On March 5, a group of 16 Democratic U.S. House members sent letters to the leaders of the Federal Reserve Board, the OCC, the FDIC, and the NCUA requesting that the agencies issue guidance that would provide legitimate marijuana businesses access to the federal banking system. Last November, those agencies declined to provide such guidance, stating that the DOJ and FinCEN first needed to agree on a framework to apply BSA/AML provisions to banks seeking to serve marijuana businesses. With FinCEN and DOJ having recently issued such guidance, the lawmakers renewed their push for legitimate marijuana businesses—now operating in 20 states and the District of Columbia—to have “equal access to banking services as other licensed businesses.”
On March 5, the Federal Reserve Board, the OCC, and the FDIC issued final guidance for stress tests conducted by banking institutions with more than $10 billion but less than $50 billion in total consolidated assets. Under Dodd-Frank Act-mandated regulations adopted in October 2012, such firms are required to conduct annual stress tests. The guidance discusses (i) supervisory expectations for stress test practices, (ii) provides examples of practices that would be consistent with those expectations, and (iii) offers additional details about stress test methodologies. Covered institutions are required to perform their first stress tests under the Dodd-Frank Act by March 31, 2014.
On March 4, Comptroller of the Currency Thomas Curry addressed the annual meeting of the Independent Community Bankers Association where he stressed the need for banks to effectively manage risk presented by the outsourcing of data security and information technology. The Comptroller explained that “[t]hird parties can be the weak link in [a bank’s] information systems security and resiliency; and especially where that third party is providing security services.” Referencing guidance the OCC issued last year, the Comptroller described the OCC’s due diligence expectations for banks’ third-party relationships as “substantial” and stressed that a bank’s due diligence needs to cover not only the vendor, but the vendor’s own third-party relationships. Mr. Curry also focused on other concerns he has about third-party relationships, including: (i) consolidation of service providers, which can increase the number of banks impacted when deficiencies occur at a single vendor; (ii) increased reliance by banks on foreign-based service providers; and (iii) third parties’ access to “large amounts of sensitive bank or customer data.”
On February 14, the OCC issued Bulletin 2014-02, which clarifies supervisory expectations for national banks and federal savings associations regarding secured consumer debt discharged in Chapter 7 bankruptcy proceedings. The guidance describes (i) the analysis necessary to “clearly demonstrate and document that repayment is likely to occur,” which would preclude any charge-off as required by the Uniform Retail Credit Classification and Account Management Policy; and (ii) when a bank may consider post-discharge payment performance as evidence of collectability and when this performance demonstrates both capacity and willingness to repay the full amounts due. The OCC states that the repayment analysis should document (i) the existence of orderly repayment terms for structured collection of the debt without the existence of undue payment shock or the need to refinance the balloon amount; (ii) a history of payment performance that demonstrates the borrower’s ongoing commitment to satisfy the debt; and (iii) the consideration of post-discharge capacity to make future required payments. The guidance provides standards for post-discharge repayment capacity. Further, the guidance allows a bank to consider post-discharge payment performance as evidence of collectability, and states that the analysis can be conducted at a pool or individual level provided the bank considers whether (i) monthly payment includes both principal and interest that fully amortizes the remaining debt; (ii) sustained performance demonstrates ongoing capacity and willingness to repay post-discharge; and (iii) collateral levels indicate the bank is likely to recover the full amount due even if payments cease.
On February 7, the OCC issued an updated Mortgage Banking booklet of the Comptroller’s Handbook. The revised booklet (i) provides updated guidance to examiners and bankers on assessing the quantity of risk associated with mortgage banking and the quality of mortgage banking risk management; (ii) makes wholesale changes to the functional areas of production, secondary marketing, servicing, and mortgage servicing rights; and (iii) addresses recent CFPB amendments to Regulation X and Regulation Z, as well as other Dodd-Frank related statutory and regulatory changes. The updated booklet replaces a similarly titled booklet issued in March 1996, as well as Section 750 (Mortgage Banking) issued in November 2008 as part of the former OTS Examination Handbook. On February 12, the OCC issued a revised Retirement Plan Products and Services booklet of the Comptroller’s Handbook that (i) updates examination procedures and groups them by risk; (ii) updates references and adds a list of abbreviations; (iii) adds references to recent significant U.S. Department of Labor regulations and policy issuances; (iv) adds a discussion of Bank Secrecy Act/anti-money laundering and Regulation R; and (v) adds a discussion of board and senior management responsibilities regarding oversight of risk management.
On January 29, the OCC announced that Molly Scherf will serve as Deputy Comptroller for Large Bank Supervision with responsibility for overseeing the Large Bank lead experts, shared national credit, data analytics, and systems teams. Her new role will involve working with policy, midsize, and community bank supervision, and legal departments within the OCC as well as with domestic and international regulatory peers. Ms. Scherf joined the OCC in 1990 and brings 23 years of bank supervision experience across institutions ranging from $50 million to $2 trillion in assets. She most recently served as Large Bank Lead Expert for Governance and Enterprise Risk Management and previously served as a megabank Team Lead at Wells Fargo.
On January 17, the OCC released a cease and desist order entered jointly by the OCC and the FDIC with two affiliated technology service providers that offer payment and other technology solutions for banks. Without describing the specific circumstances leading to the action, the order states that the regulators had reason to believe the service providers were operating without (i) an internal auditor or an integrated risk-focused audit program; (ii) a comprehensive due diligence program or formal policies to evaluate vendor risk; (iii) an enterprise-wide risk assessment; (iv) effective business continuity or disaster recovery planning; (v) procedures to identify software vulnerabilities; and (vi) an effective log review program to identify threats. The regulators did not assess a penalty, but will require the vendors to implement numerous risk management enhancements. Under the order, the technology service providers or their board must, among other things, (i) fill specific management positions; (ii) implement an audit program; (iii) conduct a security risk assessment; (iv) develop a vendor management program; (v) implement business continuity/disaster recovery plans; and (vi) submit quarterly progress reports to regulators and client banks.
On January 14, the Federal Reserve Board, the CFTC, the SEC, the OCC, and the FDIC issued an interim final rule to permit banking entities to retain interests in certain collateralized debt obligations backed primarily by trust preferred securities (TruPS CDOs) from the investment prohibitions of section 619 of the Dodd-Frank Act, known as the Volcker rule. The change allows banking entities to retain interest in or sponsorship of covered funds if (i) the TruPS CDO was established, and the interest was issued, before May 19, 2010; (ii) the banking entity reasonably believes that the offering proceeds received by the TruPS CDO were invested primarily in Qualifying TruPS Collateral; and (iii) the banking entity’s interest in the TruPS CDO was acquired on or before December 10, 2013, the date the agencies finalized the Volcker Rule. With the interim rule, the Federal Reserve, the OCC, and the FDIC released a non-exclusive list of qualified TruPS CDOs. The rule was issued in response to substantial criticism from banks and their trade groups after the issuance of the final Volcker Rule, and followed the introduction of numerous potential legislative fixes. On January 15, the House Financial Services Committee held a hearing on the impact of the Volcker rule during which bankers raised concerns beyond TruPS CDOs, including about the rule’s potential impact on bank investments in other CDOs, collateralized mortgage obligations, collateralized loan obligations, and venture capital. Committee members from both parties expressed an interest in pursuing further changes to the rule, including changes to address the restrictions on collateralized loan obligations.
On January 14, the Federal Reserve Board, the OCC, and the FDIC announced final changes to the Call Report to implement the Basel III capital standards and consumer data collection after delaying certain changes last year. The agencies now plan to implement in March 2014 the proposed reporting requirements for (i) depository institution trade names; (ii) a modified version of the reporting proposal pertaining to international remittance transfers; (iii) the proposed screening question about the reporting institution’s offering of consumer deposit accounts; and (iv) for institutions with $1 billion or more in total assets that offer such accounts, the proposed new data items on consumer deposit account balances. The agencies would then implement the proposed breakdown of consumer deposit account service charges in March 2015, but only for institutions with $1 billion or more in total assets that offer consumer deposit accounts. The proposed instructions for these new items also were revised. In addition, the agencies will not at this time proceed with the proposed annual reporting by institutions with a parent holding company that is not a bank or savings and loan holding company of the amount of the parent holding company’s consolidated total liabilities.
On January 15, the OCC announced its 2014 schedule of workshops for directors of national community banks and federal savings associations. The workshops, which are led by OCC examiners and are meant to provide practical training and guidance to directors, include (i) Mastering the Basics: A Director’s Challenge; (ii) Risk Assessment for Directors: Where is the Risk in Your Institution?; (iii) Compliance Risk: What Directors Need to Know; and (iv) Credit Risk: A Director’s Focus.
On January 8, Senate Banking Committee members Elizabeth Warren (D-MA) and Tom Coburn (R-OK) released the “Truth in Settlements Act.” The legislation would mandate that for any criminal or civil settlement entered into by a federal agency that requires total payments of $1 million or more, the agency must post online in a searchable format a list of each covered settlement agreement. The list must include, among other things: (i) the total settlement amount and a description of the claims; (ii) the names of parties and the amount each settling party is required to pay; and (iii) for each settling party, the amount of the payment designated as a civil penalty or fine, or otherwise specified as not tax deductible. The bill also would require that public statements by an agency about a covered settlement describe: (i) which portion of any payments is a civil or criminal penalty or fine, or is expressly specified as non-tax deductible; and (ii) any actions the settling company is required to take under the agreement, in lieu of or in addition to any payment. The bill would exempt disclosure of information subject to a confidentiality provision, but would in cases where partial or full confidentiality is applied, require the agency to issue a public statement about why confidential treatment is required to protect the public interest of the U.S. The bill also would require public companies to describe in their annual and periodic SEC reports any claim filed for a tax deduction that relates to a payment required under a covered settlement. In announcing the legislation, Senator Warren stated that the bill is needed to “shut down backroom deal-making and ensure that Congress, citizens and watchdog groups can hold regulatory agencies accountable for strong and effective enforcement that benefits the public interest.”
On January 7, the U.S. Attorney for the Southern District of New York, the OCC, and FinCEN announced the resolution of criminal and civil BSA/AML violations by a major financial institution in connection with the bank’s relationship with Bernard L. Madoff Investment Securities and Madoff Securities’ Ponzi scheme. The bank entered into a deferred prosecution agreement (DPA) to resolve two felony violations of the Bank Secrecy Act: (i) that the bank failed to enact adequate policies, procedures, and controls to ensure that information about the bank’s clients obtained through other lines of business – or outside the United States – was shared with compliance and AML personnel; and (ii) that the bank violated the BSA by failing to file a Suspicious Activity Report on Madoff Securities in October 2008. According to the U.S. Attorney, pursuant to the DPA the bank (i) agreed to waive indictment and to the filing of a Criminal Information; (ii) acknowledged responsibility for its conduct by, among other things, stipulating to the accuracy of a detailed Statement of Facts; (iii) agreed to pay a $1.7 billion non-tax deductible penalty in the form of a civil forfeiture (the largest ever financial penalty imposed by the DOJ for BSA violations); and (iv) agreed to various cooperation obligations and to continue reforming its BSA/AML compliance programs and procedures. In a separate action, the OCC levied a $350 million civil money penalty to resolve parallel BSA/AML allegations included in a January 2013 cease and desist order. Finally, the bank consented to a FinCEN assessment pursuant to which it must pay an additional $461 million.
Recently, the OCC released a formal agreement it entered with the FDIC, the Federal Reserve Bank of St. Louis, and a banking software company to resolve allegations of unsafe and unsound practices relating to the software company’s disaster recovery and business continuity planning and processes. The action reportedly resulted from the third-party service provider’s (TSP) delay in reestablishing full operations at a processing center in the wake of Hurricane Sandy. The agreement requires the TSP to continue to maintain a compliance committee, which must submit quarterly written reports to the TSP’s board. The agreement also details minimum requirements for (i) an enhanced disaster recovery and business continuity planning (DR/BCP) process; and (ii) a DR/BCP risk management program and audit process. The agreement also reaffirms the TSP board’s responsibility for proper and sound management of the TSP. The action demonstrates the OCC’s and other federal authorities’ continued focus on third-party service providers. While in this instance the regulators employed the Bank Services Company Act to directly address concerns about a TSP, recent Federal Reserve Board and OCC guidance also focuses on financial institutions’ responsibilities with regard to managing risks related to third parties’ disaster recovery and business continuity.
On December 27, in response to substantial criticism and legal action by banking trade groups, the Federal Reserve Board, the OCC, the FDIC, and the SEC stated that they are reviewing whether it is appropriate and consistent with the provisions of the Dodd-Frank Act (DFA) not to subject pooled investment vehicles for Trust Preferred Securities (TruPS), such as collateralized debt obligations backed by TruPS, to the prohibitions on ownership of covered funds in section 619 of the DFA, as implemented by the recently finalized Volcker Rule. Community banks and their trade group representatives state that the Volcker rule treatment of TruPS conflicts with a separate section of the DFA that requires TruPS issued by depository institution holding companies to be phased out of such companies’ calculation of Tier 1 capital, but provides for the permanent grandfathering of TruPS issued before May 19, 2010, by certain holding companies with total consolidated assets of less than $15 billion. The banks assert that banking entities investing in pooled TruPS are facing “unexpected and precipitous write-downs” that are not justified by any safety and soundness concern, and that the resulting write-downs are actually causing safety and soundness concerns. The agencies promised to address the matter by January 15, 2014.
On December 12, the OCC issued Bulletin 2013-37, which informs all national banks, federal savings associations, and federal branches and agencies of foreign banks of fees and assessments charged by the OCC for calendar year 2014. The Bulletin states that, given its increased supervisory responsibilities associated with the Dodd-Frank Act, the OCC has removed the $20 billion asset cap on inflation indexing for all asset brackets and raised the asset cap from $20 billion to $40 billion for application of the surcharge related to lower-rated institutions. Marginal rates of the OCC’s general assessment schedule continue to be indexed based on changes in the Gross Domestic Product Implicit Price Deflator for the previous June-to-June period. The 2014 adjustment will be 1.4 percent, and, given the removal of the asset cap, will apply to all assets. The Bulletin further explains that the assessment schedule continues to include a surcharge for institutions that require increased supervisory resources, and that the OCC will continue to provide a 12 percent reduction on the assessment for nonlead national banks, federal savings associations, or federal branches or agencies of a foreign bank. The new assessments are effective January 1, 2014 and are due March 31, 2014 and September 30, 2014, based on call report information as of December 31, 2013 and June 30, 2014, respectively.