On August 18, in a speech to the Association of Military Banks of America, Deputy Comptroller for Compliance Policy Grovetta Gardineer described the OCC’s increasing supervisory and enforcement focus on SCRA compliance. Ms. Gardineer explained that given the significant risks presented by a bank’s failure to comply with the SCRA, the OCC has “stepped up its focus on compliance” and “now requires . . . examiners to include evaluation of SCRA compliance during every supervisory cycle”—even though this closer scrutiny is not required by statute. Ms. Gardineer also highlighted the OCC’s concern regarding potential unfair and deceptive practices associated with overdraft and other administrative fees, especially when “poorly worded disclosures about fees” are contained in “page after page of legal notices and disclaimers.” And while Ms. Gardineer stated that the OCC itself is willing to take enforcement actions where necessary, she also stressed the importance of coordination between regulators to more effectively implement rules and help create a “culture that encourages . . . financial readiness” among servicemembers.
On August 22, the CFPB and the federal banking agencies (Fed, OCC, FDIC and NCUA) issued interagency guidance regarding unfair or deceptive credit practices (UDAPs). The guidance clarifies that “the repeal of the credit practices rules applicable to banks, savings associations, and federal credit unions is not a determination that the prohibited practices contained in those rules are permissible.” Notwithstanding the repeal of these rules, the agencies preserve supervisory and enforcement authority regarding UDAPs. Consequently, the guidance cautions that “depending on the facts and circumstances, if banks, savings associations and Federal credit unions engage in the unfair or deceptive practices described in the former credit practices rules, such conduct may violate the prohibition against unfair or deceptive practices in Section 5 of the FTC Act and Sections 1031 and 1036 of the Dodd-Frank Act. The Agencies may determine that statutory violations exist even in the absence of a specific regulation governing the conduct.” The guidance also explains that the FTC Rule remains in effect for creditors within the FTC’s jurisdiction, and can be enforced by the CFPB against creditors that fall under the CFPB’s enforcement authority.
On August 20, the OCC issued Bulletin 2014-41, which announces a new “Merchant Processing” booklet of the Comptroller’s Handbook. This booklet replaces the booklet of the same name issued in December 2001 and provides updated guidance to examiners and bankers on assessing and managing the risks associated with merchant processing activities. Specific updates address: (i) the selection of third-party organizations and due diligence; (ii) technology service providers; (iii) on-site inspections, audits, and attestation engagements, including the “Statement on Standards for Attestation Engagement” (SSAE 16) and the “International Standard on Assurance Engagements” (ISAE 3402); (iv) data security standards in the payment card industry for merchants and processors; (v) the Member Alert to Control High-Risk Merchants (MATCH) list; (vi) BSA/AML compliance programs and appropriate policies, procedures, and processes to monitor and identify unusual activity; and (vii) appropriate capital for merchant processing activities.
On August 4, the OCC issued Bulletin 2014-37, which provides new guidance on the application of consumer protection requirements and safe and sound banking practices to consumer debt-sale arrangements with third parties—e.g. debt buyers—that intend to pursue collection of the underlying obligations. The guidance goes well beyond the set of “best practices” the OCC provided last summer as an attachment to written testimony submitted to a U.S. Senate committee. For example, the new guidance establishes requirements to: (i) notify the consumer that a debt has been sold, the dollar amount of the debt transferred, and the name and address of the debt buyer; (ii) perform due diligence on the debt buyer down to the consumer complaint level; and (iii) provide the debt buyer with the signed debt contract and a detailed payment history. The bulletin also requires sale contracts to include limitations on the debt buyer’s ability to litigate on an account and “minimum-service-level agreements” that apply whether or not debt buyers conduct the collection activities or employ other collection agents. The Bulletin specifies that certain types of debt are “not appropriate for sale,” such as: (i) debt of borrowers who have sought or are seeking bankruptcy protection; (ii) accounts eligible for Servicemembers Civil Relief Act protections; (iii) accounts in disaster areas; and (iv) accounts close to the statute of limitations.
On July 1, the OCC, the Federal Reserve Board, the FDIC, the NCUA, and the Conference of State Bank Supervisors issued interagency guidance on home equity lines of credit (HELOCs) nearing their end-of-draw periods. The guidance states that as HELOCs transition from their draw periods to full repayment, some borrowers may have difficulty meeting higher payments resulting from principal amortization or interest rate reset, or renewing existing loans due to changes in their financial circumstances or declines in property values. As such, the guidance describes the following “core operating principles” that the regulators believe should govern oversight of HELOCs nearing their end-of-draw periods: (i) prudent underwriting for renewals, extensions, and rewrites; (ii) compliance with existing guidance, including but not limited to the Credit Risk Management Guidance for Home Equity Lending and the Interagency Guidelines for Real Estate Lending Policies; (iii) use of well-structured and sustainable modification terms; (iv) appropriate accounting, reporting, and disclosure of troubled debt restructurings; and (v) appropriate segmentation and analysis of end-of-draw exposure in allowance for loan and lease losses estimation processes. The guidance also outlines numerous risk management expectations, and states that institutions with a significant volume of HELOCs, portfolio acquisitions, or exposures with higher-risk characteristics should have comprehensive systems and procedures to monitor and assess their portfolios, while less-sophisticated processes may be sufficient for community banks and credit unions with small portfolios, few acquisitions, or exposures with lower-risk characteristics.
On June 25, the OCC published its semiannual risk report, which provides an overview of the agency’s supervisory concerns for national banks and federal savings associations, including operational and compliance risks. As in prior reports and as Comptroller Curry has done in speeches over the past year, the report highlights cyber-threats and BSA/AML risks. The OCC believes cyber-threats continue to evolve and require heightened awareness and appropriate resources to identify and mitigate the associated risks. Specifically, the OCC is concerned that cyber-criminals will transition from disruptive attacks to attacks that are intended to cause destruction and corruption. Extending another recent OCC theme, the report notes that the number, nature, and complexity of both foreign and domestic third-party relationships continue to expand, resulting in increased system and process interconnectedness and additional vulnerability to cyber-threats. The report also states that BSA/AML risks “remain prevalent given changing methods of money laundering and growth in the volume and sophistication of electronic banking fraud.” The OCC adds that “BSA programs at some banks have failed to evolve or incorporate appropriate controls into new products and services,” and again cautions that a lack of resources and expertise devoted to BSA/AML risk management can compound these concerns. Finally, the OCC expressed concern that competitive pressures in the indirect auto market are leading to an erosion of underwriting standards. The OCC’s supervisory staff plans to review retail credit underwriting practices at banks, especially for indirect auto.
On June 12, the Federal Reserve Board and the OCC separately released proposed rules that would push back by 90 days the start date of the stress test cycles and the deadlines for submitting stress test results. The regulators propose making the new schedules effective beginning with the 2015-2016 cycles. On June 13, the FDIC proposed a rule to similarly shift the stress test cycles. In addition, the Federal Reserve’s proposed rule would (i) modify the capital plan rule to limit a large bank holding company’s ability to make capital distributions to the extent that its actual capital issuances were less than the amount indicated in its capital plan; (ii) clarify the application of the capital plan rule to a large bank holding company that is a subsidiary of a U.S. intermediate holding company of a foreign banking organization; and (iii) make other technical clarifying changes. Comments on the Federal Reserve’s proposal are due by August 11, 2014. Comments on the OCC’s and the FDIC’s proposals are due 60 days after their publication in the Federal register.
On June 5, the Community Financial Services Association and one of its short-term, small dollar lender members filed a lawsuit in the U.S. District Court for the District of Columbia claiming the FDIC, the OCC, and the Federal Reserve Board have participated in Operation Choke Point “to drive [the lenders] out of business by exerting back-room pressure on banks and other regulated financial institutions to terminate their relationships with payday lenders.” The complaint asserts that the operation has resulted in over 80 banking institutions terminating their business relationships with CFSA members and other law-abiding payday lenders. The lenders claim that the regulators are using broad statutory safety and soundness authority to establish through agency guidance and other means broad requirements for financial institutions, while avoiding the public and judicial accountability the regulators would otherwise be subject to if they pursued the same policies under the Administrative Procedures Act’s (APA) notice and comment rulemaking procedures. The lenders assert that in doing so, the regulators have violated the APA by (i) failing to observe its rulemaking requirements; (ii) exceeding their statutory authority; (iii) engaging in arbitrary and capricious conduct; and (iv) violating lenders’ due process rights. The lenders ask the court to declare unlawful certain agency guidance regarding third-party risk and payment processors and enjoin the agencies from taking any action pursuant to that guidance or from applying informal pressure on banks to encourage them to terminate business relationships with payday lenders.
On June 10, Comptroller Thomas Curry announced that the OCC’s Senior Deputy Comptroller for Bank Supervision Policy and Chief National Examiner John Lyons will retire from the agency on August 1 and will be succeeded by Jennifer Kelly. Ms. Kelly joined the OCC in 1979 and currently serves as Senior Deputy Comptroller for Midsize and Community Bank Supervision. Toney Bland will transition from Deputy Comptroller for the Northeastern District to replace Ms. Kelly as Senior Deputy Comptroller. Mr. Curry also announced the OCC will loan Senior Deputy Comptroller for Management and Chief Financial Officer Tom Bloom to NeighborWorks America to serve as its acting Chief Financial Officer, and described numerous additional staff changes related to Mr. Bloom’s temporary departure.
On May 30, the OCC, the FDIC, the Federal Reserve Board, the NCUA, and the Farm Credit Administration issued an interagency statement regarding the increased maximum amount of flood insurance available for “Other Residential Buildings” (i.e., non-condominium residential buildings designed for use for five or more families) beginning June 1, 2014. The statement explains that the maximum amount of flood insurance available under the NFIP for Other Residential Buildings increased from $250,000 to $500,000 per building, which may affect the minimum amount of flood insurance required for both existing and future loans secured by Other Residential Buildings. The statement also informs institutions that FEMA instructed insurers to notify Other Residential Building policyholders—which potentially could include notice to lenders on those policies—of the new limits before June 1, 2014. The agencies state that “[i]f a financial institution or its servicer receives notification of the increased flood insurance limits available for an Other Residential Building securing a designated loan, the agencies expect supervised institutions to take any steps necessary to determine whether the property will require increased flood insurance coverage.” According to the statement, lenders are not required to perform an immediate full file search, but, for safety and soundness purposes, lenders may wish to review their portfolios in light of the availability of increased coverage to determine whether additional flood insurance coverage is required for the affected buildings. If, as a result of this increase, a lender or its servicer determines on or after June 1 that an Other Residential Building is covered by flood insurance in an amount less than required by law, then it should take steps to ensure the borrower obtains sufficient coverage, including lender-placing insurance.
On June 4, the Federal Reserve Board, the FDIC, and the OCC published a notice of regulatory review and request for comments to identify outdated, unnecessary, or unduly burdensome regulations imposed on insured depository institutions. The review is required by the Economic Growth and Regulatory Paperwork Reduction Act of 1996, and this is the first of four requests for comments that will be issued over the next two years. The request seeks comments on regulations in three specific categories: (i) applications and reporting; (ii) powers and activities; and (iii) international operations. The agencies ask commenters to specifically consider, among other things: (i) the need for statutory change; (ii) the need and purpose of the regulations; (iii) the effect on competition; (iv) reporting, recordkeeping, and disclosure requirements; and (v) the burden on small institutions, including community banks. Comments are due September 2, 2014.
On May 28, the OCC announced “significant” changes to its large bank supervisory process and its large bank examination force. The OCC plans to “expand the organization, functions, and responsibilities of its large bank lead expert program to improve horizontal perspective and analysis, systemic risk identification, quality control and assurance, and resource prioritization.” The OCC also will establish a formal program under which large bank examiners will rotate to another large bank every five years in cities with multiple large banks. The changes come in response to an international peer review initiated by the OCC. The OCC released a summary of the supervision peer review recommendations and the OCC’s responses, which describe a number of other supervisory changes including, among others: (i) formalizing an enterprise risk management framework that will involve “developing a risk appetite statement, creating a decision-tree process, and enhancing the OCC’s existing National Risk Committee framework and processes”; and (ii) expanding an ongoing review of Matters Requiring Attention “to enhance and standardize MRA definitions, methods for communication, resolution processes, establish consistent tracking mechanisms, and develop a consistent examiner reference guide.” The OCC declined to implement other recommended changes, including, for example, creating more flexibility within the CAMELS rating system or developing potential alternatives to CAMELS.
On May 22, House Financial Services Committee Chairman Jeb Hensarling (R-TX) sent letters to the Federal Reserve Board, the OCC, the FDIC, and the NCUA asking the regulators to explain their use of “reputational risk,” and citing Operation Choke Point as an example of the potential for “reputation risk” to become “a pretext for the advancement of political objectives, which can potentially subvert both safety and soundness and the rule of law.” Congressman Hensarling asked each regulator to explain (i) whether it consider reputation risk in its supervision of depositories, and, if so, to explain the legal basis for such consideration and why it is appropriate; (ii) what data are used to analyze reputational risk and why such data are not already accounted for under CAMELS; and (iii) whether a poor reputation risk rating could be sufficient to warrant recommending a change in a depository’s business practices notwithstanding strong ratings under CAMELS.
On May 19, the Senate Banking Committee’s chairman and ranking member, Senators Tim Johnson (D-SD) and Mike Crapo (R-ID), sent a letter to the leaders of the Treasury Department, the SEC, the CFTC, the OCC, the FDIC, and the Federal Reserve Board regarding recent developments in the use of virtual currencies and their interaction with the global payment system. The Senators ask the regulators a series of questions related to the role of virtual currencies in the U.S. banking system, payment system, and trading markets, and the current role of federal regulators in developing local, national, and international enforcement policies related to virtual currencies. The Senators also seek the agencies’ expectations on virtual currency firms’ BSA compliance, and ask whether an enhanced regulatory framework for virtual currencies is needed.
On May 16, the OCC issued a final rule to integrate its interagency rules, which would combine, without any substantive amendments, rules related to consumer protection in insurance sales, BSA compliance, management interlocks, appraisals, disclosure and reporting of CRA-related agreements, and the FCRA. On May 21, the OCC issued a notice of proposed rulemaking to integrate the OCC’s licensing rules. The OCC states that for many of the licensing rules, the proposal incorporates the licensing provisions for federal savings associations into the existing national bank rule, but in other cases, the proposal includes separate rules for national banks and federal savings associations because the rules do not apply to both charters, are better organized as separate rules, or are difficult to integrate because of their differences and complexity. Some rules that would continue to apply only to national banks are revised to be consistent with the changes proposed for federal savings associations. The OCC also proposes substantive changes to certain licensing rules to “eliminate unnecessary requirements, promote fairness in supervision, and further the safe and sound operation of the institutions the OCC supervises.”