On April 19, the Federal Reserve issued a letter announcing a new off-site loan file review program available to banking institutions with less than $50 billion in total assets. According to the letter, recent technological advancements, i.e. secure data transmission and electronic file imaging, allow the Federal Reserve to collect and review loan file information off-site “without compromising the effectiveness of the examination process.” To determine if the off-site loan review program is appropriate for an institution, the Federal Reserve will consider the following: (i) if the institution uses a secure transmission method to submit the loan file data; (ii) if the institution can provide loan data and imaged documents that are legible, easily viewable, and properly organized; and (iii) if the loan files are sufficiently comprehensive, allowing examiners to reach a conclusion regarding the appropriate rating of a credit without requesting additional information. Regarding adjustments to the examination process of an off-site loan review, the letter cautions that examiners will need to allocate sufficient time before an examination begins to ensure loan file data was successfully transmitted to the Reserve Bank, and communicate with institutional management throughout the examination process. Finally, the letter discusses the scope of the off-site examination process verses that of an on-site examination process, noting that (i) certain portions of examination work will remain off-site regardless of whether the institution is participating in the new off-site program; and (ii) at examiners’ discretion, Reserve Banks “may hold either off-site or on-site discussions with the institution’s management regarding preliminary loan review findings such as the appropriateness of individual credit ratings assigned by [a state member bank or foreign banking organization] and the completeness of credit file documentation.”
On April 22, the American Bankers Association (ABA) sent a letter to the OCC, the Federal Reserve, and the FDIC regarding force-place flood insurance (also known as lender-placed insurance). The ABA probed the question of whether or not the advancement of a lender-placed flood insurance premium constitutes an “increase” to the designated loan – a statutory “tripwire” under the Flood Disaster Protection Act (FDPA). According to the letter, “increasing reports” from ABA members suggest that examiners are taking the position that “advancing a flood insurance premium in order to force-place flood insurance increases a loan balance and therefore constitutes a MIRE event [(making, increasing, renewing, or extending a designated loan)].” The letter summarizes FDPA requirements, noting that, if examiners are in fact considering the advancement of a premium to force-place flood insurance as an increase to a designated loan, such an “interpretation is new to the industry and is inconsistent with industry practice and contractual obligations under standard mortgage loan agreements.” According to the ABA, this new approach would result in increased borrower confusion and expense: “[i]ndeed, if adding the flood insurance premium to the loan is considered to increase the loan amount, following that logic through, the payment of a force-placed hazard insurance premium, taxes, or even a late fee would also ‘increase’ the loan—and result in a MIRE event as it is wholly inconsistent to treat these protective advances differently. Accordingly, a delinquent borrower could experience a ‘MIRE event’ as frequently as monthly with each late payment. Clearly, this was not Congress’s intent.” The ABA urged the banking agencies to release interagency guidance to address concerns related to the advancement of flood insurance premiums as a potential MIRE event.
Recently, the Federal Reserve and NYDFS announced that a New York branch of a Pakistani bank agreed to strengthen its compliance with BSA/AML requirements and OFAC regulations. The NYDFS’s and the NY Federal Reserve Bank’s recent examination into the bank’s branch found deficiencies related to its risk management and compliance with BSA/AML and OFAC regulations. Pursuant the agreement, the bank must submit written plans to the NYDFS and the NY Federal Reserve Bank on its strategy to improve its BSA/AML/OFAC compliance and its suspicious activity reporting. In addition, the bank must submit quarterly progress reports to the aforementioned regulators.
The recently issued agreement comes after a similar agreement earlier this month in which a New York branch of a Korean bank agreed to enhance its BSA/AML/OFAC compliance.
On April 4, the Federal Reserve Bank of Boston’s President Eric S. Rosengren delivered remarks at the 2016 Cybersecurity Conference. Rosengren commented on the status of the U.S. economy and the “ever-changing” nature of cyber risk. According to Rosengren, risks in the cyber realm, unlike those related to the economy, are not waning. Significant cyber risk points outlined in Rosengren’s remarks include: (i) banks are increasingly having to compete with “fintech” entities providing similar financial services without the regulatory burden of being a bank; (ii) rapid growth in new applications and devices may provide consumer convenience, but do not always focus on security issues at large; and (iii) implementation of a communication plan addressing customer, vendor, and regulator concern in light of a breach is critical to mitigating problems. Finally, Rosengren cautioned that, “[b]anking organizations need to continue to evolve as [cyber risks] morph, and as new innovations and expectations of convenience introduce new challenges to security.”
FinCEN, Banking Agencies Release Guidance on Applying Customer Identification Program Requirements to Holders of Prepaid Cards
On March 21, the Federal Reserve, FDIC, NCUA, OCC, and FinCEN published guidance to issuing banks (i.e., banks that authorize the use of prepaid cards) intended to clarify the application of customer identification program (CIP) requirements to prepaid cards. The guidance clarifies that when the issuance of a prepaid card creates an “account” as defined in CIP regulations, CIP requirements apply. The guidance indicates that a prepaid card should be treated as an account if it has attributes of a typical deposit product, including prepaid cards that provide the ability to reload funds or provide access to credit or overdraft features. Once an account has been opened, CIP regulations require identification of the “customer.” The guidance explains that the cardholder should be treated as the customer, even if the cardholder is not the named accountholder, but has obtained the card from a third party program manager who uses a pooled account with the bank to issue prepaid cards. Finally, the guidance stresses that third party program managers should be treated as agents, not customers, and that “[t]he issuing bank should enter into well-constructed, enforceable contracts with third-party program managers that clearly define the expectations, duties, rights, and obligations of each party in a manner consistent with [the] guidance.”