On April 8 the House Financial Services Committee held a hearing with the general counsels of the federal banking agencies regarding, among other things, Operation Choke Point, the federal enforcement operation reportedly intended to cut off from the banking system certain lenders and merchants allegedly engaged in unlawful activities. Numerous committee members from both sides of the aisle raised concerns about Operation Choke Point, as well as the federal government’s broader pressure on banks over their relationships with nonbank financial service providers, including money service businesses, nonbank lenders, and check cashers. Committee members asserted that the operation is impacting lawful nonbank financial service providers, who are losing access to the banking system and, in turn, are unable to offer needed services to the members’ constituents. The FDIC’s Richard Osterman repeatedly stated that Operation Choke Point is a DOJ operation and the FDIC’s participation is limited to providing certain information and resources upon request. Mr. Osterman also asserted that the FDIC is not attempting to, and does not intend to, prohibit banks from offering products or services to nonbank financial service providers operating within the law, and that the FDIC’s guidance is clear that banks are neither prohibited from nor encouraged to provide services to certain businesses, provided they properly manage their risk. Similarly, the OCC’s Amy Friend stated that the OCC wants to ensure that banks conduct due diligence and implement appropriate controls, but that the OCC is not prohibiting banks from offering services to lawful businesses. She stated the OCC has found that some banks have made a business decision to terminate relationships with some nonbank providers rather than implement additional controls.
On April 16, Comptroller of the Currency Thomas Curry spoke to attendees of the Consumer Electronics Show Government Conference, taking his concerns about banks’ vendor relationships and cybersecurity risks to potential third-party technology service providers. Comptroller Curry explained the banking system’s vulnerability to cyberattacks given its significant reliance on technology and telecommunications, and expressed particular concern about potential attacks on community banks. He reiterated several of the specific risk issues he recently discussed with community bankers. Comptroller Curry (i) outlined risks related to the consolidation of bank vendors; (ii) identified as a “special problem” banks’ reliance on foreign vendors, and cautioned banks to consider the legal and regulatory implications of where their data is stored or transmitted; and (iii) expressed concern about vendors’ access to important and confidential bank and customer data. He assured attendees that the OCC is not trying to discourage the use of third-party vendors, but in explaining the OCC’s particular focus on controls and risk management practices employed by vendors that provide services to banks and thrifts, Comptroller Curry advised vendors of the OCC’s authority under the Bank Service Company Act to issue enforcement actions and its authority to examine vendors designated as Technology Service Providers. He reported that banks have asked the OCC to more actively supervise critical service providers and stated that in working to protect the banking system the OCC will have to “look beyond individual financial institutions to the range of vendors and customers that have access to some part of its infrastructure and systems.”
On April 8, the Federal Reserve Board, the FDIC, and the OCC adopted a final rule, effective January 1, 2018, requiring certain top-tier U.S. bank holding companies (BHCs) to maintain a minimum supplementary leverage ratio buffer of 2% above the minimum supplementary leverage ratio requirement of 3%. The final rule applies to BHCs with more than $700 billion in total consolidated assets or more than $10 trillion in assets under custody (Covered BHCs), and to insured depository institution subsidiaries of those BHCs (Covered Subsidiaries). A Covered BHC that fails to maintain the supplemental leverage buffer would be subject to restrictions on capital distributions and discretionary bonus payments. Covered Subsidiaries must also maintain a supplementary leverage ratio of at least 6% to be considered “well capitalized” under the agencies’ prompt corrective action framework. The final rule is substantially similar to the rule the agencies proposed in July 2013. Concurrent with the final rule, the agencies also (i) proposed a rule that would modify the denominator calculation for the supplementary leverage ratio in a manner consistent with recent changes agreed to by the Basel Committee, which would apply to all internationally active banking organizations, including those subject to the enhanced supplementary leverage ratio final rule; and (ii) proposed a technical correction to the definition of “eligible guarantee” in the agencies’ risk-based capital rules. The agencies are accepting comments on both proposals through June 13, 2014. Separately, the FDIC Board adopted as final its Basel III interim final rule, which is substantively identical to the final rules adopted by the Federal Reserve Board and the OCC in July 2013.
On April 1, Comptroller Thomas Curry delivered remarks in which he urged banks to offer alternatives to “high cost payday loans.” The Comptroller defended his agency’s guidance on deposit advance products and stated that “properly managed small-dollar loan programs do not exhibit the same level of risks [the OCC] identified with deposit advance products, and that such loans can be made available to consumers.” He added that many of the risks identified with regard to deposit advance guidance, including the product’s short-term balloon payment feature, were specific to that product. He encouraged banks to offer “responsible” small-dollar loan programs comprised of products with reasonable terms, and to report payment information for such products to credit bureaus. In addition to helping consumers, the comptroller believes such programs (i) can be offered at an incremental cost to banks; (ii) can help build banks’ reputations and expand existing customer relationships; and (iii) can potentially be eligible for positive CRA consideration. The remarks did not provide specific guidance on the pricing and other small dollar loan terms that the OCC would consider appropriate.
On April 1, the OCC issued a booklet titled “Garnishment of Accounts Containing Federal Benefit Payments.” The booklet, a new addition to the Comptroller’s Handbook, includes interagency guidance and examination procedures and reflects a June 2013 interim rule that amended federal regulations governing the garnishment of certain federal benefit payments that are directly deposited to accounts at financial institutions. The booklet (i) establishes procedures that financial institutions must follow when they receive a garnishment order against an account holder who receives certain types of federal benefit payments by direct deposit; and (ii) requires financial institutions that receive such a garnishment order to determine the sum of such federal benefit payments deposited to the account during a two-month period and ensure that the account holder has access to an amount equal to that sum or to the current balance of the account, whichever is lower.
On March 27, the OCC issued the Asset-Based Lending (ABL) booklet, which is new to the Comptroller’s Handbook. The booklet provides guidance to examiners and bankers on ABL activities and risks, prudent credit risk management and underwriting expectations, credit administration, and credit risk rating. It also provides risk-based expanded examination procedures related to structures, credit analysis, evaluating borrower liquidity, establishing a borrowing base and prudent advance rates, collateral controls and monitoring systems, and credit risk rating considerations. The booklet further includes transaction examples to assist with the assessment of credit risk.
On March 24, the Federal Reserve Board, the OCC, the FDIC, the CFPB, the FHFA, and the NCUA proposed a rule to implement the Dodd-Frank Act’s minimum requirements for registration and supervision of Appraisal Management Companies (AMCs). While current federal regulations mandate that appraisals conducted for federally related transactions must comply with the Uniform Standards of Professional Appraisal Practice (USPAP), this rule would represent the first affirmative federal obligations relating to the registration, supervision, and conduct of AMCs.
Generally, the proposed rule would establish a framework for the registration and supervision of AMCs by individual states that choose to participate, and for state reporting to the Appraisal Subcommittee (ASC) of the Federal Financial Institutions Examination Council (FFIEC). Although state participation is optional, AMCs would be prohibited from providing appraisal management services for federally related transactions in states that do not establish such a program.
Comments on the proposal will be due 60 days following publication in the Federal Register. Read more…
Comptroller Curry Addresses Senior Management’s AML Compliance Responsibilities, Criticizes “De-Risking”
On March 17, Comptroller of the Currency Thomas Curry reaffirmed his agency’s views with regard to BSA/AML compliance and the responsibilities of senior bank managers and boards of directors. Mr. Curry asserted that BSA infractions “can almost always be traced back to decisions and actions of the institution’s Board and senior management” and that the deficiencies underlying those infractions tend to involve failures in four areas: (i) the culture of compliance at the organization; (ii) the resources committed to BSA compliance; (iii) the strength of information technology and monitoring process; and (iv) the quality of risk management. Mr. Curry reported a recent positive trend, particularly at OCC-regulated large banks, which have increased spending and added BSA/AML compliance staff. He stated that such actions are one aspect of banks’ efforts to align “good compliance practices and the bank’s system of compensation and incentives.” The Comptroller criticized a separate trend of “de-risking”, in which banks avoid or end relationships with types of businesses deemed too risky. He warned that any business can be used for illicit purposes and “de-risking” is not a shortcut to circumvent a bank’s obligation to evaluate risk on an individual basis. He encouraged banks not to avoid high-risk businesses, but rather to apply stronger risk management and controls as necessary.
On March 5, the Federal Reserve Board, the OCC, and the FDIC issued final guidance for stress tests conducted by banking institutions with more than $10 billion but less than $50 billion in total consolidated assets. Under Dodd-Frank Act-mandated regulations adopted in October 2012, such firms are required to conduct annual stress tests. The guidance discusses (i) supervisory expectations for stress test practices, (ii) provides examples of practices that would be consistent with those expectations, and (iii) offers additional details about stress test methodologies. Covered institutions are required to perform their first stress tests under the Dodd-Frank Act by March 31, 2014.
On March 5, a group of 16 Democratic U.S. House members sent letters to the leaders of the Federal Reserve Board, the OCC, the FDIC, and the NCUA requesting that the agencies issue guidance that would provide legitimate marijuana businesses access to the federal banking system. Last November, those agencies declined to provide such guidance, stating that the DOJ and FinCEN first needed to agree on a framework to apply BSA/AML provisions to banks seeking to serve marijuana businesses. With FinCEN and DOJ having recently issued such guidance, the lawmakers renewed their push for legitimate marijuana businesses—now operating in 20 states and the District of Columbia—to have “equal access to banking services as other licensed businesses.”
On March 4, Comptroller of the Currency Thomas Curry addressed the annual meeting of the Independent Community Bankers Association where he stressed the need for banks to effectively manage risk presented by the outsourcing of data security and information technology. The Comptroller explained that “[t]hird parties can be the weak link in [a bank’s] information systems security and resiliency; and especially where that third party is providing security services.” Referencing guidance the OCC issued last year, the Comptroller described the OCC’s due diligence expectations for banks’ third-party relationships as “substantial” and stressed that a bank’s due diligence needs to cover not only the vendor, but the vendor’s own third-party relationships. Mr. Curry also focused on other concerns he has about third-party relationships, including: (i) consolidation of service providers, which can increase the number of banks impacted when deficiencies occur at a single vendor; (ii) increased reliance by banks on foreign-based service providers; and (iii) third parties’ access to “large amounts of sensitive bank or customer data.”
On February 14, the OCC issued Bulletin 2014-02, which clarifies supervisory expectations for national banks and federal savings associations regarding secured consumer debt discharged in Chapter 7 bankruptcy proceedings. The guidance describes (i) the analysis necessary to “clearly demonstrate and document that repayment is likely to occur,” which would preclude any charge-off as required by the Uniform Retail Credit Classification and Account Management Policy; and (ii) when a bank may consider post-discharge payment performance as evidence of collectability and when this performance demonstrates both capacity and willingness to repay the full amounts due. The OCC states that the repayment analysis should document (i) the existence of orderly repayment terms for structured collection of the debt without the existence of undue payment shock or the need to refinance the balloon amount; (ii) a history of payment performance that demonstrates the borrower’s ongoing commitment to satisfy the debt; and (iii) the consideration of post-discharge capacity to make future required payments. The guidance provides standards for post-discharge repayment capacity. Further, the guidance allows a bank to consider post-discharge payment performance as evidence of collectability, and states that the analysis can be conducted at a pool or individual level provided the bank considers whether (i) monthly payment includes both principal and interest that fully amortizes the remaining debt; (ii) sustained performance demonstrates ongoing capacity and willingness to repay post-discharge; and (iii) collateral levels indicate the bank is likely to recover the full amount due even if payments cease.
On February 7, the OCC issued an updated Mortgage Banking booklet of the Comptroller’s Handbook. The revised booklet (i) provides updated guidance to examiners and bankers on assessing the quantity of risk associated with mortgage banking and the quality of mortgage banking risk management; (ii) makes wholesale changes to the functional areas of production, secondary marketing, servicing, and mortgage servicing rights; and (iii) addresses recent CFPB amendments to Regulation X and Regulation Z, as well as other Dodd-Frank related statutory and regulatory changes. The updated booklet replaces a similarly titled booklet issued in March 1996, as well as Section 750 (Mortgage Banking) issued in November 2008 as part of the former OTS Examination Handbook. On February 12, the OCC issued a revised Retirement Plan Products and Services booklet of the Comptroller’s Handbook that (i) updates examination procedures and groups them by risk; (ii) updates references and adds a list of abbreviations; (iii) adds references to recent significant U.S. Department of Labor regulations and policy issuances; (iv) adds a discussion of Bank Secrecy Act/anti-money laundering and Regulation R; and (v) adds a discussion of board and senior management responsibilities regarding oversight of risk management.
On January 29, the OCC announced that Molly Scherf will serve as Deputy Comptroller for Large Bank Supervision with responsibility for overseeing the Large Bank lead experts, shared national credit, data analytics, and systems teams. Her new role will involve working with policy, midsize, and community bank supervision, and legal departments within the OCC as well as with domestic and international regulatory peers. Ms. Scherf joined the OCC in 1990 and brings 23 years of bank supervision experience across institutions ranging from $50 million to $2 trillion in assets. She most recently served as Large Bank Lead Expert for Governance and Enterprise Risk Management and previously served as a megabank Team Lead at Wells Fargo.
On January 17, the OCC released a cease and desist order entered jointly by the OCC and the FDIC with two affiliated technology service providers that offer payment and other technology solutions for banks. Without describing the specific circumstances leading to the action, the order states that the regulators had reason to believe the service providers were operating without (i) an internal auditor or an integrated risk-focused audit program; (ii) a comprehensive due diligence program or formal policies to evaluate vendor risk; (iii) an enterprise-wide risk assessment; (iv) effective business continuity or disaster recovery planning; (v) procedures to identify software vulnerabilities; and (vi) an effective log review program to identify threats. The regulators did not assess a penalty, but will require the vendors to implement numerous risk management enhancements. Under the order, the technology service providers or their board must, among other things, (i) fill specific management positions; (ii) implement an audit program; (iii) conduct a security risk assessment; (iv) develop a vendor management program; (v) implement business continuity/disaster recovery plans; and (vi) submit quarterly progress reports to regulators and client banks.