On April 8, the Federal Reserve Board, the FDIC, and the OCC adopted a final rule, effective January 1, 2018, requiring certain top-tier U.S. bank holding companies (BHCs) to maintain a minimum supplementary leverage ratio buffer of 2% above the minimum supplementary leverage ratio requirement of 3%. The final rule applies to BHCs with more than $700 billion in total consolidated assets or more than $10 trillion in assets under custody (Covered BHCs), and to insured depository institution subsidiaries of those BHCs (Covered Subsidiaries). A Covered BHC that fails to maintain the supplemental leverage buffer would be subject to restrictions on capital distributions and discretionary bonus payments. Covered Subsidiaries must also maintain a supplementary leverage ratio of at least 6% to be considered “well capitalized” under the agencies’ prompt corrective action framework. The final rule is substantially similar to the rule the agencies proposed in July 2013. Concurrent with the final rule, the agencies also (i) proposed a rule that would modify the denominator calculation for the supplementary leverage ratio in a manner consistent with recent changes agreed to by the Basel Committee, which would apply to all internationally active banking organizations, including those subject to the enhanced supplementary leverage ratio final rule; and (ii) proposed a technical correction to the definition of “eligible guarantee” in the agencies’ risk-based capital rules. The agencies are accepting comments on both proposals through June 13, 2014. Separately, the FDIC Board adopted as final its Basel III interim final rule, which is substantively identical to the final rules adopted by the Federal Reserve Board and the OCC in July 2013.
On April 8 the House Financial Services Committee held a hearing with the general counsels of the federal banking agencies regarding, among other things, Operation Choke Point, the federal enforcement operation reportedly intended to cut off from the banking system certain lenders and merchants allegedly engaged in unlawful activities. Numerous committee members from both sides of the aisle raised concerns about Operation Choke Point, as well as the federal government’s broader pressure on banks over their relationships with nonbank financial service providers, including money service businesses, nonbank lenders, and check cashers. Committee members asserted that the operation is impacting lawful nonbank financial service providers, who are losing access to the banking system and, in turn, are unable to offer needed services to the members’ constituents. The FDIC’s Richard Osterman repeatedly stated that Operation Choke Point is a DOJ operation and the FDIC’s participation is limited to providing certain information and resources upon request. Mr. Osterman also asserted that the FDIC is not attempting to, and does not intend to, prohibit banks from offering products or services to nonbank financial service providers operating within the law, and that the FDIC’s guidance is clear that banks are neither prohibited from nor encouraged to provide services to certain businesses, provided they properly manage their risk. Similarly, the OCC’s Amy Friend stated that the OCC wants to ensure that banks conduct due diligence and implement appropriate controls, but that the OCC is not prohibiting banks from offering services to lawful businesses. She stated the OCC has found that some banks have made a business decision to terminate relationships with some nonbank providers rather than implement additional controls.
On April 7, the FDIC reissued, as attachments to FIL-13-2014, three technology outsourcing resources. The documents, which the FDIC describes as containing “practical ideas for banks to consider when they engage in technology outsourcing” are titled: (i) Effective Practices for Selecting a Service Provider; (ii) Tools to Manage Technology Providers’ Performance Risk: Service Level Agreements; and (iii) Techniques for Managing Multiple Service Providers. The FDIC advises that the resources are informational only and do not substitute for official examination guidance. On April 10, the FDIC urged financial institutions to utilize existing resources to identify and help mitigate potential cyber-related risks. The FDIC advised institutions to ensure that their information security staff are aware of and subscribe to reliable and recognized resources that can help quickly identify emerging cyber risks, including the following governmental resources: (i) the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT); (ii) U.S. Secret Service Electronic Crimes Task Force (ECTF); (iii) FBI InfraGard; (iv) financial services sector regional coalitions; and (v) Information Sharing and Analysis Centers (ISACs).
On March 24, the Federal Reserve Board, the OCC, the FDIC, the CFPB, the FHFA, and the NCUA proposed a rule to implement the Dodd-Frank Act’s minimum requirements for registration and supervision of Appraisal Management Companies (AMCs). While current federal regulations mandate that appraisals conducted for federally related transactions must comply with the Uniform Standards of Professional Appraisal Practice (USPAP), this rule would represent the first affirmative federal obligations relating to the registration, supervision, and conduct of AMCs.
Generally, the proposed rule would establish a framework for the registration and supervision of AMCs by individual states that choose to participate, and for state reporting to the Appraisal Subcommittee (ASC) of the Federal Financial Institutions Examination Council (FFIEC). Although state participation is optional, AMCs would be prohibited from providing appraisal management services for federally related transactions in states that do not establish such a program.
Comments on the proposal will be due 60 days following publication in the Federal Register. Read more…
On March 5, the Federal Reserve Board, the OCC, and the FDIC issued final guidance for stress tests conducted by banking institutions with more than $10 billion but less than $50 billion in total consolidated assets. Under Dodd-Frank Act-mandated regulations adopted in October 2012, such firms are required to conduct annual stress tests. The guidance discusses (i) supervisory expectations for stress test practices, (ii) provides examples of practices that would be consistent with those expectations, and (iii) offers additional details about stress test methodologies. Covered institutions are required to perform their first stress tests under the Dodd-Frank Act by March 31, 2014.
On March 5, a group of 16 Democratic U.S. House members sent letters to the leaders of the Federal Reserve Board, the OCC, the FDIC, and the NCUA requesting that the agencies issue guidance that would provide legitimate marijuana businesses access to the federal banking system. Last November, those agencies declined to provide such guidance, stating that the DOJ and FinCEN first needed to agree on a framework to apply BSA/AML provisions to banks seeking to serve marijuana businesses. With FinCEN and DOJ having recently issued such guidance, the lawmakers renewed their push for legitimate marijuana businesses—now operating in 20 states and the District of Columbia—to have “equal access to banking services as other licensed businesses.”
On February 25, the FDIC issued FIL-9-2014 to notify supervised institutions of new consumer compliance examination procedures for the mortgage rules issued pursuant to the Dodd-Frank Act, that took effect nearly two months ago. FDIC examiners will use the revised interagency procedures to evaluate institutions’ compliance with the new mortgage rules. The FDIC states that during initial compliance examinations, FDIC examiners will expect institutions to be familiar with the mortgage rules’ requirements and have a plan for implementing the requirements. Those plans should contain “clear timeframes and benchmarks” for updating compliance management systems and relevant compliance programs. “FDIC examiners will consider the overall compliance efforts of an institution and take into account progress the institution has made in implementing its plan.”
On January 17, the OCC released a cease and desist order entered jointly by the OCC and the FDIC with two affiliated technology service providers that offer payment and other technology solutions for banks. Without describing the specific circumstances leading to the action, the order states that the regulators had reason to believe the service providers were operating without (i) an internal auditor or an integrated risk-focused audit program; (ii) a comprehensive due diligence program or formal policies to evaluate vendor risk; (iii) an enterprise-wide risk assessment; (iv) effective business continuity or disaster recovery planning; (v) procedures to identify software vulnerabilities; and (vi) an effective log review program to identify threats. The regulators did not assess a penalty, but will require the vendors to implement numerous risk management enhancements. Under the order, the technology service providers or their board must, among other things, (i) fill specific management positions; (ii) implement an audit program; (iii) conduct a security risk assessment; (iv) develop a vendor management program; (v) implement business continuity/disaster recovery plans; and (vi) submit quarterly progress reports to regulators and client banks.
On January 14, the Federal Reserve Board, the CFTC, the SEC, the OCC, and the FDIC issued an interim final rule to permit banking entities to retain interests in certain collateralized debt obligations backed primarily by trust preferred securities (TruPS CDOs) from the investment prohibitions of section 619 of the Dodd-Frank Act, known as the Volcker rule. The change allows banking entities to retain interest in or sponsorship of covered funds if (i) the TruPS CDO was established, and the interest was issued, before May 19, 2010; (ii) the banking entity reasonably believes that the offering proceeds received by the TruPS CDO were invested primarily in Qualifying TruPS Collateral; and (iii) the banking entity’s interest in the TruPS CDO was acquired on or before December 10, 2013, the date the agencies finalized the Volcker Rule. With the interim rule, the Federal Reserve, the OCC, and the FDIC released a non-exclusive list of qualified TruPS CDOs. The rule was issued in response to substantial criticism from banks and their trade groups after the issuance of the final Volcker Rule, and followed the introduction of numerous potential legislative fixes. On January 15, the House Financial Services Committee held a hearing on the impact of the Volcker rule during which bankers raised concerns beyond TruPS CDOs, including about the rule’s potential impact on bank investments in other CDOs, collateralized mortgage obligations, collateralized loan obligations, and venture capital. Committee members from both parties expressed an interest in pursuing further changes to the rule, including changes to address the restrictions on collateralized loan obligations.
On January 14, the Federal Reserve Board, the OCC, and the FDIC announced final changes to the Call Report to implement the Basel III capital standards and consumer data collection after delaying certain changes last year. The agencies now plan to implement in March 2014 the proposed reporting requirements for (i) depository institution trade names; (ii) a modified version of the reporting proposal pertaining to international remittance transfers; (iii) the proposed screening question about the reporting institution’s offering of consumer deposit accounts; and (iv) for institutions with $1 billion or more in total assets that offer such accounts, the proposed new data items on consumer deposit account balances. The agencies would then implement the proposed breakdown of consumer deposit account service charges in March 2015, but only for institutions with $1 billion or more in total assets that offer consumer deposit accounts. The proposed instructions for these new items also were revised. In addition, the agencies will not at this time proceed with the proposed annual reporting by institutions with a parent holding company that is not a bank or savings and loan holding company of the amount of the parent holding company’s consolidated total liabilities.
On January 8, Senate Banking Committee members Elizabeth Warren (D-MA) and Tom Coburn (R-OK) released the “Truth in Settlements Act.” The legislation would mandate that for any criminal or civil settlement entered into by a federal agency that requires total payments of $1 million or more, the agency must post online in a searchable format a list of each covered settlement agreement. The list must include, among other things: (i) the total settlement amount and a description of the claims; (ii) the names of parties and the amount each settling party is required to pay; and (iii) for each settling party, the amount of the payment designated as a civil penalty or fine, or otherwise specified as not tax deductible. The bill also would require that public statements by an agency about a covered settlement describe: (i) which portion of any payments is a civil or criminal penalty or fine, or is expressly specified as non-tax deductible; and (ii) any actions the settling company is required to take under the agreement, in lieu of or in addition to any payment. The bill would exempt disclosure of information subject to a confidentiality provision, but would in cases where partial or full confidentiality is applied, require the agency to issue a public statement about why confidential treatment is required to protect the public interest of the U.S. The bill also would require public companies to describe in their annual and periodic SEC reports any claim filed for a tax deduction that relates to a payment required under a covered settlement. In announcing the legislation, Senator Warren stated that the bill is needed to “shut down backroom deal-making and ensure that Congress, citizens and watchdog groups can hold regulatory agencies accountable for strong and effective enforcement that benefits the public interest.”
On January 3, the U.S. District Court for the Northern District of Illinois held that a relator failed to support allegations that the outside directors of a failed bank misrepresented to the FDIC the quality of the bank’s collateral on real estate loans, and dismissed those claims. U.S. v. Veluchamy, No. 11-4458, 2014 WL 51398 (N.D. Ill. Jan. 3, 2014). The relator alleges that the outside directors, as well as bank managers and employees and the bank’s appraisal company, violated the False Claims Act by engaging in a scheme to defraud the FDIC by misrepresenting the loan-to-value ratios for real estate lending and submitting fraudulent Call Reports based on overvalued appraisals. The court held that the bank’s outside directors were not shown to be involved in the day-to-day operations of the bank, and that the relator failed to demonstrate the directors had knowledge of or contributed to the alleged scheme. The court denied motions to dismiss filed by the other defendants. The court also held that the relator’s claims were not barred by prior public disclosure of the allegations. The court explained that a Material Loss Review issued by the FDIC’s inspector general following the bank’s failure did not include “critical elements” of the relator’s fraud claims, and that a prior state court employment case filed against the bank by the relator also did not reveal essential elements of the current claims.
On December 30, the FDIC responded to a recent joint letter from the AABD and ICBA expressing concern with the lack of new bank charters and proposing policy reforms to encourage more de novo applications. As the trade groups pointed out, the FDIC has only approved deposit insurance for one de novo bank since 2011, a dramatic shift from many years of de novo bank formation averaging over 170 per year. FDIC Director Doreen Eberley acknowledged the concern, but defended FDIC policy and cited cyclical conditions as a potential explanation for the current situation rather than any FDIC policy change. Ms. Eberley reasserted the FDIC’s commitment to assisting with potential de novo community bank formations.
Last month, the DOJ announced a settlement with a three-branch, $78 million Texas bank to resolve allegations that the bank engaged in a pattern or practice of discrimination on the basis of national origin in the pricing of unsecured consumer loans. Based on its own investigation and an examination conducted by the FDIC, the DOJ alleged that the bank violated ECOA by allowing employees “broad subjective discretion” in setting interest rates for unsecured loans, which allegedly resulted in Hispanic borrowers being charged rates that, after accounting for relevant loan and borrower credit factors, were on average 100-228 basis points higher than rates charged to similarly situated non-Hispanic borrowers. The DOJ claimed that “[a]lthough information as to each applicant’s national origin was not solicited or noted in loan applications, such information was known to the Bank’s loan officers, who personally handled each loan transaction.”
The consent order requires the bank to establish a $159,000 fund to compensate borrowers who may have suffered harm as a result of the alleged ECOA violations. Prior to the settlement, the bank implemented uniform pricing policies that substantially reduced loan officer discretion to vary a loan’s interest rate. The agreement requires the bank to continue implementing the uniform pricing policy and to (i) create a compliance monitoring program, (ii) provide borrower notices of non-discrimination, (iii) conduct employee training, and (iv) establish a complaint resolution program to address consumer complaints alleging discrimination regarding loans originated by the bank. The requirements apply not only to unsecured consumer loans, but also to mortgage loans, automobile financing, and home improvement loans.
The action is similar to another fair lending matter referred by the FDIC and settled by the DOJ earlier in 2013, which also involved a Texas community bank that allegedly discriminated on the basis of national origin in its pricing of unsecured loans.
Recently, the OCC released a formal agreement it entered with the FDIC, the Federal Reserve Bank of St. Louis, and a banking software company to resolve allegations of unsafe and unsound practices relating to the software company’s disaster recovery and business continuity planning and processes. The action reportedly resulted from the third-party service provider’s (TSP) delay in reestablishing full operations at a processing center in the wake of Hurricane Sandy. The agreement requires the TSP to continue to maintain a compliance committee, which must submit quarterly written reports to the TSP’s board. The agreement also details minimum requirements for (i) an enhanced disaster recovery and business continuity planning (DR/BCP) process; and (ii) a DR/BCP risk management program and audit process. The agreement also reaffirms the TSP board’s responsibility for proper and sound management of the TSP. The action demonstrates the OCC’s and other federal authorities’ continued focus on third-party service providers. While in this instance the regulators employed the Bank Services Company Act to directly address concerns about a TSP, recent Federal Reserve Board and OCC guidance also focuses on financial institutions’ responsibilities with regard to managing risks related to third parties’ disaster recovery and business continuity.