On August 7, OCC Comptroller Thomas Curry delivered remarks at the Federal Home Loan Bank of Chicago, which was hosting a conference highlighting the future of financial services. Specifically, Curry discussed innovation in the emerging financial technology industry, or “fintech,” noting the risks and benefits associated with mobile payments, virtual currency, and peer-to-peer lending products within the U.S. banking system. With respect to virtual currency, Curry stressed how important it is for financial institutions to implement adequate procedures to deter money laundering and terrorist financing. Curry also recognized that the OCC is “still early in the process” of evaluating a regulatory framework to examine some new and innovative products and services. Rounding out his remarks, Curry expressed his growing concerns with so called “neobanks,” which operate primarily online but provide similar services to brick and mortar retail branch banks, including the heightened privacy risks that neobanks present in light of recent cybersecurity attacks.
CFPB, FDIC, and OCC Order Large Financial Institution and Subsidiaries to Pay Nearly $40 Million for Deposit Discrepancies
On August 12, in coordinated enforcement actions, the CFPB, FDIC, and OCC ordered a large financial institution and two of its banking subsidiaries to pay nearly $40 million in fines and restitution for failing to credit consumers the full amounts of their deposited funds. The regulators allege that, from 2008 through 2013, the bank entities (i) failed to credit consumers the full amount of their deposits when the amount scanned on the deposit slip was less than the amount of the checks and cash deposited; and (ii) falsely claimed that they would verify the deposits. The CFPB consent order requires the bank entities to pay approximately $11 million in restitution and a $7.5 million civil money penalty. The FDIC order requires one of the banking subsidiaries to pay nearly $5.8 million in restitution and a $3 million civil money penalty, while the OCC consent order assessed a $10 million civil money penalty on the other banking subsidiary.
On July 24, OCC Comptroller Curry delivered remarks before the New England Council in Boston, MA regarding the risks that financial institutions face today. Rising interest rates and regulatory compliance were two of the three risks discussed. Curry emphasized that the inevitable rise in interest rates could greatly affect loan quality, particularly loans that were not carefully underwritten to begin with, and that ”[l]oans that are typically refinanced, such as leveraged loans,” would be particularly severely affected. Recognizing the impact that Dodd-Frank continues to have on banks, Curry said that financial institutions face two categories of risk from new regulations: (i) “banks run afoul of the new regulations, possibly damaging their reputations and subjecting themselves to regulatory penalties”; and (ii) banks devote their time and money to regulatory compliance, rather than putting those resources toward serving their customers and communities. The final and “perhaps the foremost risk facing banks today,” according to Curry, is cyber threats. Curry outlined the agency’s efforts to curtail cyber intrusion in the banking industry, highlighting the June 30 release of its Semiannual Risk Assessment and the creation of a Cybersecurity and Critical Infrastructure Working Group, which was designed to (i) increase cybersecurity awareness; (ii) promote best practices; and (iii) strengthen regulatory oversight of cybersecurity readiness. Curry noted, however, that information-sharing is just as important as self-assessment and supervisory oversight: “We strongly recommend … that financial institutions of all sizes participate in the Financial Services Information Sharing and Analysis Center, a non-profit information-sharing forum established by financial services industry participants to facilitate the sharing of physical and cyber threat and vulnerability information.” Collaboration among banks of all sizes and non-bank providers, Curry stated, can be a “game-changer” in more ways than one: “By promoting the discovery of common interests and common responses to the risks that you face in your businesses and we all face together, you provide an invaluable service to New England and to the United States.”
On July 21, the CFPB announced a nearly $700 million settlement against a leading financial institution and its subsidiaries. According to the consent order, the Bureau alleges that the entities engaged in deceptive marketing, billing, and collection practices related to various credit card ancillary products, including debt protection and credit monitoring services. Specifically, the Bureau alleges that the institution or its vendors marketing practices, consisting of telemarketing calls, online enrollment, point-of-sale application, and direct enrollment at retailers, mislead consumers into enrolling for certain ancillary products. The Bureau further alleges that, in some instances, telemarketers failed to accurately disclose the cost and fees associated with the ancillary products. With respect to the unfair billing allegations, the Bureau contends that the institution or its vendors improperly charged consumers, without authorization, for services that were not rendered, and failed to provide full product benefits of the services marketed to consumers. In addition, the Bureau alleges that the institution misrepresented payment fee information to consumers by failing to disclose the actual purpose of the fee associated with making payments by phone on delinquent credit card accounts. Under terms of the settlement, the institution and its subsidiaries agreed to (i) provide $479 million in consumer relief related to its marketing practices; (ii) pay roughly $220 million in restitution related to its payments collection practices and for consumers not receiving the full benefits of services promised; and (iii) pay a $35 million civil money penalty.
In a parallel enforcement action, the OCC imposed a separate $35 million civil money penalty against the institution for engaging in similar practices, and requires the institution to strengthen its oversight of third-party vendors and develop a comprehensive risk management program for ancillary products marketed or sold by the bank.
CFPB, 47 State AGs, and District of Columbia Announce $216 Million Settlement to Resolve Credit Card Debt-Buying Investigation
On July 8, the CFPB along with 47 state attorneys general and DC announced an agreement with a major bank to resolve allegations that it sold faulty credit card “zombie debts” to third-party debt buyers, which included accounts with unlawfully obtained judgments, inaccurate or paid-off balances, and debts owed by deceased borrowers. The federal and state investigators also claimed that the bank filed deceptive debt-collection lawsuits against borrowers using robo-signed or illegally sworn affidavits to obtain false or inaccurate judgments for unverified debts. Under terms of the consent order, the bank agreed to, among other things, pay (i) $106 million to 47 state attorneys general, (ii) a $30 million civil money penalty to the CFPB, and (iii) provide at least $50 million in restitution to affected borrowers. The bank also agreed to cease collections on more than 528,000 accounts, and require that third-party debt buyers be prohibited from reselling debts purchased from the bank, unless they are sold back to the bank.
In a related announcement, the OCC imposed a $30 million civil money penalty over allegedly illegal non-home debt collection litigation practices and Servicemembers Civil Relief Act (SCRA) compliance practices. The OCC’s action stems from the bank’s practices related to the preparation and notarization of sworn documents used in debt litigation proceedings, and inadequate policies and procedures to ensure compliance with the SCRA.
On June 22, the federal banking agencies issued a joint final rule that modifies the mandatory purchase of flood insurance regulations to implement some provisions of the Biggert-Waters and Homeowner Flood Insurance Affordability Acts. Notable highlights include that the final rule, among other things: (i) expands escrow requirements for lenders who do not qualify for a small lender exception, (ii) clarifies the detached structure exemption, (iii) introduces new and revised sample notice forms and clauses relating to the escrow requirement and the availability of private flood insurance, and (iv) clarifies the circumstances under which lenders and servicers may charge borrowers for lender-placed flood insurance coverage. The escrow provisions and sample notice forms will become effective on January 1, 2016, and all other provisions will become effective October 1, 2015. The agencies reminded that the escrow provisions in effect on July 5, 2012, the day before Biggert-Waters was enacted, will remain in effect and be enforced through December 31, 2015.
The agencies also indicated that they plan to address Biggert-Waters’ private flood insurance provisions through a separate rulemaking.
OCC Releases Semiannual Report Highlighting Key Risks Facing National Banks and Federal Savings Associations
Today, the OCC announced the release of its semiannual report, Semiannual Risk Perspective for Spring 2015, highlighting key risk areas affecting national banks and federal savings associations. Based on 2014 year-end data, the report identifies issues that pose a potential threat to the safety and soundness of banks and thrifts. It also sets forth the OCC’s supervisory priorities for the next 12 months, including, among others, (i) cybersecurity awareness and preventative controls, (ii) Bank Secrecy Act/Anti-Money Laundering compliance, (iii) fair access to credit, and (iv) underwriting practices, particularly with respect to leveraged loans, indirect auto lending, HELOCs, and credit related to the oil and gas sector. The report also notes declining revenues and profitability overall in OCC-supervised institutions.
On June 19, the OCC released recent enforcement actions taken against national banks, federal savings associations, and individuals currently or formerly affiliated with national banks and federal savings associations. Among the actions was the issuance of a consent order for a civil money penalty against a national bank for allegedly violating the Federal Trade Commission Act. During its investigation, the OCC discovered deficiencies relating to the bank’s billing and marketing practices, specifically with regard to identity protection and debt cancellation products. According to the consent order, since April 2004, the bank, along with an identity protection product vendor, marketed and sold various types of identity theft protection products to its customers. Before customers could access the credit monitoring service of the identity theft product, they “were required to provide sufficient personal verification information and consent before their credit bureau reports could be accessed.” However, the OCC found that the vendor (i) billed the bank’s customers the full fee for the products, even if they were not receiving all of the credit monitoring services; (ii) billed the customers prior to receiving the customers’ information and consent and establishment of credit monitoring; and (iii) failed to ensure that customers received electronic benefit notifications. The bank retained a portion of the fees that the customers paid. Additionally, the bank’s vendors incorrectly informed customers during telemarketing calls that only one of the products offered had the ability to access identity protection benefits electronically. As a result, some customers purchased the more expensive Enhanced Identity Theft Protection, as opposed to the less expensive Identity Theft Protection, under the mistaken belief that this was the only way they could access the product’s benefits online. Finally, the OCC also alleged that, from August 2005 through November 2013, the bank’s debt cancellation product vendor’s billing practices, which posted recurring payments on the same day of the month regardless of the payments’ due dates, resulted in some customers paying recurring late fees. The bank will pay $4,000,000 to resolve the OCC’s allegations.
OCC to Escheat Funds from Foreclosure Review; Agency Terminates Three Consent Orders and Issues Six Amended Orders
On June 17, the OCC announced that, at year-end 2015, it will escheat any remaining uncashed payments made pursuant to the Independent Foreclosure Review Payment Agreement. Despite the IFR Payment Agreement having already resulted in the distribution of over $2.7 billion to more than 3.2 million eligible borrowers, the OCC anticipates that roughly $280 million from OCC-supervised institutions will remain unclaimed by the end of 2015. By escheating the remaining available funds, eligible borrowers and their heirs will have the opportunity to claim the funds. The agency also announced that it terminated foreclosure-related consent orders against three financial institutions because they have complied with the April 2011 orders and the February 2013 amendments to the orders. In addition, the OCC issued amended consent orders to six banks that did not meet all of the requirements of the consent orders by placing restrictions on the following business activities: (i) acquisition of residential mortgage servicing or residential mortgage servicing rights; (ii) new contracts to perform residential mortgage servicing for other parties; (iii) outsourcing or sub-servicing of new residential mortgage servicing activities to other parties; (iv) off-shoring new residential mortgage servicing activities; and (v) new appointments of senior officers in charge of residential mortgage servicing or residential mortgage servicing risk management and compliance. The limitations placed on the financial institutions were based on each bank’s particular circumstances.
On June 12, the OCC announced an improvement to the public’s ability to access information online concerning business combination corporate applications submitted by national banks and federal savings associations. The enhanced online access, which is now accessible via the agency’s homepage and licensing page, allows the public to submit and view comments on business combination applications on a single page. In addition, the single page provides links to a public copy of the corporate application, supplemental material filed by the applicant, and a location for individuals to view and submit comments.
On June 9, six federal agencies – the Federal Reserve, CFPB, FDIC, NCUA, OCC, and the SEC – issued a final interagency policy statement creating guidelines for assessing the diversity policies and practices of the entities they regulate. Mandated by Section 342 of the Dodd-Frank Act, the final policy statement requires the establishment of an Office of Minority and Women Inclusion at each of the agencies and includes standards for the agencies to assess an entity’s organizational commitment to diversity, workforce and employment practices, procurement and business practices, and practices to promote transparency of diversity and inclusion within the organization. The final interagency guidance incorporates over 200 comments received from financial institutions, industry trade groups, consumer advocates, and community leaders on the proposed standards issued in October 2013. The final policy statement will be effective upon publication in the Federal Register. The six agencies also are requesting public comment, due within 60 days following publication in the Federal Register, on the information collection aspects of the interagency guidance.
OCC Comptroller Discusses Emerging Payment Systems Technology and Cybersecurity, FFIEC Set to Release Cybersecurity Assessment Tool
On June 3, in prepared remarks delivered at the BITS Emerging Payments Forum, OCC Comptroller Thomas Curry advised that as financial institutions continue to develop payment systems, banks need better preparation for potential cyber-risks. Curry warned that “[c]yber criminals will also probe emerging payment systems for vulnerabilities that they can exploit to engage in money laundering[.]” In addition, Curry advocated for more regulatory oversight of digital currencies and non-bank mobile payment providers, such as ApplePay and Google Wallet. Addressing cybersecurity concerns, Curry called for increased information-sharing to promote best practices and strengthen cybersecurity readiness among the banking industry. In particular, he urged financial institutions – of all sizes – to participate in the Financial Services Information Sharing and Analysis Center, or FS-ISAC, a non-profit founded by the banking industry to facilitate the sharing and dissemination of cybersecurity threat information. Moreover, Curry confirmed that the FFIEC will soon be releasing a Cybersecurity Assessment Tool for financial institutions to use when evaluating their cybersecurity risks and risk management capabilities, observing that the tool will be particularly helpful to community banks as cybersecurity threats continue to increase.
On May 29, the OCC entered into a consent order with a national bank to resolve allegations that it (i) violated the SCRA; (ii) engaged in unsafe and unsound practices in its efforts to comply with the SCRA; and (iii) engaged in unsafe and unsound practices in regards to its sworn document and collections litigation practices. The OCC claimed that the bank did not comply with the SCRA by failing to: (i) maintain effective policies and procedures; (ii) devote adequate financial, staffing and managerial resources to guarantee the SCRA compliance process was properly administered; and (iii) provide sufficient internal controls, compliance risk management, internal audit, third party management, and training related to its SCRA compliance process. In relation to the sworn document and collections litigation process, the OCC asserted that the bank’s deficiencies in its enterprise compliance risk management function resulted in unsafe and unsound practices, including failure to ensure that affidavits filed in court followed proper notary procedures. Under the terms of the consent order for a civil money penalty, the OCC will collect $30,000,000 from the bank.
On May 4, OCC Comptroller Thomas J. Curry delivered remarks at the third outreach meeting held under the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) in Boston. Acknowledging that smaller banks lack compliance resources as compared to larger institutions, Curry noted that the agency is working with the FFIEC to remove the outdated and onerous regulatory requirements currently imposed on the institutions: “If it is clear that a regulation is unduly burdensome, and if we have the authority to make changes to eliminate that burden, we will act.” With respect to regulatory requirements that call for legislative action, Curry emphasized that the agency is working with Congress to eliminate the unnecessary burdens. In this regard, the agency has presented lawmakers with three specific proposals to remove regulatory burden on smaller banks: (i) raise the asset threshold from $500 million to $750 million so that a greater number of community banks qualify for the 18-month examination cycle; (ii) provide a community bank exemption from the Volcker Rule; and (iii) provide greater flexibility to federal savings associations to change and expand their business strategies without changing their governance structure.
On April 14, the OCC issued the “Real Estate Settlement Procedures Act” booklet as part of the Comptroller’s Handbook, which is prepared for use by OCC examiners in connection with their examination and supervision of national banks and federal savings associations (collectively, “banks”). The revised booklet, which replaces a similarly titled booklet issued in October 2011, reflects updated guidance relating to mortgage servicing and loss mitigation procedures resulting from the multiple amendments made to Regulation X over the past several years. Notable revisions reflected in the revised booklet include: (i) the transfer of rulemaking authority for Regulation X from HUD to the CFPB; (ii) new requirements relating to mortgage servicing; (iii) new loss mitigation procedures; (iv) prohibitions against certain acts and practices by servicers of federally related mortgage loans with regard to responding to borrower assertions of error and requests for information; and (v) updated examination procedures for determining compliance with the new servicing and loss mitigation rules. The OCC notified its applicable supervised financial institutions of the changes affecting all banks that engage in residential mortgage lending activities by distributing OCC Bulletin 2015-25.