Top Story Technology Related

The Treasury Department has announced that Treasury, the CFPB, and the FTC have taken actions to address unfair and deceptive consumer acts and practices in the residential solar power sector. Treasury, CFPB, and FTC released Consumer Advisories warning the public on how to spot potential unfair and deceptive practices and encouraging consumers to file complaints of suspicious behavior to FTC, CFPB, and state consumer protection offices.

Treasury, CFPB, and FTC, along with the Departments of Energy and Housing and Urban Development, also announced an interagency partnership with the goal of coordinating efforts to prevent predatory practices. The new partnership will foster greater communication and collaboration between the agencies and better protect consumers from bad actors.

Treasury Resources:

• Consumer Solar Awareness website
• Solar Consumer Advisory
• Before You Buy Solar Panels
• Before You Sign a Solar Lease
• Before You Sign A Power Purchase Agreement
• Before You Sign A Solar Subscription

FTC Resources:

• Consumer: How To Avoid Getting Burned
• Business: Don't Waste Your Energy On a Solar Scam

CFPB Resources:

• Issue Spotlight
• Consumer Advisory

The Federal Reserve Board on Friday announced it is requesting comment on a proposed rule that would establish data standards for certain information collections submitted to financial regulatory agencies. In addition to the Board, the standards have been proposed by several other federal financial regulatory agencies. The proposal would promote interoperability of data collected by financial regulatory agencies through the establishment of data standards for identifiers of legal entities and other data elements.

This proposal is part of the implementation of the Financial Data Transparency Act of 2022. Once the final standards are established, the Board will issue a separate rule that adopts those standards for certain information collected by the Board.

Comments on the proposal are due 60 days following joint publication by the Board, the OCC, FDIC, NCUA, CFPB, FHFA, Commodity Futures Trading Commission, SEC, and the Department of the Treasury in the Federal Register.

Publication and comment period update: Published by the agencies in the August 22, 2024, Federal Register with a 60-day comment period ending on October 21, 2024.

The NCUA yesterday reported it issue2 two prohibition orders in July barring individuals from participating in the affairs of any federally insured depository institution. The orders were issued to:

• Jose Prado-Valero, a former employee of Financial Center First Credit Union in Indianapolis, Indiana, after finding that he engaged in an elaborate fraud to share credit union members’ personal information with non-members who fraudulently withdrew members’ funds, in exchange for a portion of the proceeds of the fraud. Valero pleaded guilty to a one-count information in federal court in April 2024.
• Tracy H. Thibodeau, a former employee of Vermont VA Federal Credit Union in White River Junction, Vermont, after finding that, as a branch manager of the credit union, she fraudulently obtained a personal Vermont VA FCU credit card and exempted herself from credit limits, late fees, interest payments, and making minimum monthly payments, defrauding the credit union of $137,170. She subsequently pleaded guilty to a charge of bank fraud in federal court.

The FDIC, OCC, and Federal Reserve yesterday jointly issued a statement reminding banks of potential risks associated with third-party arrangements to deliver bank deposit products and services. The agencies support responsible innovation and banks engaging in these arrangements in a safe and sound manner and in compliance with applicable law. While these arrangements can provide benefits, supervisory experience has identified a range of safety and soundness, compliance, and consumer-related concerns with the management of these arrangements.

The statement details the potential risks and provides examples of effective risk management practices for these arrangements. In addition, the statement reminds banks of relevant existing legal requirements, guidance, and related resources, and provides insights that the agencies have gained through their supervision. The statement does not establish new supervisory expectations.

Separately, the agencies have requested additional information on a broad range of bank-fintech arrangements, including with respect to deposit, payments, and lending products and services. The agencies are seeking input on the nature and implications of bank-fintech arrangements and effective risk management practices. Responses and comments will be accepted for 60 days following publication of the request for information in the Federal Register. [Update: Published 7/31/2024 at 89 FR 61577, with a 61-day comment period ending 9/30/2024.]

The agencies are considering whether additional steps could help ensure banks effectively manage risks associated with these various types of arrangements.

• OCC Bulletin 2024-20
• OCC Bulletin 2024-21
• FDIC FIL-45-2024

FinCEN has updated its Beneficial Ownership Information Frequently Asked Questions to include new information for entities that are disregarded for U.S. tax purposes (Question F.13), as well as updated information that addresses the time frame for obtaining an Employer Identification Number (EIN) from the IRS (Question G.3). An in-page search for "July 24" will take you to the end of each of those new FAQs.

The updated FAQ can be downloaded as a 50-page PDF document, where the two new FAQs begin on pages 31 and 33, respectively.

The FDIC has released a notice of the next meeting of its Board, scheduled for 10:00 a.m. on July 30, 2024. A link to a webcast of this open to public observation meeting can be found at https://www.fdic.gov/news/board-matters/video.html.

Matters to be considered include:

• Notice of Proposed Rulemaking on Brokered Deposit Restrictions.
• Notice of Proposed Rulemaking on Parent Companies of Industrial Banks and Industrial Loan Companies.
• Request for Information on Deposits.
• Final Guidance for Title I Resolution Plan Triennial Full Filers and Extension of Submission Deadline.
• Proposals regarding the Change in Bank Control Act Regulations and Procedures.
• Final Rule on Revisions to the FDIC’s Section 19 Regulations.
• Interim Final Rule on Clarification of Deposit Insurance Coverage for Legacy Branches of U.S. Banks in the Federated States of Micronesia, the Marshall Islands, and Palau.
• Notice of Proposed Rulemaking regarding the Financial Data Transparency Act.

The Treasury Department on Friday reported that OFAC has exposed the identity of two members of a Russian government-related hacktivist group, and imposed sanctions on them. OFAC designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure. These two individuals are the group’s leader and a primary hacker, respectively.

For identification information on Pankratova and Degtyarenko, see BankersOnline’s July 19, 2024, OFAC Update.

The Federal Reserve Board has reported it has addressed consumer compliance breakdowns by Green Dot, fining the firm $44 million for numerous unfair and deceptive practices and a deficient consumer compliance risk management program.

The Board found that Green Dot violated consumer law in its marketing, selling, and servicing of prepaid debit card products, and its offering of tax return preparation payment services. For example, Green Dot failed to adequately disclose the tax refund processing fee for tax preparation services offered on a third party's website. The firm also blocked access to accounts of legitimate customers receiving unemployment benefits and lacked reasonable policies and procedures to help those customers cure those blocks. In addition, Green Dot did not maintain effective consumer compliance risk management and anti-money laundering programs.

For additional details and a link to the Board's consent order, see "Green Dot fined $44M for UDAP violations and deficient compliance program," in BankersOnline's Penalties webpages.

The OCC has released a list of 11 enforcement actions taken against national banks and federal savings associations and individuals currently and formerly affiliated with OCC-supervised financial institutions.

• The amended cease and desist order previously announced against Citibank, N.A., Sioux Falls, South Dakota.
• A cease and desist order against CNB Bank & Trust, N.A., Carlinville, Illinois, for violations of 12 CFR 21.21 (BSA/AML compliance program), 31 CFR 1020.210 (Customer Due Diligence), and 1020.220 (Customer Identification Program) as well as unsafe or unsound practices relating to the bank’s BSA/AML compliance, and failure to correct previously reported BSA/AML compliance problems.
• A formal agreement with Lincoln FSB of Nebraska, Lincoln, Nebraska, for unsafe or unsound practices, including those relating to strategic planning, liquidity risk management, contingency funding planning, interest rate risk management, and board oversight and corporate governance.
• A cease and desist order against Summit National Bank, Hulett, Wyoming, for unsafe or unsound practices including those related to capital and strategic planning, liquidity risk management, transactions with affiliates, and the bank’s BSA/AML compliance program, and violations including of 12 CFR 21.21 (BSA/AML compliance program).
• Orders of prohibition against the following individuals:
  • Cindy M. Flores, former branch operations associate manager at a Fargo, North Dakota, branch of Wells Fargo Bank, N.A., Sioux Falls, South Dakota, for misappropriating at least $47,600 by diverting funds from customer deposit accounts
  • Randall David Ditzer, former banking center team lead relationship banker at a Prairie Village, Kansas, branch of BOKF, N.A., Tulsa, Oklahoma, for making unauthorized withdrawals from the accounts of an elderly bank customer and depositing the funds into his own accounts.
  • Aaliyah Shaheed, former digital banking representative for Varo Bank N.A., Draper, Utah, who worked remotely from Charlotte, North Carolina, for improperly accessing and modifying customer account information, which resulted in approximately $21,700 of fraudulent transfers.
  • Kathryn Thomure (now known as Kathryn Makler), former business banking specialist at a Farmington, Missouri, branch of U.S. Bank, N.A., Cincinnati, Ohio, for making false representations on two Paycheck Protection Program loan applications to the U.S. Small Business Administration and receiving a loan for approximately $29,300.
  • Valeria Martinez Vazquez, former branch relationship banker at Zions Bancorporation, N.A., Salt Lake City, Utah, for misappropriating approximately $11,100 from a customer’s account.
  • Andre Jackson, former relationship banker at a Kenmore, New York, branch of Bank of America N.A., Charlotte, North Carolina, for misappropriating at least $8,000 in cash from the bank.
  • Cordia Shedde McDonald, former associate banker at a New Rochelle, New York, branch of JPMorgan Chase Bank, N.A., Columbus, Ohio, for misappropriating at least $10,000 in cash from the bank.

Yesterday, the Department of the Treasury announced that the Financial Services Sector Coordinating Council (FSSCC) and Treasury have published a suite of resources to share with financial services institutions on effective practices for their secure cloud adoption journey. These deliverables are the result of a year-long public-private partnership of the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC.

To provide leadership support for this joint effort the U.S. Department of the Treasury established the Cloud Executive Steering Group (CESG) in May 2023 at the direction of the Financial Stability Oversight Council (FSOC), to help close the gaps identified in Treasury's landmark report on the Financial Services Sector’s Adoption of Cloud Services. The documents published yesterday are intended to arm financial institutions of all sizes with effective practices for secure cloud adoption and operations, and to establish a continuing effort and partnership to begin to address the gaps identified in Treasury’s report, which include:

• Establishing a common lexicon that may be used by financial institutions and regulators in discussions regarding cloud.
• Enhancing information sharing and coordination for examination of cloud service providers.
• Assessing existing authorities for cloud service provider (CSP) oversight.
• Establishing best practices for third-party risk associated with cloud service providers, outsourcing, and due diligence processes to increase transparency.
• Providing a roadmap for institutions considering comprehensive or hybrid cloud adoption strategies including an update to the Financial Sector’s Cloud Profile.
• Improving transparency and monitoring of cloud services for better “security by design.”

Clear explanations for the utility and application of the documents can be found on the U.S. Treasury website. The website also includes links to the FSSCC-led outputs so that financial institutions can consult them at any part of their cloud services adoption journey and risk management process.