On June 18, FinCEN’s Associate Director for Enforcement, Stephanie Brooker, delivered remarks at the Bank Secrecy Act Conference, focusing on three main areas: (i) BSA filing trends, the value of BSA data, and compliance development in the casino industry over the past year; (ii) FinCEN’s enforcement approach and recent enforcement developments; and (iii) the significance of establishing and maintaining a culture of compliance throughout the business and compliance sides of casinos and card clubs. In addition, Brooker noted certain principles at the core of FinCEN’s enforcement program: (i) transparency in the agency’s rationale behind its enforcement actions; (ii) accountability, ensuring that financial institutions, and any individual related to the financial institution, take responsibility for violations of the BSA; and (iii) giving credit where credit is due by considering an institution’s “documented improvements in AML compliance over time.” Finally, Brooker stressed that in order for a financial institution to successfully maintain a culture of compliance, its business side and business leaders must take AML controls and BSA compliance seriously, meaning that “every casino employee, from the top down, views AML compliance as part of his or her responsibility.”
On July 24, OCC Comptroller Curry delivered remarks before the New England Council in Boston, MA regarding the risks that financial institutions face today. Rising interest rates and regulatory compliance were two of the three risks discussed. Curry emphasized that the inevitable rise in interest rates could greatly affect loan quality, particularly loans that were not carefully underwritten to begin with, and that ”[l]oans that are typically refinanced, such as leveraged loans,” would be particularly severely affected. Recognizing the impact that Dodd-Frank continues to have on banks, Curry said that financial institutions face two categories of risk from new regulations: (i) “banks run afoul of the new regulations, possibly damaging their reputations and subjecting themselves to regulatory penalties”; and (ii) banks devote their time and money to regulatory compliance, rather than putting those resources toward serving their customers and communities. The final and “perhaps the foremost risk facing banks today,” according to Curry, is cyber threats. Curry outlined the agency’s efforts to curtail cyber intrusion in the banking industry, highlighting the June 30 release of its Semiannual Risk Assessment and the creation of a Cybersecurity and Critical Infrastructure Working Group, which was designed to (i) increase cybersecurity awareness; (ii) promote best practices; and (iii) strengthen regulatory oversight of cybersecurity readiness. Curry noted, however, that information-sharing is just as important as self-assessment and supervisory oversight: “We strongly recommend … that financial institutions of all sizes participate in the Financial Services Information Sharing and Analysis Center, a non-profit information-sharing forum established by financial services industry participants to facilitate the sharing of physical and cyber threat and vulnerability information.” Collaboration among banks of all sizes and non-bank providers, Curry stated, can be a “game-changer” in more ways than one: “By promoting the discovery of common interests and common responses to the risks that you face in your businesses and we all face together, you provide an invaluable service to New England and to the United States.”
On June 1, a Boston-based international financial services holding company and its banking subsidiary agreed to address deficiencies in how they manage compliance risks with respect to their BSA/AML compliance program. The Agreement, entered into with the Federal Reserve Bank of Boston and the Massachusetts Division of Banks, requires both entities to submit a written plan outlining their efforts to improve their compliance with OFAC and internal controls, customer due-diligence procedures, and suspicious activity monitoring and reporting, among other things. In addition, the banking subsidiary must hire an independent third-party to review account and transaction activity during a specified period to ensure suspicious activity was properly identified and reported.
In a separate enforcement action, the Federal Reserve Bank of Chicago entered into an agreement on May 26 with an Illinois-based financial services company, requiring the parent company and its banking subsidiary to, among other things, submit written plans to (i) strengthen its BSA/AML compliance risk management program; and (ii) “ensure the identification and timely, accurate, and complete reporting” of suspicious transactions to the appropriate law enforcement and supervisory [banking] authorities.” No civil money penalties were imposed in either enforcement action.
On May 21, the FDIC’s Division of Depositor and Consumer Protection is scheduled to host a teleconference that will focus on the implementation of the new mortgage rules issued by the CFPB in 2013. According to the FDIC, officials from the banking regulator will discuss findings and highlight best practices that its examiners have noted during initial examinations in the first year since the rules became effective in 2014. Registration is required, and will begin at 2:00 p.m. EST.
On April 14, the OCC issued the “Real Estate Settlement Procedures Act” booklet as part of the Comptroller’s Handbook, which is prepared for use by OCC examiners in connection with their examination and supervision of national banks and federal savings associations (collectively, “banks”). The revised booklet, which replaces a similarly titled booklet issued in October 2011, reflects updated guidance relating to mortgage servicing and loss mitigation procedures resulting from the multiple amendments made to Regulation X over the past several years. Notable revisions reflected in the revised booklet include: (i) the transfer of rulemaking authority for Regulation X from HUD to the CFPB; (ii) new requirements relating to mortgage servicing; (iii) new loss mitigation procedures; (iv) prohibitions against certain acts and practices by servicers of federally related mortgage loans with regard to responding to borrower assertions of error and requests for information; and (v) updated examination procedures for determining compliance with the new servicing and loss mitigation rules. The OCC notified its applicable supervised financial institutions of the changes affecting all banks that engage in residential mortgage lending activities by distributing OCC Bulletin 2015-25.
OCC Revises Guidance Regarding Consumer Protection Requirements to Overdraft Lines and Protection Services
As previously reported in our March 11 Special Alert Update, on March 6, 2015, the OCC issued its revised “Deposit-Related Credit” booklet (“DRC booklet”) of the Comptroller’s Handbook, which replaced the “Deposit-Related Consumer Credit” booklet issued on February 11, 2015 (previously covered in this Special Alert). While the new booklet covers the same products – check credit (overdraft lines of credit, cash reserves, and special drafts), overdraft protection services, and deposit advances – the OCC made significant amendments to scale back the provisions of the prior version. Specifically, the new DRC booklet no longer contains supervisory principles that could be read to require that banks provide substantive consumer protections that are not currently required by the applicable consumer protection regulations. Read more…
On December 24, a Maryland-based bank entered into an FDIC consent order involving alleged deficiencies in its BSA/AML compliance program. The consent order requires that the bank’s board of directors increase its oversight of the bank’s BSA compliance program. In addition, under the consent order, the bank must (i) appoint a qualified BSA officer and (ii) conduct a retrospective review of currency transaction reports beginning in May 2013 until the effective date of the consent order to determine whether transactions were properly identified and reported.
On December 2, Fed Governor Brainard delivered remarks at the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) Outreach Meeting in California. Governor Brainard noted the significance of safety and soundness in the banking system, but noted that some Dodd-Frank regulations should target only larger institutions so that undue burdens are not placed on community banks: “Applying a one-size-fits-all approach to regulations may produce a small benefit at a disproportionately large compliance cost to smaller institutions.” The EGRPRA review, conducted every 10 years, provides an opportunity for federal financial regulators to consider whether current regulations are outdated, unnecessary, or unduly burdensome.
On November 12, the FCA announced that it was fining five banks for their foreign exchange practices. Specifically, ineffective controls at the banks allegedly allowed traders to strategize and manipulate exchange rates for their benefit. Additionally, confidential bank information was compromised in online chat rooms, including “the disclosure of information regarding customer order flows and proprietary Bank information, such as [foreign exchange] rate spreads.” The combined amount of civil money penalties against the banks is $1.7 billion.
Eleventh Circuit Vacates Dismissal, Rules Bank Officers Subject To Negligence Claims Under Georgia Law
On October 24, based on the Georgia Supreme Court’s response to the federal appellate court’s certified questions, the United States Court of Appeals for the Eleventh Circuit issueda per curiam opinion overturning a district court’s order to dismiss a lawsuit under Georgia’s business judgment rule. In this case, the court addressed whether bank directors and officers of failed banking institutions could be held liable under the state’s law for claims of ordinary negligence and breach of fiduciary duty based on ordinary negligence. In light of the responses from the Georgia Supreme Court, the Eleventh Circuit noted, “a bank director or officer may violate the standard of care established by O.C.G.A. § 7–1–490, even where he acts in good faith, where, with respect to the process by which he makes decisions, he fails to exercise the diligence, care, and skill of ‘ordinarily prudent men [acting] under similar circumstances in like positions.’” The case was remanded back to the district court for further proceedings. FDIC v. Skow, No. 12-15878, WL 5394321 (11th Cir. Oct. 24, 2014)
On May 8, the New York Court of Appeals held that in certain circumstances a bank and its customer may agree to shorten the statutory time period under the state’s Uniform Commercial Code within which a customer must notify its bank of an improperly paid item in order to recover the payment. Clemente Bros. Contracting Corp. v. Hafner-Milazzo, No. 64, 2014 WL 1806924 (N.Y. May 8, 2014). The court explained that New York’s version of the UCC imposes strict liability on a bank that charges against its customer’s account any “item” that is not “properly payable”, but bars a customer’s claim for recovery on a wrongfully paid item when the customer fails to report the irregularity within one year after the bank provides the statement and item, regardless of either party’s failure to exercise reasonable care. In this case, the customer’s account agreement reduced the one-year reporting period to 14 days. The court held that the parties are permitted to vary the one-year period by agreement, and that the 14-day period is not manifestly unreasonable where the customer is a “corporate entity that either is financially sophisticated or has the resources to acquire professional guidance.” The court stressed that the same would not hold true where the customer is an unsophisticated small business or individual.
Eleventh Circuit Holds Custodian Bank Has No Duty To Police Securities Transactions By Customer’s Investment Advisor
On April 14, the U.S. Court of Appeals for the Eleventh Circuit held that a custodian bank had no duty under New York or Florida law to identify or alert a customer to fraudulent transactions directed by the customer’s investment advisor. Lamm v. State Street Bank & Trust, No. 12-15061, 2014 WL 1410172 (11th Cir. Apr. 14, 2014). A bank customer sued his bank for breach of contract, breach of fiduciary duty, negligence, and several other common law claims, alleging the bank had a duty to notify him that the securities held by the bank were worthless. The court determined that, although the bank held the assets and could execute certain administrative transactions without prior authorization, transactions beyond these administrative roles were carried out at the direction of the customer’s investment advisor. Accordingly the bank had no responsibility for supervising investments and assumed no liability for losses except those it caused through negligence or willful misconduct. The court held that the customer’s breach of contract and negligence claims failed because (i) the custody agreement provided the bank no decisionmaking role in investments; (ii) the bank had contractual authority to rely on the investment advisor’s instructions; and (iii) the customer failed to demonstrate that the bank had a duty to ensure the investment instruments were valid or to verify their market value. The court further held with regard to the customer’s other claims that (i) the fact that certain securities had facial defects does not raise a plausible inference that the bank knew of the investment advisor’s wrongdoing, and cannot support a claim for aiding and abetting fraud; (ii) the custody terms established an arm’s length agreement with limited obligations and did not establish special circumstances on which a fiduciary duty claim can be made; and (iii) the customer’s negligent misrepresentation claim failed because the customer did not establish that the bank intended to induce him to rely on its alleged representations as to the validity of his securities.
Comptroller Curry Addresses Senior Management’s AML Compliance Responsibilities, Criticizes “De-Risking”
On March 17, Comptroller of the Currency Thomas Curry reaffirmed his agency’s views with regard to BSA/AML compliance and the responsibilities of senior bank managers and boards of directors. Mr. Curry asserted that BSA infractions “can almost always be traced back to decisions and actions of the institution’s Board and senior management” and that the deficiencies underlying those infractions tend to involve failures in four areas: (i) the culture of compliance at the organization; (ii) the resources committed to BSA compliance; (iii) the strength of information technology and monitoring process; and (iv) the quality of risk management. Mr. Curry reported a recent positive trend, particularly at OCC-regulated large banks, which have increased spending and added BSA/AML compliance staff. He stated that such actions are one aspect of banks’ efforts to align “good compliance practices and the bank’s system of compensation and incentives.” The Comptroller criticized a separate trend of “de-risking”, in which banks avoid or end relationships with types of businesses deemed too risky. He warned that any business can be used for illicit purposes and “de-risking” is not a shortcut to circumvent a bank’s obligation to evaluate risk on an individual basis. He encouraged banks not to avoid high-risk businesses, but rather to apply stronger risk management and controls as necessary.
Federal Reserve Plans Regular Reporting On Bank Applications, Outlines Common Issues Resulting In Application Withdrawals
On February 24, the Federal Reserve Board announced in SR 14-2 that it will start publishing a semi-annual report to provide certain information on bank applications and notices filed with the Federal Reserve. The Board stated that the report will include statistics on the length of time taken to process various applications and notices and the overall volume of approvals, denials, and withdrawals. The report also will provide the primary reasons for withdrawals. The first report will be released in the second half of 2014 and will include filings acted on from January through June 2014. The letter also describes common issues identified by the Federal Reserve that have led to recent withdrawal of applications, including (i) less-than-satisfactory supervisory rating(s) for safety and soundness, consumer compliance, or CRA; (ii) inadequate compliance with the Bank Secrecy Act; and (iii) concerns regarding the financial condition or management of the proposed organization.
On January 30, in remarks to SIFMA’s AML and Financial Crimes Conference, FinCEN Director Jennifer Shasky Calvery stressed the importance of establishing a “culture of compliance” at financial institutions to support effective AML safeguards. The Director’s comments reinforce similar remarks made in recent months by both the Deputy U.S. Attorney General and Comptroller Curry. And like Comptroller Curry, Ms. Shasky Calvery highlighted the need for better information sharing not only within institutions but between institutions. FinCEN agrees with industry feedback that the agency needs to improve its own ability to share information. Also part of a broader theme among enforcement authorities, the Director explained that financial institutions should take responsibility when their actions violate the BSA, not only by admitting to the facts alleged by FinCEN but also by acknowledging a violation of the law. She highlighted specific risks in the securities sector including those related to the use of cash, and explained that securities firms that provide bank-like services need to consider the vulnerabilities associated with engaging in such services and must ensure that their compliance programs are commensurate with those risks.