On July 24, the OFAC released a settlement agreement with a large bank to resolve apparent violations of narcotics sanctions regulations. The settlement agreement states that during separate periods from September 2005 through March 2009, the bank allowed transactions to be processed for certain individuals designated under the narcotics sanctions regulations, and failed to timely file blocked property reports regarding accounts owned by other designated individuals. The bank did not admit to any allegation made or implied by the apparent violations, but agreed to pay approximately $16.5 million to resolve the matter. The agreement explains that most of the apparent violations were disclosed by the bank to OFAC as a result of remedial action designed to correct a screening deficiency giving rise to the apparent violations, but that such disclosures do not qualify as voluntarily self-disclosed to OFAC within the meaning of OFAC’s Economic Sanctions Enforcement Guidelines because they were substantially similar to apparent violations of which OFAC already was aware.
Over the past week, members of Congress from both parties have sent several letters to the Department of Education (DOE or ED) regarding its ongoing rulemaking related to the ways higher education institutions request, maintain, disburse, and otherwise manage federal student aid disbursements. As part of that rulemaking, the DOE is considering changes that would, among other things, clarify permissible disbursement practices and agreements between education institutions and entities that assist in disbursing student aid, and increase consumer protections governing the use of prepaid cards and other financial instruments. In general, the letters from Congress express concern that the draft rule is too broad and will limit student access to financial services. For example, in a July 17 letter from Congressman Luetkemeyer (R-MO), Senator Hoeven (R-ND), and 40 other lawmakers, including six Democrats, the members expressed concern that the DOE proposal could cover any account held by a student or a parent of a student if the financial institution had any arrangement, however informal, with a school and regardless of when or why the account was opened. The members support efforts to protect students from abuses made in disbursing student aid, but ask the DOE to tailor the rule such that it could not be construed so broadly as to restrict students’ access to financial services. Earlier this year, another group of lawmakers called on the DOE to “mandate contract transparency, prohibit aggressive marketing, and ban high fees when colleges partner with banks to sponsor debit cards, prepaid cards, or other financial products used to disburse student aid.”
On July 23, the FDIC proposed a rule to revise its assessments regulation. Specifically, the FDIC proposes changing the ratios and ratio thresholds for capital evaluations used in its risk-based deposit insurance assessment system to conform the assessments to the prompt corrective action capital ratios and ratio thresholds adopted by the prudential regulators. The proposal also would (i) revise the assessment base calculation for custodial banks to conform to the asset risk weights adopted by the prudential regulations; and (ii) require all highly complex institutions to measure counterparty exposure for deposit insurance assessment purposes using the Basel III standardized approach credit equivalent amount for derivatives and the Basel III standardized approach exposure amount for other securities financing transactions. The FDIC explains the changes are intended to accommodate recent changes to the federal banking agencies’ capital rules that are referenced in portions of the assessments regulation.Comments are due by September 22, 2014.
On July 18, FinCEN published SAR Stats—formerly called By the Numbers—an annual compilation of numerical data gathered from the Suspicious Activity Reports (SARs) filed by financial institutions using FinCEN’s new unified SAR form and e-filing process. Among other things, the new form and process were designed to allow FinCEN to collect more detailed information on types of suspicious activity. As such, FinCEN describes the data presented in this first SAR Stats issue as “a new baseline for financial sector reporting on suspicious activity.” The primary purpose of the report is to provide a statistical overview of suspicious activity developments, including by presenting SAR data arranged by filing industry type for the more than 1.3 million unique SARs filed between March 1, 2012 and December 31, 2013. In addition, the redesigned annual publication includes a new SAR Narrative Spotlight, which focuses on “perceived key emerging activity trends derived from analysis of SAR narratives.” The inaugural Spotlight examines the emerging trend of Bitcoin related activities within SAR narrative data. It states that FinCEN is observing a rise in the number of SARs flagging virtual currencies as a component of suspicious activity, and provides for potential SAR filers an explanation of virtual currencies and the importance of SAR data in assessing virtual currency transactions.
On July 14, the OMB’s Office of Information and Regulatory Affairs (OIRA) concluded its review of a long-awaited FinCEN proposal to establish customer due diligence requirements for financial institutions, sending the rule back to FinCEN. In its spring 2014 rulemaking agenda, Treasury updated the timeline for the rule to indicate it could be proposed in July with a 60 day comment period. OIRA’s public records do not provide information about what, if any, changes OIRA sought or required prior to FinCEN finalizing the proposal. The public portion of the FinCEN rulemaking has been ongoing since February 2012 when FinCEN released an advance notice of proposed rulemaking to solicit comment on potential requirements for financial institutions to (i) conduct initial due diligence and verify customer identities at the time of account opening; (ii) understand the purpose and intended nature of the account; (iii) identify and verify all customers’ beneficial owners; and (iv) monitor the customer relationship and conduct additional due diligence as needed. FinCEN subsequently held a series of roundtable meetings, summaries of which it later published.
On July 17, FinCEN named FBME Bank Ltd., formerly known as the Federal Bank of the Middle East, as a foreign financial institution of primary money laundering concern pursuant to Section 311 of the USA PATRIOT Act. As detailed in a notice of finding, FinCEN asserts that the bank attracts illicit finance businesses by soliciting high-risk customers and promoting its weak AML controls. FinCEN explains that the bank changed its country of incorporation numerous times, partly due to its inability to adhere to regulatory requirements, and has established itself with a nominal headquarters in Tanzania. However, according to FinCEN, it transacts over 90 percent of its global banking business through branches in Cyprus and has taken active steps to evade oversight by the Cypriot regulatory authorities in the recent past. FinCEN is proposing a rule that, once final, will prohibit covered U.S. financial institutions from opening or maintaining correspondent or payable-through accounts for FBME, and for other foreign banks being used to process transactions involving FBME. The proposal also would require covered financial institutions to apply special due diligence to their correspondent accounts maintained on behalf of foreign banks to guard against processing any transactions involving FBME. Comments on the proposed rule are due 60 days after publication in the Federal Register.
On July 1, the Federal Reserve Board announced a joint enforcement action with the Illinois Department of Financial and Professional Regulation against a state bank that allegedly failed to properly oversee a nonbank third-party provider of financial aid refund disbursement services. The consent order states that from May 2012 to August 2013, the bank opened over 430,000 deposit accounts in connection with the vendor’s debit card product for disbursement of financial aid to students. The agencies claim that during that time, the vendor misled students about the product, including by (i) omitting material information about how students could get their financial aid refund without having to open an account; (ii) omitting material information about the fees, features, and limitations of the product; (iii) omitting material information about the locations of ATMs where students could access their account without cost and the hours of availability of those ATMs; and (iv) prominently displaying the school logo, which may have erroneously implied that the school endorsed the product. The regulators ordered the bank to pay a total of $4.1 million in civil money penalties. In addition, the Federal Reserve is seeking restitution from the vendor, and, pursuant to the order against the bank, may require the bank to pay any amounts the vendor cannot pay in restitution to eligible students up to the lesser of $30 million or the total amount of restitution based on fees the vendor collected from May 2012 through June 2014. The consent order also requires the bank to submit for Federal Reserve approval a compliance risk management program in advance of entering into an agreement with a third party to solicit, market, or service a consumer deposit product on behalf of the bank.
On June 23, the DOJ released a transcript of a message delivered by Attorney General Eric Holder in which he pledged to continue investigations of financial institutions “that knowingly facilitate consumer scams, or that willfully look the other way in processing such fraudulent transactions.” These investigations are part of the DOJ’s “Operation Choke Point,” which has faced criticism from financial institutions and their advocates on Capitol Hill, and which payday lenders recently filed suit to halt. Opponents of the operation assert that the DOJ investigations, combined with guidance from prudential regulators, are targeting lawful businesses and cutting off their access to the financial system. In his remarks, the AG promised that the DOJ will not target “businesses operating within the bounds of the law,” but vowed to continue to pursue “a range of investigations into banks that illegally enable businesses to siphon billions of dollars from consumers’ bank accounts in exchange for significant fees.” Mr. Holder stated that he expects the DOJ to resolve some of these investigations in the coming months.
Supreme Court Holds President May Make Recess Appointments During Intra-Session Recesses Of Sufficient Length
On June 26, the Supreme Court rejected the federal government’s challenge to a January 2013 decision by the D.C. Circuit that appointments to the National Labor Relations Board (NLRB) made by President Obama in January 2012 during a purported Senate recess were unconstitutional. NLRB V. Noel Canning, No. 12-1281, 2014 WL 2882090 (U.S. Jun. 26, 2014). A five-member majority of the Court held that Presidents are permitted to exercise authority under the Recess Appointments Clause to fill a vacancy during both intra-session and inter-session recesses of sufficient length, and that such appointments may fill vacancies that arose prior to or during the recess.
The Court determined that the phrase “recess of the Senate” is ambiguous, and that based on the functional definition derived from the historical practice of past presidents and the Senate, it is meant to cover both types of recesses. Further, the court held that although the Clause does not indicate how long a recess must be before a president may act, historical practice suggests that a recess less than 10 days is presumptively too short. The Court did not foreclose the possibility, however, that appointments during recesses of less than 10 days may be permissible in unusual circumstances. The Court also validated the Senate’s practice of using pro forma sessions to avoid recess appointments, holding the Senate is in session when it says it is, provided it retains capacity to conduct business. Because the Senate was in session during its periodic pro forma sessions, and because the recess appointments at issue were made during a three-day recess between such sessions, the appointments were invalid.
A minority of the Court concurred in the judgment, but endorsed a narrower reading of the President’s authority to make recess appointments and the Senate’s ability to avoid triggering the President’s recess-appointment power. Writing for that minority, Justice Scalia explained that the plain constitutional text limits the President’s recess appointment power to filling vacancies that first arise during the recess. The minority reading of the Clause also limits the President’s recess appointment power to recesses between legislative sessions, and not intra-session ones. CFPB Director Richard Cordray was appointed in the same manner and on the same day as the NLRB members whose appointments were at issue in this case, but was subsequently re-nominated and confirmed for the position. He later ratified CFPB actions taken during the period he served as a recess appointee.
On June 23, the ICBA and The Clearing House published a white paper on virtual currency that (i) defines virtual currency and describes the current regulatory environment; (ii) describes key players in the Bitcoin system; (iii) discusses the application of certain functional and prudential payment system regulations that may be applied to the Bitcoin system and other convertible decentralized virtual currencies; and (iv) evaluates potential regulation of virtual currency, virtual currency investment programs, and exchanges. The paper concludes, among other things, that: (i) credentials used to transact in Bitcoin are functionally similar to prepaid cards and arguably fall within the definition of such cards provided in Regulations E and II; and (ii) the CFPB may determine that cross-border transactions in Bitcoin fall within the scope of the CFPB’s Remittance Transfer Rule, which would require entities facilitating such transfers to comply with the rule’s disclosure, reversibility, and error-resolution requirements. The paper discusses potential safety and soundness oversight for entities in the Bitcoin system. It also suggests that existing regulations intended to protect consumers and market participants in the event of the failure of a securities or commodities exchange may be inapplicable to Bitcoin exchanges, and that alternative means of protecting investors and accountholders—such as disclosure requirements and coordinated state-level registration of exchanges—should be explored.
On June 25, the OCC published its semiannual risk report, which provides an overview of the agency’s supervisory concerns for national banks and federal savings associations, including operational and compliance risks. As in prior reports and as Comptroller Curry has done in speeches over the past year, the report highlights cyber-threats and BSA/AML risks. The OCC believes cyber-threats continue to evolve and require heightened awareness and appropriate resources to identify and mitigate the associated risks. Specifically, the OCC is concerned that cyber-criminals will transition from disruptive attacks to attacks that are intended to cause destruction and corruption. Extending another recent OCC theme, the report notes that the number, nature, and complexity of both foreign and domestic third-party relationships continue to expand, resulting in increased system and process interconnectedness and additional vulnerability to cyber-threats. The report also states that BSA/AML risks “remain prevalent given changing methods of money laundering and growth in the volume and sophistication of electronic banking fraud.” The OCC adds that “BSA programs at some banks have failed to evolve or incorporate appropriate controls into new products and services,” and again cautions that a lack of resources and expertise devoted to BSA/AML risk management can compound these concerns. Finally, the OCC expressed concern that competitive pressures in the indirect auto market are leading to an erosion of underwriting standards. The OCC’s supervisory staff plans to review retail credit underwriting practices at banks, especially for indirect auto.
On June 24, the FFIEC unveiled a new web page that will serve as a central repository for current and future FFIEC-related materials on cybersecurity. Although the FFIEC did not release any new resources, the launch shows the continuing focus of banking regulators on emerging cybersecurity risks. The FFIEC noted that the launch coincided with a pilot program through which state and federal regulators will assess how community financial institutions manage cybersecurity and their preparedness to mitigate increasing cyber risks. Regulators are particularly focusing on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, service provider and vendor risk management, and cyber incident management and resilience.
On June 5, the FDIC and a Delaware bank entered a consent order that prohibits the bank from entering into any new relationships with third-party prepaid card processors or prepaid card program managers until the FDIC approves a written report from the bank that details the steps taken by the bank to (i) implement new BSA compliance policies and procedures; (ii) improve staff training; (iii) implement controls sufficient to mitigate BSA and safety and soundness risk associated with prepaid card, credit card merchant acquiring, and ACH activities; and (iv) perform a BSA risk assessment. The order similarly restricts the bank’s activities related to credit card merchant acquiring and ACH merchant payment processing. The order does not prohibit the bank from issuing prepaid cards through existing distribution channels under existing contracts with third-parties, but does restrict certain activities related to existing credit card and ACH processing activities. In addition, the bank must (i) retain and designate BSA and OFAC officers; (ii) conduct a suspicious activity reporting look-back review; and (iii) submit periodic progress reports. Finally, the order requires increased board supervision of the bank’s BSA compliance program and mandates the creation of a board-level BSA committee.
On June 16, New York Attorney General (AG) Eric Schneiderman announced that a national bank agreed to adopt new policies governing its use of a credit bureau that screens individuals seeking to open checking or savings accounts. The agreement is the first to come out of the AG’s ongoing investigation of the use of credit bureaus by major American banks. As the basis for its investigation, the AG’s office asserts that individuals who are deemed by one of these credit bureaus to present a credit or fraud risk are typically denied the opportunity to open an account, and that these credit bureau databases “disproportionately affect lower-income Americans, often punishing them for relatively small financial errors and forcing them to resort to fringe banking services that are more costly than mainstream checking and savings accounts.” According to the AG’s press release, under the terms of the agreement, the bank will continue screening customers for past fraud but will no longer seek to predict whether customers present credit risks. The bank also committed to expand its support for the Office of Financial Empowerment (OFE)—a New York City agency that provides financial education and counseling to low-income New Yorkers—by donating $50,000 to help OFE provide counseling for applicants who are rejected by the bank on the basis of a credit bureau report. The bank plans to implement the changes nationwide.
On June 16, the New York DFS launched a new database of online lenders that have been subject to actions by DFS based on evidence of illegal payday lending, and announced that one national bank had agreed to start using the tool. The DFS believes the database will help financial institutions meet “know your customer” obligations with regard to online lenders and will help ensure that electronic payment and debit networks are not used to transmit or collect on allegedly illegal, online payday loans made to New York residents. According to the DFS, the national bank plans to use the information about companies that may be engaged in illegal lending to (i) help confirm that its merchant customers are not using their accounts to make or collect on illegal payday loans to New York consumers; and (ii) identify payday lenders that engage in potentially illegal payday loan transactions with its New York consumer account holders, and, when appropriate, contact the lenders’ banks to notify them that the transactions may be illegal. The bank also agreed to provide DFS with information about payday lending activities by lenders listed in the database, including identifying lenders that continue to engage in potentially illegal lending activities despite the DFS’s previous actions. The database announcement is just the latest step taken by the DFS with regarding to online payday lending. Over the past year, the DFS has opened numerous investigations of online lenders and has scrutinized or sought to pressure debt collectors, payment system operators, and lead generators in an attempt to halt lending practices that the DFS claims violate state licensing requirements and usury restrictions.