On September 24, the CFPB announced a consent order with a large national bank to address alleged unfair practices related to add-on identity theft protection products marketed by the bank and sold and administered by a third-party service provider to the bank’s customers from 2003–2012. Specifically, the CFPB alleged that customers were unfairly billed by the service provider for certain products that offered credit monitoring and credit report retrieval services without receiving the full benefit of the services. Customers who enrolled in these add-on identity theft products were required to provide sufficient written authorization and personal verification before the customers’ credit bureau reports could be accessed. However, according to the Bureau, in many instances time passed before a customer’s authorization was obtained or a customer’s authorization was never obtained. In other instances, the credit bureau could not match the customer’s identification information with its records. Although the bank’s vendor, rather than the bank itself, was directly responsible for selling and administering the products, the CFPB found that the bank’s compliance monitoring, service provider management, and quality assurance functions had failed to prevent, identify, and correct the unfair practices, resulting in substantial injury to more than 420,000 consumers. According to the CFPB’s order, this injury was not reasonably avoidable by consumers, and was not outweighed by any countervailing benefit to consumers or competition, and, therefore, the bank engaged in unfair practices. Read more…
On October 3, the OCC appointed Kathy Murry to serve as its Senior Deputy Comptroller for Management and Chief Financial Officer. Ms. Murry had served as the Deputy Comptroller and the Chief Accountant since 2009, and has been serving as the agency’s acting Senior Deputy Comptroller for Management and Chief Financial Officer since June 2014. In her new role, Ms. Murry will serve on the OCC Executive Committee and oversee the OCC’s financial management, human resources, continuing education, information technology, security, workplace services, and performance improvement.
On September 8, the OCC, the FDIC, and the Federal Reserve Board released proposed revisions to the Interagency Questions and Answers Regarding Community Reinvestment. Specifically, the agencies propose to revise three questions and answers that address alternative systems for delivering retail banking service and provide additional examples of innovative or flexible lending practices. In addition, the proposal would revise three questions and answers addressing community development-related issues and add four new questions and answers – two of which address community development services, and two of which provide general guidance on responsiveness and innovativeness. Comments on the proposal are due by November 10, 2014.
On September 3, the OCC, the FDIC, and the Federal Reserve Board released a final rule establishing a minimum liquidity requirement for large and internationally active banking organizations. The rule will require banking organizations with $250 billion or more in total consolidated assets or $10 billion or more in on-balance sheet foreign exposure, and such banking organizations’ subsidiary depository institutions that have assets of $10 billion or more, to hold high quality, liquid assets (HQLA) that can be converted easily into cash in an amount equal to or greater than its projected cash outflows minus its projected cash inflows during a 30-day stress period. The ratio of the institution’s HQLA to its projected net cash outflow is its “liquidity coverage ratio,” or LCR. The Federal Reserve Board also is adopting a modified LCR for bank holding companies and savings and loan holding companies that do not meet these thresholds, but that have $50 billion or more in total assets. Bank holding companies and savings and loan holding companies with substantial insurance or commercial operations are not covered by the final rule. Relative to the proposal issued in October 2013, the final rule includes changes to the range of corporate debt and equity securities included in HQLA, a phasing-in of daily calculation requirements, a revised approach to address maturity mismatch during a 30-day period, and changes in the stress period, calculation frequency, and implementation timeline for the bank holding companies and savings and loan companies subject to the modified LCR. Covered U.S. firms will be required to be fully compliant with the rule by January 1, 2017. Specifically, covered institutions will be required to maintain a minimum LCR of 80% beginning January 1, 2015. From January 1, 2016, through December 31, 2016, the minimum LCR would be 90%. Beginning on January 1, 2017, and thereafter, all covered institutions would be required to maintain an LCR of 100%.
On September 3, the OCC, the FDIC, and the Federal Reserve Board released a final rule that modifies the definition of the denominator of the supplementary leverage ratio in a manner consistent with recent changes agreed to by the Basel Committee. The revisions to the supplementary leverage ratio apply to all banking organizations subject to the advanced approaches risk-based capital rule. The final rule modifies the methodology for including off-balance sheet items, including credit derivatives, repo-style transactions, and lines of credit, in the denominator of the supplementary leverage ratio. The final rule also requires institutions to calculate total leverage exposure using daily averages for on-balance sheet items and the average of three month-end calculations for off-balance sheet items. Certain public disclosures required by the final rule must be made starting in the first quarter of 2015, and the minimum supplementary leverage ratio requirement using the final rule’s denominator calculations is effective January 1, 2018.
On August 28, the OCC issued Bulletin 2014-43, which announces the issuance of a revised “Electronic Fund Transfer Act” booklet of the Comptroller’s Handbook. This booklet replaces the similarly titled booked issued in October 2011, and provides updated guidance to examiners and bankers relevant to recent changes made to Regulation E regarding remittance transfers. Specific updates address: (i) the transfer of rulemaking authority for the EFTA from the Board of Governors of the Federal Reserve System to the CFPB; (ii) Dodd-Frank’s amendments to the EFTA, which create a new system of consumer protections for remittance transfers; and (iii) the issuance of the CFPB’s final rule that restructures Regulation E and provides specific requirements for remittance service providers in new subpart B.
On September 2, the OCC published its final guidelines to purportedly strengthen the governance and risk management practices of large financial institutions. The guidelines provide that covered institutions should establish and adhere to a written risk governance framework to manage and control risk-taking activities. The guidelines also provide minimum standards for the institutions’ boards of directors to oversee the risk governance framework. The covered institutions include insured national banks, insured federal savings associations, and insured federal branches of foreign banks with $50 billion or more in average total consolidated assets. The guidelines also apply to OCC-regulated institutions with less than $50 billion in average total consolidated assets if the institution’s parent company controls at least one other covered institution. The size of the covered institution’s average total consolidated assets determines when that institution is expected to begin complying with the new guidelines following publication in the Federal Register, with the largest institutions (and their qualifying subsidiaries) being expected to comply sooner (or even immediately) than smaller ones.
AABD Makes Suggestions to Regulatory Agencies Regarding The Burdens Placed On America’s Bank Directors
On September 2, David Baris, President of the American Association of Bank Directors (AABD) and a Partner at BuckleySandler LLP, and Richard Whiting, Executive Director of the AABD, submitted a comment letter to the Nation’s federal bank regulatory agencies in connection with the OCC, the Board of Governors of the Federal Reserve System, and the FDIC’s (the Agencies) request for public comment on their review of “regulations to identify outdated, unnecessary or unduly burdensome regulations for insured depository institutions.” In 2006, the Agencies completed a similar review and the AABD determined it was an “unsatisfactory and flawed process,” and wants to ensure that the same mistakes are not made during this review. Specifically, the AABD urged that during this review, the Agencies should “review regulatory guidance in light of the practical effect of such guidance on the behavior of both bank board of directors and the Agencies.” On behalf of the AABD, Baris stated in a press release that the current laws, regulations and guidance “create a huge and counterproductive impact on bank directors that causes them to divert their attention away from the essential job of being a bank director – that is meeting their duty of care and loyalty by overseeing the institution.” In an effort to address the effects of the “current regulatory system on the Nation’s bank board of directors,” the AABD’s letter included the following recommendations to the Agencies: (i) review current regulations and written guidance to determine their effect on bank directors; (ii) incorporate into their current procedures a requirement that “future regulatory actions consider the impact of proposed rules and guidance on bank directors and not add new burdens unless the benefits of the proposed action clearly outweighs the burdens place[d] on bank directors”; (iii) identify, consolidate, and clarify the provisions that place burdens on bank directors; and (iv) implement rules that allow the board of directors to “delegate management duties to management and rely reasonably on management.”
On August 22, the CFPB and the federal banking agencies (Fed, OCC, FDIC and NCUA) issued interagency guidance regarding unfair or deceptive credit practices (UDAPs). The guidance clarifies that “the repeal of the credit practices rules applicable to banks, savings associations, and federal credit unions is not a determination that the prohibited practices contained in those rules are permissible.” Notwithstanding the repeal of these rules, the agencies preserve supervisory and enforcement authority regarding UDAPs. Consequently, the guidance cautions that “depending on the facts and circumstances, if banks, savings associations and Federal credit unions engage in the unfair or deceptive practices described in the former credit practices rules, such conduct may violate the prohibition against unfair or deceptive practices in Section 5 of the FTC Act and Sections 1031 and 1036 of the Dodd-Frank Act. The Agencies may determine that statutory violations exist even in the absence of a specific regulation governing the conduct.” The guidance also explains that the FTC Rule remains in effect for creditors within the FTC’s jurisdiction, and can be enforced by the CFPB against creditors that fall under the CFPB’s enforcement authority.
On August 18, in a speech to the Association of Military Banks of America, Deputy Comptroller for Compliance Policy Grovetta Gardineer described the OCC’s increasing supervisory and enforcement focus on SCRA compliance. Ms. Gardineer explained that given the significant risks presented by a bank’s failure to comply with the SCRA, the OCC has “stepped up its focus on compliance” and “now requires . . . examiners to include evaluation of SCRA compliance during every supervisory cycle”—even though this closer scrutiny is not required by statute. Ms. Gardineer also highlighted the OCC’s concern regarding potential unfair and deceptive practices associated with overdraft and other administrative fees, especially when “poorly worded disclosures about fees” are contained in “page after page of legal notices and disclaimers.” And while Ms. Gardineer stated that the OCC itself is willing to take enforcement actions where necessary, she also stressed the importance of coordination between regulators to more effectively implement rules and help create a “culture that encourages . . . financial readiness” among servicemembers.
On August 20, the OCC issued Bulletin 2014-41, which announces a new “Merchant Processing” booklet of the Comptroller’s Handbook. This booklet replaces the booklet of the same name issued in December 2001 and provides updated guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities. Specific updates address: (i) the selection of third-party organizations and due diligence; (ii) technology service providers; (iii) on-site inspections, audits, and attestation engagements, including the “Statement on Standards for Attestation Engagement” (SSAE 16) and the “International Standard on Assurance Engagements” (ISAE 3402); (iv) data security standards in the payment card industry for merchants and processors; (v) the Member Alert to Control High-Risk Merchants (MATCH) list; (vi) BSA/AML compliance programs and appropriate policies, procedures, and processes to monitor and identify unusual activity; and (vii) appropriate capital for merchant processing activities.
On August 4, the OCC issued Bulletin 2014-37, which provides new guidance on the application of consumer protection requirements and safe and sound banking practices to consumer debt-sale arrangements with third parties—e.g. debt buyers—that intend to pursue collection of the underlying obligations. The guidance goes well beyond the set of “best practices” the OCC provided last summer as an attachment to written testimony submitted to a U.S. Senate committee. For example, the new guidance establishes requirements to: (i) notify the consumer that a debt has been sold, the dollar amount of the debt transferred, and the name and address of the debt buyer; (ii) perform due diligence on the debt buyer down to the consumer complaint level; and (iii) provide the debt buyer with the signed debt contract and a detailed payment history. The bulletin also requires sale contracts to include limitations on the debt buyer’s ability to litigate on an account and “minimum-service-level agreements” that apply whether or not debt buyers conduct the collection activities or employ other collection agents. The Bulletin specifies that certain types of debt are “not appropriate for sale,” such as: (i) debt of borrowers who have sought or are seeking bankruptcy protection; (ii) accounts eligible for Servicemembers Civil Relief Act protections; (iii) accounts in disaster areas; and (iv) accounts close to the statute of limitations.
On July 1, the OCC, the Federal Reserve Board, the FDIC, the NCUA, and the Conference of State Bank Supervisors issued interagency guidance on home equity lines of credit (HELOCs) nearing their end-of-draw periods. The guidance states that as HELOCs transition from their draw periods to full repayment, some borrowers may have difficulty meeting higher payments resulting from principal amortization or interest rate reset, or renewing existing loans due to changes in their financial circumstances or declines in property values. As such, the guidance describes the following “core operating principles” that the regulators believe should govern oversight of HELOCs nearing their end-of-draw periods: (i) prudent underwriting for renewals, extensions, and rewrites; (ii) compliance with existing guidance, including but not limited to the Credit Risk Management Guidance for Home Equity Lending and the Interagency Guidelines for Real Estate Lending Policies; (iii) use of well-structured and sustainable modification terms; (iv) appropriate accounting, reporting, and disclosure of troubled debt restructurings; and (v) appropriate segmentation and analysis of end-of-draw exposure in allowance for loan and lease losses estimation processes. The guidance also outlines numerous risk management expectations, and states that institutions with a significant volume of HELOCs, portfolio acquisitions, or exposures with higher-risk characteristics should have comprehensive systems and procedures to monitor and assess their portfolios, while less-sophisticated processes may be sufficient for community banks and credit unions with small portfolios, few acquisitions, or exposures with lower-risk characteristics.
On June 25, the OCC published its semiannual risk report, which provides an overview of the agency’s supervisory concerns for national banks and federal savings associations, including operational and compliance risks. As in prior reports and as Comptroller Curry has done in speeches over the past year, the report highlights cyber-threats and BSA/AML risks. The OCC believes cyber-threats continue to evolve and require heightened awareness and appropriate resources to identify and mitigate the associated risks. Specifically, the OCC is concerned that cyber-criminals will transition from disruptive attacks to attacks that are intended to cause destruction and corruption. Extending another recent OCC theme, the report notes that the number, nature, and complexity of both foreign and domestic third-party relationships continue to expand, resulting in increased system and process interconnectedness and additional vulnerability to cyber-threats. The report also states that BSA/AML risks “remain prevalent given changing methods of money laundering and growth in the volume and sophistication of electronic banking fraud.” The OCC adds that “BSA programs at some banks have failed to evolve or incorporate appropriate controls into new products and services,” and again cautions that a lack of resources and expertise devoted to BSA/AML risk management can compound these concerns. Finally, the OCC expressed concern that competitive pressures in the indirect auto market are leading to an erosion of underwriting standards. The OCC’s supervisory staff plans to review retail credit underwriting practices at banks, especially for indirect auto.
On June 12, the Federal Reserve Board and the OCC separately released proposed rules that would push back by 90 days the start date of the stress test cycles and the deadlines for submitting stress test results. The regulators propose making the new schedules effective beginning with the 2015-2016 cycles. On June 13, the FDIC proposed a rule to similarly shift the stress test cycles. In addition, the Federal Reserve’s proposed rule would (i) modify the capital plan rule to limit a large bank holding company’s ability to make capital distributions to the extent that its actual capital issuances were less than the amount indicated in its capital plan; (ii) clarify the application of the capital plan rule to a large bank holding company that is a subsidiary of a U.S. intermediate holding company of a foreign banking organization; and (iii) make other technical clarifying changes. Comments on the Federal Reserve’s proposal are due by August 11, 2014. Comments on the OCC’s and the FDIC’s proposals are due 60 days after their publication in the Federal register.