On October 19, the FDIC, the OCC, and the Federal Reserve, issued an Advanced Notice of Proposed Rulemaking (ANPR) to further the “development of enhanced cyber risk management standards for the largest and most interconnected entities under their respective supervisory jurisdictions, and those entities’ service providers.” These standards, according to the ANPR, are intended to “increase the operational resilience” of supervised entities and their service providers and, based on the interconnectedness of these entities, “reduce the impact on the financial system in case of a cyber event experienced by one of these entities.” The ANPR proposes organizing enhanced cyber standards into the following categories: (i) cyber risk governance; (ii) cyber risk management; (iii) internal dependency management; (iv) external dependency management; and (v) incident response. The ANPR further explains that the banking agencies “are considering implementing the enhanced standards in a tiered manner, imposing more stringent standards on the systems of those entities that are critical to the functioning of the financial sector.” Comments on the ANPR, which would not apply to community banks, are due January 17, 2017.
On October 20, the FDIC released a report on the use of the traditional banking system in the United States. According to the FDIC’s executive summary of the report, the percentage of U.S. households in which no one had a checking or savings account (the “unbanked”) dropped to 7.0 in 2015. This is the lowest unbanked percentage since 2009, the year the FDIC began conducting an annual survey of unbanked and underbanked households. The FDIC cited several reasons why some households remain unbanked, the most common of which was the cost of maintaining an account, with an estimated 57.4% of respondents citing it as a factor in their decision not to maintain an account, and 37.8% of respondents citing it as the main reason underlying their decision not to maintain an account. Consistent with past survey results, the report notes that unbanked and underbanked rates are higher among lower-income households, less-educated households, younger households, minority households, and working-age disabled households. Additional findings highlighted in the report include: (i) a 1.9% increase from 2013-2015 in the use of prepaid cards; (ii) rapid growth (31.9% of users in 2015 compared to 23.2% in 2013) in the use of mobile and online banking, reflecting “promising opportunities to use the mobile platform to increase economic inclusion”; and (iii) an opportunity for banks to meet the credit needs of some households with an “unmet demand” for credit by “promoting the importance of building credit history, incorporating nontraditional data into underwriting, and increasing households’ awareness of personal credit products.”
On October 11, the New York Department of Financial Services (NYDFS) issued new guidance regarding incentive compensation arrangements, advising “all regulated banking institutions that no incentive compensation may be tied to employee performance indicators, such as the number of accounts opened, or the number of products sold per customer, without effective risk management, oversight and control.” At a minimum, the guidance requires that a bank’s incentive compensation arrangement address the following principles: (i) balance between risks and rewards; (ii) effective controls and risk management; and (iii) effective corporate governance. NYDFS stated that a bank’s lack of compliance with the guidance will be reflected in its regulatory examination rating and may result in additional regulatory action.
The NYDFS’s recently released guidance comes in the wake of a September action taken jointly by the OCC and the CFPB over a bank’s alleged sales practices under which, in an effort to meet sales goals and earn financial rewards under the bank’s incentive compensation program, employees purportedly opened deposit and credit card accounts for consumers without obtaining those consumers’ consent.
OFAC Publishes Fact Sheet and FAQ Related to Termination of Burma Sanctions Program; Updates SDN List
On October 7, OFAC published a Fact Sheet and Frequently Asked Question (FAQ) number 481 regarding the implementation of the President’s Executive Order entitled “Termination of Emergency with Respect to the Actions and Policies of the Government of Burma.” OFAC’s fact sheet explains that all OFAC-administered restrictions and authorizations under the Burma sanctions program pertaining to banking with Burma, including 2012 and 2013 OFAC general licenses that authorized certain correspondent account activity with Burmese banks, are terminated pursuant to the Executive Order. FAQ 481 clarifies that “[p]ending OFAC enforcement matters will proceed irrespective of the termination of OFAC-administered sanctions on Burma, and OFAC will continue to review apparent violations of the [Burmese Sanctions Regulations], whether [such violations] came to the agency’s attention before or after the Burma sanctions program was terminated.” In connection with terminating the Burma-related sanctions program, OFAC made several deletions to its SDN List.
On October 7, OFAC updated its Frequently Asked Questions (FAQs) relating to the Listing of Certain U.S. Sanctions under the Joint Comprehensive Plan of Action (JCPOA). In addition to adding three FAQs related to due diligence (see M.10 through M.12), OFAC amended two FAQs (C.7 and C.15) regarding Financial and Banking Measures and one FAQ (K.19) related to Foreign Entities Owned or Controlled by U.S. Persons. FAQ M.10 clarifies that while “[i]t is not necessarily sanctionable for a non-U.S. person to engage in transactions with an entity that is not on the SDN List but that is minority owned, or that is controlled in whole or in part, by an Iranian or Iran-related person on the SDN List,” it is recommended that persons engaging in such transactions exercise caution to ensure that they do not involve Iranian or Iran-related persons on the SDN List. FAQs M.11 and M.12, respectively, address (i) due diligence expectations related to the screening of potential Iranian counterparties; and (ii) the circumstances under which OFAC expects a non-U.S. financial institution to repeat the due diligence their customers have already performed on an Iranian customer.