On March 5, a group of 16 Democratic U.S. House members sent letters to the leaders of the Federal Reserve Board, the OCC, the FDIC, and the NCUA requesting that the agencies issue guidance that would provide legitimate marijuana businesses access to the federal banking system. Last November, those agencies declined to provide such guidance, stating that the DOJ and FinCEN first needed to agree on a framework to apply BSA/AML provisions to banks seeking to serve marijuana businesses. With FinCEN and DOJ having recently issued such guidance, the lawmakers renewed their push for legitimate marijuana businesses—now operating in 20 states and the District of Columbia—to have “equal access to banking services as other licensed businesses.”
On March 5, the Federal Reserve Board, the OCC, and the FDIC issued final guidance for stress tests conducted by banking institutions with more than $10 billion but less than $50 billion in total consolidated assets. Under Dodd-Frank Act-mandated regulations adopted in October 2012, such firms are required to conduct annual stress tests. The guidance discusses (i) supervisory expectations for stress test practices, (ii) provides examples of practices that would be consistent with those expectations, and (iii) offers additional details about stress test methodologies. Covered institutions are required to perform their first stress tests under the Dodd-Frank Act by March 31, 2014.
On February 25, the FDIC issued FIL-9-2014 to notify supervised institutions of new consumer compliance examination procedures for the mortgage rules issued pursuant to the Dodd-Frank Act, that took effect nearly two months ago. FDIC examiners will use the revised interagency procedures to evaluate institutions’ compliance with the new mortgage rules. The FDIC states that during initial compliance examinations, FDIC examiners will expect institutions to be familiar with the mortgage rules’ requirements and have a plan for implementing the requirements. Those plans should contain “clear timeframes and benchmarks” for updating compliance management systems and relevant compliance programs. “FDIC examiners will consider the overall compliance efforts of an institution and take into account progress the institution has made in implementing its plan.”
On January 17, the OCC released a cease and desist order entered jointly by the OCC and the FDIC with two affiliated technology service providers that offer payment and other technology solutions for banks. Without describing the specific circumstances leading to the action, the order states that the regulators had reason to believe the service providers were operating without (i) an internal auditor or an integrated risk-focused audit program; (ii) a comprehensive due diligence program or formal policies to evaluate vendor risk; (iii) an enterprise-wide risk assessment; (iv) effective business continuity or disaster recovery planning; (v) procedures to identify software vulnerabilities; and (vi) an effective log review program to identify threats. The regulators did not assess a penalty, but will require the vendors to implement numerous risk management enhancements. Under the order, the technology service providers or their board must, among other things, (i) fill specific management positions; (ii) implement an audit program; (iii) conduct a security risk assessment; (iv) develop a vendor management program; (v) implement business continuity/disaster recovery plans; and (vi) submit quarterly progress reports to regulators and client banks.
On January 14, the Federal Reserve Board, the CFTC, the SEC, the OCC, and the FDIC issued an interim final rule to permit banking entities to retain interests in certain collateralized debt obligations backed primarily by trust preferred securities (TruPS CDOs) from the investment prohibitions of section 619 of the Dodd-Frank Act, known as the Volcker rule. The change allows banking entities to retain interest in or sponsorship of covered funds if (i) the TruPS CDO was established, and the interest was issued, before May 19, 2010; (ii) the banking entity reasonably believes that the offering proceeds received by the TruPS CDO were invested primarily in Qualifying TruPS Collateral; and (iii) the banking entity’s interest in the TruPS CDO was acquired on or before December 10, 2013, the date the agencies finalized the Volcker Rule. With the interim rule, the Federal Reserve, the OCC, and the FDIC released a non-exclusive list of qualified TruPS CDOs. The rule was issued in response to substantial criticism from banks and their trade groups after the issuance of the final Volcker Rule, and followed the introduction of numerous potential legislative fixes. On January 15, the House Financial Services Committee held a hearing on the impact of the Volcker rule during which bankers raised concerns beyond TruPS CDOs, including about the rule’s potential impact on bank investments in other CDOs, collateralized mortgage obligations, collateralized loan obligations, and venture capital. Committee members from both parties expressed an interest in pursuing further changes to the rule, including changes to address the restrictions on collateralized loan obligations.
On January 14, the Federal Reserve Board, the OCC, and the FDIC announced final changes to the Call Report to implement the Basel III capital standards and consumer data collection after delaying certain changes last year. The agencies now plan to implement in March 2014 the proposed reporting requirements for (i) depository institution trade names; (ii) a modified version of the reporting proposal pertaining to international remittance transfers; (iii) the proposed screening question about the reporting institution’s offering of consumer deposit accounts; and (iv) for institutions with $1 billion or more in total assets that offer such accounts, the proposed new data items on consumer deposit account balances. The agencies would then implement the proposed breakdown of consumer deposit account service charges in March 2015, but only for institutions with $1 billion or more in total assets that offer consumer deposit accounts. The proposed instructions for these new items also were revised. In addition, the agencies will not at this time proceed with the proposed annual reporting by institutions with a parent holding company that is not a bank or savings and loan holding company of the amount of the parent holding company’s consolidated total liabilities.
On January 8, Senate Banking Committee members Elizabeth Warren (D-MA) and Tom Coburn (R-OK) released the “Truth in Settlements Act.” The legislation would mandate that for any criminal or civil settlement entered into by a federal agency that requires total payments of $1 million or more, the agency must post online in a searchable format a list of each covered settlement agreement. The list must include, among other things: (i) the total settlement amount and a description of the claims; (ii) the names of parties and the amount each settling party is required to pay; and (iii) for each settling party, the amount of the payment designated as a civil penalty or fine, or otherwise specified as not tax deductible. The bill also would require that public statements by an agency about a covered settlement describe: (i) which portion of any payments is a civil or criminal penalty or fine, or is expressly specified as non-tax deductible; and (ii) any actions the settling company is required to take under the agreement, in lieu of or in addition to any payment. The bill would exempt disclosure of information subject to a confidentiality provision, but would in cases where partial or full confidentiality is applied, require the agency to issue a public statement about why confidential treatment is required to protect the public interest of the U.S. The bill also would require public companies to describe in their annual and periodic SEC reports any claim filed for a tax deduction that relates to a payment required under a covered settlement. In announcing the legislation, Senator Warren stated that the bill is needed to “shut down backroom deal-making and ensure that Congress, citizens and watchdog groups can hold regulatory agencies accountable for strong and effective enforcement that benefits the public interest.”
On January 3, the U.S. District Court for the Northern District of Illinois held that a relator failed to support allegations that the outside directors of a failed bank misrepresented to the FDIC the quality of the bank’s collateral on real estate loans, and dismissed those claims. U.S. v. Veluchamy, No. 11-4458, 2014 WL 51398 (N.D. Ill. Jan. 3, 2014). The relator alleges that the outside directors, as well as bank managers and employees and the bank’s appraisal company, violated the False Claims Act by engaging in a scheme to defraud the FDIC by misrepresenting the loan-to-value ratios for real estate lending and submitting fraudulent Call Reports based on overvalued appraisals. The court held that the bank’s outside directors were not shown to be involved in the day-to-day operations of the bank, and that the relator failed to demonstrate the directors had knowledge of or contributed to the alleged scheme. The court denied motions to dismiss filed by the other defendants. The court also held that the relator’s claims were not barred by prior public disclosure of the allegations. The court explained that a Material Loss Review issued by the FDIC’s inspector general following the bank’s failure did not include “critical elements” of the relator’s fraud claims, and that a prior state court employment case filed against the bank by the relator also did not reveal essential elements of the current claims.
On December 30, the FDIC responded to a recent joint letter from the AABD and ICBA expressing concern with the lack of new bank charters and proposing policy reforms to encourage more de novo applications. As the trade groups pointed out, the FDIC has only approved deposit insurance for one de novo bank since 2011, a dramatic shift from many years of de novo bank formation averaging over 170 per year. FDIC Director Doreen Eberley acknowledged the concern, but defended FDIC policy and cited cyclical conditions as a potential explanation for the current situation rather than any FDIC policy change. Ms. Eberley reasserted the FDIC’s commitment to assisting with potential de novo community bank formations.
Last month, the DOJ announced a settlement with a three-branch, $78 million Texas bank to resolve allegations that the bank engaged in a pattern or practice of discrimination on the basis of national origin in the pricing of unsecured consumer loans. Based on its own investigation and an examination conducted by the FDIC, the DOJ alleged that the bank violated ECOA by allowing employees “broad subjective discretion” in setting interest rates for unsecured loans, which allegedly resulted in Hispanic borrowers being charged rates that, after accounting for relevant loan and borrower credit factors, were on average 100-228 basis points higher than rates charged to similarly situated non-Hispanic borrowers. The DOJ claimed that “[a]lthough information as to each applicant’s national origin was not solicited or noted in loan applications, such information was known to the Bank’s loan officers, who personally handled each loan transaction.”
The consent order requires the bank to establish a $159,000 fund to compensate borrowers who may have suffered harm as a result of the alleged ECOA violations. Prior to the settlement, the bank implemented uniform pricing policies that substantially reduced loan officer discretion to vary a loan’s interest rate. The agreement requires the bank to continue implementing the uniform pricing policy and to (i) create a compliance monitoring program, (ii) provide borrower notices of non-discrimination, (iii) conduct employee training, and (iv) establish a complaint resolution program to address consumer complaints alleging discrimination regarding loans originated by the bank. The requirements apply not only to unsecured consumer loans, but also to mortgage loans, automobile financing, and home improvement loans.
The action is similar to another fair lending matter referred by the FDIC and settled by the DOJ earlier in 2013, which also involved a Texas community bank that allegedly discriminated on the basis of national origin in its pricing of unsecured loans.
Recently, the OCC released a formal agreement it entered with the FDIC, the Federal Reserve Bank of St. Louis, and a banking software company to resolve allegations of unsafe and unsound practices relating to the software company’s disaster recovery and business continuity planning and processes. The action reportedly resulted from the third-party service provider’s (TSP) delay in reestablishing full operations at a processing center in the wake of Hurricane Sandy. The agreement requires the TSP to continue to maintain a compliance committee, which must submit quarterly written reports to the TSP’s board. The agreement also details minimum requirements for (i) an enhanced disaster recovery and business continuity planning (DR/BCP) process; and (ii) a DR/BCP risk management program and audit process. The agreement also reaffirms the TSP board’s responsibility for proper and sound management of the TSP. The action demonstrates the OCC’s and other federal authorities’ continued focus on third-party service providers. While in this instance the regulators employed the Bank Services Company Act to directly address concerns about a TSP, recent Federal Reserve Board and OCC guidance also focuses on financial institutions’ responsibilities with regard to managing risks related to third parties’ disaster recovery and business continuity.
On December 27, in response to substantial criticism and legal action by banking trade groups, the Federal Reserve Board, the OCC, the FDIC, and the SEC stated that they are reviewing whether it is appropriate and consistent with the provisions of the Dodd-Frank Act (DFA) not to subject pooled investment vehicles for Trust Preferred Securities (TruPS), such as collateralized debt obligations backed by TruPS, to the prohibitions on ownership of covered funds in section 619 of the DFA, as implemented by the recently finalized Volcker Rule. Community banks and their trade group representatives state that the Volcker rule treatment of TruPS conflicts with a separate section of the DFA that requires TruPS issued by depository institution holding companies to be phased out of such companies’ calculation of Tier 1 capital, but provides for the permanent grandfathering of TruPS issued before May 19, 2010, by certain holding companies with total consolidated assets of less than $15 billion. The banks assert that banking entities investing in pooled TruPS are facing “unexpected and precipitous write-downs” that are not justified by any safety and soundness concern, and that the resulting write-downs are actually causing safety and soundness concerns. The agencies promised to address the matter by January 15, 2014.
Eleventh Circuit Certifies Questions On Georgia Business Judgment Rule In Bank Officer Case, Declines To Apply “No Duty” Rule To Bar Affirmative Defenses
On December 23, the U.S. Court of Appeals for the 11th Circuit certified questions to the Georgia Supreme Court regarding whether bank directors and officers can be subject to claims for ordinary negligence under the state banking code. FDIC v. Skow, No.12-15878, 2013 WL 6726918 (11th Cir. Dec. 23, 2013). In this case, former directors and officers of a failed Georgia bank moved to dismiss a suit brought against them by the FDIC as receiver for the failed bank, asserting that the state’s business judgment rule blocked the FDIC’s ordinary negligence allegations. Specifically, the FDIC claimed that the former directors and officers were negligent in pursuing an unsustainable growth strategy that included approving high risk loans that resulted in substantial losses and contributed to the bank’s failure. The appeals court explained that state law appears to provide that a bank director or officer who acts in good faith might still be subject to a claim for ordinary negligence if he failed to act with ordinary diligence. However, given that its reading of the state statute conflicts with state intermediate appellate court holdings, the Eleventh Circuit asked the Supreme Court of Georgia to determine (i) whether a bank director or officer violates the standard of care established by state statute when he acts in good faith but fails to act with “ordinary diligence;” and (ii) whether, in a case applying Georgia’s business judgment rule, the bank officer or director defendants can be held individually liable if they are shown to have been ordinarily negligent or to have breached a fiduciary duty, based on ordinary negligence in performing professional duties. The court also affirmed the district court’s denial of the FDIC’s motion to strike certain affirmative defenses, rejecting the FDIC’s argument that under federal common law it owes “no duty” to bank officers or directors and it therefore is exempt from defenses under state law.
On December 13, the Federal Reserve Board, the FDIC, the OCC, and the NCUA issued an interagency statement to clarify safety and soundness expectations and CRA considerations in light of the CFPB’s ability-to-repay/qualified mortgage rule. The statement emphasizes that institutions may originate both QM and non-QM loans based on their business strategies and risk appetites and that residential mortgage loans “will not be subject to safety-and-soundness criticism based solely on their status as QMs or non-QMs.” Acknowledging that some institutions may choose to originate only or predominantly QM loans, the agencies state that, consistent with recent guidance concerning the fair lending implications of QM-only lending, “the agencies that conduct CRA evaluations do not anticipate that institutions’ decision[s] to originate only QMs, absent other factors, would adversely affect their CRA evaluations.”
On December 11, the FFIEC, on behalf of the CFPB, the FDIC, the OCC, the Federal Reserve Board, the NCUA, and the State Liaison Committee, released final guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by federally supervised financial institutions and nonbanks supervised by the CFPB. The guidance was finalized largely as proposed. However, in response to stakeholder comments, the regulators clarified certain provisions. For example, the final guidance clarifies that traditional emails and text messages, on their own, are not social media. The final guidance also explains that to the extent consistent with other applicable legal requirements, a financial institution may establish one or more specified channels that customers must use for submitting communications directly to the institution, and that a financial institution is not expected to monitor all Internet communications for complaints and inquiries, but should take into account the results of its own risk assessment in determining the appropriate approach regarding monitoring and responding to communications. The regulators also clarified that the guidance is not intended to provide a “one-size-fits-all” approach; rather financial institutions are expected to assess and manage the risks particular to the individual institution, taking into account factors such as the institution’s size, complexity, activities, and third party relationships. The final guidance also contains further discussion regarding the application of certain laws and regulations to social media activities, such as the Community Reinvestment Act. Finally, consistent with other recent regulatory initiatives, the final guidance clarifies that prior to engaging with a prospective third party an institution should evaluate and perform due diligence appropriate to the risks posed.