Treasury Issues Joint AML/BSA Fact Sheet

On August 30, the Department of the Treasury, along with the OCC, FDIC, Federal Reserve and NCUA, issued a joint fact sheet on foreign correspondent banking. The fact sheet provides a summary of the agencies’ (i) expectations for BSA/AML and OFAC risk management at U.S. depository institutions; (ii) risk-based approach to the supervisory examination process; and (iii) use of enforcement as an “extension of the supervisory process.” As highlighted in a corresponding blog post, the fact sheet explains that about “95% of BSA/OFAC compliance deficiencies identified by the [Federal Banking Agencies], FinCEN, and OFAC are corrected by the institution’s management without the need for any enforcement action or penalty.” The fact sheet notes that, under existing regulations there is no general requirement for depository institutions to conduct due diligence on an individual customer of a foreign financial institution (FFI). But it also notes that “[i]n determining the appropriate level of due diligence necessary for an FFI relationship, U.S. depository institutions should consider the extent to which information related to the FFI’s markets and types of customers is necessary to assess the risks posed by the relationship, satisfy the institution’s obligations to detect and report suspicious activity, and comply with U.S. economic sanctions. This may require U.S. depository institutions to request additional information concerning the activity underlying the FFI’s transactions in accordance with the suspicious activity reporting rules and sanctions compliance obligations.”

LinkedInFacebookTwitterGoogle+Share

FFIEC Issues Cybersecurity Statement, Comments on Recent Attacks on Interbank Messaging and Payment Networks

On June 7, the FFIEC issued a statement on behalf of its members (the OCC, Federal Reserve, FDIC, NCUA, CFPB, and State Liaison Committee) advising financial institutions to “actively manage the risks associated with interbank messaging and wholesale payment networks.” According to the statement, recent cyber attacks against interbank networks and wholesale payment systems have demonstrated the ability to: (i) bypass information security controls and compromise a financial institution’s wholesale payment origination environment; (ii) “obtain and use valid operator credentials with the authority to create, approve, and submit messages”; (iii) make use of sophisticated understanding of funds transfer operations and operational controls; (iv) disable security logging and reporting by using highly customized malware, as well as conceal and delay detection of fraudulent transactions with the use of other operational controls; and (v) quickly transfer stolen funds across multiple jurisdictions. Read more…

LinkedInFacebookTwitterGoogle+Share

CFPB, Federal Banking Agencies, and NCUA Issue Interagency Guidance Regarding Deposit Reconciliation Practices

On May 18, the CFPB, the Federal Reserve, the OCC, the FDIC, and the NCUA issued interagency guidance on supervisory expectations regarding customer account deposit reconciliation practices. According to the guidance, banks create a “credit discrepancy” if they credit a customer a different amount than the total of the items the customer tried to deposit into an account. In further explaining what constitutes a credit discrepancy, the guidance states, “the customer may deposit $110 to an account, but may indicate on the deposit slip that only $100 has been tendered. In this case, the financial institution may credit $100 to the customer’s account as indicated on the deposit slip without reconciling the $10 discrepancy.” According to the guidance, some financial institutions fail to correct the inconsistencies between the dollar value of items deposited to the customer’s account and the amount actually credited to that same account. This is a potential violation of (i) the Expedited Funds Availability Act’s, as implemented by Regulation CC, requirement to make deposited funds available for withdrawal within prescribed time limits; (ii) the FTC Act’s ban of unfair or deceptive acts or practices; and (iii) the Dodd-Frank Act’s prohibition of unfair, deceptive, or abusive acts or practices. In addition to reminding financial institutions of their obligations to comply with the aforementioned applicable laws, the guidance stresses that financial institutions are expected to “adopt deposit reconciliation policies and practices that are designed to avoid or reconcile discrepancies, or designed to resolve discrepancies such that customers are not disadvantaged.”

LinkedInFacebookTwitterGoogle+Share

FinCEN, Banking Agencies Release Guidance on Applying Customer Identification Program Requirements to Holders of Prepaid Cards

On March 21, the Federal Reserve, FDIC, NCUA, OCC, and FinCEN published guidance to issuing banks (i.e., banks that authorize the use of prepaid cards) intended to clarify the application of customer identification program (CIP) requirements to prepaid cards. The guidance clarifies that when the issuance of a prepaid card creates an “account” as defined in CIP regulations, CIP requirements apply. The guidance indicates that a prepaid card should be treated as an account if it has attributes of a typical deposit product, including prepaid cards that provide the ability to reload funds or provide access to credit or overdraft features. Once an account has been opened, CIP regulations require identification of the “customer.” The guidance explains that the cardholder should be treated as the customer, even if the cardholder is not the named accountholder, but has obtained the card from a third party program manager who uses a pooled account with the bank to issue prepaid cards. Finally, the guidance stresses that third party program managers should be treated as agents, not customers, and that “[t]he issuing bank should enter into well-constructed, enforceable contracts with third-party program managers that clearly define the expectations, duties, rights, and obligations of each party in a manner consistent with [the] guidance.”

LinkedInFacebookTwitterGoogle+Share

Agencies Finalize Diversity Policy Statement

On June 9, six federal agencies – the Federal Reserve, CFPB, FDIC, NCUA, OCC, and the SEC – issued a final interagency policy statement creating guidelines for assessing the diversity policies and practices of the entities they regulate. Mandated by Section 342 of the Dodd-Frank Act, the final policy statement requires the establishment of an Office of Minority and Women Inclusion at each of the agencies and includes standards for the agencies to assess an entity’s organizational commitment to diversity, workforce and employment practices, procurement and business practices, and practices to promote transparency of diversity and inclusion within the organization. The final interagency guidance incorporates over 200 comments received from financial institutions, industry trade groups, consumer advocates, and community leaders on the proposed standards issued in October 2013. The final policy statement will be effective upon publication in the Federal Register. The six agencies also are requesting public comment, due within 60 days following publication in the Federal Register, on the information collection aspects of the interagency guidance.

LinkedInFacebookTwitterGoogle+Share