Compliance Update, First Quarter 2022

Financial Crimes Enforcement Network (FinCEN) Releases Updated Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments

FinCEN updated and replaced its October 1, 2020, Advisory on Ransomware in response to the increase in ransomware attacks in recent months against critical U.S. infrastructure. The original advisory was issued to alert financial institutions to predominant trends, typologies, and potential indicators of ransomware and associated money laundering activities. The advisory provided information on:

  1. The role of financial intermediaries in the processing of ransomware payments
  2. Trends and typologies of ransomware and associated payments
  3. Ransomware-related financial red flag indicators; and
  4. Reporting and sharing information related to ransomware attacks.

The updated advisory identifies new trends and typologies of ransomware and associated payments, including the growing proliferation of anonymity-enhanced cryptocurrencies and decentralized mixers.

Consumer Financial Protection Bureau (CFPB) Issues LIBOR Transition Final Rule and Implementation Materials

The CFPB is amending Regulation Z to address the anticipated sunset of LIBOR, which is expected to be discontinued for most U.S. Dollar (USD) tenors in June 2023. USD LIBOR is used as an index by some creditors for calculating rates for open-end and closed-end products. The amendment to the open-end and closed-end provisions provides examples of replacement indices for LIBOR indices that meet certain Regulation Z standards.

The CFPB is also amending Regulation Z to permit creditors for home equity lines of credit (HELOCs) and card issuers for credit card accounts to transition existing accounts that use a LIBOR index to a replacement index on or after April 1, 2022, if certain conditions are met. The final rule also addresses change-in-terms notice provisions for HELOCs and credit card accounts and how they apply to accounts transitioning away from using a LIBOR index.

Facilitating the LIBOR Transition (Regulation Z) | Consumer Financial Protection Bureau (

Publication of Sanctions Compliance Guidance for the Virtual Currency Industry and Updated Frequently Asked Questions (FAQs)

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) published the “Sanctions Compliance Guidance for the Virtual Currency Industry” brochure as a resource to help members of the virtual currency industry navigate and comply with OFAC sanctions.

Final Rulemaking to Amend the Real Estate Lending Standards

The Federal Deposit Insurance Corporation (FDIC) Board of Directors adopted a final rule to amend the Interagency Guidelines for Real Estate Lending Polices to incorporate consideration of the capital framework established in the community bank leverage ratio (CBLR) rule into the method for calculating the ratio of loans in excess of the supervisory loan-to value limits. Highlights from the amendment include:

  • The Interagency Guidelines for Real Estate Lending Policies, Appendix A to Subpart A of the FDIC’s Real Estate Lending Standards Regulation (Appendix) establishes supervisory LTV criteria for various real estate lending transaction types, but also allows exceptions to the supervisory LTV limits, measured against total capital, as defined in the capital rules.
  • The final rule revises the Appendix so that all FDIC-supervised institutions calculate the ratio of loans in excess of the supervisory LTV limits using tier 1 capital plus the appropriate allowance for credit losses in the denominator, regardless of an institution’s CBLR election status.
  • The final rule provides a consistent approach for calculating the ratio of loans in excess of the supervisory LTV limits at all FDIC-supervised institutions, and would approximate the historical methodology for calculating the ratio of loans in excess of the supervisory LTV limits.

Truth in Lending Act (TILA): Revised Interagency Examination Procedures and Rescissions

The Federal Financial Institutions Examination Council (FFIEC) adopted revised interagency examination procedures for the TILA, reflecting amendments to Regulation Z published in the Federal Register through May 30, 2021. Two previous bulletins have been rescinded with the updated procedures.

In order to promote consistency in the examination process and communication of supervisory expectations, procedures have been developed to reflect the following changes:

  • The new general qualified mortgage (QM) definition
  • A new category of QMs called seasoned QMs
  • An extension of the sunset date for the temporary government-sponsored enterprise QM
  • A delay in the mandatory compliance date for the new general QM definition until October 1, 2022

Computer-Security Incident Notification Final Rule

The agencies have issued a joint final rule to establish computer-security incident notification requirements for banking organizations and their bank service providers, to provide its primary federal regulator with early awareness of emerging threats to banking organizations and the broader financial system, including potentially systemic cyber events. The final rule is effective April 1, 2022, with full compliance extended to May 1, 2022, and includes the following:

  • The rule defines computer-security incident as an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.
  • FDIC-supervised banking organizations will be required to notify the FDIC as soon as possible and no later than 36 hours after the banking organization determines that a computer-security incident that rises to the level of a notification incident has occurred. The banking organization must provide this notification to the appropriate FDIC supervisory office, or an FDIC-designated point of contact, through email, telephone, or other similar methods that the FDIC may prescribe.
  • A notification incident is defined as a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, a banking organization’s:
    1. Ability to carry out banking operations, activities, or processes, or deliver banking products and services to a material portion of its customer base, in the ordinary course of business;
    2. Business line(s), including associated operations, services, functions, and support, that upon failure would result in a material loss of revenue, profit, or franchise value; or
    3. Operations, including associated services, functions, and support, as applicable, the failure or discontinuance of which would pose a threat to the financial stability of the United States.
  • The rule requires a bank service provider to notify at least one bank-designated point of contact at each affected customer banking organization as soon as possible when the bank service provider determines that it has experienced a computer-security incident that has materially disrupted or degraded, or is reasonably likely to disrupt or degrade, covered services provided to the banking organization for four or more hours. If the banking organization has not previously provided a designated point of contact, the notification must be made to the banking organization’s chief executive officer and chief information officer or to two individuals of comparable responsibilities.

Federal Housing Finance Agency (FHFA) Announces Conforming Loan Limits for 2022

The FHFA announced the conforming loan limits for mortgages to be acquired by Fannie Mae and Freddie Mac in 2022. In most of the US, the 2022 conforming loan limits for one-unit properties will be $647,200.

CFPB: Final Rule on Fair Debit Collection Practices Act (FDCPA)

The CFPB issues a final rule to restate and clarify prohibitions on harassment and abuse, false or misleading representations, and unfair practices by debt collectors when collecting consumer debt. The rule focuses on debt collection communications and gives consumers more control over how often and through what means debt collectors can communicate with them regarding their debts. The rule also clarifies how the protections of the FDCPA apply to newer communication technologies.

Agencies Announce Dollar Thresholds in Regulations Z and M for Exempt Consumer Credit and Lease Transactions

The Federal Reserve Board (FRB) and the CFPB announced the dollar thresholds used to determine whether certain consumer credit and lease transactions in 2022 are exempt from Regulation Z (TILA) and Regulation M (Consumer Leasing). The protections of Regulations Z and M generally will apply to consumer credit transactions and consumer leases of $61,000 or less in 2022.

Agencies Announce Threshold for Smaller Loan Exemption from Appraisal Requirements for Higher-Priced Mortgage Loans

The CFPB, FRB, and OCC announced the 2022 threshold for exempting loans from special appraisal requirements for higher-priced mortgage loans will increase from $27,200 to $28,500, effective January 1, 2022.

OCC Reports on Risks, Effects of COVID-19 Pandemic on Federal Banking System

The OCC reported the key issues facing the federal banking system and the effects of the COVID-19 pandemic on the federal banking industry, including the following highlights:

  • Operational risk is elevated as banks respond to an evolving and increasingly complex operating environment and cyber risks.
  • Credit risk is moderate as widespread government programs and appropriate risk management limited potential credit impact, though some areas warrant continued attention.
  • Compliance risk is heightened, driven by regulatory changes and policy initiatives that continue to challenge risk management.
  • Strategic actions taken by banks to offset earnings impacts of low yields and net interest margin compression remain a risk.

FinCEN Issues Proposed Rule for Beneficial Ownership Reporting to Counter Illicit Finance and Increase Transparency

FinCEN announced an advanced notice of proposed rulemaking to implement the beneficial ownership information reporting provisions of the Corporate Transparency Act. The proposed rule is designed to protect the US financial system from illicit use and impede malign actors from abusing legal entities, like shell companies, to conceal proceeds of corrupt and criminal acts, and addresses who must report beneficial ownership information, when they must report, and what information they must provide.

CFPB Issues Updated Electronic Fund Transfers (EFTs) FAQs

The CFPB has updated the EFTs FAQs to add answers that address questions received by the CFPB. Topics include covered transactions, covered financial institutions, error resolution, and unauthorized EFTs.

OCC Issues Final Rule to Rescind its 2020 Community Reinvestment Act (CRA) Rule

The OCC issued a final rule to rescind the June 2020 CRA rule and replace it with a rule based on the rules adopted jointly by the federal banking agencies in 1995, as amended. This final rule is intended to facilitate the ongoing interagency work to modernize the CRA regulatory framework and promote consistency for all insured depository institutions. The final rule applies to national banks, federal savings associations, and state savings associations, and takes effect January 1, 2022.

Nacha Approves Amendments to the Nacha Operating Rules

Nacha released supplement #3 with amendments for third-party sender (TPS) roles and responsibilities and other minor topics rule changes. The two amendments to the TPS roles and responsibilities address existing practices of nested TPS relationships and make explicit and clarify the requirement that a TPS conduct a risk assessment, effective September 30, 2022. The six minor topics rule amendments clarify the meaningful modernization rules, which have little impact on ACH participants and no significant processing or financial impact.


Get The Latest Updates

Subscribe To Our Newsletter


Most Popular

Related Posts