Financial Services Alert - November 12, 2013

The OCC issued updated and comprehensive guidance (OCC Bulletin 2013-29, the “Guidance”) to national banks and federal savings associations (collectively, “Banks”) concerning assessment and management of risks associated with third-party relationships.  The OCC defines a third-party relationship as “any business arrangement between a bank and another entity, by contract or otherwise.”  Comptroller of the Currency Thomas J. Curry stated that the OCC will give enhanced scrutiny to Banks’ third-party relationships because the OCC has increased concerns “regarding the quality of risk management on the growing volume, diversity, and complexity of banks’ third-party relationships, both foreign and domestic.”

Risk Management During Key Stages of Relationship Life Cycle

In the Guidance, the OCC states that a Bank’s failure to have an effective risk management process that is “commensurate with the level of risk, complexity of third-party relationships, and organizational structure of the Bank may be an unsafe and unsound banking practice.”  Specifically, the OCC’s supervisory expectation is that a Bank will (throughout the life cycle of each third-party relationship) manage its third-party relationship risks by taking the following actions:

• “Developing a plan that outlines the Bank’s strategy, identifies the inherent risks of the activity, and details how the Bank will select, assess, and oversee the third party;
• Performing proper due diligence to identify risks and select a third-party provider;
• Negotiating written contracts that clearly outline the rights and responsibilities of all parties;
• Conducting ongoing monitoring of the third party’s activities and performance;
• Executing a plan to terminate the relationship in a manner that allows the Bank to transition the activities to another third party, bring the activities in-house, or discontinue the activities;
• Assigning clear roles and responsibilities for overseeing and managing third-party relationships and the risk management process;
• Maintaining proper documentation and reporting to facilitate oversight, accountability, monitoring, and risk management; and
• Conducting independent reviews of the risk management process to enable management to assess that the Bank’s process aligns with its strategy and effectively manages risks from third-party relationships.”

In addition to the recommended actions enumerated in the bullet point statements above, the OCC in the Guidance suggests various best practices for risk management of third-party relationships.

Risk Management Throughout Risk Management Life Cycle

The Guidance also stresses that throughout the life cycle of a third-party relationship a Bank, as part of its risk management process, should:

• provide for effective oversight and accountability by assigning clear and distinguishable roles for the Bank’s: (1) Board of Directors; (2) senior management; and (3) employees who directly manage third-party relationships.
• (1) retain documentation of its third-party risk management process; (2) obtain and keep reports on risk management and on the performance of third-party service providers; and (3) document the Board’s receipt of regular reports concerning ongoing monitoring and independent reviews.
• conduct periodic independent reviews, by the Bank’s internal auditor or an independent third party, of the risk management process.

The Guidance provides two appendices, both of which contain useful information.  Appendix A summarizes the operational risks, compliance risks, reputational risks, strategic risks and credit risks associated with use by Banks of third-party service providers.  While the Guidance replaces and supersedes certain OCC guidance issued in 2000 and 2001, the Guidance supplements and is intended by the OCC to be read in conjunction with a substantial body of OCC releases and letters concerning third-party relationship management that are identified and briefly described in Appendix B in an extensive chart.

Board Retains Responsibility Despite Entering Into Third Party Relationship

In the Guidance, the OCC stresses that a Bank’s Board of Directors and senior management must monitor third-party relationships and that use of a third-party provider does not diminish the responsibility of the Board and senior management to see that the Bank’s activities conform to safe and sound banking practices and comply with applicable law.

Action Item: 

Although the Guidance was issued by the OCC rather than by all of the federal banking agencies, the principles and guidelines expressed in the Guidance and the enhanced level of supervisory expectations of the OCC are likely to reflect, generally, the current views of the FRB and the FDIC on vendor management issues.  Accordingly, it would be prudent for all FDIC-insured depository institutions to review their current relationships with third-party service providers to confirm that the related risks are being managed appropriately and effectively.

The CFTC approved final rules requiring enhanced protections afforded customers and customer funds held by futures commission merchants (“FCMs”).  The rules require FCMs to adopt and enforce a risk management program, evidenced by written policies and procedures approved in writing by the FCM’s governing body, which must be furnished to the CFTC and the FCM’s self-regulatory organization.  The risk management program must be reviewed and tested at least annually by qualified internal audit staff independent of the business unit or by a qualified third party audit service reporting to staff that are independent of the business unit.  In addition, each FCM must establish and maintain a risk management unit with sufficient authority, qualified personnel, and the necessary resources to carry out the risk management program; the risk management unit must report directly to senior management and be independent from the business unit.  The risk management unit must, among other things, prepare quarterly written reports regarding the FCM’s risk exposures, recommended changes, and the status of previously-recommended changes and provide those reports to senior management, the FCM’s governing body, and the CFTC.

The rules also require that FCM customer funds be separately accounted for and segregated, and prohibit an FCM from using one customer’s funds to secure or guarantee the commodity interests of, or secure or extend the credit of, any other person.  Although funds from multiple customers may be commingled in a single account for operational convenience, they may not be commingled with the FCM’s own funds.  The rules specify that customer funds may only be deposited with banks, trust companies, derivatives clearing organizations (“DCOs”), or another FCM, and require that the FCM perform appropriate due diligence to ensure that the entity with which customer funds are deposited is financially sound.  Any such depository must agree to provide the CFTC with direct, read-only access to transaction and account balance information for futures customer accounts.  Furthermore, the rules impose restrictions on the FCM’s ability to withdraw funds from certain customer accounts.

The final rules also require additional risk disclosure by FCMs, including both general and firm-specific disclosures, to existing and prospective customers.  For example, the rules require FCMs to provide notice that the funds deposited with the FCM are not protected by insurance in the event of the bankruptcy or insolvency of the FCM or in the event that the funds are misappropriated, nor are such funds protected by the Securities Investor Protection Corporation even if the FCM is registered with the SEC as a broker or dealer.  FCMs are also required to promptly notify the CFTC, their self-regulatory organization, and, if the FCM is a securities broker or dealer, the SEC, of certain solvency and material events, and to make certain financial information available to the public on their website.

The rules require the governing body of each FCM to ensure that the certified public accountant engaged to audit the FCM is duly qualified to do so.  Among other things, such certified public accountant must be registered with, and have undergone an examination by, the Public Company Accounting Oversight Board (“PCAOB”).  The rules also address certain related issues concerning DCOs and chief compliance officers.

The rules will become effective 60 days after their publication in the Federal Register.  This effective date is also the compliance date for most of the rules’ provisions.  However, compliance with certain provisions will be required at various later dates, the latest of which is December 31, 2015.

The CFTC voted on Tuesday to propose a new position limits rule that would establish limits on speculative positions in physical commodity futures contracts.  The CFTC’s previous position limits rule was vacated last year by a federal district court that found that the CFTC had failed to properly justify the need for the rule, having concluded that the relevant provision of the Commodity Exchange Act is ambiguous and rejected the CFTC’s argument that the provision unambiguously mandates that the CFTC impose position limits without first making a finding that it is necessary to do so.

As with the previous version of the rule, the new proposal would establish speculative position limits for 28 exempt and agricultural commodity futures and option contracts as well as for physical commodity swaps that are “economically equivalent” to such futures and option contracts.  In an attempt to rectify the flaws cited in the court’s rejection of the previous rule, the new proposal includes a more robust justification of the proposed rule “using [the CFTC’s] experience and expertise to resolve the ambiguity the district court perceived” in the Commodity Exchange Act.  The proposed rule release also includes findings that position limits are necessary to reduce the likelihood of certain forms of market manipulation and to help diminish or prevent unreasonable fluctuations or unwarranted changes in the price of a commodity.  An appendix to the rule release includes a list of approximately 130 studies relevant to position limits that were analyzed by CFTC staff.  At the CFTC meeting at which the proposal was approved, both commissioners and staff discussed these studies and positioned the CFTC’s decision to propose the rule as a consequence, at least in part, of its review and analysis of the studies.

In a related action, the CFTC unanimously proposed new aggregation standards that would provide additional opportunities for related entities to avoid aggregating their respective positions for purposes of the position limits rule.  The proposal would establish a baseline rule providing that all positions in accounts for which any person directly or indirectly controls trading or holds a 10 percent or greater ownership or equity interest must be aggregated with the positions held and trading done by such person.  However, the proposal would provide several exemptions from this rule.  For example, any person with an ownership or equity interest of not more than 50 percent in an owned entity, other than through an interest in a pooled account in certain cases, would not be required to aggregate the accounts or positions of the owned entity with any other accounts or positions such person is required to aggregate, provided that, among other things, such person and the owned entity do not know each other’s trading decisions, have written procedures to preclude each from having knowledge of the trades of the other, and do not share employees that control the trading decisions of either.  Similarly, any person with an ownership or equity interest in an owned entity of greater than 50 percent, other than through an interest in a pooled account in certain cases, need not aggregate the accounts or positions of the owned entity if (i) the person and the owned entity meet the foregoing requirements (among others), (ii) the person certifies to the CFTC that the owned entity is not, and is not required to be, consolidated on the financial statements of such person, (iii) the CFTC finds that such person has satisfied the specified requirements, and (iv) certain other conditions are met.

Comments on each proposal will be due 60 days after its forthcoming publication in the Federal Register.

The CFTC announced that registered entities and swap counterparties subject to the CFTC’s jurisdiction may now comply with the CFTC’s swap data recordkeeping and reporting requirements with respect to Legal Entity Identifiers (“LEIs”) by using LEIs provided by any pre-Local Operating Unit (“pre-LOU”) approved by the Regulatory Oversight Committee (“ROC”) of the global LEI system and approved by the ROC as issuing globally acceptable LEIs.  In other words, registered entities and swap counterparties subject to CFTC jurisdiction may now use any LEI endorsed by the ROC as globally acceptable; they do not need to use a CFTC Interim Compliant Identifier (“CICI”).

The FDIC, the Bank of England, the German Federal Financial Supervisory Authority, and the Swiss Financial Market Supervisory Authority have jointly written to the International Swaps and Derivatives Association (“ISDA”) to ask that ISDA revise its documentation to include an early termination delay in the event of a failure of a “global systemically important financial institution.”  The regulators argue that this delay would permit a transfer or similar remedy as part of the resolution process, thereby improving stability relative to terminating the contract.

ISDA released a statement in response, stating that developing a standard provision in which counterparties agree to a short-term suspension following the commencement of an insolvency or resolution action “will continue to be a primary focus of [ISDA’s] efforts.”  However, ISDA has not yet taken any official action in this matter; no changes have been made to pre-existing ISDA documents as a result of the letter from the regulatory agencies.

The CFTC has proposed a rule that would require all registered introducing brokers (“IBs”), commodity pool operators (“CPOs”), and commodity trading advisors (“CTAs”) to be members of a registered futures association (“RFA”).  The National Futures Association (“NFA”) is currently the only RFA under the Commodity Exchange Act.  Although registered futures commission merchants, swap dealers, and major swap participants are already required to be a member of an RFA, IBs, CPOs, and CTAs have generally had to become a member of the NFA only because NFA Bylaw 1101 prohibits NFA members from carrying accounts, accepting orders, or handling transactions in commodity futures contracts for or on behalf of any non-member of the NFA that is required to be registered with the CFTC as, among other things, an IB, CPO, or CTA.  In other words, NFA Bylaw 1101 indirectly required IBs, CPOs, and CTAs to join the NFA to conduct business with NFA members.

However, Dodd-Frank Act amendments to the Commodity Exchange Act expand the scope of regulated activities in such a way that it is now possible for IBs, CPOs, or CTAs that are not NFA members to serve clients without undertaking the activities that would require registration under NFA Bylaw 1101.  The release provides the examples of a CTA advising a “special entity” on swaps and a CPO operating a pool that trades only uncleared swaps; neither of these activities would not require interacting with an NFA registrant in such a manner that would implicate NFA Bylaw 1101.  The proposed rule is intended to require such entities to join the NFA.

Comments are due by January 17, 2014.

A new Employee Benefits Update from Goodwin Procter’s ERISA & Executive Compensation Practice discusses (1) the modification by the Internal Revenue Service (the “IRS”) of its “use-it-or-lose-it” rule for health flexible spending arrangements so that, subject to implementing plan amendments and employee notifications, up to $500 of unused amounts may be carried forward into the following year and (2) the announcement by the IRS and Social Security Administration of cost-of-living adjustments for 2014 to certain dollar limits for tax-favored retirement and benefits plans, and other thresholds – including for retirement plans, health savings accounts, qualified transportation benefits and the social security taxable wage base.

The Independent Directors Council issued a report designed to assist fund directors in their oversight of registered fund performance.  The report discusses (a) how to understand the performance expectations for a fund based on asset class, investment process, benchmarks, risk profile, disclosures and other factors, (b) how to understand a fund adviser’s investment organization and processes for portfolio management and investment oversight, (c) how to review a fund’s performance on an ongoing basis through periodic reports and discussions with the adviser, and related governance and process issues; and (d) how to address performance issues, including possible remediation measures.  The report includes an appendix with suggested questions for addressing certain of the foregoing topics.

The SEC announced that its staff will host a public roundtable on December 5 to discuss the use of proxy advisory firms by institutional investors and investment advisers.  The role of proxy advisory firms in assisting institutional investors with the exercise of voting rights was one of the principal topics addressed in the SEC’s 2010 concept release on the proxy voting system, which asked, among other things, for public comment on the services provided by proxy advisory firms and on potential conflicts of interest and transparency in the proxy advisory industry.  (See the July 27, 2010 Financial Services Alert for a discussion of the 2010 concept release.)  The December 5 roundtable is intended to provide a forum to discuss these issues, and will be open to the public at the SEC’s Washington, D.C. headquarters and via webcast on the SEC’s website.