Top Story Technology Related

Six federal agencies — The CFPB, FDIC, FHFA, Federal Reserve Board, NCUA, and OCC — have jointly announced their issuance of a final rule required by the Dodd-Frank Act and designed to help ensure the credibility and integrity of models used in valuations for certain mortgages secured by a consumer's principal dwelling. In particular, the rule will implement quality control standards for automated valuation models (AVMs) used by mortgage originators and secondary market issuers in valuing those homes. The final rule is substantially similar to the proposal issued in June 2023.

Under the final rule, the agencies will require institutions that engage in certain transactions secured by a consumer's principal dwelling to adopt policies, practices, procedures, and control systems designed to:

• ensure a high level of confidence in estimates
• protect against data manipulation
• seek to avoid conflicts of interest
• require random sample testing and reviews
• comply with nondiscrimination laws

The agencies said that, driven in part by advances in database and modeling technology and the availability of larger property datasets, AVMs are being used with increasing frequency as part of the real estate valuation process. While advances in AVM technology and data availability have the potential to reduce costs and turnaround times of the property valuation process, it is important that institutions using AVMs take appropriate steps to ensure the credibility and integrity of the valuations produced. It is also important that the AVMs institutions use adhere to quality control standards designed to comply with applicable nondiscrimination laws.

The CFPB and the OCC previously announced their approvals of the rule, which will become effective on the first day of the calendar quarter following 12 months after publication in the Federal Register (if it is published by September 30, it will become effective October 1, 2025).

• FDIC FIL-43-2024

PUBLICATION UPDATE: Published [89 FR 64538] in the 8/7/2024 Federal Register, with an effective date of 10/1/2025.

The OCC has reported that Acting Comptroller of the Currency Michael J. Hsu yesterday discussed three long-term trends that are reshaping banking in remarks at the Exchequer Club.

Mr. Hsu’s written remarks in support of his appearance discussed the increasing number and size of large banks, the complexity of bank-nonbank relationships, and the rise in polarization. Mr. Hsu described how the OCC is uniquely positioned to address each trend.

The White House’s Office of Information and Regulatory Affairs has released its Spring 2024 Unified Agenda of Regulatory and Deregulatory Actions, or URA. This semi-annual report details each federal agency’s upcoming plans to issue or rescind regulations.

The Consumer Financial Protection Bureau’s agenda includes four proposed rule actions, addressing the Fair Credit Reporting Act, or FCRA, mortgage servicing, the Financial Data Transparency Act and consumer financial product contracts under Regulation AA. The bureau released last month the initial part of its FCRA rulemaking and a final rule regarding the attributes a standard-setting body must demonstrate in order to be recognized by the CFPB for purposes of the personal data rights rule; the Bureau plans to finalize the remainder of the proposed rule regarding personal data rights rule in October. The proposed rules for mortgage servicing were issued last week and the Regulation AA proposal is expected in September.

According to the URA, the CFPB projects it will release final rules on non-sufficient fund fees in October and on overdraft fees in January 2025.

On the BSA/AML front, FinCEN expects an August 2024 unveiling of its final AML/CFT rules applicable to investment advisers and certain real estate professionals. FinCEN reported an October target for its proposed revisions to the Customer Due Diligence rule, and is aiming for a May 2025 reveal of proposed rules on 314(b) information sharing protections.

OFAC has issued OFAC Guidance: Production Submission Standards, updating its former delivery standards. The new document provides technical and general guidance to persons submitting material to OFAC and applies primarily to persons providing responses to administrative subpoenas, requests for information, disclosures, and especially for submissions that may entail voluminous documentation (e.g., more than 100 pages).

On Monday, the Federal Reserve Board announced it had fined Silvergate Capital Corporation and Silvergate Bank $43 million for deficiencies in Silvergate's monitoring of transactions in compliance with anti-money laundering laws.

The action was taken in coordination with an action by the Department of Financial Protection and Innovation of the State of California, the state supervisor of Silvergate. The penalties announced by the Board and state total $63 million. The U.S. Securities and Exchange Commission separately announced a penalty against Silvergate Capital Corporation.

Silvergate separately announced last year that it was voluntarily winding down its operations, and has now paid back all deposits to its customers.

• Consent order of assessment of civil money penalty

On Friday, FinCEN announced a proposed rule to strengthen and modernize financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. While financial institutions have long maintained AML/CFT programs under existing regulations, this proposed rule would amend those regulations to explicitly require that such programs be effective, risk-based, and reasonably designed, enabling financial institutions to focus their resources and attention in a manner consistent with their risk profiles. Effective, risk-based, and reasonably designed AML/CFT programs are critical for protecting national security and the integrity of the U.S. financial system. The proposed amendments are based on changes to the Bank Secrecy Act (BSA) as enacted by the Anti-Money Laundering Act of 2020 (AML Act) and are a key component of Treasury’s objective of building a more effective and risk-based AML/CFT regulatory and supervisory regime.

This proposed rule would:

• amend the existing program rules to explicitly require financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process
• require financial institutions to review government-wide AML/CFT priorities and incorporate them, as appropriate, into risk-based programs, as well as provide for certain technical changes to program requirements
• promote clarity and consistency across FinCEN’s program rules for different types of financial institutions

The proposal also articulates certain broader considerations for an effective and risk-based AML/CFT framework as envisioned by the AML Act. For example, through its emphasis on risk-based AML/CFT programs, the proposed rule seeks to avoid one-size-fits-all approaches to customer risk that can lead to financial institutions declining to provide financial services to entire categories of customers. Friday’s proposal is consistent with a key recommendation in Treasury’s De-risking Strategy, which recommended proposing regulations to require financial institutions to have reasonably designed and risk-based AML/CFT programs supervised on a risk basis and taking into consideration the effects of financial inclusion. Finally, the proposed rule would encourage financial institutions to modernize their AML/CFT programs where appropriate to responsibly innovate, while still managing illicit finance risks.

FinCEN's proposal was prepared in consultation with the Federal Reserve Board, the OCC, the FDIC, and the NCUA in order to collectively issue proposed amendments to their respective BSA compliance program rules for the institutions they supervise.

Written comments on FinCEN’s proposed rule must be received on or before 60 days following its publication in the Federal Register.

• Proposed Rule
• Fact Sheet
• Publication update: Published on 7/3/2024 at 89 FR 55428 with a comment period ending on 9/3/2024

The National Credit Union Administration released today its annual Cybersecurity and Credit Union System Resilience Report. The report summarizes the current cybersecurity threat landscape, highlights the agency’s key cybersecurity initiatives, and outlines the agency’s ongoing efforts to enhance cybersecurity preparedness and resilience within the credit union industry.

Yesterday, the CFPB published a Bureau Blog article announcing the Bureau's approval of a new rule to address the current and future applications of complex algorithms and artificial intelligence used to estimate the value of a home. The new rule was approved last week by the OCC (and reportedly by the FDIC). The rule is to be jointly issued by the OCC, Federal Reserve Board, FDIC, NCUA, CFPB, and FHFA once approved by each of those agencies.

The Treasury Department reported on Friday that OFAC has designated twelve individuals in leadership roles at AO Kapersky Lab.

On Thursday, the Department of Commerce issued a final determination under Executive Order 13873 prohibiting Kaspersky Lab, Inc., its affiliates, subsidiaries and parent companies directly or indirectly from providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons. Commerce reached this determination after an investigation found transactions involving the products and services of Kaspersky Lab, Inc. and its corporate family pose unacceptable risk to U.S. national security or the safety and security of U.S. persons, as outlined in E.O. 13873.

In addition, the Department of Commerce has designated AO Kaspersky Lab and OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) on the Entity List for their cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives. These activities are contrary to U.S. national security and foreign policy interests.

For the names and identification information of the designated parties, see the June 21, 2024, BankersOnline OFAC Update.