On April 8, the Federal Reserve released two proposals that would tailor the application of prudential standards to foreign banks operating in the United States to more closely match the risks they present to the U.S. financial system. The first proposal would revise certain enhanced prudential standards, including those related to liquidity, risk management, stress testing and single counterparty limits and would make adjustments to certain reporting forms. The second proposal was jointly developed with the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) and would apply regulatory capital and standardized liquidity requirements to foreign banking organizations according to risk-based categories. In general, the largest organizations and those with significant cross-jurisdictional activity would be subject to the most stringent standards, with requirements becoming less stringent for smaller organizations that present a reduced risk profile. In addition to consolidated assets, the framework would take into account levels of nonbank assets, off-balance sheet exposures and short-term wholesale funding as measures of an organization’s risk profile. The tailoring proposal is in many respects similar to that proposed last year for domestic banking organizations, but the Federal Reserve observed that foreign banking organizations may rely more heavily on less stable funding sources, which could require these organizations to hold higher levels of liquid assets if the proposals are adopted. Public comments must be submitted by June 21.
On April 4, the FDIC issued a proposed rule that would amend the regulation governing one of the requirements for an account to be separately insured as a joint account. Specifically, the proposed rule would provide an alternative method to satisfy the ‘‘signature card’’ requirement. Under the proposal, the ‘‘signature card’’ requirement could be satisfied by information contained in the deposit account records of the insured depository institution establishing co-ownership of the deposit account, such as evidence that the institution has issued a mechanism for accessing the account to each co-owner or evidence of usage of the deposit account by each co-owner. Public comments must be submitted by May 6.
On April 3, the Federal Reserve, the OCC, the FDIC and the National Credit Union Administration (Agencies) issued updated Frequently Asked Questions on the New Accounting Standard on Financial Instruments – Credit Losses to assist institutions and examiners. The Frequently Asked Questions (FAQs) combine new questions and answers and those issued in 2017 and 2016. Certain previously issued FAQs have been updated in response to recent developments. The FAQs continue to focus on the application of the current expected credit losses methodology (CECL) for estimating credit loss allowances and related supervisory expectations and regulatory reporting guidance.
The Federal Trade Commission (FTC) has requested comment on the proposed amendments to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act (GLBA), which were enacted to protect the privacy and security of customer data held by financial institutions. The Safeguards Rule requires financial institutions to develop, implement and maintain a comprehensive information security program, while the Privacy Rule requires a financial institution to inform customers about its information-sharing practices, as well as enable customers to opt out of having their information shared in certain ways.
The proposed amendments to the Safeguards Rule aim to take the process-driven GLBA requirements a step further by more clearly laying out the requirements for information security programs, and would generally require financial institutions to: (1) encrypt all customer data; (2) implement access controls to prevent unauthorized users from accessing customer information; (3) employ multifactor authentication for accessing customer data; and (4) designate an individual responsible for overseeing the information security function. The proposed rule also seeks to expand the definition of “financial institution” to include “finders,” entities that charge a fee to connect borrowers with lenders. While the proposed amendments retain some level of flexibility, new affirmative requirements for encryption and multifactor authentication would represent a new standard and way of thinking about security that could be influential beyond the financial services sector.
The proposed amendments to the Privacy Rule, meanwhile, are designed to address how the Dodd-Frank Act transferred the majority of the Commission’s rulemaking authority for the Privacy Rule to the Consumer Financial Protection Bureau. For example, the amendments propose to eliminate from the Privacy Rule examples of financial institutions that do not apply to motor vehicle dealers, which remain subject to FTC rulemaking authority.
The SEC has adopted a second round of disclosure simplification amendments following the earlier round of amendments adopted in August 2018. These amendments are more substantive than the earlier round of amendments and make a number of welcome changes, including permitting companies to omit immaterial confidential information from certain exhibits without submitting a confidential treatment request, omit immaterial attachments when they file material agreements, exclude discussion of the earliest of three years in Management’s Discussion and Analysis in many cases, and eliminate immaterial property descriptions. These amendments also require companies to file a new exhibit to Form 10-K reports that briefly describes each class of registered securities, and make a number of other technical changes. For more information, read the client alert issued by Goodwin’s Public Companies practice.
On April 3, the SEC released the “Framework for ‘Investment Contract’ Analysis of Digital Assets” (Framework). The Framework — published by the SEC’s Strategic Hub for Innovation and Financial Technology (FinHub) — is the most comprehensive guidance the SEC has provided to date with respect to a method of analyzing whether digital assets fall within existing securities laws. Although the Framework is not a binding rule, regulation or statement of the SEC, it provides much needed guidance to the public on analyzing whether a particular token is likely to be considered a security. The Framework builds on the SEC’s previous analysis, as articulated in The DAO Investigative Report, the Munchee settlement, and other enforcement actions and informal statements by the Commission. Read the Digital Currency & Blockchain Perspectives blog post.
On April 3, the SEC’s Division of Corporation Finance (Division) issued a no-action letter to TurnKey Jet, Inc. (TKJ) in response to TKJ’s incoming letter dated April 2, 2019. At the same time, the Division released a paper entitled “Framework for ‘Investment Contract’ Analysis of Digital Assets” (see Goodwin blog post referenced above). The letter from TKJ described a program in which TKJ, a licensed U.S. air carrier and air taxi operator providing interstate air charter services, proposed to offer and sell blockchain-based digital assets in the form of “tokenized” jet cards (Tokens). Consumers of air charter services (Consumers) would be able to use the Tokens to purchase such services from TKJ, third-party carriers (Carriers) and brokers of charter flights (Brokers). In the no-action letter, the Division confirmed it would not recommend enforcement action to the SEC if, in reliance on the opinion of TKJ’s counsel that the Tokens are not securities, TKJ sells the Tokens without registration under the Securities Act of 1933 and the Securities Exchange Act of 1934. Read the Digital Currency & Blockchain Perspectives blog post.
Enforcement & Litigation
On March 22, the Ninth Circuit Court of Appeals reversed summary judgment in Henderson v. United Student Aid Funds, Inc., 2017 WL 766548 (S.D. Cal. Feb. 28, 2017), and remanded the matter back to the Southern District of California to determine if a student loan lender could be vicariously liable for the misconduct of debt collectors in a Telephone Consumer Protection Act (TCPA) action. Read the LenderLaw Watch blog post.
For consumer finance industry participants, overlapping state and federal enforcement is nothing new. The post-financial crisis decade has seen an enhanced focus on consumer protection and increased coordination between federal and state regulators. But ongoing changes at the Consumer Financial Protection Bureau since November 2017 have palpably shifted the balance of those overlapping systems. Where the CFPB had taken a leading role, many industry watchers predicted an enforcement void that would be filled by the states, and several states openly said they intended to do just that. And, states are more well-equipped to fill that role than ever before. Read the Goodwin Insights piece surveying enforcement trends in the financial services industry and recent enforcement actions.