On August 18, in a speech to the Association of Military Banks of America, Deputy Comptroller for Compliance Policy Grovetta Gardineer described the OCC’s increasing supervisory and enforcement focus on SCRA compliance. Ms. Gardineer explained that given the significant risks presented by a bank’s failure to comply with the SCRA, the OCC has “stepped up its focus on compliance” and “now requires . . . examiners to include evaluation of SCRA compliance during every supervisory cycle”—even though this closer scrutiny is not required by statute. Ms. Gardineer also highlighted the OCC’s concern regarding potential unfair and deceptive practices associated with overdraft and other administrative fees, especially when “poorly worded disclosures about fees” are contained in “page after page of legal notices and disclaimers.” And while Ms. Gardineer stated that the OCC itself is willing to take enforcement actions where necessary, she also stressed the importance of coordination between regulators to more effectively implement rules and help create a “culture that encourages . . . financial readiness” among servicemembers.
On August 22, the CFPB and the federal banking agencies (Fed, OCC, FDIC and NCUA) issued interagency guidance regarding unfair or deceptive credit practices (UDAPs). The guidance clarifies that “the repeal of the credit practices rules applicable to banks, savings associations, and federal credit unions is not a determination that the prohibited practices contained in those rules are permissible.” Notwithstanding the repeal of these rules, the agencies preserve supervisory and enforcement authority regarding UDAPs. Consequently, the guidance cautions that “depending on the facts and circumstances, if banks, savings associations and Federal credit unions engage in the unfair or deceptive practices described in the former credit practices rules, such conduct may violate the prohibition against unfair or deceptive practices in Section 5 of the FTC Act and Sections 1031 and 1036 of the Dodd-Frank Act. The Agencies may determine that statutory violations exist even in the absence of a specific regulation governing the conduct.” The guidance also explains that the FTC Rule remains in effect for creditors within the FTC’s jurisdiction, and can be enforced by the CFPB against creditors that fall under the CFPB’s enforcement authority.
On August 20, FinCEN announced an action against a casino employee who admitted to violating the Bank Secrecy Act by willfully causing the casino to fail to file certain reports. FinCEN asserted based in part on information obtained from an undercover investigation that the employee helped high-end gamblers avoid detection of large cash transactions by agreeing not to file either Currency Transaction Reports or Suspicious Activity Reports as required under the BSA. FinCEN ordered the employee to pay a $5,000 civil money penalty, and immediately and permanently barred him from participating in the conduct of the affairs of any financial institution located in the U.S. or that does business within the U.S.
On August 20, the OCC issued Bulletin 2014-41, which announces a new “Merchant Processing” booklet of the Comptroller’s Handbook. This booklet replaces the booklet of the same name issued in December 2001 and provides updated guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities. Specific updates address: (i) the selection of third-party organizations and due diligence; (ii) technology service providers; (iii) on-site inspections, audits, and attestation engagements, including the “Statement on Standards for Attestation Engagement” (SSAE 16) and the “International Standard on Assurance Engagements” (ISAE 3402); (iv) data security standards in the payment card industry for merchants and processors; (v) the Member Alert to Control High-Risk Merchants (MATCH) list; (vi) BSA/AML compliance programs and appropriate policies, procedures, and processes to monitor and identify unusual activity; and (vii) appropriate capital for merchant processing activities.
On August 19, the New York DFS announced a consent order with a British bank to resolve claims that the bank and its U.S. subsidiary failed to remediate AML compliance deficiencies as required by a prior settlement with the DFS that required the bank to, among other things, implement a transaction monitoring program. The DFS states that the compliance monitor appointed as part of the prior agreement determined that the procedures adopted by the bank to detect high-risk transactions contained errors and other problems that prevented the bank from identifying high-risk transactions for further review. The DFS asserts that the bank failed to detect these problems because of a lack of adequate testing both before and after implementation of the monitoring system. The DFS also claims the bank failed to properly audit its monitoring system. Under the latest consent order, the bank must: (i) suspend its dollar clearing operations for high-risk retail business clients of the bank’s Hong Kong subsidiary; (ii) obtain prior DFS approval to open a U.S. Dollar demand deposit account for any customer who does not already have such an account with the U.S. entity; and (iii) pay a $300 million penalty. The bank also must implement additional compliance enhancements, including enhanced due diligence and know-your customer requirements.
On August 18, the New York DFS announced an agreement with a bank consulting firm to resolve allegations related to certain services it performed for a bank charged last year with sanctions violations. The consulting firm allegedly altered an historical transaction review (HTR) report submitted to regulators regarding wire transfers that the bank completed on behalf of sanctioned countries and entities. At the bank’s request, the firm allegedly removed from the original HTR report key information and warning language concerning the bank’s transactions. Specifically, the DFS alleges that the firm: (i) removed the English translation of the bank’s wire stripping instructions; (ii) removed a regulatory term to describe the wire-stripping instructions and a discussion of the activities; and (iii) deleted “several forensic questions” that the firm identified as necessary for consideration in connection with the HTR report. The agreement prohibits the firm from doing business with any DFS-regulated institution for two years and requires the firm to: (i) pay a $25 million penalty; and (ii) implement certain reforms to address the conflicts of interest within the consulting industry. Those reforms are based on a similar agreement obtained by the DFS last year from another consulting firm.
On August 14, the U.S. Court of Appeals for the Second Circuit affirmed a district court’s holding that the Dodd-Frank Act’s antiretaliation provision does not apply extraterritorially. Liu Meng-Lin v. Siemens AG, No. 13-4385, 2014 WL 3953672 (2nd Cir. Aug. 14, 2014). A foreign worker was allegedly fired by his foreign employer for internally reporting violations of U.S. anti-corruption rules, which he claimed violated the antiretaliation provision of the Dodd-Frank Act. This provision prohibits an employer from firing or otherwise discriminating against any employee who makes a disclosure that is required or protected under Sarbanes-Oxley or any other law, rule, or regulation subject to the SEC’s jurisdiction. The court first determined that the facts alleged in the complaint revealed “essentially no contact with the United States” and rejected an argument that the foreign company voluntarily subjected itself to U.S. securities laws by listing its securities on the New York Stock Exchange. The court also held that, given the longstanding presumption against extraterritoriality and the absence of any “explicit statutory evidence that Congress meant for the provision to apply extraterritorially,” the cited provision does not apply to purely foreign-based claims.
On August 15, the U.S. District Court for the Central District of California held that a bank responded too slowly to a government levy on a customer’s account and was therefore responsible for funds subsequently removed by the customer. The IRS notified the bank of a jeopardy levy on the account of a customer who received an improper tax refund and refused to return those funds to the government. Before the bank acted on the notice, the customer removed the funds from his account and the IRS was unable to recover them. The government then turned to the bank for relief, asserting that under the Internal Revenue Code, any person who fails or refuses to surrender any property subject to a levy is liable to the government. The court held that although the statute does not require the bank to immediately surrender the property, the bank was required, upon receiving notice, “to preserve that property or run the risk of paying the depositor’s tax bill.” The court explained that once the levy was served on the bank, the bank was in the best position to protect the property, and that even if the bank acted reasonably—i.e., without any undue delay—it could still be liable for the levied property.
On August 11, FinCEN issued Advisory FIN-2014-A007 to provide guidance regarding BSA/AML compliance programs. Specifically, the guidance recommends that institutions create a “culture of compliance” by ensuring that: (i) leadership actively supports and understands compliance efforts; (ii) efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests; (iii) relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts; (iv) the institution devotes adequate resources to its compliance function; (v) the compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party; and (vi) leadership and staff understand the purpose of the institution’s BSA/AML efforts. The guidance follows numerous public remarks by FinCEN Director Jennifer Shasky Calvery and other financial regulators and enforcement authorities calling for stronger compliance cultures, particularly with regard to BSA/AML compliance. Director Shasky Calvery reinforced that message in an August 12, 2014 speech in which she asserted that, in the enforcement matters she has seen, a culture of compliance “could have made all the difference.” In the same speech, Ms. Shasky Calvery criticized—as Comptroller of the Currency Thomas Curry also did earlier this year—financial institutions which may be “de-risking” by preventing certain categories of businesses from accessing banking services. She stressed that “just because a particular customer may be considered high risk does not mean that it is ‘unbankable’,” and called on banks to develop programs to manage high risk customer relationships.
Last month, the Massachusetts Division of Banks (DOB) issued an advisory opinion addressing whether an oral request by a debtor for certain records to validate a debt (pursuant to 209 CMR 18.18(3)) triggers a debt collector’s obligation to provide such documents within five business days. The DOB advised that a debt collector’s receipt of an oral request for such records from a consumer (or a consumer’s attorney) is sufficient to trigger the debt collector’s obligation and may serve to commence the five business day period in which the required response must be returned to the consumer.
On August 6, the CFPB’s Student Loan Ombudsman, Rohit Chopra, published a blog post addressing the financial arrangements between financial institutions and institutions of higher education that market financial products to students. Last year, the CFPB urged banks to disclose any agreements with colleges and universities to market debit, prepaid, and other products to students and warned that “[t]he CFPB prioritizes its supervisory examinations based on the risks posed to consumers” and “[failing to make] college financial product arrangements transparent to students and their families . . . increase[s] such risks.” In this latest review, the CFPB assessed the Big Ten schools and found that at least 11 have established banking partners to market financial products to students. Of those 11, the CFPB found only four contracts on the bank websites, and it characterized three of those four contracts as “partial”—i.e. in the CFPB’s view, the disclosed agreements “did not contain important information, such as how much they pay schools to gain access to students in order to market and sell them financial products and services.” Concurrent with the blog post, the CFPB sent letters to schools asserting that “their bank partner has not yet committed to transparency when it comes to student financial products.”
On August 4, the OCC issued Bulletin 2014-37, which provides new guidance on the application of consumer protection requirements and safe and sound banking practices to consumer debt-sale arrangements with third parties—e.g. debt buyers—that intend to pursue collection of the underlying obligations. The guidance goes well beyond the set of “best practices” the OCC provided last summer as an attachment to written testimony submitted to a U.S. Senate committee. For example, the new guidance establishes requirements to: (i) notify the consumer that a debt has been sold, the dollar amount of the debt transferred, and the name and address of the debt buyer; (ii) perform due diligence on the debt buyer down to the consumer complaint level; and (iii) provide the debt buyer with the signed debt contract and a detailed payment history. The bulletin also requires sale contracts to include limitations on the debt buyer’s ability to litigate on an account and “minimum-service-level agreements” that apply whether or not debt buyers conduct the collection activities or employ other collection agents. The Bulletin specifies that certain types of debt are “not appropriate for sale,” such as: (i) debt of borrowers who have sought or are seeking bankruptcy protection; (ii) accounts eligible for Servicemembers Civil Relief Act protections; (iii) accounts in disaster areas; and (iv) accounts close to the statute of limitations.
On August 5, FinCEN issued an advisory, FIN-2014-A006, which provides guidance to financial institutions for reviewing their obligations and risk-based approaches with respect to certain jurisdictions. The Financial Action Task Force (FATF) recently updated its lists of jurisdictions that appear in two documents: (i) jurisdictions that are subject to the FATF’s call for countermeasures or Enhanced Due Diligence as a result of the jurisdictions’ Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) deficiencies; and (ii) jurisdictions identified by the FATF as having AML/CFT deficiencies. The advisory notice (i) summarizes the changes made by the FATF; (ii) provides specific guidance regarding jurisdictions listed in each category including when Enhanced Due Diligence is required; and (iii) reiterates that if a financial institution knows, suspects, or has reason to suspect that a transaction involves funds derived from illegal activity or that a customer has otherwise engaged in activities indicative of money laundering, terrorist financing, or other violation of federal law or regulation, the financial institution must file a Suspicious Activity Report.
On August 1, FinCEN and its Mexican counterpart announced a series of reporting initiatives designed to improve the transparency of cross-border cash movements. To address U.S. and Mexican law enforcement’s concerns about potential misuse of exemptions and incomplete or inaccurate reports filed by armored car services (ACS) and other common carriers of currency, FinCEN issued a Geographic Targeting Order (GTO) that requires enhanced cash reporting by these businesses at the San Ysidro and Otay Mesa Ports of Entry in California. FinCEN also issued updated guidance concerning detailed and proper filing of Currency and Monetary Instruments Reports (CMIRs), which are filed when $10,000 or more in currency is moved across the U.S. border.
On July 24, Illinois Governor Pat Quinn signed HB 5342, which amends numerous provisions of state law applicable to state banks and credit unions, including requiring the Illinois Secretary of Financial and Professional Regulation to adopt formal rules that guarantee consistency and due process during the examination process of state-chartered banks. The bill also allows the Secretary to establish guidelines “that (i) define the scope of the examination process and (ii) clarify examination items to be resolved.” In addition, the bill provides that an existing loan secured by an interest in real estate shall not, under certain circumstances, require a new appraisal of the collateral during renewal, refinancing, or restructuring. The changes became effective immediately.