On February 13, the FDIC released revised economic scenarios for use by certain financial institutions with total consolidated assets of more than $10 billion for 2017 stress tests. According to a statement from the agency, the previously released scenarios contained incorrect historical values for the BBB corporate yield in 2016. The Fed and OCC, with whom the FDIC works develop and distribute the scenarios, also issued revised data.
On February 21, a national bank fined by the CFPB last September for opening deposit and credit card accounts without customers’ knowledge announced the termination of four current or former senior managers in its Community Banking Department. The individuals will not receive 2016 bonuses and will forfeit unvested equity rewards and vested outstanding options. As previously covered in InfoBytes, the bank’s incentive compensation program encouraged employees to “engage in Improper Sales Practices to satisfy goals and earn financial rewards”—practices that the CFPB alleged were unfair and abusive. The bank eliminated all product sales goals in retail banking effective January 1 of this year, and is conducting its own independent investigation, which is ongoing.
FDIC Releases 2016 Annual Report; Separately, FDIC’s OIG Issues Report Critical of Bank Service Provider Contracts
On February 15, the FDIC released its 2016 Annual Report–which includes, among other things, the audited financial statements of the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund. The report also provides an overview of key FDIC initiatives, performance results and other aspects of FDIC operations.
Separately, on the same day, the FDIC’s Office of Inspector General (OIG) released an Audit Report (EVAL-17-004) on the adequacy of a small but random sample of contracts between FDIC-supervised institutions and their technology service providers (TSPs), in light of federal law and banking agency guidance on customer privacy-protection and how to properly manage third-party relationships. All sampled contracts had been designated as “critical” or “high” risk to the supervised institutions’ operations. The OIG specifically evaluated, and generally found insufficient, the clarity of contract provisions on TSP obligations regarding: (i) business continuity planning; and (ii) responding to and reporting on cybersecurity incidents. Despite the insufficiencies noted, the OIG acknowledged that because many contracts were negotiated before some of the relevant guidance was issued, “more time is needed to allow FDIC and FFIEC efforts to have a demonstrable” impact on contractual language.
As a result of these findings, the OIG recommended—and FDIC management agreed—that the agency, after allowing appropriate time for current guidance to be implemented, conduct a “full horizontal review to assess” any continued presence of the contractual insufficiencies noted in the report. The FDIC will “prepare” that horizontal review in 2018.
On February 10, the U.S. Court of Appeals for the Seventh Circuit issued an opinion, in which it held that a District Court had erred in failing to consider a bank’s responsibility for nearly $900,000 in losses resulting from a scheme in which defendants persuaded the bank to issue mortgage loans to borrowers who, the defendants knew, were unable to repay the loans. See U.S. v. Litos, et al., Nos. 16-1384, -1385, -2248, -2249, -2330 (7th Cir. Feb. 10, 2017) (Posner, R.). At issue before the appellate court was the propriety of the restitution, in the amount of $893,015. The district judge had ordered the defendants to pay such restitution to the bank, on the ground that they had misled the bank by pretending that the buyers were the source of the down-payment, when it was defendants themselves who had supplied the money.
In remanding the matter with instructions to re-sentence defendants based on the bank’s role in allowing the fraud to occur, the appellate panel determined that the bank’s professed ignorance as to the source of the down payments and the creditworthiness of the loan applicants was “reckless” in light of the information that was available at the time of the transaction. Specifically, the appellate court held that, based on the record, the fraud evident in the loan applications was “transparent,” and that the bank had “ignored clear signs” of problems with the loans. The appellate court held that, as a result, the lower court needed to determine whether the bank’s lack of clean hands rendered it partially responsible for the losses. Among other things, the appellate panel noted statements by the district judge that the loan applications were “a joke on their face” and “laughable,” as well as the fact that the bank had approved multiple loans to the same individuals in short spans of time. Accordingly, the court ordered the district judge to consider whether the bank is entitled to restitution.
FinCEN published, at 82 FR 9109 in the Federal Register, a notice and request for comment on proposed updates and revisions to the collection of information filings by financial institutions required to file such reports under the Bank Secrecy Act (“BSA”). While the notice does not propose any new regulatory requirements or changes to the requirements related to suspicious activity reporting, it suggests changes to the required data fields used when filing SARs under the BSA. The majority of the proposed changes would alter the “checklist” of violations in Part II of the filings, including the addition of several fields related to cyber events. Written comments must be received on or before April 3.