On April 14, the OCC issued the “Real Estate Settlement Procedures Act” booklet as part of the Comptroller’s Handbook, which is prepared for use by OCC examiners in connection with their examination and supervision of national banks and federal savings associations (collectively, “banks”). The revised booklet, which replaces a similarly titled booklet issued in October 2011, reflects updated guidance relating to mortgage servicing and loss mitigation procedures resulting from the multiple amendments made to Regulation X over the past several years. Notable revisions reflected in the revised booklet include: (i) the transfer of rulemaking authority for Regulation X from HUD to the CFPB; (ii) new requirements relating to mortgage servicing; (iii) new loss mitigation procedures; (iv) prohibitions against certain acts and practices by servicers of federally related mortgage loans with regard to responding to borrower assertions of error and requests for information; and (v) updated examination procedures for determining compliance with the new servicing and loss mitigation rules. The OCC notified its applicable supervised financial institutions of the changes affecting all banks that engage in residential mortgage lending activities by distributing OCC Bulletin 2015-25.
On April 27, the Conference of State Bank Supervisors (CSBS) announced that three working groups of state regulators – the State Coordinating Committee (SCC), the Multi-State Mortgage Committee (MMC), and the Multi-State MSB Examination Task Force (MMET) – issued annual reports to state regulators regarding their 2014 operations and progress. Responsible for information sharing and examination work with the CFPB, the SSC report outlines the two agencies’ 9 joint examinations. The MMC – established as the “oversight body for multi-state mortgage supervision” in 2008 – is responsible for coordinated, multi-state mortgage exams, and its report covers the 6 joint mortgage examinations conducted with the CFPB in 2014. Finally, the MMET supervises the money services businesses; its report highlights 57 examinations conducted jointly with the CFPB in 2014.
On March 23, OCC Comptroller Curry delivered remarks at the ABA Mutual Community Bank Conference regarding the agency’s supervision of mutual savings associations and community banks. Curry focused on the agency’s ongoing efforts to assist smaller financial institutions, specifically by reducing some of the unnecessary burden placed on them. Curry outlined three areas in which the agency is urging Congress to take action to reduce burdensome regulation: (i) raising the asset threshold requirement for the 18-month examination cycle from $500 million to $750 million; (ii) exempting community banks from the Volcker Rule requirement; and (iii) making it “easier for thrifts to expand their business model without changing their governance structure.” In addition to recommending actions to Congress, the OCC continues to hold OCC Mutual Savings Association Advisory Committee meetings and support collaboration among community banks to further ensure that smaller institutions can continue to serve their communities.
On March 23, the Federal Reserve and the Office of the Comptroller of the Currency – both non-parties in the suit – filed briefs requesting that a district court reject a motion to compel discovery of over 30,000 documents held by a large bank. Arguing that the documents contain confidential supervisory information, the regulators asserted the bank examination privilege – “a qualified privilege that protects communications between banks and their examiners in order to preserve absolute candor essential to the effective supervision of banks.” As for scope, the regulators argued that the privilege covers the documents because they provide agency opinion, not merely fact, and that any factual information was nonetheless “inextricably linked” with their opinions. Additionally, they contended that the privilege is not strictly limited to communications from the regulator to the bank – instead, it may also cover communications made from the bank to the regulator and communications within the bank. As for procedure, the regulators claimed that a plaintiff is required to request the disclosure of privileged documents through administrative processes before seeking judicial relief, a requirement they contend exists even where a defendant bank also holds copies of the documents. Finally, the regulators argued in the alternative that the lead plaintiff has not shown good cause to override the qualified privilege, as the interests of the government in protecting the supervisory information outweighs the interest of the plaintiffs in production.
On March 17, the FFIEC released a summary of its cybersecurity priorities for the remainder of 2015. The FFIEC intends to enhance its cybersecurity preparedness in seven main ways: (i) issuing a cybersecurity self-assessment tool that will help institutions to evaluate cybersecurity risk and risk management capabilities; (ii) improving council members’ process for “gathering, analyzing, and sharing information with each other during cyber incidents;” (iii) ensuring that test emergency protocols are set to respond to all cyber incidents in coordination with public-private partnerships; (iv) establishing training programs on developing cyber threats and vulnerabilities; (v) updating the Information Technology Examination Handbook; (vi) increasing focus on technology service providers’ ability to respond to cyber threats; and (vii) collaborating and sharing information with law enforcement and intelligence agencies. The seven action items derive from the FFIEC’s 2014 pilot assessment of cybersecurity readiness at over 500 financial institutions.
On March 16, the Federal Reserve Board issued a proposal seeking public comment that would require all banking organizations with existing Legal Entity Identifiers (LEIs) to report their respective LEIs on regulatory reporting forms beginning June 30, 2015. Because an LEI is unique to a single legal entity, requiring disclosure of the LEI would enable regulators to facilitate information sharing and coordination on domestic financial policy, rulemaking, examination, reporting requirements, and enforcement actions
CFPB Releases Winter Issue of Supervisory Highlights, Schedules Date for Field Hearing on Payday Lending
On March 11, the CFPB released its seventh issuance of Supervisory Highlights, which highlights the CFPB’s supervision work completed between July 2014 and December 2014, detailing examination findings and observations in consumer reporting, debt collection, deposits, mortgage origination, and fair lending examinations. The winter issue also reveals recent supervisory resolutions reached in the areas of payday lending, mortgage servicing, and mortgage origination have resulted in remediation of approximately $19.4 million to more than 92,000 consumers during the time reported. Other notable information included within the report is the addition of Credit Card Account Management examination procedures to the CFPB’s Supervision and Examination Manual. In a separate announcement, the CFPB also announced it will host a field hearing on payday lending, scheduled for Thursday, March 26 in Richmond, VA.
Special Alert Update: OCC Revises Guidance Regarding Consumer Protection Requirements to Overdraft Lines and Protection Services
On March 6, 2015, the OCC issued its revised “Deposit-Related Credit” booklet (“DRC booklet”) of the Comptroller’s Handbook, which replaced the “Deposit-Related Consumer Credit” booklet issued on February 11, 2015 (previously covered in this Special Alert). While the new booklet covers the same products – check credit (overdraft lines of credit, cash reserves, and special drafts), overdraft protection services, and deposit advances – the OCC made significant amendments to scale back the provisions of the prior version. Specifically, the new DRC booklet no longer contains supervisory principles that could be read to require that banks provide substantive consumer protections that are not currently required by the applicable consumer protection regulations. For example, the DRC booklet no longer requires that banks:
- only enroll customers into an overdraft protection service if they have affirmatively requested that product;
- ensure the ability to repay for all applicants enrolled in an overdraft protection service; and
- ensure that any fees charged in connection with an overdraft protection service are reasonably related to the program’s costs and associated risks.
In making these changes, the OCC requires supervisors to assess DRC products more in line with existing consumer protection laws. The OCC states as much in OCC Bulletin 2015-17, which announced the DRC booklet. There, the OCC acknowledges that the DRC booklet “is intended as a summary restatement of existing laws, regulations, and policies [and] … [n]othing in this booklet should be interpreted as changing existing OCC policy.”
On March 3, Federal Reserve Chair Janet Yellen delivered remarks to the Citizens Budget Commission regarding actions that the Federal Reserve has taken to strengthen its supervision of large financial institutions in the wake of the recent financial crisis. In her remarks, Chairwoman Yellen highlighted five regulatory changes, including (i) higher capital standards, (ii) higher liquidity requirements, (iii) implementation of stress tests, (iv) required submission of living wills, and (v) in cooperation with the FSOC, the Fed’s enhanced authority to promote the resiliency and stability of the financial system in addition to the safety and soundness of individual institutions.
On March 2, FDIC Vice Chairman Thomas Hoenig addressed the Institute of International Banking Annual Conference in Washington, D.C. In his prepared remarks, Vice Chairman Hoenig, who formerly served as President of the Federal Reserve Bank of Kansas City, highlighted four supervisory principles that he believes are necessary to ensure effective supervision. These principles include (i) requiring full-scope examinations for all financial institutions, even large financial institutions, (ii) promoting greater transparency regarding the financial condition of large financial institutions, (iii) fully implementing the Volcker Rule, and (iv) increasing capital requirements to levels that the market purportedly would demand in the absence of a public safety net.
On February 23, CFPB Director Richard Cordray delivered prepared remarks at the National Association of Attorneys General Winter Meeting in Washington, D.C. In his remarks, Cordray indicated that the CFPB is keeping a watchful eye on the auto lending market, stating that auto lending practices are currently being supervised at the largest banks. Cordray further revealed that the CFPB intends to move forward with a proposed rule to oversee the larger nonbank auto lenders as well. Cordray also lobbied the attorneys general to use the CFPB’s government portal to analyze consumer complaints to assist in investigations, stating, “[w]e now have 22 attorneys general and 28 state banking regulators who are already signed up and accessing this information through the secure portal. I strongly urge the rest of you to join us and do the same.”
On February 25, OCC Deputy Comptroller Darrin Benhart delivered remarks at the 16th Annual Global Association of Risk Professionals (GARP) Risk Management Conference on the OCC’s efforts to improve its ability to “identify, monitor, and respond to emerging risks” that continue to affect the financial services industry. Benhart highlighted the newly formed Supervision Risk Management team, emphasizing its work with the OCC’s National Risk Committee in monitoring emerging threats to the safety and soundness of the federal banking system. More significantly, Benhart commented on the agency’s growing concern with banks’ recent re-evaluations of their business models as they pursue “new ways to generate returns against the backdrop of low interest rates.” In light of this concern, Benhart cautioned bank management to consider the following three risk management areas when assessing potential updates to their existing business models: (i) concentration risk management – ensure that concentrations for financial institutions are effectively identified and measured to prevent heightened credit, interest rate, liquidity, or operational risks; (ii) correlation risk – recognize that the impact of the risk goes beyond the obvious affected borrowers and should focus as well on those indirectly correlated borrowers for whom the exposure is often more difficult to measure and understand; and (iii) over-reliance on historical performance – acknowledge that the financial environment can change and “paradigms can shift.”
On February 25, New York DFS Superintendent Benjamin Lawsky delivered remarks at Columbia Law School focusing on how state bank regulators can better supervise financial institutions in a post-financial crisis era. In his remarks, Lawsky stated that “real deterrence” to future misconduct “means a focus not just on corporate accountability, but on individual accountability” at the senior executive level. Lawsky also highlighted measures that DFS is considering to prevent money laundering including conducting random audits of regulated firms’ “transaction monitoring and filtering systems” and making senior executives attest to the adequacy of the systems. Lastly, Lawsky outlined several cybersecurity initiatives and considerations that would require third-party vendors to have cybersecurity protections and regulations in place that would mandate the use of “multi-factor authentication” systems for DFS regulated firms.
On February 18, Steven Antonakes, Deputy Director of the CFPB, delivered remarks before the Exchequer Club of Washington, D.C. regarding the CFPB’s risk-focused supervision program. In his remarks, Antonakes identified two key differences that distinguish the CFPB from other regulatory agencies: (i) there is a “focus on risks to consumers rather than risks to institutions;” and (ii) examinations are conducted by product line rather than an “institution-centric approach.” Antonakes further stated that the agency uses field and market intelligence, which includes both qualitative and quantitative factors for each product line, such as the strength of compliance management systems, findings from CFPB’s prior examinations, the existence of other regulatory actions, the consumer complaints received, and metrics gathered from public reports, to adequately assess risks to consumers from an institution’s activity in any given market. After the review period, an institution will receive a “roll-up examination report” or a “supervisory plan,” depending on size, that will summarize the findings of the review. If corrective action is warranted, a review committee will assess violation-focused factors, institution-focused factors, and policy-focused factors to determine whether the examination should be resolved through a supervisory action or a public enforcement action.
On February 18, three federal banking agencies – the Federal Reserve Board, OCC, and FDIC – issued a joint notice seeking public comments on a proposed information collection form and its reporting requirements, FFIEC 102 – “Market Risk Regulatory Report for Institutions Subject to the Market Risk Capital Rule.” If finalized, market risk institutions will be required to file the proposed FFIEC 102 to allow the agencies to, among other things, assess “the reasonableness and accuracy of the institution’s calculation of its minimum capital requirements . . . and . . . the institution’s capital in relation to its risks.” The proposed FFIEC 102 sets forth reporting instructions for financial institutions to which the market risk capital rule applies, and specifies that reporting requirements would take effect starting March 31, 2015. Comments to the proposal must be submitted on or before March 20.