Top Story Operations Related

The Department of the Treasury announced yesterday that OFAC has designated three individuals, Yunhe Wang, Jingping Liu, and Yanni Zheng, for their activities associated with the malicious botnet tied to the residential proxy service known as 911 S5. OFAC also sanctioned three entities—Spicy Code Company Limited, Tulip Biz Pattaya Group Company Limited, and Lily Suites Company Limited—for being owned or controlled by Yunhe Wang.

For identity information on the designated individuals and entities, see the BankersOnline May 28, 2024, OFAC Update.

The Office of Foreign Assets Control (OFAC) has amended the Cuban Assets Control Regulations, 31 C.F.R. Part 515 (CACR) to further implement portions of the president’s foreign policy toward Cuba. Among other things, these amendments increase support for internet freedom for the Cuban people and independent Cuban private sector entrepreneurs by expanding authorizations for internet-based services and a range of financial transactions. The rule was published in the Federal Register and became effective today.

OFAC also issued six new, Cuba-related Frequently Asked Questions (FAQs 1174-1179) and amended eight Cuba-related Frequently Asked Questions (FAQs 732, 736, 745, 748, 757, 769, 770, and 785).

Acting Comptroller of the Currency Michael J. Hsu discussed recovery planning via livestream in remarks May 27 at the Entrepreneurship, Markets and Technology: Regulation's Challenges in a Changing World Conference in Zurich, Switzerland.

In his remarks, Mr. Hsu discussed the importance of recovery planning and how it can mitigate the too-big-to-fail problem. He highlighted the importance of recovery planning at large banks in the context of the bank failures in March 2023 and offered thoughts on expanding recovery planning guidelines to apply to banks with at least $100 billion in assets.

The FDIC on Friday issued FIL-27-2024 with steps intended to provide regulatory relief to financial institutions and facilitate recovery in areas of Texas affected by severe storms, straight-line winds, tornadoes, and flooding on April 26, 2024, and continuing.

The affected areas are Harris, Liberty, Montgomery, Polk, San Jacinto, Trinity, and Walker Counties.

The Federal Housing Administration's Mortgagee Letter 2024-10, issued yesterday, requires FHA-approved mortgagees to notify HUD when a cyber incident occurs. The letter, effective immediately, applies to all FHA insurance programs.

The mortgagee letter adds a new section, Significant Cybersecurity Incident, which requires FHA-approved mortgagees to report cyber incidents to HUD within 12 hours of detection. Reports will be made to HUD's FHA Resource Center and to HUDs Security Operations Center.

The FDIC yesterday issued FIL-26-2024 announcing revisions to Call Reports and the FFIEC 002 Report as published [89 FR 45046] on May 22, 2024, in the Federal Register.

Proposed changes were issued on September 28, 2023 (FIL-52-2023) and December 27, 2023 (FIL-68-2023). After considering the comments received on these notices, the agencies are moving forward with certain proposed revisions related to replacing references to “troubled debt restructurings” with “modifications to borrowers experiencing financial difficulty” consistent with ASU 2022-02, the reporting on the internet website addresses of depository institution trade names, and the adoption of the standards for electronic signatures. These updates to the Call Report and FFIEC 002 report forms and instructions will be effective as of the June 30, 2024, report date.

The agencies are implementing revisions related to reporting of loans to NDFIs as of the December 31, 2024, report date. The agencies are also adding a new Memorandum item that would identify the amounts reported as a structured financial product that are guaranteed by U.S. Government agencies or sponsored agencies, which would be effective as of the December 31, 2024, report date.

The agencies are continuing to review comment letters related to loan modifications to borrowers experiencing financial difficulty under ASU 2022-02, as well as the proposed clarification on the reporting of past due loans and proposed reporting of long-term debt requirements, for further changes to the Call Report and the FFIEC 002. Comments on the May 22, 2024, Federal Register notice will be accepted through June 21, 2024.

The OCC yesterday reported recent enforcement actions against two national banks and five institution-affiliated parties to OCC-supervised institutions.

• A formal agreement with Comerica Bank & Trust, National Association, Ann Arbor, Michigan, for unsafe or unsound practices, including those relating to the bank’s risk governance framework and internal controls
• A formal agreement with Lemont National Bank, Lemont, Illinois, for unsafe or unsound practices, including those relating to capital planning, strategic planning, succession planning, and liquidity risk management
• An order of prohibition against Stanley Acosta, a former senior specialist relationship banker at a Dartmouth, Massachusetts, branch of Santander Bank, N.A., Wilmington, Delaware, for stealing approximately $27,449 from cash deposit bags that customers provided to the bank via the night deposit vault
• An order of prohibition against Bahtia Greene, a former associate operations processor at the Philadelphia, Pennsylvania, lockbox facility for Wells Fargo Bank, N.A., Sioux Falls, South Dakota, for misappropriating confidential information of bank customers and selling the information to a third party, resulting in fraudulent transactions and a loss to the bank of approximately $688,000
• An order of prohibition against Sabina Prince, former teller at a Mountain Brook, Alabama, branch of PNC Bank, National Association, Wilmington, Delaware, for taking $15,000 in cash from the bank and manipulating cash shipment processing receipts to hide her actions
• An order of prohibition against Stephanie Sanders, former relationship banker at NBT Bank, N.A., Norwich, New York, for misappropriating approximately $30,650 from the bank by crediting her checking and savings accounts over 100 times
• A notice of charges for Gerald E. Milligan, II, a former teller at a Royal Palm, Florida, branch of PNC Bank, N.A., Wilmington, Delaware. The Notice of Charges alleges, among other things, that Milligan knowingly made false attestations and provided false supporting documentation for a Paycheck Protection Plan (PPP) loan application, received PPP loan proceeds in the amount of $141,530, and used the funds for personal gain.

The National Credit Union Administration has published [89 FR 45602] in this morning's Federal Register a notice of regulatory review and request for comments.

The NCUA Board is voluntarily reviewing agency regulations to identify rules that are outdated, unnecessary, or unduly burdensome on federally insured credit unions. The NCUA is not statutorily required to undertake the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) review; however, the Board has elected to participate in the decennial review process.

The NCUA divided its regulations into 10 categories. Over the next 2 years, the NCUA will publish four Federal Register documents each requesting comment on multiple categories of regulations. This first document requests comment by August 21, 2024, on regulations concerning the following two categories: “Applications and Reporting,” and “Powers and Activities.”

The FDIC yesterday published its 2024 Risk Review, which provides an overview of banking conditions in 2023 in five broad categories: market risks, credit risks, operational risks, crypto-asset risks, and climate-related financial risks. The market risks areas discussed are liquidity, deposits and funding, and net interest margins and interest rate risk. The credit risks areas discussed are commercial real estate, residential real estate, consumer, agriculture, small business, corporate debt and leveraged lending, nonbanks, and energy.

The discussion of operational risks examines the potential negative impact to banks from cyber threats and illicit activity. The crypto-asset risks section discusses the FDIC’s approach to understanding and evaluating crypto-asset-related markets and activities. The discussion of climate-related financial risks focuses on the physical risk of severe weather and climate events to the banking system.

Monitoring these risks is among the FDIC's top priorities.

FDIC FIL-25-2024, issued yesterday, provides guidance to help financial institutions and facilitate recovery in areas of Massachusetts affected by severe storms and flooding September 11–13, 2023. The areas included in the declared disaster include Worcester and Bristol counties in Massachusetts.