Information Technology: Office of the Comptroller of the Currency (OCC) Points of Contact for Banks’ Computer-Security Incident Notifications
Effective May 1, 2022, banks must use the designated points of contact listed in this bulletin to satisfy the incident notification requirements established in the interagency final rule for banks and their bank service providers dated November 23, 2021. The OCC, Board of Governors of the Federal Reserve System (FRB), and the Federal Deposit Insurance Corporation (FDIC) published the final rule to help promote early awareness of emerging threats to banks, their bank service providers, and the broader financial system and to help the agencies react to these threats before they become systemic.
As of May 1, 2022, banks and their bank service providers must comply with the final rule. Under the final rule, a notification incident generally includes a significant computer-security incident that disrupts or degrades, or is reasonably likely to disrupt or degrade, the viability of the bank’s operations; results in customers being unable to access their deposit and other accounts; or impacts the stability of the financial sector. Incidents may include a major computer-system failure; a cyber-related interruption, such as a distributed denial of service or ransomware attack; or another type of significant operational interruption.
Consumers on Course to Save $1 Billion in Non-Sufficient Funds (NSF) Fees Annually, but Some Banks Continue to Charge These Fees
In recent months, a number of large banks have announced that they are eliminating NSF fees on their checking accounts. This is a positive development. We estimate that these changes mean that consumers will pay about 50 percent less in these fees each year, an annual savings of about $1 billion.
But many banks are continuing to charge these fees, which consumers incur when the bank returns a check or electronic payment unpaid after determining that the account lacks sufficient funds. Consumers receive no service at all in exchange for this fee. Indeed, NSF fees intensify financial distress for consumers, who often are already at their financial edge and who will often also be hit by the fee merchant’s charge when a consumer’s payment bounces. NSF fees average $34 each, even as any marginal cost to the institution to return a payment is likely exceedingly low. The Consumer Financial Protection Bureau is closely scrutinizing whether and when charging these fees may be unlawful.
FinCEN Issues Advisory on Kleptocracy and Foreign Public Corruption
On April 14, 2022, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on kleptocracy and foreign public corruption, urging financial institutions to focus their efforts on detecting the proceeds of foreign public corruption – a priority for the U.S. Government as it continues to implement the U.S. Strategy on Countering Corruption. The advisory provides typologies and potential indicators of kleptocracy and other forms of foreign public corruption, namely bribery, embezzlement, extortion, and the misappropriation of public assets.
Kleptocrats and other corrupt public officials steal the public’s wealth for personal gain and use their positions of power and access to state-owned resources for their personal benefit. Like other criminal actors, corrupt public officials launder the proceeds of their corruption through a variety of means, including funneling money through shell companies or by purchasing various high-end assets, such as real estate, yachts, private jets, and high-value art.
The advisory highlights financial red flag indicators to assist financial institutions in preventing, detecting, and reporting suspicious transactions associated with kleptocracy and foreign public corruption. For purposes of suspicious activity reporting, financial institutions should consider the relevant facts and circumstances of each transaction, in keeping with their risk-based approach to compliance.
Additionally, in March, the U.S. Department of the Treasury launched the Kleptocracy Asset Recovery Rewards Program, which offers rewards payments for information leading to seizure, restraint, or forfeiture of assets linked to foreign government corruption, including the government of the Russian Federation. More information on eligibility for rewards payments and on submission of relevant information to the U.S. government can be found here. Those individuals with information are encouraged to contact Kleptocracy_Rewards@Treasury.gov or call 202-622-2050.
Suspicious Activity Reports (SARs): OCC Authority for Exemptions to SAR Requirements: Final Rule
On March 16, 2022, the OCC issued a final rule amending the OCC’s SAR regulations. This rule allows the OCC to issue exemptions from the requirements of those regulations based on a request from a bank subject to those regulations that meets the criteria specified in the final rule. The final rule adopts, with changes in response to comments, the proposed rule published in the Federal Register on January 22, 2021.
The final rule took effect on May 1, 2022, and applies to community banks.
The final rule:
- Harmonizes the OCC’s legal authority to issue exemptions from its SAR regulations with preexisting exemptive authority of the Financial Crimes Enforcement Network of the U.S. Department of the Treasury (FinCEN).
- Establishes processes for the OCC to facilitate changes related to SAR regulations required by the Anti-Money Laundering Act of 2020.
- Establishes processes for the OCC to grant relief to banks that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.
- Does not, by itself, result in any exemptions from SAR requirements. The final rule only clarifies the OCC’s legal authority to issue such exemptions in the future.
When issuing any exemptions, the OCC expects to coordinate with FinCEN and the other federal banking agencies. For exemption requests from the OCC’s SAR regulations that would also require an exemption from FinCEN’s SAR regulation, a bank would need to seek an exemption from both the OCC and FinCEN.
Joint Proposal to Strengthen and Modernize Community Reinvestment Act (CRA) Regulations
The FDIC, OCC, and the FRB are requesting comment on a joint Notice of Proposed Rulemaking (NPR) on the CRA. The NPR is intended to strengthen and modernize the rule that implements the CRA by:
- Expanding access to credit, investment, and basic banking services in low- and moderate- income (LMI) communities, which are CRA’s core goals;
- Adapting to changes in the banking industry, including mobile and internet banking, by modernizing assessment areas (AAs) while maintaining a focus on branch-based areas;
- Providing greater clarity, consistency, and transparency in the application of the regulations through the use of standardized metrics as part of CRA evaluation and clarifying eligible CRA activities focused on LMI communities and underserved rural communities;
- Tailoring CRA rules and data collection to bank size and business model; and
- Maintaining a unified approach among the regulators.
Statement of Applicability: The contents of, and material referenced in, this Financial Institution Letter (FIL) apply to all FDIC-insured financial institutions.
- Higher thresholds. The NPR would set new thresholds for small and intermediate banks. Under the proposal, Small Banks are defined as those with assets of up to $600 million, and Intermediate Banks are those with asset of at least $600 million but less than $2 billion. Large Banks are those with assets of at least $2 billion.
- No new data collection or reporting. Small Banks and Intermediate Banks would have no new data collection and reporting requirements, and existing data would be used whenever possible.
- Update CRA to address changes in the banking industry. The NPR would modernize the approach to the delineation of AAs and would apply performance standards and metrics for retail and community development (CD) activities tailored to bank size and business model.
- Establish four tests for Large Banks. Four tests below would apply to Large Banks, including those evaluated under a strategic plan, although certain provisions of the Retail Services and Products Test and CD Services Test would apply only to Large Banks that had average quarterly assets, computed annually, of over $10 billion in both of the prior two calendar years:
- Retail Lending Test. A retail lending screen would be used to measure a bank’s retail lending relative to its capacity to lend in particular facility-based assessment areas. Geographic and borrower distribution metrics would be used to assess the bank’s lending performance with respect to LMI individuals and LMI areas, and small businesses and small farms.
- Retail Services and Products Test. This test would measure the delivery systems and deposit and other products of a bank through the use of certain metrics and performance context.
- CD Financing Test. This test would use a CD metric paired with an impact review to evaluate the quantitative and qualitative aspects of a bank’s CD financing activity.
- CD Services Test. This test would use some metrics—for example, hours for each CD activity—but would remain mostly qualitative to measure responsiveness to community needs.
- CD activities: Eligibility of qualifying activities would be expanded in certain areas, including for mission-based entities and Native Land Areas. A non-exhaustive list of, and confirmation process for, qualifying activities would provide increased certainty and clarity on what qualifies for CRA credit.
- Data collection, maintenance, and reporting for Large Banks: Large Banks over $10 billion would be required to collect, maintain, and report data for their retail deposits, retail lending, retail services, CD loans and investments, CD services, and assessment areas. Large Banks with assets between $2 billion and $10 billion would be subject to some data collection and reporting requirements. Small Banks and Intermediate Banks would collect data in the normal course of business as they do currently.
- Performance conclusions and ratings: Under the proposed rule, the agencies would assign a bank, except a small bank, conclusion scores, including a single score at the institution level to arrive at the bank’s overall statutory rating assigned by the agencies.
Comments are due by August 5, 2022.
Flood Insurance: Revised Interagency Questions and Answers
The FDIC is an independent agency created by the Congress to maintain stability and public confidence in the nation’s financial system. The FDIC insures deposits; examines and supervises financial institutions for safety, soundness, and consumer protection; makes large and complex financial institutions resolvable; and manages receiverships.
The FDIC, the OCC, the FRB, the National Credit Union Administration (NCUA), and the Farm Credit Administration (FCA) (collectively, the Agencies) are issuing the revised Interagency Questions and Answers Regarding Flood Insurance (Interagency Questions and Answers). The Interagency Questions and Answers address frequently asked questions about the flood insurance requirements of the National Flood Insurance Act of 1968, as amended, and its accompanying regulation. These Interagency Questions and Answers consolidate questions and answers that were proposed by the Agencies in July 2020 and March 2021.
The revised Interagency Questions and Answers can be found on the FDIC website.
Statement of Applicability: This FIL applies to all FDIC-supervised financial institutions.
- The Interagency Questions and Answers provide information to assist financial institutions in meeting their federal flood insurance compliance responsibilities, and to increase public understanding of flood insurance requirements.
- The Agencies are issuing 144 new and updated questions and answers on flood insurance to reflect significant legislative changes to the flood insurance requirements made by the Biggert-Waters Flood Insurance Reform Act of 2012 and the Homeowner Flood Insurance Affordability Act of 2014.
- In July 2020, the Agencies proposed new and revised questions and answers that covered a broad range of topics related to technical flood insurance issues, including the escrow of flood insurance premiums, the detached structure exemption to the mandatory purchase of flood insurance requirement, and the force placement procedures. In March 2021, the Agencies also proposed new questions and answers related to the private flood insurance provisions of the Biggert-Waters Act.
- The Interagency Questions and Answers incorporate the public comments received from the two proposals issued in July 2020 and March 2021. The Agencies made non-substantive revisions to certain previously issued questions and answers to more directly respond to the questions, to provide additional clarity, or to make other technical corrections. Additionally, the Agencies reorganized the questions and answers by topic to make it easier for users to find and review information related to technical flood insurance topics.
- These Interagency Questions and Answers supersede the 2009 Interagency Questions and Answers (and the 2011 amendments to the 2009 Interagency Questions and Answers) and supplement other guidance or interpretations issued by the Agencies not covered by the Interagency Questions and Answers.
FDIC Issues Final Rule Relating to False Advertising, Misrepresentations About Insured Status, and Misuse of the FDIC’s Name or Logo
On May 17, 2022, the Board of Directors of the FDIC approved a final rule implementing section 18(a)(4) of the Federal Deposit Insurance Act (Section 18(a)(4)), which prohibits any person from: making false or misleading representations about deposit insurance, using the FDIC’s name or logo in a manner that would imply that an uninsured financial product is insured or guaranteed by the FDIC, or knowingly misrepresenting the extent and manner of deposit insurance. The final rule describes the process the FDIC will use to exercise its authority to enforce Section 18(a)(4), as well as the standards that the FDIC will use to evaluate conduct that may violate the statute.
Statement of Applicability: The contents of, and material referenced in, this FIL apply to all FDIC-insured financial institutions.
FRB Finalizes Rule that Governs Funds Transfers Over the Federal Reserve Banks’ FedNow Service
On May 19, 2022, the FRB finalized a rule that governs funds transfers over the FRB’s FedNow℠ Service. The final rule is substantially similar to the proposal from last year, with a few clarifications in response to comments.
The FedNow Service is a new 24x7x365 interbank settlement service with clearing functionality to support instant payments in the United States and is expected to be available in 2023.
The final rule provides a comprehensive set of rules governing funds transfers over the FedNow Service and provides legal certainty and clarity on the rights and obligations of parties to a transfer over the FedNow Service.
Consumer Financial Protection Bureau (CFPB) Diversity, Equity, Inclusion, and Accessibility Strategic Plan FY 2022–FY 2026
The Diversity, Equity, Inclusion, and Accessibility (DEIA) Strategic Plan covers the period of FY 2022–2026. The Plan guides CFPB’s efforts in promoting diversity, equity, inclusion, and accessibility in its workforce, supplier diversity, and work to promote diversity and inclusion in Financial Services. The Plan centers around six principal DEIA goals and identifies goals and actions the Bureau seeks to advance. The five-year DEIA Strategic Plan is grounded in the work CFPB does in compliance with Section 342 of the Dodd-Frank Act. The Office of Minority and Women Inclusion (OMWI) leads agency matters relating to diversity and inclusion in management, employment, and business activities. OMWI works in close collaboration with other Bureau offices to carry out those responsibilities. This Plan embodies those efforts. The Plan also aligns with Executive Order 14035, Diversity, Equity, Inclusion, and Accessibility in the Federal Workforce, released by the White House in 2021.
Protecting Servicemembers from Abuses of the Military Allotment System
For years, we’ve warned of how companies position themselves just outside the gates of military bases to target servicemembers with costly loans and expensive contracts for items like cars, furniture, and electronics.
Despite existing federal protections, the CFPB and the Department of Defense (DoD) continue to closely monitor these companies for abuses, particularly those that seek out servicemembers due to their steady paychecks and the ability to structure repayments through the military allotment system.
Federal Reserve Announces It Will Soon Release Second Tool to Help Community Financial Institutions Implement the Current Expected Credit Losses (CECL) Accounting Standard
On June 7, 2022, the Federal Reserve announced it will soon release a second tool to help community financial institutions implement the CECL accounting standard.
Known as the Expected Losses Estimator, or ELE, the spreadsheet-based tool utilizes a financial institution’s loan-level data and management assumptions to aid community financial institutions in calculating their CECL allowances.
“The Fed’s unique approach in providing CECL compliance tools for small banks, through SCALE and today’s introduction of the ELE tool for more complex small banks, continue our work to tailor supervisory approaches to fit the size, risk, and business model of financial institutions. I am confident these tools will assist our smaller banks, enabling them to prioritize serving the financial needs of their communities and customers,” said Governor Miki Bowman.
The ELE tool was launched during an “Ask the Fed” webinar on June 16, 2022. The ELE tool will be available via www.supervisionoutreach.org/cecl.
The launch of the ELE tool builds on the Federal Reserve’s previous release of the Scaled CECL Allowance for Losses Estimator, or SCALE, tool to also help community financial institutions implement the CECL accounting standard. Together, the ELE and SCALE tools provide two simplified approaches to CECL calculations for smaller community financial institutions.