InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OCC releases final rule to ensure fair access to financial services
On January 14, the OCC released a final rule to ensure that covered national banks, federal savings associations, and federal branches and agencies of foreign bank organizations provide fair access to financial services. The final rule is largely unchanged from the notice of proposed rulemaking (NPRM) issued last November (covered by InfoBytes here). Among other things, the final rule codifies more than a decade of OCC guidance stating that fair access to financial services, capital, and credit should be based on the risk assessment of individual customers, rather than broad-based decisions affecting whole categories or classes of customers. Building upon the principle of nondiscrimination and implementing language included in Title III of Dodd-Frank—“which charged the OCC with ‘assuring the safety and soundness of, and compliance with laws and regulations, fair access to financial services, and fair treatment of customers by, the institutions and other persons subject to its jurisdiction’”—the OCC stressed that the final rule establishes that “a covered bank’s decision to deny services based on an objective assessment would not violate the bank’s obligation to provide fair access.” While banks are still free to make “legitimate business decisions about what and whom to serve” and may still determine their product lines and geographic markets, they are required to make the “products and services they choose to offer available to all customers in the communities they serve, based on consideration of quantitative, impartial, risk-based standards established by the bank.”
In finalizing the rule, the OCC considered stakeholder comments received in response to the NPRM. In response, the OCC stated that the final rule will not prevent banks from denying or limiting services in an effort to (i) prevent a person from entering or competing in a particular market; or (ii) disadvantage a person in order to benefit another person in which the bank has a financial interest. According to the OCC, this requirement would have created a regulatory burden outside of the primary objectives of the final rule. The final rule affects banks with more than $100 billion in assets and will take effect April 1.
Separately, the OCC announced the departure of Acting Comptroller of the Currency Brian P. Brooks. Brooks stepped down on January 14, and was replaced by Chief Operating Officer Blake Paulson.
OCC conditionally approves conversion of digital bank
On January 13, the OCC announced it has conditionally approved a South Dakota non-depository public trust company’s application to convert to a national trust bank. The digital bank—which offers digital asset and cryptocurrency custody services in certain states—has entered into an operating agreement as an enforceable condition of approval, which specifies capital and liquidity requirements and risk management expectations. By receiving a national trust bank charter, the digital bank will be allowed to expand its digital asset custody services nationally and may perform the functions and “activities of a fiduciary, agency, or custodial nature, in the manner authorized by federal and state law” with oversight being conducted by the OCC. According to the OCC, this approval “demonstrates that the national bank charters provided under the National Bank Act are broad and flexible enough to accommodate evolving approaches to financial services in the 21st century.”
States seek to invalidate OCC true lender rule
On January 5, the New York attorney general, along with the attorneys general from six other states and the District of Columbia filed a complaint against the OCC in the U.S. District Court for the Southern District of New York challenging the OCC’s “true lender” final rule. As previously covered by InfoBytes, in October 2020, the OCC issued a final rule addressing when a national bank or federal savings association is the “true lender” in the context of a partnership between a bank and a third party to provide certainty about key aspects of the legal framework that applies. The final rule amends 12 CFR Part 7 to state that a bank makes a loan when it, as of the date of origination, (i) is named as the lender in the loan agreement, or (ii) funds the loan. The complaint argues, among other things, that the OCC exceeded its statutory authority, and “acted in a manner contrary to centuries of case law [and] the OCC’s own prior interpretation of the law.” The attorneys general reject the OCC’s contention that the final rule is intended to address “‘ambiguity’ in provisions of three federal banking statutes that generally authorize National Banks to make loans,” and instead argue that the rule seeks to preempt state usury law and “infringe on the States’ historical police powers and facilitate predatory lending.” The complaint seeks a declaratory judgment that the OCC violated the Administrative Procedures Act and requests the court set aside the final rule as unlawful.
CFPB taskforce releases recommendations for modernizing consumer financial marketplace
On January 5, the CFPB Taskforce on Federal Consumer Financial Law released a two volume report with approximately 100 recommendations on ways the CFPB, Congress, and state and federal regulators can improve and modernize the legal and regulatory environment for the consumer financial services market. The report is the end-product of a request for information issued by the taskforce last March (covered by InfoBytes here). The report’s first volume provides a historical and economic overview of the legal and regulatory landscape for consumer finance, and explores issues related to consumer financial protection, competition, innovation, and financial inclusion. The second volume outlines more than 100 proposed recommendations for strengthening consumer protections and maintaining competition in the financial marketplace. Among these are recommendations related to the regulation of non-banks and fintech companies, including:
- Recommending that Congress either (i) “authorize the Bureau to issue licenses to non-depository institutions that provide lending, money transmission, and payments services,” with licenses “provid[ing] that these institutions are governed by the regulations of their home states, even when providing services to consumers located in other states,” or (ii) “clarify that the OCC has the authority to issue charters to non-depositories engaged in lending, money transmissions, or payment services.” Acting Comptroller of the Currency, Brian P. Brooks released a statement the next day endorsing the need for federal charters for fintech companies, but stressed that the OCC, not the Bureau, should be responsible for granting national charters;
- Identifying and addressing competitive barriers and making appropriate recommendations to policymakers and regulators for expanding access to the payments systems by non-bank providers;
- Recommending that the Bureau weigh the costs and benefits of preempting state law where potential conflicts “can impede provision of valuable products and services, such as the regulation of [fintech] companies engaged in money transmission”; and
- Ensuring that fintech companies with multistate operations are subject to a single set of laws to promote consistency, reducing unnecessary regulatory costs, and promoting competition.
The taskforce further recommends that the Bureau establish an independent review of its regulatory cost-benefit analyses, and calls for increased regulatory coordination between the Bureau and other federal and state regulators. Other recommendations address, among other things, the use of alternative data; suggested changes to the Bureau’s internal organization; competition in the consumer financial marketplace, including with respect to the cost of credit, the effect and burden of state licensure requirements, and settlement servicing prices; consumer credit reporting, including clarifying the obligations of credit reporting agencies and furnishers with respect to dispute investigations; consumer empowerment and education; equal access to credit and financial inclusion; disclosure requirements; electronic signatures and document requirements; disparate impact; privacy; small dollar credit; and enforcement and supervision.
CSBS challenges OCC’s pending fintech charter
On December 22, the Conference of State Bank Supervisors (CSBS) filed a complaint in the U.S. District Court for the District of Columbia opposing the OCC’s impending approval of a national bank charter for a financial services provider (company), arguing that the OCC is exceeding its chartering authority. According to the complaint, the company’s charter is close to being formally approved by the OCC after being “solicited, vetted and in November 2020 accepted as complete” by the agency. The complaint asserts the company will continue its lending and payment activities (which are currently state-regulated) without obtaining deposit insurance from the FDIC. The complaint alleges that the company is applying for the OCC’s nonbank charter, which was invalidated by the U.S. District Court for the Southern District of New York in October 2019 (which concluded that the OCC’s Special Purpose National Bank Charter (SPNB) should be “set aside with respect to all fintech applicants seeking a national bank charter that do not accept deposits,” covered by InfoBytes here). CSBS argues that “by accepting and imminently approving” the company’s application, the “OCC has gone far beyond the limited chartering authority granted to it by Congress under the National Bank Act (the “NBA”) and other federal banking laws,” as the company is not engaged in the “business of banking.” CSBS seeks to, among other things, have the court declare the agency’s nonbank charter program unlawful and prohibit the approval of the company’s charter under the NBA without obtaining FDIC insurance.
OCC: Banks may use independent node verification networks and stablecoins for payment activities
On January 4, the OCC published an interpretive letter addressing the legal permissibility of certain payment-related activities involving the use of new technologies, including using independent node verification networks (INVN) and related stablecoins to conduct payment activities and other bank-permissible functions. Specifically, the letter clarifies that a national bank or federal savings association “may validate, store, and record payments transactions by serving as a node on an INVN,” and may also “use INVNs and related stablecoins to carry out other permissible payment activities” provided the bank or federal savings association complies with applicable laws and safe, sound, and fair banking practices. Due to the decentralized nature of INVNs—which not only “allows a comparatively large number of nodes to verify transactions in a trusted manner” but also “limits tampering or adding inaccurate information to the database because information is only added to the network after consensus is reached among the nodes validating the information”—the OCC believes that INVNs may enhance payment activities’ efficiency, effectiveness, and stability within the federal banking system. The letter also outlines potential risks associated with INVN-related activities, such as operational and compliance risks and fraud related to the possibility of money laundering and terrorist financing, and warns banks and federal savings associations to expand their programs to ensure compliance with Bank Secrecy Act reporting and recordkeeping requirements and to address cryptocurrency transaction risks.
OCC finalizes activities and operations amendments
On December 23, the OCC issued a final rule to amend 12 CFR part 7 to update or eliminate outdated regulatory requirements and clarify and codify recent OCC interpretations related to the modern financial system. Among other things, the final rule (i) codifies interpretations which permit covered institutions to engage in certain tax equity finance transactions; (ii) clarifies permissible anti-takeover provisions; and (iii) expands the ability of national banks to choose corporate governance provisions under state law. InfoBytes coverage of the proposed rule and a related advance notice of proposed rulemaking are available here. The amendments are effective April 1, 2021.
OCC clarifies Dodd-Frank preemption standards
On December 18, the OCC released a letter clarifying the agency’s interpretation of preemption standards and requirements codified by Dodd-Frank in 12 U.S.C. § 25b. The letter notes that section 25b codifies three standards pursuant to which federal law may preempt state consumer financial law, focusing on the procedural requirements for OCC “preemption determinations,” which are “affirmative conclusion[s] by the OCC that federal law preempts a state consumer financial law” made under the Barnett standard in section 25b. The letter explains that a “preemption determination” is “limited to a regulation or order issued by the OCC that concludes that a state consumer financial law is preempted pursuant to the Barnett standard,” and does not include “[a]n OCC action that has only indirect or incidental effects on a state consumer financial law,” or when the OCC “concludes that (1) a state consumer financial law is preempted pursuant to the discriminatory effect or other federal law standards or (2) a state law other than a state consumer financial law is preempted.” The letter addresses the OCC’s authority to make preemption determinations by regulation or on a “case-by-case basis,” including the circumstances under which CFPB consultation is required, the substantial evidence standard, and the requirement to publish preemption determinations. It clarifies that the section 25b periodic review requirement applies to any OCC conclusion that a state consumer law is preempted, which is not limited to determinations made under the Barnett standard. The interpretive letter also confirms that section 25b does not affect OCC interpretations of the authority to charge interest under 12 U.S.C. § 85, addresses the level of deference the OCC is afforded with respect to its interpretations, and describes the agency’s framework for complying with the standards and requirements for preemption determinations.
Agencies proposes SAR filing exemptions
On December 15, the FDIC issued a proposed rule (with accompanying Financial Institution Letter FIL-114-2020), which would amend the agency’s Suspicious Activity Report (SAR) regulation to permit additional, case-by-case, exemptions from SAR filing requirements. The proposed rule would allow the FDIC, in conjunction with the Financial Crimes Enforcement Network (FinCEN), to grant supervised institutions exemptions to SAR filing requirements when developing “innovative solutions to meet Bank Secrecy Act (BSA) requirements more efficiently and effectively.” The FDIC would seek FinCEN’s concurrence with an exemption when the exemption request involves the filing of a SAR for potential money laundering, violations of the BSA, or other unusual activity covered by FinCEN’s SAR regulation. The proposal allows the FDIC to grant the exemption for a specified time period and allows the FDIC to extend or revoke the exemption if circumstances change. The proposal is intended to reduce the regulatory burden on supervised financial institutions that are likely to leverage existing or future technologies to report suspicious activity in a different and innovative manner. Comments on the proposed rule must be submitted within 30 days of publication in the Federal Register.
The OCC also issued a proposal that would similarly allow the OCC to issue exemptions from SAR filing requirements to support national banks or federal savings associations developing innovative solutions intended to meet BSA requirements more efficiently and effectively.
Agencies propose computer-security incident notification rule
On December 18, the FDIC, Federal Reserve Board, and the OCC (collectively, “agencies”) issued a joint notice of proposed rulemaking (NPRM), which would require supervised banking organizations to promptly notify their primary regulator within 36 hours of becoming aware that a “‘computer-security incident” that rises to the level of a ‘notification incident’” has occurred. Additionally, the NPRM would require bank service providers “to notify at least two individuals at affected banking organization customers immediately after the bank service provider experiences a computer-security incident that it believes in good faith could disrupt, degrade, or impair services provided for four or more hours.” According to the agencies, these “notification incidents” are significant computer-security incidents that have the potential to “jeopardize the viability of the operations of an individual banking organization,” and may impact the safety and soundness of stability of the banking organization, leading to a disruption in the delivery of bank products and services, among other things. The agencies stress, however, that the required notice is intended to serve as an early alert and not as an assessment of the incident. According to a statement released by FDIC Chairman Jelena McWilliams, only computer-security incidents that meet the definition of a “notification incident” must be reported—a figure which is estimated to be roughly 150 incidents a year, according to a review of supervisory data and suspicious activity reports.
Comments on the NPRM are due 90 days after publication in the Federal Register.