On April 27, the OCC issued Bulletin 2016-13 to remind banks of their obligations pertaining to the maintenance of records, records retention, and examiner access to records. According to the bulletin, communications technology recently made available to banks could “prevent or impede OCC access to bank records through certain data deletion or encryption features.” The OCC’s bulletin reminds banks that (i) pursuant to 12 U.S.C. § 481 and 12 U.S.C. § 1464(d)(1)(B)(ii), the OCC has full and unimpeded access to a bank’s books and records; and (ii) communications technology should not be used to limit an examiner’s access to bank records. The bulletin further cautions that, while some chat and messaging platforms claim the ability to permanently delete internal communication, the OCC believes that the “permanent deletion of internal communications, especially if occurring within a relatively short time frame, conflicts with OCC expectations of sound governance, compliance, and risk management practices as well as safety and soundness principles.”
On May 9, the OCC updated its Comptroller’s Handbook to include a new booklet titled “Student Lending.” Despite banks having to alter their private student lending strategies as a result of the 2008 financial crisis, the OCC’s booklet maintains that banks can still benefit from the wider array of consumer products and the broader business model that the private student lending industry offers. The new booklet contains information related to banks’ participation in the private student lending industry, including, but not limited to:
- Inherent credit, interest rate, liquidity, price, operational, compliance, strategic, and reputation risks in the industry.
- Unique aspects of private student loans, such as the “significant time lag between loan advances and repayment, and the student borrower’s lack of certainty in finding a stable, reliable primary source of repayment after graduation.”
- Regulatory expectations for safe and sound operations, cautioning that banks should adhere to the credit underwriting and documentation standards as stated in 12 CFR 30, appendix A, “Safety and Soundness Standards.”
- Risk management practices, reminding banks that use third parties to market, solicit, or originate private student loans to have in place risk management frameworks that include due diligence in selecting third parties, written contracts that have been vetted for duties, obligations, and responsibilities of all parties (compensation parameters included), and ongoing monitoring and quality assurance programs.
On April 22, the American Bankers Association (ABA) sent a letter to the OCC, the Federal Reserve, and the FDIC regarding force-place flood insurance (also known as lender-placed insurance). The ABA probed the question of whether or not the advancement of a lender-placed flood insurance premium constitutes an “increase” to the designated loan – a statutory “tripwire” under the Flood Disaster Protection Act (FDPA). According to the letter, “increasing reports” from ABA members suggest that examiners are taking the position that “advancing a flood insurance premium in order to force-place flood insurance increases a loan balance and therefore constitutes a MIRE event [(making, increasing, renewing, or extending a designated loan)].” The letter summarizes FDPA requirements, noting that, if examiners are in fact considering the advancement of a premium to force-place flood insurance as an increase to a designated loan, such an “interpretation is new to the industry and is inconsistent with industry practice and contractual obligations under standard mortgage loan agreements.” According to the ABA, this new approach would result in increased borrower confusion and expense: “[i]ndeed, if adding the flood insurance premium to the loan is considered to increase the loan amount, following that logic through, the payment of a force-placed hazard insurance premium, taxes, or even a late fee would also ‘increase’ the loan—and result in a MIRE event as it is wholly inconsistent to treat these protective advances differently. Accordingly, a delinquent borrower could experience a ‘MIRE event’ as frequently as monthly with each late payment. Clearly, this was not Congress’s intent.” The ABA urged the banking agencies to release interagency guidance to address concerns related to the advancement of flood insurance premiums as a potential MIRE event.
On April 13, the OCC named Donna Murphy Deputy Comptroller for Compliance Risk. Effective May 1, Murphy will be responsible for supervising the development of policy and examination procedures relating to consumer, BSA/AML, and Community Reinvestment Act issues. Prior to joining the OCC in 2013, Murphy supervised the DOJ’s fair lending enforcement program.
On April 12, the OCC released its Risk Appetite Statement (Statement) summarizing the agency’s largely conservative approach toward managing risks to the OCC’s mission, the financial system, and consumers. The Statement sets forth the OCC’s risk management principles and risk tolerance levels – low, medium, or high – pertaining to the following interrelated categories: (i) supervision; (ii) human capital; (iii) strategic; (iv) reputation; (v) technology; (vi) operational; (vii) legal; (viii) external; and (ix) financial. Significantly, the Statement notes that the OCC maintains a “low [risk] appetite for supervisory processes that do not ensure bank management soundly manages risk, provides fair access to financial services, treats consumers fairly, and complies with applicable laws and regulations.” By contrast, according to the Statement, the OCC has a moderate risk appetite with respect to allowing its staff to exercise flexibility in supervisory judgment, supervisory plan execution, and inter- and intra-agency collaboration, in an effort to “remain nimble in meeting the challenges of an evolving banking landscape.”