Regulatory Developments
OCC Releases Annual Supervision Operating Plan, Bank Supervision Priorities
On September 25, the Committee on Bank Supervision (CBS) of the OCC released its annual supervision operating plan outlining the OCC’s bank supervision priorities. The plan will guide CBS managers and staff in the development of their supervisory priorities, planning, and resource allocations for the fiscal year spanning October 1, 2018, to September 30, 2019 (FY 2019). In FY 2019, the OCC will focus on the following priorities: (1) cybersecurity and operational resiliency; (2) commercial and retail credit loan underwriting, concentration risk management, credit risk management, and allowance for loan and lease losses; (3) Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance; (4) process management for consumer compliance-related changes, including the Home Mortgage Disclosure Act, the integrated mortgage disclosure requirements under the Truth in Lending Act and Real Estate Settlement Procedures Act, and the Military Lending Act; and (5) internal controls and end-to-end processes necessary for product and service delivery, including emphasis on implementation of new and revised products or strategic partnerships. In FY 2019, CBS managers will differentiate among regulated institutions according to size, complexity, and risk profile when developing supervisory strategies and will devote resources to risk-focused examinations of technology service providers supporting critical processing and services.
FinCEN and Federal Banking Agencies Provide CIP Relief for Premium Finance Loans
On September 28, FinCEN and the OCC, Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration (Federal Banking Agencies) announced an exemption from the requirements of the customer identification program (CIP) rules implementing section 326 of the USA PATRIOT Act for loans extended by banks and their subsidiaries to commercial customers to facilitate purchases of property and casualty insurance policies (premium finance loans). Premium finance loans provide short-term financing to businesses to facilitate their purchases of property and casualty insurance policies. According to FinCEN, the exemption is appropriate as premium finance loans present a low risk of money laundering because of the purpose for which the loans are extended and limitations on the ability of a customer to use such funds for any other purpose.
OCC Updates TILA Booklet of Comptroller’s Handbook
On September 26, the OCC issued a new Truth in Lending Act (TILA) booklet of the Comptroller’s Handbook. The Comptroller’s Handbook is prepared for use by OCC examiners in connection with their examination and supervision of national banks and federal savings associations. The new TILA booklet provides background information and optional expanded examination procedures for TILA and Regulation Z. This new TILA booklet replaces the prior booklet issued in December 2014.
OCC Updates Guidance on Prompt Corrective Action
On September 28, the OCC issued a bulletin setting forth the guidelines and procedures by which the OCC implements its authority under section 38 of the Federal Deposit Insurance Act, entitled “Prompt Corrective Action.” The purpose of prompt corrective action is to resolve the problems of insured depository institutions at the least possible long-term loss to the Deposit Insurance Fund. The bulletin rescinds Banking Circular 268, “Prompt Corrective Action,” and OCC Bulletin 1994-43, “Prompt Corrective Action – Capital Restoration Plans Guidelines: Guidelines.”
CFPB Request for Information on Collection and Treatment of Consumer Data
The CFPB, in assessing its current practices regarding the CFPB’s collection and treatment of consumer data, is seeking public feedback regarding its data governance program. More specifically, the CFPB is reviewing and seeking comment on how data should, or should not, be used for multiple functions, ways of reducing reporting burdens and increasing efficiency around data collections, and feedback on areas it could expand to better support the statutory objectives. The CFPB provides in its request for information the areas, in addition to the above, in which commenters should focus their comments. In conjunction, the CFPB issued a report on the Sources and Uses of Data at the Bureau of Consumer Financial Protection, which is available on the CFPB website. Comments are due December 27, 2018.
Client Alert: SEC Publishes Guidance on Form 10-Q
On September 24, the staff of the SEC Division of Corporation Finance published Guidance on how the disclosure simplification amendments adopted on August 17, 2018, will affect upcoming Form 10-Q quarterly reports. The guidance clarifies questions about the effective date of the amendments and provides important interpretive relief concerning the requirement to present changes in shareholders’ equity in interim financial statements contained in Form 10-Q quarterly reports. For more information, read the client alert issued by Goodwin’s Public Companies practice.
Enforcement & Litigation
SEC Charges Firm With Deficient Cybersecurity Procedures
On September 26, the SEC announced that Voya Financial Advisors, Inc. (VFA), a broker-dealer and investment adviser, settled charges related to violations of the Safeguards Rule and the Identity Theft Red Flags Rule, which are designed to protect confidential customer information and prevent identity theft. This is the first SEC enforcement action charging violations of the Identity Theft Red Flags Rule. In the settlement order, the SEC alleged that, in 2016, cyber intruders impersonated VFA contractors over a six-day period by calling VFA’s support line and requesting that the contractors’ passwords be reset. The intruders then: 1) used the new passwords to gain access to the personal information of 5,600 VFA customers; 2) used the customer information to create new online customer profiles; and 3) used the customer profiles to obtain unauthorized access to multiple customers’ account documents. The order further alleged that VFA’s failure to terminate the intruders’ access stemmed from weaknesses in its cybersecurity procedures, some of which had been exposed during prior incidents involving similar conduct. According to the SEC, VFA also failed to apply its cybersecurity procedures to the systems used by its independent contractors, who comprise the largest segment of VFA’s workforce. Without admitting or denying the SEC’s findings, VFA consented to a cease and desist and censure and agreed to pay a $1 million penalty, and will retain an independent consultant to evaluate its policies and procedures for compliance with the Safeguards Rule, the Identity Theft Red Flags Rule and other related regulations. Commenting on this matter, Robert A. Cohen, Chief of the SEC Division of Enforcement’s Cyber Unit, stated that “this case is a reminder to brokers and investment advisers that cybersecurity procedures must be reasonably designed to fit their specific business models,” and that “[t]hey also must review and update the procedures regularly to respond to changes in the risks they face.”
Industry Groups Seek Preliminary Injunction to Enjoin CFPB’s Enforcement of the Payday Lending Rule
On September 14, the Community Financial Services Association of America, Ltd. and the Consumer Service Alliance of Texas (Industry Groups) moved for a preliminary injunction to prevent many of the provisions of the CFPB’s payday lending rule (12 C.F.R. Part 1041) from becoming effective on August 19, 2019. The payday lending rule tightly regulates loans with repayment terms of less than 45 days, and has been the subject of much contention. The Industry Groups argue that the rule will effectively “deny[] access to the crucial financial flexibility that many payday borrowers rely on.” For more information, view the LenderLaw Watch blog post.
Goodwin News
7th Annual London White Collar Crime Institute – October 8-9
Hosted by the American Bar Association’s Criminal Justice Section, the 7th Annual London White Collar Crime Institute will take place October 8-9, 2018. Federica De Santis, an associate in Goodwin’s Financial Industry group, will be a featured speaker on cryptocurrencies and blockchain. For more information, please visit the event website.
Block-Con 2018 – October 10-12
Goodwin will once again be a sponsor of Block-Con, a three-day conference bringing together thousands of blockchain, crypto and dApp industry leaders in Santa Monica, CA for workshops, panel discussions and networking sessions. To register, please visit the event website.
The Money 20/20 Conference, one of the largest global events focused on payments and financial services innovation, attracts more than 1,500 CEOs from over 4,500 companies and 85 countries. Goodwin is a sponsor. For more information, please visit the event website.
American Bankers Association Annual Convention – October 21-23
New York City is the place where trends, leaders and history are made, so it’s only fitting that the Big Apple will be the backdrop for this year’s American Bankers Association Annual Convention. Join us as we capture the energy of the city that never sleeps to take on tomorrow’s top issues facing the industry, connect to peers and business pioneers, and take home bright ideas and big dreams for your bank. Samantha Kirby and Matt Dyckman of Goodwin’s Financial Industry, Banking and Consumer Financial Services practices will speak on the “Changing Views of Board of Directors and Governance” panel on Tuesday, October 23. Goodwin is a sponsor of the convention. For more information, please visit the event website.
Western Bankers Association Electronic Payments Best Practices Webinar – October 24
Both emerging technology and legacy electronic payment systems are subject to the overlapping requirements of both the NACHA Operating Rules & Guidelines and the Electronic Fund Transfer Act. In this webinar, Margaret Crockett, counsel in Goodwin’s Financial Industry, Banking and Consumer Financial Services practices, and Kim Holzel, associate in Goodwin’s Financial Industry, Consumer Financial Services and Fintech practices, will provide an overview of the players and mechanics of the ACH and applicable rules and laws. They will examine best practices for compliance with these rules and discuss how they apply to emerging technologies.
New York Bankers Association Financial Services Forum – October 28-31
NYBA’s Financial Services Forum is the hallmark event for NYBA members, offering first-rate banker education in a world-class setting. The forum promises important industry updates and outlooks, a focused workshop for directors and trustees, targeted breakfast workshops, and valuable networking opportunities. The 2018 Financial Services Forum will be no different. The beautiful Ritz-Carlton in Key Biscayne, Miami will be the setting for one of the nation’s most vibrant banking communities, including bank CEO’s, directors, trustees and senior officers from financial institutions across New York State and beyond, as well as many industry service providers, for need-to-know information, education and networking. Goodwin is a sponsor of this event. Partner William Stern will be speaking on the “S.2155: Regulatory Changes and Strategic Considerations for New York Banks” panel on Tuesday, October 30. For more information, please visit the event website.
Western Bankers Association Regulatory Developments in Financial Payments Webinar – October 30
Lynne Barr, of counsel in Goodwin’s Financial Industry, Banking and Consumer Financial Services & Fintech practice, will speak on a webinar presented by Western Bankers Association covering Regulatory Developments in Financial Payments on October 30.
This week’s Roundup contributors: Alex Callen, Jessica Craig, Mac Laban, and Bill McCurdy.