On April 1, the Federal Financial Institutions Examination Council (FFIEC) announced that Comptroller of the Currency Thomas Curry will serve a two-year term as FFIEC Chairman. The FFIEC also selected Federal Reserve Board Member Daniel Tarullo as Vice Chairman, and announced three new State Liaison Committee members: Michael Mach, Division of Banking Administrator for the Wisconsin Department of Financial Institutions; Lauren Kingry, Superintendent of the Arizona Department of Financial Institutions; and Thomas Candon, Deputy Commissioner of Banking and Securities of the Vermont Department of Financial Regulation. The FFIEC is responsible for prescribing uniform principles, standards, and report forms for the federal examination of financial institutions, and for recommending changes to promote uniformity in the supervision of financial institutions. The FFIEC also conducts schools for federal examiners.

On February 13, the CFPB announced a plan to implement its recently adopted mortgage rules, which go into effect in January 2014. To assist financial institutions with implementing the rules, the CFPB will (i) coordinate with other agencies that conduct examinations of mortgage companies to ensure all regulators have a shared understanding of the CFPB’s new rules, (ii) publish plain-language guides in the spring, (iii) publish updates to the official interpretations, with priority given to issues that are important to a large number of providers or consumers, and that critically affect mortgage companies’ implementation decisions, (iv) publish readiness guides, available this summer, and (v) work with the FFIEC to develop more in-depth examination procedures.

On January 22, the FFIEC proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by federally supervised financial institutions, as well as nonbanks supervised by the CFPB. With regard to compliance and legal risks, the guidance addresses (i) the applicability of existing federal laws and regulations to the use of social media for marketing and originating new deposit and lending products and the use of social media to facilitate consumer use of payment systems; (ii) the need to apply BSA/AML internal controls to customers engaging in electronic banking through the use of social media, and e-banking products and services offered in the context of social media, as well as BSA/AML risks emerging through the growing use of social media; (iii) CRA monitoring of social media sites run by an institution; and (vi) customer privacy issues associated with social media. The guidance also reviews reputational risks related to social media, including risks related to (i) fraud and brand identity; (ii) social media vendor monitoring; (iii) privacy; (iv) consumer complaints; and (v) employee use of social media. Finally, the guidance addresses the vulnerability of social media to malware and the resultant operational risk. The FFIEC is accepting comments for 60 days after publication in the Federal Register. After the comment period, the agencies will issue supervisory guidance and will urge state regulators to follow. 

In an annual rite of autumn, on September 18 the Federal Financial Institutions Examination Council released 2011 Home Mortgage Disclosure Act (HMDA) data for U.S. mortgage lenders.  The public data contains information regarding nearly all home mortgage applications acted on in the prior calendar year, designated by loan purpose (i.e., home purchase, home refinance and home improvement).  The HMDA data covers home loan applications made to over 7,600 U.S. financial institutions, including banks, savings associations, credit unions and mortgage companies, and contains information on approximately 11.7 million applications, 7.1 million originations and 2.9 million purchases.

HMDA data provides a wealth of mortgage industry-related information, including data on application and loan volume, the proportion of loans backed by the Fair Housing Administration and Veterans Administration, and lender concentration in the mortgage market.  However, its most important function and the reason HMDA was enacted is the role the data plays in fair lending enforcement.  Toward this end, the outcome of each home mortgage loan application is classified according to the applicant’s race, ethnicity and gender.  HMDA data further allows analyses based on the site of the subject property, as well as the location of the lender. Read more…

On October 31, the Federal Financial Institutions Examination Council (FFIEC) issued a revised Supervision of Technology Service Providers Booklet (TSP Booklet). The revised TSP Booklet, which is part of the FFIEC Information Technology Examination Handbook, provides guidance for examiners and financial institutions on the supervision of technology service providers by describing the federal banking regulators’ statutory authority to supervise third-party service providers, outlining the regulators’ risk-based supervision program, and providing the Uniform Rating System for examinations. The TSP Booklet clarifies that outsourced activities should be subject to the same risk management, security, privacy, and other internal controls and compliance policies as if such functions were performed internally, and that a financial institution’s board of directors and management have the responsibility for ensuring that outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.

Concurrent with the release of the updated TSP Booklet, the Federal Reserve Board, the FDIC, and the OCC issued new Administrative Guidelines for the Implementation of Interagency Programs for the Supervision of Technology Service Providers. The Guidelines are separate from the FFIEC IT Examination Handbook and describe how the agencies implement their interagency supervisory programs. The Guidelines are primarily a resource for examiners and include the reporting templates used by examiners.

On September 18, the Federal Financial Institutions Examination Council (FFIEC) released data collected in 2011 under the Home Mortgage Disclosure Act (HMDA). The data include information on loan amount, loan type and purpose, property type and location, pricing, and applicant characteristics. The FFIEC release notes that the 2011 data reflect that (i) the FHA’s share of first-lien loans declined in 2011, but there remains a heavy reliance on the FHA program, (ii) only a small minority of first lien loans had APRs above the loan price reporting thresholds, and (iii) for conventional home-purchase loans, black and Hispanic white applicants experienced higher denial rates than non-Hispanic white applicants, similar to in prior years. While examiners consider HMDA data when assessing lender compliance with fair lending laws, the FFIEC cautions that such data do not include many potential determinants of creditworthiness and loan pricing, such as the borrower’s credit history, debt-to-income ratio, and the loan-to-value ratio.

On July 10, the federal banking regulators, through the Federal Financial Institutions Examination Council (FFIEC), published a statement on outsourcing of cloud computing services by financial institutions. The statement explains that the regulators consider cloud computing to be another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing. The statement goes on to outline the key risks of outsourced cloud computing, focusing on due diligence, vendor management, information security, audits, legal and regulatory compliance, and business continuity planning. The statement concludes that “[c]loud computing may require more robust controls due to the nature of the service. When evaluating the feasibility of outsourcing to a cloud-computing service provider, it is important to look beyond potential benefits and to perform a thorough due diligence and risk assessment of elements specific to that service.”