Top Story Technology Related

The OCC has reported that Acting Comptroller of the Currency Michael J. Hsu yesterday discussed three long-term trends that are reshaping banking in remarks at the Exchequer Club.

Mr. Hsu’s written remarks in support of his appearance discussed the increasing number and size of large banks, the complexity of bank-nonbank relationships, and the rise in polarization. Mr. Hsu described how the OCC is uniquely positioned to address each trend.

The White House’s Office of Information and Regulatory Affairs has released its Spring 2024 Unified Agenda of Regulatory and Deregulatory Actions, or URA. This semi-annual report details each federal agency’s upcoming plans to issue or rescind regulations.

The Consumer Financial Protection Bureau’s agenda includes four proposed rule actions, addressing the Fair Credit Reporting Act, or FCRA, mortgage servicing, the Financial Data Transparency Act and consumer financial product contracts under Regulation AA. The bureau released last month the initial part of its FCRA rulemaking and a final rule regarding the attributes a standard-setting body must demonstrate in order to be recognized by the CFPB for purposes of the personal data rights rule; the Bureau plans to finalize the remainder of the proposed rule regarding personal data rights rule in October. The proposed rules for mortgage servicing were issued last week and the Regulation AA proposal is expected in September.

According to the URA, the CFPB projects it will release final rules on non-sufficient fund fees in October and on overdraft fees in January 2025.

On the BSA/AML front, FinCEN expects an August 2024 unveiling of its final AML/CFT rules applicable to investment advisers and certain real estate professionals. FinCEN reported an October target for its proposed revisions to the Customer Due Diligence rule, and is aiming for a May 2025 reveal of proposed rules on 314(b) information sharing protections.

OFAC has issued OFAC Guidance: Production Submission Standards, updating its former delivery standards. The new document provides technical and general guidance to persons submitting material to OFAC and applies primarily to persons providing responses to administrative subpoenas, requests for information, disclosures, and especially for submissions that may entail voluminous documentation (e.g., more than 100 pages).

On Monday, the Federal Reserve Board announced it had fined Silvergate Capital Corporation and Silvergate Bank $43 million for deficiencies in Silvergate's monitoring of transactions in compliance with anti-money laundering laws.

The action was taken in coordination with an action by the Department of Financial Protection and Innovation of the State of California, the state supervisor of Silvergate. The penalties announced by the Board and state total $63 million. The U.S. Securities and Exchange Commission separately announced a penalty against Silvergate Capital Corporation.

Silvergate separately announced last year that it was voluntarily winding down its operations, and has now paid back all deposits to its customers.

• Consent order of assessment of civil money penalty

On Friday, FinCEN announced a proposed rule to strengthen and modernize financial institutions’ anti-money laundering and countering the financing of terrorism (AML/CFT) programs. While financial institutions have long maintained AML/CFT programs under existing regulations, this proposed rule would amend those regulations to explicitly require that such programs be effective, risk-based, and reasonably designed, enabling financial institutions to focus their resources and attention in a manner consistent with their risk profiles. Effective, risk-based, and reasonably designed AML/CFT programs are critical for protecting national security and the integrity of the U.S. financial system. The proposed amendments are based on changes to the Bank Secrecy Act (BSA) as enacted by the Anti-Money Laundering Act of 2020 (AML Act) and are a key component of Treasury’s objective of building a more effective and risk-based AML/CFT regulatory and supervisory regime.

This proposed rule would:

• amend the existing program rules to explicitly require financial institutions to establish, implement, and maintain effective, risk-based, and reasonably designed AML/CFT programs with certain minimum components, including a mandatory risk assessment process
• require financial institutions to review government-wide AML/CFT priorities and incorporate them, as appropriate, into risk-based programs, as well as provide for certain technical changes to program requirements
• promote clarity and consistency across FinCEN’s program rules for different types of financial institutions

The proposal also articulates certain broader considerations for an effective and risk-based AML/CFT framework as envisioned by the AML Act. For example, through its emphasis on risk-based AML/CFT programs, the proposed rule seeks to avoid one-size-fits-all approaches to customer risk that can lead to financial institutions declining to provide financial services to entire categories of customers. Friday’s proposal is consistent with a key recommendation in Treasury’s De-risking Strategy, which recommended proposing regulations to require financial institutions to have reasonably designed and risk-based AML/CFT programs supervised on a risk basis and taking into consideration the effects of financial inclusion. Finally, the proposed rule would encourage financial institutions to modernize their AML/CFT programs where appropriate to responsibly innovate, while still managing illicit finance risks.

FinCEN's proposal was prepared in consultation with the Federal Reserve Board, the OCC, the FDIC, and the NCUA in order to collectively issue proposed amendments to their respective BSA compliance program rules for the institutions they supervise.

Written comments on FinCEN’s proposed rule must be received on or before 60 days following its publication in the Federal Register.

• Proposed Rule
• Fact Sheet
• Publication update: Published on 7/3/2024 at 89 FR 55428 with a comment period ending on 9/3/2024

The National Credit Union Administration released today its annual Cybersecurity and Credit Union System Resilience Report. The report summarizes the current cybersecurity threat landscape, highlights the agency’s key cybersecurity initiatives, and outlines the agency’s ongoing efforts to enhance cybersecurity preparedness and resilience within the credit union industry.

Yesterday, the CFPB published a Bureau Blog article announcing the Bureau's approval of a new rule to address the current and future applications of complex algorithms and artificial intelligence used to estimate the value of a home. The new rule was approved last week by the OCC (and reportedly by the FDIC). The rule is to be jointly issued by the OCC, Federal Reserve Board, FDIC, NCUA, CFPB, and FHFA once approved by each of those agencies.

The Treasury Department reported on Friday that OFAC has designated twelve individuals in leadership roles at AO Kapersky Lab.

On Thursday, the Department of Commerce issued a final determination under Executive Order 13873 prohibiting Kaspersky Lab, Inc., its affiliates, subsidiaries and parent companies directly or indirectly from providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons. Commerce reached this determination after an investigation found transactions involving the products and services of Kaspersky Lab, Inc. and its corporate family pose unacceptable risk to U.S. national security or the safety and security of U.S. persons, as outlined in E.O. 13873.

In addition, the Department of Commerce has designated AO Kaspersky Lab and OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) on the Entity List for their cooperation with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives. These activities are contrary to U.S. national security and foreign policy interests.

For the names and identification information of the designated parties, see the June 21, 2024, BankersOnline OFAC Update.

The FDIC Board yesterday announced it has approved a final rule to strengthen resolution planning for insured depository institutions (IDIs) with at least $50 billion in total assets. After careful consideration of comments received, the FDIC issued a final rule that incorporates several changes from the agency’s proposed rule published in September of 2023.

Under the rule announced yesterday, the FDIC will require large banks with total assets of at least $100 billion to submit comprehensive resolution plans that meet enhanced standards to support the FDIC’s ability to undertake an efficient and effective resolution under the Federal Deposit Insurance Act should such an institution fail.

The rule will require IDIs with total assets of at least $50 billion but less than $100 billion to submit more limited “informational filings” to assist in their potential resolution. The agency will not require these institutions to develop a resolution strategy and related valuation information as part of their submissions. These institutions are also exempt from submitting certain strategy-related content requirements regarding the institution’s franchise components.

The new rule strengthens the existing IDI resolution planning framework under 12 CFR § 360.10 by requiring a full resolution submission from most covered IDIs every three years with limited supplements filed in the off years. Covered IDIs affiliated with U.S. global systemically important banking organizations must file a full resolution submission every two years.

The final rule will take effect on October 1, 2024, and the first submissions are expected next year.

• Fact sheet
• FIL-34-2024
• Statement by Acting Comptroller of the Currency Michael J. Hsu
• Statement by CFPB Director Rohit Chopra
• Publication update: Published at 89 FR 56620 in the 7/9/2024 Federal Register