On December 18, the FDIC announced the release of its Winter 2014 issue of Supervisory Insights, which focuses on effective interest rate risk management at community and mid-size financial institutions. Specific articles included in the publication are (i) “Effective Governance Processes for Managing Interest Rate Risk,” (ii) “Developing the Key Assumptions for Analysis of Interest Rate Risk,” (iii) “Developing an In-House Independent Review of Interest Rate Risk Management Systems,” and (iv) “What to Expect During an Interest Rate Risk Review.”
CSBS Issues Policy, Draft Model Regulatory Framework, and Request for Comment Regarding State Regulation of Virtual Currency
As previously reported in our January 8 Digital Commerce & Payments alert and in InfoBytes, the Conference of State Bank Supervisors (“CSBS”) issued a Policy on State Regulation of Virtual Currency (the “Policy”), Draft Model Regulatory Framework, and a request for public comment regarding the regulation of virtual currency on December 16, 2014. The Policy and Draft Model Regulatory Framework were issued through the work of the CSBS Emerging Payments Task Force (the “Task Force”). The Task Force was established to explore the nexus between state supervision and the development of payment systems and is seeking to identify where there are consistent regulatory approaches among states.
On December 17, the OCC announced the release of its semiannual report on key risk areas affecting the federal banking system. Specifically regarding community and midsize banks, the report identifies areas where the OCC intends to heighten its supervisory attention including, but not limited to, corporate governance, operational risk, cyber risk, and compliance risk, specifically related to fair lending and BSA/AML. Other notable takeaways from the report include continued improvement in the overall financial condition of community and midsize banks. However, the report also indicated that smaller banks, due to increased competition for loan demand and low investment yields, continue to experience pressure on earnings.
On December 16, the Conference of State Bank Supervisors (CSBS) announced its draft regulatory framework and requested public comment on specific questions intended to aid state regulators on the regulation of virtual currencies. The regulation of virtual currency activities currently varies from state to state. The draft framework is intended to create uniform state regulation. Comments are due by February 16, 2015.
On December 10, NY DFS Superintendent Benjamin Lawsky issued a bulletin to all New York state-chartered or licensed banking institutions regarding an updated IT examination process. Effective immediately, cybersecurity examinations will be included within the overall IT examination process. The DFS cybersecurity examinations will incorporate a number of new topics, including: (i) corporate governance; (ii) protections against intrusion, such as multi-factor or adaptive authentication, along with server and database configuration; (iii) information security testing and monitoring; and (iv) cybersecurity insurance coverage, along with other third-party protections. Ultimately, the new examination process will assess a bank’s cybersecurity protections, in addition to how it manages potential cyber risks and handles a cybersecurity attack.
On December 2, the FFIEC announced the release of its revised BSA/AML examination manual. The updated revisions address supervisory expectations and include regulatory changes since the manual’s last publication in 2010. Significantly modified sections of the examination include (i) Suspicious Activity Reporting, (ii) Currency Transaction Reporting, (iii) Foreign Bank and Financial Accounts Reporting, and (iv) Third-Party Payment Processors. The manual is available on the FFIEC BSA/AML InfoBase.
On July 24, Illinois Governor Pat Quinn signed HB 5342, which amends numerous provisions of state law applicable to state banks and credit unions, including requiring the Illinois Secretary of Financial and Professional Regulation to adopt formal rules that guarantee consistency and due process during the examination process of state-chartered banks. The bill also allows the Secretary to establish guidelines “that (i) define the scope of the examination process and (ii) clarify examination items to be resolved.” In addition, the bill provides that an existing loan secured by an interest in real estate shall not, under certain circumstances, require a new appraisal of the collateral during renewal, refinancing, or restructuring. The changes became effective immediately.
On July 23, the FDIC proposed a rule to revise its assessments regulation. Specifically, the FDIC proposes changing the ratios and ratio thresholds for capital evaluations used in its risk-based deposit insurance assessment system to conform the assessments to the prompt corrective action capital ratios and ratio thresholds adopted by the prudential regulators. The proposal also would (i) revise the assessment base calculation for custodial banks to conform to the asset risk weights adopted by the prudential regulations; and (ii) require all highly complex institutions to measure counterparty exposure for deposit insurance assessment purposes using the Basel III standardized approach credit equivalent amount for derivatives and the Basel III standardized approach exposure amount for other securities financing transactions. The FDIC explains the changes are intended to accommodate recent changes to the federal banking agencies’ capital rules that are referenced in portions of the assessments regulation.Comments are due by September 22, 2014.
On June 10, Comptroller Thomas Curry announced that the OCC’s Senior Deputy Comptroller for Bank Supervision Policy and Chief National Examiner John Lyons will retire from the agency on August 1 and will be succeeded by Jennifer Kelly. Ms. Kelly joined the OCC in 1979 and currently serves as Senior Deputy Comptroller for Midsize and Community Bank Supervision. Toney Bland will transition from Deputy Comptroller for the Northeastern District to replace Ms. Kelly as Senior Deputy Comptroller. Mr. Curry also announced the OCC will loan Senior Deputy Comptroller for Management and Chief Financial Officer Tom Bloom to NeighborWorks America to serve as its acting Chief Financial Officer, and described numerous additional staff changes related to Mr. Bloom’s temporary departure.
On May 28, the OCC announced “significant” changes to its large bank supervisory process and its large bank examination force. The OCC plans to “expand the organization, functions, and responsibilities of its large bank lead expert program to improve horizontal perspective and analysis, systemic risk identification, quality control and assurance, and resource prioritization.” The OCC also will establish a formal program under which large bank examiners will rotate to another large bank every five years in cities with multiple large banks. The changes come in response to an international peer review initiated by the OCC. The OCC released a summary of the supervision peer review recommendations and the OCC’s responses, which describe a number of other supervisory changes including, among others: (i) formalizing an enterprise risk management framework that will involve “developing a risk appetite statement, creating a decision-tree process, and enhancing the OCC’s existing National Risk Committee framework and processes”; and (ii) expanding an ongoing review of Matters Requiring Attention “to enhance and standardize MRA definitions, methods for communication, resolution processes, establish consistent tracking mechanisms, and develop a consistent examiner reference guide.” The OCC declined to implement other recommended changes, including, for example, creating more flexibility within the CAMELS rating system or developing potential alternatives to CAMELS.
On May 22, House Financial Services Committee Chairman Jeb Hensarling (R-TX) sent letters to the Federal Reserve Board, the OCC, the FDIC, and the NCUA asking the regulators to explain their use of “reputational risk,” and citing Operation Choke Point as an example of the potential for “reputation risk” to become “a pretext for the advancement of political objectives, which can potentially subvert both safety and soundness and the rule of law.” Congressman Hensarling asked each regulator to explain (i) whether it consider reputation risk in its supervision of depositories, and, if so, to explain the legal basis for such consideration and why it is appropriate; (ii) what data are used to analyze reputational risk and why such data are not already accounted for under CAMELS; and (iii) whether a poor reputation risk rating could be sufficient to warrant recommending a change in a depository’s business practices notwithstanding strong ratings under CAMELS.
On May 16, the OCC issued a final rule to integrate its interagency rules, which would combine, without any substantive amendments, rules related to consumer protection in insurance sales, BSA compliance, management interlocks, appraisals, disclosure and reporting of CRA-related agreements, and the FCRA. On May 21, the OCC issued a notice of proposed rulemaking to integrate the OCC’s licensing rules. The OCC states that for many of the licensing rules, the proposal incorporates the licensing provisions for federal savings associations into the existing national bank rule, but in other cases, the proposal includes separate rules for national banks and federal savings associations because the rules do not apply to both charters, are better organized as separate rules, or are difficult to integrate because of their differences and complexity. Some rules that would continue to apply only to national banks are revised to be consistent with the changes proposed for federal savings associations. The OCC also proposes substantive changes to certain licensing rules to “eliminate unnecessary requirements, promote fairness in supervision, and further the safe and sound operation of the institutions the OCC supervises.”
On May 22, the CFPB published its Spring 2014 Supervisory Highlights report, its fourth such report to date. In addition to reviewing recent guidance, rulemakings, and public enforcement actions, the report states that the CFPB’s nonpublic supervisory actions related to deposit products, consumer reporting, credit cards, and mortgage origination and servicing have yielded more than $70 million in remediation to over 775,000 consumers. The report also reiterates CFPB supervisory guidance with regard to oversight of third-party service providers and implementation of compliance management systems (CMS) to mitigate risk.
The report specifically highlights fair lending aspects of CMS, based on CFPB examiners’ observations that “financial institutions lack adequate policies and procedures for managing the fair lending risk that may arise when a lender makes exceptions to its established credit standards.” The CFPB acknowledges that credit exceptions are appropriate when based on a legitimate justification. In addition to reviewing fair lending aspects of CMS, the CFPB states lenders should also maintain adequate documentation and oversight to avoid increasing fair lending risk.
Nonbank Supervisory Findings
The majority of the report summarizes supervisory findings at nonbanks, particularly with regard to consumer reporting, debt collection, and short-term, small-dollar lending: Read more…
On May 14, Comptroller of the Currency Thomas Curry spoke to the Conference of State Bank Supervisors, urging state regulators to, among other things, avoid regulatory capture and ensure balanced supervision of nonbanks and banks. Mr. Curry stated that “[r]egulatory capture is a real threat” to federal and state banking agencies and the system more broadly, and that regulators should never employ chartering authority to compete for “market share.” He also cautioned about the potential rise of the “shadow banking system”—the shift of assets from regulated depository institutions to less-regulated, non-depository institutions—as bank regulators become more rigorous in pursuing enhanced safety and soundness and consumer protection at depository institutions. He specifically identified the transfer of mortgage servicing rights as an example of that shift of assets, which “could carry with it the seeds for the next financial crisis.” He called on state regulators to make nonbank supervision, including with regard to mortgage servicing, a top priority.
On May 6, New York Governor Andrew Cuomo released a report on bank cybersecurity preparedness and directed the New York State Department of Financial Services (DFS) to conduct targeted cybersecurity preparedness assessments of the DFS-regulated banks. The DFS is revising its examination procedures to add questions to assess IT management and governance, incident response and event management, access controls, network security, vendor management, and disaster recovery. DFS plans to release additional details about the timing and content of these examination procedures in the coming weeks. The report follows a year-long survey of 154 DFS-regulated banks, which revealed that “most institutions experienced intrusions or attempted intrusions into their IT systems over the past three years.” The review revealed that third-party payment processor breaches were reported by 18% and 15% of small and large institutions, respectively, and that large institutions also cited mobile banking exploitation, ATM skimming/point-of-sale schemes), and insider access breaches. Last year, the DFS announced a similar inquiry into cyber preparedness at insurance companies it regulates.