On November 9, the New York DFS sent a letter to federal regulators and other interested parties, including the CFPB, Federal Reserve Board, and the OCC, regarding potential new regulations aimed at increasing cybersecurity efforts within the financial sector. The letter references recent DFS reports that covered key findings from surveys given to regulated banking organizations on their cybersecurity programs, costs, and future plans. The reports raised the following concerns: (i) the speed of technological change and the increasingly sophisticated nature of threats; (ii) third-party service providers tend to have access to sensitive information and companies’ IT systems, providing potential hackers with a point of entry; and (iii) the “scale and breadth of the most recent breaches and incidents.” In light of these concerns, the DFS asserts that it would be beneficial to coordinate with state and federal regulators to “develop a comprehensive [cybersecurity] framework that addresses the most critical issues, while still preserving the flexibility to address New York-specific concerns.” According to the letter, the DFS expects to propose regulations requiring entities to set specific requirements in areas such as: (i) cybersecurity policies and procedures; (ii) third-party service provider management; (iii) cybersecurity personnel and intelligence, including implementing mandatory cybersecurity training programs; and (iv) notice of cybersecurity breaches.
On June 22, the OCC named Beverly Cole its Deputy Comptroller for Compliance Supervision. Effective July 2016, Cole will serve as the operational executive responsible for developing and promulgating compliance operational protocols, examination strategies, and schedules. Cole started at the OCC in 1979 as an Assistant National Bank Examiner. In 1984, she left the OCC to work in the banking industry, but she returned to the OCC three years later. Throughout her tenure with the OCC, Cole has served in various supervisory roles overseeing banks of all sizes.
On November 4, Federal Reserve Chair Janet Yellen testified before the House Committee on Financial Services. The topic of Chair Yellen’s testimony was “the lessons of the financial crisis and how we have transformed our regulatory and supervisory approach.” She explained that, prior to the crisis, the Fed’s “primary goal was to ensure the safety and soundness of individual financial institutions” and that, since the crisis, the Fed’s aim has been to regulate and supervise “in a manner that promotes the stability of the financial system as a whole.” Yellen went on to explain that the regulatory approaches adopted to address both large financial institutions and companies and community banks have been different. According to Yellen, with respect to the large financial institutions, the Fed’s approach is “oriented toward both the safety and soundness of the individual firms, and the stability of the financial system as a whole.” With respect to community banks, Chair Yellen noted that the Fed’s supervisory approach is risk based: “[i]n supervising these institutions, we follow a risk-focused approach that aims to target examination resources to higher-risk areas of each bank’s operations and to ensure that banks maintain risk-management capabilities appropriate to their size and complexity.”
U.S. House of Representatives Passes Several Financial Regulatory Relief Bills, Including TRID Safe Harbor
On October 7, the U.S. House of Representatives (U.S. House) passed several pieces of bipartisan legislation aimed at providing regulatory relief to lenders and strengthening consumer protection. This legislation included H.R. 3192, the Homebuyers Assistance Act, which was approved by a 303-121 vote, which seeks to provide a formal four-month safe harbor for lenders who in “good faith” work to comply with the CFPB’s new TRID Rule, which went into effect on October 3. The U.S. House also unanimously approved H.R. 1553, the Small Bank Exam Cycle Reform Act, and H.R. 1839, the Reforming Access for Investments in Startup Enterprises (RAISE) Act. The Small Bank Exam Cycle Reform Act would allow well-managed banks with assets under $1 billion to qualify for an 18-month examination cycle, rather than the current 12-month cycle. The RAISE Act is intended to promote a liquid secondary market for shareholders seeking to sell private securities and encourage startups and private companies to raise capital to grow their businesses. This legislation will now go to the U.S. Senate for consideration.
On September 28, the Federal Reserve, the FDIC, and the OCC announced that the latest outreach meeting under the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) will be held on October 10 in Chicago, Illinois. The meeting will feature panel presentations from industry insiders and consumer advocates. Senior officials from the Federal Reserve, OCC, and FDIC are also scheduled to attend. This meeting will be the fifth of six outreach meetings focused on identifying outdated or burdensome regulatory requirements imposed on financial institutions. The sixth and final meeting is expected to take place on December 2 in Washington, D.C. Previous InfoBytes coverage on EGRPRA can be found here.