On October 19, the FDIC, the OCC, and the Federal Reserve, issued an Advanced Notice of Proposed Rulemaking (ANPR) to further the “development of enhanced cyber risk management standards for the largest and most interconnected entities under their respective supervisory jurisdictions, and those entities’ service providers.” These standards, according to the ANPR, are intended to “increase the operational resilience” of supervised entities and their service providers and, based on the interconnectedness of these entities, “reduce the impact on the financial system in case of a cyber event experienced by one of these entities.” The ANPR proposes organizing enhanced cyber standards into the following categories: (i) cyber risk governance; (ii) cyber risk management; (iii) internal dependency management; (iv) external dependency management; and (v) incident response. The ANPR further explains that the banking agencies “are considering implementing the enhanced standards in a tiered manner, imposing more stringent standards on the systems of those entities that are critical to the functioning of the financial sector.” Comments on the ANPR, which would not apply to community banks, are due January 17, 2017.
On October 20, the FDIC, OCC, Federal Reserve, Farm Credit Administration, and National Credit Union Administration issued a proposed rule intended to develop further the private flood insurance marketplace by implementing certain provisions of the 2012 Biggert-Waters Flood Insurance Reform Act (Biggert-Waters Act). Notably, the proposed rule would “require regulated lending institutions to accept policies that meet the statutory definition of private flood insurance in the Biggert-Waters Act and permit regulated lending institutions to accept flood insurance provided by private insurers that does not meet the statutory definition of ‘private flood insurance’ on a discretionary basis, subject to certain restrictions.” Comments on the proposal are due 60 days after it is published in the Federal Register.
On October 11, the New York Department of Financial Services (NYDFS) issued new guidance regarding incentive compensation arrangements, advising “all regulated banking institutions that no incentive compensation may be tied to employee performance indicators, such as the number of accounts opened, or the number of products sold per customer, without effective risk management, oversight and control.” At a minimum, the guidance requires that a bank’s incentive compensation arrangement address the following principles: (i) balance between risks and rewards; (ii) effective controls and risk management; and (iii) effective corporate governance. NYDFS stated that a bank’s lack of compliance with the guidance will be reflected in its regulatory examination rating and may result in additional regulatory action.
The NYDFS’s recently released guidance comes in the wake of a September action taken jointly by the OCC and the CFPB over a bank’s alleged sales practices under which, in an effort to meet sales goals and earn financial rewards under the bank’s incentive compensation program, employees purportedly opened deposit and credit card accounts for consumers without obtaining those consumers’ consent.
On October 7, following the Federal Reserve’s and the CFPB’s leads, the OCC released Bulletin 2016-33 advising financial institutions of updated interagency examination procedures for compliance with the Department of Defense’s (DoD) Military Lending Act (MLA) July 2015 final rule. As previously summarized in BuckleySandler’s Special Alert, the DoD issued an interpretive rule regarding the amendments to the regulations implementing the MLA on August 26, 2016. The 2015 final rule went into effect for consumer credit products other than credit cards on October 3, 2016. The requirements will take effect for credit card accounts one year later, on October 3, 2017. The OCC plans to include the updated interagency examination procedures in the Comptroller’s Handbook.
OCC Issues Bulletin Regarding Mandatory Contractual Stay Requirements for Qualified Financial Contracts
On October 3, the OCC issued Bulletin 2016-31 seeking comment on a proposed rule intended to “enhance the resilience and the safety and soundness of federally chartered and licensed financial institutions.” Pursuant to the proposal, a covered bank would be required to ensure that a covered qualified financial contract (i) contains a contractual stay-and-transfer provision equivalent to those contained in the Dodd-Frank Act’s stay-and-transfer provision under title II and in the Federal Deposit Insurance Act; and (ii) restricts the use of default rights based on an affiliate’s insolvency. Moreover, the proposal would “make conforming amendments in certain definitions in the capital adequacy standards in 12 CFR 3 and the liquidity risk measurement standards in 12 CFR 50.” Comments on the proposed rule are due by October 18, 2016.