On January 30, in remarks to SIFMA’s AML and Financial Crimes Conference, FinCEN Director Jennifer Shasky Calvery stressed the importance of establishing a “culture of compliance” at financial institutions to support effective AML safeguards. The Director’s comments reinforce similar remarks made in recent months by both the Deputy U.S. Attorney General and Comptroller Curry. And like Comptroller Curry, Ms. Shasky Calvery highlighted the need for better information sharing not only within institutions but between institutions. FinCEN agrees with industry feedback that the agency needs to improve its own ability to share information. Also part of a broader theme among enforcement authorities, the Director explained that financial institutions should take responsibility when their actions violate the BSA, not only by admitting to the facts alleged by FinCEN but also by acknowledging a violation of the law. She highlighted specific risks in the securities sector including those related to the use of cash, and explained that securities firms that provide bank-like services need to consider the vulnerabilities associated with engaging in such services and must ensure that their compliance programs are commensurate with those risks.
Federal Reserve Plans Regular Reporting On Bank Applications, Outlines Common Issues Resulting In Application Withdrawals
On February 24, the Federal Reserve Board announced in SR 14-2 that it will start publishing a semi-annual report to provide certain information on bank applications and notices filed with the Federal Reserve. The Board stated that the report will include statistics on the length of time taken to process various applications and notices and the overall volume of approvals, denials, and withdrawals. The report also will provide the primary reasons for withdrawals. The first report will be released in the second half of 2014 and will include filings acted on from January through June 2014. The letter also describes common issues identified by the Federal Reserve that have led to recent withdrawal of applications, including (i) less-than-satisfactory supervisory rating(s) for safety and soundness, consumer compliance, or CRA; (ii) inadequate compliance with the Bank Secrecy Act; and (iii) concerns regarding the financial condition or management of the proposed organization.
Special Alert: Federal Reserve Board Guidance on Managing Outsourcing Risks Mirrors Recent OCC Guidance
On December 5, 2013, the Federal Reserve Board (FRB or the Fed) issued Supervision and Regulation Letter 13-19, which details and attaches the Fed’s Guidance on Managing Outsourcing Risk (FRB Guidance). The FRB Guidance sets forth risks arising out of the use of service providers and the regulatory expectations relating to risk management programs. It is substantially similar to OCC Bulletin 2013-29, which the Office of the Comptroller of the Currency (OCC) issued on October 30, 2013.
The FRB Guidance supplements existing guidance relating to risks presented by Technology Service Providers (TSPs) to reach service providers that perform a wide range of business functions, including, among other things, appraisal management, internal audit, human resources, sales and marketing, loan review, asset and wealth management, procurement, and loan servicing.
While a complete roadmap of the FRB Guidance would be largely duplicative of our recent Special Alert relating to the OCC Bulletin 2013-29, key supervisory and enforcement themes emerge from a comparison of the two guidance documents. Like the OCC, the Fed signals broadly that failure to effectively manage the use of third-party service providers could “expose financial institutions to risks that can result in regulatory action, financial loss, litigation, and loss of reputation.” The Fed also emphasizes the responsibility of the Board of Directors and senior management to provide for the effective management of third-party relationships and activities. It enumerates virtually the same risk categories as the OCC, including compliance, concentration, reputational, operational, country, and legal risks, though its discussion of those risks is slightly less comprehensive.
The FRB Guidance makes clear that service provider risk management programs should focus on outsourced activities that are most impactful to the institution’s financial condition, are critical to ongoing operations, involve sensitive customer information, new products or services, or pose material compliance risk. While the elements comprising the service provider risk management program will vary with the nature of the financial institution’s outsourced activities, the Fed’s view is that effective programs usually will include the following: Read more…
On November 22, the CFPB released findings of a study the Bureau conducted on the impact of certain deposit regulations on the day-to-day operations of banking institutions, focusing on compliance costs related to checking accounts, traditional savings accounts, debit cards, and overdraft programs. The study collected information from seven banks about activities related to compliance with regulations implementing the Truth in Savings Act, the Electronic Fund Transfer Act, the financial privacy requirements of the Gramm-Leach-Bliley Act, and the Fair Credit Reporting Act (Regulations DD, E, P, and V, respectively), as well as FCRA’s adverse action requirements, which are not implemented by regulation. According to the Bureau, compliance costs were concentrated in the Operations, Information Technology, Human Resources, Compliance, and Retail functions, and banks incurred the most substantial costs complying with rules related to authorization rights, error resolution requirements, disclosure mandates, and advertising standards.
The report identifies the compliance-related activities that entailed the highest costs across business functions and suggests that “authorization rights” (i.e., opt-ins and opt-outs) and error-resolution requirements are the most costly to administer. The report also discusses the potential for the study—which the Bureau characterizes as representing “some of the most rigorous information currently available” on compliance costs—to advance research on the cost of compliance, influence the ultimate understanding of regulatory impacts on consumers and markets, and inform the CFPB’s ongoing efforts to avoid unnecessary compliance costs. The Bureau states that estimating the operational effects of consumer financial services regulation alone has “limited value to policymaking” and is mainly helpful in determining the impact of a specific regulation on product pricing and availability or market structure and competition. The Bureau concluded that research on the effects of regulations will remain an ongoing priority, but it will nevertheless continue to address problems observed in the marketplace — “mindful that, whatever the costs of regulation, the costs of not regulating adequately can be even larger.”
The full report, Understanding the Effects of Certain Deposit Regulations on Financial Institutions’ Operations: Findings on Relative Costs for Systems, Personnel, and Processes at Seven Institutions, is available here.
On November 18, at an American Bar Association/American Bankers Association conference on the Bank Secrecy Act/Anti-Money Laundering (BSA/AML), Deputy Attorney General (Deputy AG) James Cole challenged financial institutions’ compliance efforts and outlined the DOJ’s financial crimes enforcement approach. Noting that compliance within financial institutions is of particular concern to the DOJ, based in part on recent cases of “serious criminal conduct by bank employees,” the nation’s second highest ranking law enforcement official detailed DOJ’s approach to investigating and deciding in what manner to pursue potential violations. The Deputy AG included among his examples of serious misconduct recent BSA/AML, RMBS, mortgage False Claims Act, and LIBOR cases. He explained that the DOJ is particularly concerned about incentives that encourage excessive risk taking, and stated that “too many bank employees and supervisors value coming as close to the line as possible, or even crossing the line, as being ‘competitive’ or ‘aggressive.’” Read more…
On November 17, the Comptroller of the Currency, Thomas Curry, delivered remarks at the American Bar Association/American Bankers Association BSA/AML conference in which he identified common BSA/AML compliance risks and failures, and identified steps industry participants and regulators should take to improve compliance. The Comptroller explained that successful BSA/AML compliance is dependent not only on “the strength of the institution’s technology and monitoring processes, and the effectiveness of its risk management,” but also on strong corporate governance processes and management’s willingness to commit adequate resources. Comptroller Curry called on banks to commit sufficient resources and take a “holistic approach” toward BSA/AML compliance, for example, by dispersing accountability throughout the organization instead of concentrating compliance in a single unit. Noting that this is particularly important in the M&A context, the Comptroller stated that it is vital that due diligence go beyond a target’s credit portfolio to include a review of the target’s BSA/AML program. In addition to lack of compliance resources, the Comptroller identified as risk trends: (i) poor management of international activities—foreign correspondent banking, cross-border funds transfers, bulk cash repatriation, and embassy banking; (ii) third-party relationships and payment processors; and (iii) emerging payment technologies, including virtual currencies. He stressed the importance of information sharing among institutions and between institutions and their regulators, and called for (i) legislation that would encourage the filing of SARs by strengthening the statutory safe harbor from civil liability for filing financial institutions, (ii) broadening the Patriot Act safe harbor for institutions that share information with each other about potential crimes and suspicious transactions, and (iii) exploring ways government can provide more robust and granular information about money laundering schemes and typologies to institutions in a more timely way.
On November 20, the OCC announced in Bulletin 2013-34 that as part of its ongoing implementation of the Dodd-Frank Act’s mandate that the OCC integrate Office of Thrift Supervision (OTS) policies with existing OCC policies, the OCC is rescinding the OTS compliance documents listed in an appendix provided with the announcement. A second appendix lists OCC policy guidance that the OCC is applying to federal savings associations in cases where policy guidance did not already exist. The announcement does not cover OTS policies and guidance related to the FCRA, the CRA, UDAP, or mortgage regulations, which the OCC plans to address at a later date.
On November 12, the FDIC released the economic scenarios that will be used by certain financial institutions with total consolidated assets of more than $10 billion for stress tests required under the Dodd-Frank Act. Each scenario includes key variables that reflect economic activity, including unemployment, exchange rates, prices, income, interest rates, and other salient aspects of the economy and financial markets. The baseline scenario represents expectations of private sector economic forecasters; the adverse and severely adverse are hypothetical scenarios designed to assess the strength and resilience of financial institutions and their ability to continue to meet the credit needs of households and businesses under stressed economic conditions. The FDIC release follows the recent release of stress test scenarios by the Federal Reserve Board and the OCC. The Federal Reserve Board also recently issued a final policy statement that describes the process by which it will develop future stress test scenarios.
On November 5, the Federal Reserve Board announced the annual indexing of the amounts used in determining reserve requirements of depository institutions and deposit reporting panels effective in 2014. The Board amended Regulation D to (i) set the amount of total reservable liabilities of each depository institution that is subject to a zero percent reserve requirement in 2014 at $13.3 million (from $12.4 million in 2013) and (ii) set the amount of net transaction accounts at each depository institution (over the reserve requirement exemption amount) that is subject to a three percent reserve requirement in 2014 at $89.0 million (from $79.5 million in 2013). These are known as the reserve requirement exemption amount and the low reserve tranche, respectively. The new exemption amount and low reserve tranche will apply to the 14-day reserve maintenance period that begins January 23, 2014. For depository institutions that report deposit data weekly, this maintenance period corresponds to the 14-day computation period that begins Tuesday, December 24, 2013. For depository institutions that report deposit data quarterly, this maintenance period corresponds to the seven-day computation period that begins Tuesday, December 17, 2013. The Board also announced changes in the nonexempt deposit cutoff level and the reduced reporting limit, which are used to determine the frequency with which depository institutions must submit deposit reports.
On November 6, the OCC issued two bulletins to announce an addition and revisions to the Comptroller’s Handbook. The OCC also rescinded certain Handbook provisions. Bulletin OCC 2013-30 adds to the Handbook the “Qualified Thrift Lender” (QTL) booklet, which includes the “Qualified Thrift Lending Test,” issued June 2002 as part of the Office of Thrift Supervision’s Examination Handbook. The revisions are statutory in nature and include, among other things, new language pursuant to the Dodd–Frank Act regarding QTL failure and the violation of HOLA section 5 and additional limitations in the payment of dividends. Bulletin OCC 2013-31 updates the “Insider Activities” booklet and provides guidance for examiners and bankers on how national banks and federal savings associations may legally and prudently engage in transactions with insiders. The booklet explains how to implement risk management processes that provide for the appropriate control and monitoring of insider activities and how examiners review and assess insider activities during the supervisory process.
On October 30, the OCC issued Bulletin 2013-29 to update guidance relating to third-party risk management. The Bulletin, which rescinds OCC Bulletin 2001-47 and OCC Advisory Letter 2000-9, requires banks and federal savings associations (collectively “banks”) to provide comprehensive oversight of third parties, including joint ventures, affiliates or subsidiaries, and payment processors. It is substantially more prescriptive than CFPB Bulletin 2012-3, and incorporates third-party relationship management principles underlying recent OCC enforcement actions.
The Bulletin warns that failure to have in place an effective risk management process commensurate with the risk and complexity of a bank’s third-party relationships “may be an unsafe and unsound banking practice.” It outlines a “life cycle” approach and provides detailed descriptions of steps that a bank should consider taking at five important stages: Read more…
Prudential Regulators Issue Joint Agreement On Classification And Appraisal Of Securities Held By Financial Institutions
On October 29, the FDIC, the Federal Reserve Board, and the OCC issued a joint agreement to update and revise the 2004 Uniform Agreement on the Classification of Assets and Appraisal of Securities Held by Banks and Thrifts. The updated agreement reiterates the importance of a robust investment analysis process and the agencies’ longstanding asset classification definitions. It also replaces references to credit ratings with alternative standards of creditworthiness consistent with sections 939 and 939A of the Dodd-Frank Act, which directed the agencies to remove any reference to or requirement of reliance on credit ratings in the regulations and replace them with appropriate standards of creditworthiness. The agencies adopted those new standards in 2012 (see, e.g., the OCC’s final rule). The joint agreement provides examples to demonstrate the appropriate application of the new standards to the classification of securities.
On October 24, the Federal Reserve Board issued a proposed rule it developed with the OCC and the FDIC to establish a minimum liquidity coverage ratio (LCR) consistent with the Basel III LCR, with some modifications to reflect characteristics and risks of specific aspects of the U.S. market and U.S. regulatory framework. The proposal would create for the first time a minimum liquidity requirement for certain large or systemically important financial institutions. The covered institutions would be required to hold (i) minimum amounts of high-quality, liquid assets such as central bank reserves and government and corporate debt that can be converted easily and quickly into cash, and (ii) liquidity in an amount equal to or greater than its projected cash outflows minus its projected cash inflows during a short-term stress period. The requirements would apply to all internationally active banking organizations—i.e., those with $250 billion or more in total consolidated assets or $10 billion or more in on-balance sheet foreign exposure—and to systemically important, non-bank financial institutions designated by the FSOC. The proposal also would apply a less stringent, modified LCR to bank holding companies and savings and loan holding companies that are not internationally active, but have more than $50 billion in total assets. The regulators propose various categories of high quality, liquid assets and also specify how a firm’s projected net cash outflows over the stress period would be calculated using common, standardized assumptions about the outflows and inflows associated with specific liabilities, assets, and off-balance-sheet obligations. Comments on the proposed rule must be submitted by January 31, 2013.
On August 8, the CFPB released an updated small business guide for the remittance transfer rule it finalized last year and revised in May 2013. The updated guide summarizes the remittance rule and discusses the new requirements, which take effect on October 28, 2013. The CFPB also issued technical corrections to the May 2013 amendments, and released a video that provides an overview of the rule and the recent changes, as well as implementation guidance.
On August 1, the California Supreme Court held that the federal Truth in Savings Act (TISA), which does not provide a private right of action, does not similarly bar state law claims derived from alleged TISA violations. Rose v. Bank of Am., N.A., No. S199074, 2013 WL 3942612 (Cal. Aug. 1, 2013). In this case, a putative class filed suit claiming a bank violated the state’s Unfair Competition Law (UCL) when it failed to provide certain disclosures required by TISA. The trial and appellate courts held that because Congress amended TISA in 2001 to remove its private right of action, before the borrowers filed their TISA-based class claims, those claims were barred. The appellate court explained that Congress’s repeal of the private right of action reflected its intent to bar any private action to enforce TISA. The Supreme Court disagreed and held that Congress’s decision to leave TISA’s savings clause in place explicitly allowed for the enforcement of state laws relating to the disclosures at issue here, except to the extent that those laws are inconsistent with the relevant TISA provision. The court rejected the bank’s argument that the UCL may not be employed to borrow directly from a federal statute where Congress has not provided a private right of action, holding instead that “when Congress permits state law to borrow the requirements of a federal statute, it matters not whether the borrowing is accomplished by specific legislative enactment or by a more general operation of law.” The court reversed the appeals court’s judgment.