Top Story Operations Related

• The financial stability implications of tokenization
• The status report on the G20 Crypto-Asset Policy Implementation Roadmap
• A consultation on a common Format for Incident Reporting Exchange (FIRE)
• G20 Roadmap for Enhancing Cross-border Payments: Consolidated progress report for 2024

This morning, the CFPB announced it has finalized a rule designed to give consumers greater rights, privacy, and security over their personal financial data. The rule will require financial institutions, credit card issuers, and other financial providers to unlock an individual’s personal financial data and transfer it to another provider at the consumer’s request for free.

The Bureau said that consumers will be able to more easily switch to providers with superior rates and services, and, by fueling competition and consumer choice, the rule will help lower prices on loans and improve customer service across payments, credit, and banking markets. The rule also establishes strong privacy protections, requiring that personal financial data can only be used for the purposes requested by the consumer. It ensures that third parties cannot use consumer data for other purposes that benefit the third party, but that consumers do not want. It also helps move the industry away from “screen scraping,” a still common but risky practice that typically involves consumers providing their account passwords to third parties who use them to access data indiscriminately through online banking portals.

Compliance with the rule, which amends 12 CFR Part 1033, will be implemented in phases, with larger providers subject to the rule sooner than smaller ones. Financial firms will be required to comply based on their size; the largest institutions will have to comply by April 1, 2026, while the smallest covered institutions will have until April 1, 2030. Certain small banks and credit unions are not subject to this rule.

• Executive Summary of Rule
• Published 11/18/2024 at 89 FR 90838, with an effective date of 1/17/2024.
• Compliance dates: Data providers must comply with the requirements in 12 CFR part 1033, subparts B and C beginning April 1, 2026; April 1, 2027; April 1, 2028; April 1, 2029; or April 1, 2030, based on the criteria set forth in § 1033.121(c).

The OCC has reported it has finalized revisions to its recovery planning guidelines for certain large insured national banks, federal savings associations, and federal branches (banks).

The revisions to the recovery planning guidelines are part of the OCC’s effort to ensure that large banks are adequately prepared for and have developed plans to respond to the financial effects of severe stress, particularly in light of the contagion effects and systemic risks they may pose.

The revisions:

• Expand the recovery planning guidelines to apply to banks with at least $100 billion in assets
• Incorporate a testing standard for recovery plans
• Clarify the role of non-financial risk (including operational and strategic risk) in recovery planning
• Provide covered banks with time frames in which to comply with the recovery planning guidelines, including development of a testing framework and conducting testing

The revisions, published in today's Federal Register at 89 FR 84255, are effective on January 1, 2025, with staggered compliance dates. They will apply to insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks with average total consolidated assets of $100 billion or more.

The Financial Stability Board has published reports detailing work to enhance cross-border payments.

• a consolidated progress report for 2024 reporting on a broad range of actions being progressed as part of the G20 Roadmap for Enhancing Cross-Border Payments
• a progress report on the implementation of the Legal Entity Identifier (LEI)
• an annual progress report on meeting the improved user experience targets for cross-border payments

• Press release

FinCEN has added Filing Trend Data by industry updated through the 2023 calendar year to its Interactive SAR Stats website. The new downloadable data is arranged by industry type, and includes rankings by states/territories and suspicious activities.

The FDIC has issued FIL-76-2024 announcing steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Alaska affected by flooding from August 5 to August 6, 2024. The current list of such areas includes Juneau Borough.

On Friday, the OCC appointed the FDIC as receiver for The First National Bank of Lindsay, Lindsay, Oklahoma, after identifying false and deceptive bank records and other information suggesting fraud that revealed depletion of the bank’s capital. The OCC also found that the bank was in an unsafe or unsound condition to transact business and that the bank’s assets were less than its obligations to its creditors and others.

The OCC is also referring this matter to the United States Department of Justice, which has a wide variety of tools to hold individuals accountable for criminal acts and focuses on victims in all of its matters.

To protect depositors of the failed bank, the FDIC entered into a purchase and assumption agreement with First Bank & Trust Co., Duncan, Oklahoma, to assume the insured deposits of The First National Bank of Lindsay.

In addition, based on the estimated recoveries of the failed bank assets, the FDIC will make 50 percent of uninsured funds available to those depositors on Monday, October 21, 2024. This amount could increase as the FDIC sells the assets of the failed bank.

As of June 30, 2024, The First National Bank of Lindsay reported total assets of $107.8 million and total deposits of $97.5 million. Approximately $7.1 million of the deposits exceeded FDIC insurance limits; this amount is likely to change once the FDIC obtains additional information from customers.

The FDIC preliminarily estimates that the failure will cost its Deposit Insurance Fund (DIF) about $43 million. The estimate will change over time as the assets are sold. Alleged fraud caused the failure of the bank and cost to the DIF.

The First National Bank of Lindsay is the second bank to fail in the U.S. this year. The last bank failure was Republic First Bank, in Philadelphia, Pennsylvania, on April 26, 2024. The last failure in Oklahoma was The Freedom State Bank, in Freedom, Oklahoma. on June 27, 2014.

The FDIC has announced it is extending the compliance date for amendments to part 328 subpart A of its regulations to modernize the rules governing use of the official FDIC sign and insured depository institutions’ advertising statements from January 1, 2025, to May 1, 2025. This extension will provide additional opportunity for IDIs to establish processes and systems, and make technological updates, necessary to implement the new regulatory requirements under subpart A. The compliance date for amendments to part 328, subpart B, relating to misrepresentations of deposit insurance, remains January 1, 2025.

The OCC has released enforcement actions taken against national banks, federal savings associations, and individuals currently and formerly affiliated with banks the OCC supervises.

• Formal Agreement with Axiom Bank, N.A., Maitland, Florida, for unsafe or unsound practices, including those related to the bank’s Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance program and violations of 12 CFR 21.21(d)(1) and (d)(3) (BSA/AML internal controls and BSA officer).
• Formal Agreement with First National Bank of Dennison, Dennison, Ohio, for unsafe or unsound practices, including those related to board and management oversight, credit underwriting, and credit administration.
• Formal Agreement with First National Bank of Lake Jackson, Lake Jackson, Texas, for unsafe or unsound practices, including those related to strategic and capital planning, liquidity risk management, and interest rate risk management.
• Formal Agreement with The First National Bank of Waverly, Waverly, Ohio, for unsafe or unsound practices, including those relating to strategic planning, capital planning, and liquidity risk management.
• The previously announced Cease and Desist Order and Civil Money Penalty against TD Bank, N.A., Wilmington, Delaware, and TD Bank USA, N.A., Wilmington, Delaware, for deficiencies in the banks’ BSA/AML compliance program.
• Orders of Prohibition against—
  • Tanya Jazmin Cortez, former Teller and Concierge at Los Angeles County, California, branches of Citibank, N.A., Sioux Falls, South Dakota, for selling confidential bank customer information to a third party, resulting in check fraud and a loss to the bank of approximately $348,000.
  • Alexis LeaAnne Day (f/k/a Alexis LeaAnne Adcock), former Client Relationship Consultant at a Clarksville, Tennessee, branch of U.S. Bank, N.A., Cincinnati, Ohio, for misappropriating approximately $10,000 from a bank ATM.
  • Leronne D. Kornegay, former Associate Banker at a Brooklyn, New York, branch of JPMorgan Chase Bank, N.A., Columbus, Ohio, for engaging in a scheme to steal bank funds and falsely reporting the receipt of counterfeit bills in the bank’s general ledger. The bank suffered a loss of at least $201,000.
  • Lexus Inez Lewis, former Fraud Operations Specialist, at a Jacksonville, Florida, branch of Citibank, N.A., Sioux Falls, South Dakota, resolving the Notice of Charges, in which the OCC alleged, among other things, that Lewis made false representations in her employment application and became employed at the bank in violation of federal law; caused fraudulent transactions totaling at least $389,000 to incur on bank customers’ credit card accounts; and kept bank equipment without authorization. Lewis consented to the Order without admitting or denying the allegations in the Notice.

Yesterday, OFAC designated three individuals and four associated companies involved in a Lebanon-based sanctions evasion network that generates millions of dollars in revenue for Hizballah. Hizballah’s finance team is responsible for the establishment and operation of Hizballah commercial projects throughout Lebanon, some of which are financed and facilitated by Iran. OFAC also designated three individuals involved in the illegal production and trafficking of Captagon that has benefited Bashar al-Assad’s regime and its allies, including Hizballah. The illegal trade in Captagon, a dangerous, highly addictive amphetamine, has become a billion-dollar illicit enterprise operated by senior members of the Syrian regime.

For the names and identification information of the designated parties, see yesterday's BankersOnline OFAC Update.