of the Currency Brian P. Brooks issued a statement in support of the final rule: “These improvements to the brokered-deposit rule help promote greater access to financial services by supporting fintech and bank partnerships and allowing a wider array of services to be available in the market, especially for unbanked and underbanked Americans for whom the easier user interface of fintech apps is a gateway to the mainstream financial system.”
Agencies announce several resolution plan actions
On December 9, the FDIC and Federal Reserve Board announced several resolution plan actions, including providing finalized guidance for the resolution plans of four large foreign banking organizations (FBOs). Pursuant to the Dodd-Frank Act, FBOs must submit resolution plans—also known as “living wills”—which detail the strategic plans for their U.S. operations and subsidiaries for rapid and orderly resolution in bankruptcy in the event that the banks fail or fall under material financial distress. The final guidance modifies the proposed updates issued last March (covered by InfoBytes here) in several ways. Among other changes, the agencies “tailored their expectations around resolution capital and liquidity, derivatives and trading activity, as well as payment, clearing, and settlement activities,” and modified the scope of the guidance “to generally cover foreign banks in category II of the agencies' large bank regulatory framework.” As a result, three FBOs would be subject to the guidance for their plan submissions for 2021, and an additional FBO would be subject to the guidance for its full plan due in 2024 if it remains within the scope. The agencies also released information for 15 large foreign and domestic banks in categories II and III of the large bank regulatory framework that identifies required targeted information to be included in their next resolutions plans, due December 17, 2021. The agencies also confirmed that certain previously identified weaknesses in four FBOs have been remediated.
Agencies: Cease LIBOR-based contracts as soon as practicable
On November 30, the Federal Reserve Board, FDIC, and OCC issued a joint statement encouraging banks to cease entering into new contracts that use LIBOR as a reference rate as soon as practicable, but by December 31, 2021 at the latest. The statement notes that entering into new contracts that use LIBOR as a reference rate after December 31, 2021, would create safety and soundness risks given the range of consumer protection, litigation, and reputation risks at stake. As previously covered by InfoBytes, the agencies announced that they do not intend to recommend a specific credit-sensitive rate for use in place of LIBOR. Instead, the agencies encourage banks to “either utilize a reference rate other than LIBOR or have robust fallback language that includes a clearly defined alternative reference rate after LIBOR’s discontinuation” for all new contracts prior to December 31, 2021, in order to “facilitate an orderly—and safe and sound—LIBOR transition.” Additionally, the statement recognizes certain instances in which it would be appropriate for banks for enter into LIBOR contracts after December 31, 2021, including novations of LIBOR transactions executed before January 1, 2022.
FDIC releases October enforcement actions
On November 27, the FDIC released a list of administrative enforcement actions taken against banks and individuals in October. During the month, the FDIC issued eight orders and two notices consisting of “one consent order, one order to pay a civil money penalty, one section 19 order, one removal order, two orders terminating consent or cease and desist orders, two orders modifying removal orders, one notice of assessment, and one notice of charges.” The consent order, issued against a Wisconsin-based bank, relates to alleged violations of 12 C.F.R. Part 339, which implements the requirements of the National Flood Insurance Act (NFIA) and the Flood Disaster Protection Act. Among other things, the FDIC claims that the bank failed to (i) obtain an adequate amount of flood insurance at the origination of several loans; (ii) provide notice to borrowers of the insufficiencies or follow force-placement requirements; or (iii) provide notice to borrowers about the availability of flood insurance under the NFIA. The consent order requires the payment of a $12,841 civil money penalty.
FinCEN, federal banking agencies clarify CDD requirements for charities and non-profit organizations
On November 19, the Financial Crimes Enforcement Network (FinCEN), in concurrence with the Federal Reserve Board, FDIC, NCUA, and OCC (collectively, “federal banking agencies”), released a fact sheet clarifying that Bank Secrecy Act (BSA) customer due diligence (CDD) requirements for charities and nonprofit organizations (NPOs) should be based on the money laundering risks posed by customer relationships. FinCEN and the federal banking agencies remind banks that “the application of a risk-based approach for charities and other NPOs is consistent with existing CDD and other [BSA/anti-money laundering] compliance requirements.” The fact sheet further emphasizes that while “the U.S. government does not view the charitable sector as a whole as presenting a uniform or unacceptably high risk of being used or exploited for money laundering, terrorist financing [], or sanctions violations,” banks must adopt risk-based procedures for conducting CDD that will allow banks to (i) understand the nature and purpose of a customer relationship in order to develop a customer risk profile, and (ii) conduct ongoing monitoring for the purposes of identifying and reporting suspicious transactions “on a risk basis, to maintain and update customer information.” The fact sheet does not alter existing BSA/AML legal or regulatory requirements, nor does it establish new supervisory expectations. (See also OCC Bulletin 2020-101 and FDIC FIL-106-2020.)
Agencies provide regulatory relief to community banks
On November 20, the Federal Reserve Board, the OCC, and the FDIC issued an interim final rule providing temporary relief from certain regulation and reporting requirements for community banking organizations. Specifically, the interim final rule—which applies to community banking organizations and financial institutions with less than $10 billion in total assets as of December 31, 2019—gives community banks relief from expanded regulation and reporting requirements that may have been triggered due to participation in federal coronavirus response programs. The agencies note that programs, such as the Paycheck Protection Program and other lending facilities, may cause rapid and unexpected increases in the community bank’s size. The agencies expect these increases to be temporary and thus, the rule states that asset growth in 2020 or 2021 will not trigger new regulatory requirements for applicable community banking organizations until January 1, 2022, at the earliest. The rule is effective upon publication in the Federal Register.
FDIC announces disaster relief for Puerto Rico
On November 16, the FDIC issued FIL-105-2020 to provide regulatory relief to financial institutions and help facilitate recovery in areas of Puerto Rico affected by severe storms and flooding starting on September 13. The guidance notes that the FDIC will consider the unusual circumstances faced by institutions affected by the hurricane. The guidance suggests that institutions work with impacted borrowers to, among other things: (i) extend repayment terms; (ii) restructure existing loans; or (iii) ease terms for new loans to those affected by the severe weather, provided the measures are “done in a manner consistent with sound banking practices.” Additionally, the FDIC notes that institutions may receive Community Reinvestment Act consideration for community development loans, investments, and services in support of disaster recovery. The FDIC states it will also consider relief from certain reporting and publishing requirements.