On October 20, the FDIC, OCC, Federal Reserve, Farm Credit Administration, and National Credit Union Administration issued a proposed rule intended to develop further the private flood insurance marketplace by implementing certain provisions of the 2012 Biggert-Waters Flood Insurance Reform Act (Biggert-Waters Act). Notably, the proposed rule would “require regulated lending institutions to accept policies that meet the statutory definition of private flood insurance in the Biggert-Waters Act and permit regulated lending institutions to accept flood insurance provided by private insurers that does not meet the statutory definition of ‘private flood insurance’ on a discretionary basis, subject to certain restrictions.” Comments on the proposal are due 60 days after it is published in the Federal Register.
On December 7, the American Bankers Association (ABA) filed a lawsuit in federal court seeking to overturn a final rule published by the National Credit Union Administration (NCUA) in that morning’s Federal Register. The final rule purports to “implement changes in policy affecting: The definition of a local community, a rural district, and an underserved area; the chartering and expansion of a multiple common bond credit union; the expansion of a single common bond credit union that serves a trade, industry or profession; and the process for applying to charter, or to expand, a federal credit union.”
ABA’s law suit contends, among other things, that by “fail[ing] to adhere to the limitations on federal credit unions established by Congress,” the NCUA’s final rule “upsets the balance Congress struck between granting federal credit unions tax-favored status and limiting their operations to carefully circumscribed groups or localities that share a common bond.” Under the final rule, scheduled to take effect Feb. 6, Federal Credit Unions (FCUs) can apply to serve entire geographic regions, so-called “rural districts” up to 1 million people (which include the entirety of Alaska, North Dakota, South Dakota, Vermont or Wyoming), and areas contiguous to their existing service areas. NCUA is also facilitating easier conversions to community charters.
A foreign bank has agreed to pay $1.1 billion to settle lawsuits brought in Kansas and California in 2011 by the National Credit Union Administration Board (NCUA) as the liquidating agent for two corporate credit unions. The lawsuit centered on claims that the bank sold faulty mortgage-backed securities, contributing to the failures of the two credit unions during the financial crisis.
On August 30, the Department of the Treasury, along with the OCC, FDIC, Federal Reserve and NCUA, issued a joint fact sheet on foreign correspondent banking. The fact sheet provides a summary of the agencies’ (i) expectations for BSA/AML and OFAC risk management at U.S. depository institutions; (ii) risk-based approach to the supervisory examination process; and (iii) use of enforcement as an “extension of the supervisory process.” As highlighted in a corresponding blog post, the fact sheet explains that about “95% of BSA/OFAC compliance deficiencies identified by the [Federal Banking Agencies], FinCEN, and OFAC are corrected by the institution’s management without the need for any enforcement action or penalty.” The fact sheet notes that, under existing regulations there is no general requirement for depository institutions to conduct due diligence on an individual customer of a foreign financial institution (FFI). But it also notes that “[i]n determining the appropriate level of due diligence necessary for an FFI relationship, U.S. depository institutions should consider the extent to which information related to the FFI’s markets and types of customers is necessary to assess the risks posed by the relationship, satisfy the institution’s obligations to detect and report suspicious activity, and comply with U.S. economic sanctions. This may require U.S. depository institutions to request additional information concerning the activity underlying the FFI’s transactions in accordance with the suspicious activity reporting rules and sanctions compliance obligations.”
FFIEC Issues Cybersecurity Statement, Comments on Recent Attacks on Interbank Messaging and Payment Networks
On June 7, the FFIEC issued a statement on behalf of its members (the OCC, Federal Reserve, FDIC, NCUA, CFPB, and State Liaison Committee) advising financial institutions to “actively manage the risks associated with interbank messaging and wholesale payment networks.” According to the statement, recent cyber attacks against interbank networks and wholesale payment systems have demonstrated the ability to: (i) bypass information security controls and compromise a financial institution’s wholesale payment origination environment; (ii) “obtain and use valid operator credentials with the authority to create, approve, and submit messages”; (iii) make use of sophisticated understanding of funds transfer operations and operational controls; (iv) disable security logging and reporting by using highly customized malware, as well as conceal and delay detection of fraudulent transactions with the use of other operational controls; and (v) quickly transfer stolen funds across multiple jurisdictions. Read more…