Industry Developments

Financial Measures Recently Introduced as a Result of COVID-19

 

Background and Context

On March 9 and 10, The Financial Policy Committee (“FPC“) met to discuss developments since its meeting on October 2, 2019 and the consequences of Covid-19.

Questions have arisen as to how the government, individuals and businesses can respond to the potentially devastating economic effects resulting from the expanding spread of the Covid-19 and the social lockdowns that are being implemented. In the summary and record of these meetings (available here), it is stated that:

“the FPC has taken action to respond to the financial stability risks associated with the economic disruption resulting from Covid‑19. These actions, taken in concert with actions taken by the Bank, the Monetary Policy Committee (MPC) and the Prudential Regulation Committee (PRC), have sought to reduce pressure on banks to restrict the provision of financial services, including the supply of credit and support for market functioning, and ensure that the financial system can be a source of strength for the real economy during this challenging period.”

The actions referred to above include the Bank of England’s (“BoE“) new Term Funding Scheme and the Covid Corporate Financing Facility.

Term Funding Scheme (“TFSME”)

Objective

This scheme was announced by HMRC on March 11 and seeks to ensure that the benefit of the cut in the bank rate is passed on to the economy. It aims to increase the availability of funding for banks which, in turn, will increase the amount available for lending, especially to small and medium sized enterprises.

By offering four-year funding at (or close to) the BoE’s bank rate, the TFSME seeks to “incentivize banks to provide credit to businesses and households to bridge through a period of economic disruption and provide additional incentives for banks to support lending to SMEs that typically bear the brunt of contractions in the supply of credit during periods of heightened risk aversion and economic downturn.”

Interest charged by the BoE will be equal to the bank rate plus a Scheme Fee, which is determined at the end of December 2020 based on the total net lending.

Eligibility

To qualify, the banks and building societies in question must be participants in the BoE Sterling Monetary Framework and signed up to access the Discount Window Facility. Further information on these tools is available here.

Participants will be able to make drawdowns during the Drawdown Period which will run from April 27, 2020 to April 30, 2021 and are to provide Net Lending Data in a form specified by the BoE on a quarterly basis.

Further information from the BoE is available here.

Covid Corporate Financing Facility (“CCFF”)

The CCFF aims to provide additional help to firms “to bridge through Covid‑19 related disruption to their cash flows.” It is to operate for 12 months and may continue as long as is required in order to help alleviate cash flow pressures.

Form of Assistance

Information made available by the BoE (here) explains that this is to take place by way of the purchase of short term debt in the form of commercial paper – an unsecured debt instrument issued by the company in question.

The commercial paper will be purchased under this facility (by the BoE through Covid Corporate Financing Facility Ltd) with the following characteristics:

  1. maturity of one week to twelve months;
  2. a credit rating of A-3 / P-3 / F-3 / R3 from at least one of Standard & Poor’s, Moody’s, Fitch and DBRS Morningstar as at March 1 2020 (where available); and
  3. issued directly into Euroclear and/or Clearstream,

Eligible Companies

It is explained by the BoE that to qualify under this facility, companies should be UK incorporated (including those with foreign-incorporated parents and with a genuine business in the UK), have significant employment in the UK or have their headquarters in the UK, although the BoE will also have regard to the amount of revenue generated in the UK and the number of customers based in the UK.

Importantly, and in addition to the above, companies wishing to benefit from the CCFF must demonstrate that it was in sound financial health immediately prior to the shock arrival of Covid-19. The BoE explains that the easiest way to demonstrate this is to have or acquire a rating which is either a short-term rating of A3/P3/F3/R3 or above, or a long-term rating of BBB-/Baa3/BBB- or above by at least one of the major credit ratings agencies.

Where the company does not have a credit rating, its bank should contact one of the major agencies to seek an assessment of credit quality. This should then be shared with the BoE and HM Treasury.

The names of issuers and securities purchased or eligible will not be made public.

Legislative Changes and Regulated Activities

With regards to the implementation of this facility, the Financial Services and Markets Act 2000 (Exemption) (Amendment) Order 2020 was published on 20 March 2020. This amends the list contained in Part 1 of the Schedule to the Financial Services and Markets Act 2000 (Exemption) Order 2001 such that Covid Corporate Financing Facility Ltd is exempt from the general prohibition contained in section 19 of the Financial Services and Markets Act 2000 (which prohibits the performance of regulated activities in the UK unless carried out by an authorized or exempt person).

FHFA Strengthens Evaluation Criteria for GSE’s Duty to Serve Program

 

On March 11, the Federal Housing Finance Agency (FHFA) issued revised guidance for evaluating Underserved Markets Plans submitted by Fannie Mae and Freddie Mac (the “GSEs”) for FHFA approval under the Duty to Serve regulation. The revised guidance strengthens the criteria for determining GSE compliance with the regulation, including through a revised ratings framework and higher expectations for impactful plans. Revised Guidance.

Federal and State Banking Agencies Encourage Financial Institutions to Meet Financial Needs of Customers and Members Affected by Coronavirus

 

On March 9, the Federal Reserve Board, FDIC, OCC, Consumer Financial Protection Bureau (CFPB), National Credit Union Administration (NCUA) and Conference of State Bank Supervisors (CSBS) issued a joint statement encouraging financial institutions to work constructively with borrowers and other customers in communities affected by the coronavirus. The agencies also pledged to provide appropriate regulatory assistance to affected institutions subject to their supervision, including by working with affected institutions to expedite certain requests and minimize disruptions or burdens in connection with examinations. Release.

 

FFIEC Updates Interagency Guidance on Pandemic Planning

 

On March 6, the member agencies of the Federal Financial Institutions Examination Council (FFIEC) issued updated guidance specifying that financial institutions’ business continuity plans should address the threat of a pandemic outbreak and its potential impact on the delivery of critical financial services. The guidance identifies actions that banks should take to minimize the potential adverse effects of a pandemic. FFIEC Guidance.

 

 

Fannie Mae and Freddie Mac Publish Joint Enterprise Credit Score Solicitation

 

On February 18, the Federal Housing Finance Agency (FHFA) announced that Fannie Mae and Freddie Mac (the “Enterprises”) have published a Joint Credit Score Solicitation, which describes the process for credit score model developers to submit applications to the Enterprises. The publication of the solicitation in the process of evaluating new credit score models will ensure that the Enterprises validate and approve credit score models in a timely and prudent manner. Release.

 

Federal Deposit Insurance Corporation Releases Economic Scenarios for 2020 Stress Testing

 

On February 14, the Federal Deposit Insurance Corporation (FDIC) released the hypothetical economic scenarios for use in the upcoming stress tests for covered institutions with total consolidated assets of more than $250 billion. Required by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the economic stress test scenarios include 28 variables – such as gross domestic product, the unemployment rate, stock market prices, and interest rates – covering domestic and international activity designed to assess the strength and resilience of financial institutions. Release.

SEC Office of Compliance Inspections and Examinations Publishes Observations on Cybersecurity and Resiliency Practices

 

On January 27, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued observations gleaned from its examinations related to cybersecurity and operational resiliency practices taken by market participants (the “Observations”). The Observations impact the entire securities industry because OCIE conducts examinations of SEC-registered investment advisers, investment companies, broker-dealers, self-regulatory organizations, clearing agencies, transfer agents, and others. It uses a risk-based approach to examinations to fulfill its mission to promote compliance with U.S. securities laws, prevent fraud, monitor risk, and inform SEC policy.

The Observations cover a broad range of operations in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. They highlight specific examples of cybersecurity and operational resiliency practices and controls that organizations have taken to safeguard against threats and respond in the event of an incident.

Organizations subject to examination by OCIE should expect that the primary elements highlighted will be a focus of routine, as well as targeted examinations. The Observations are best regarded as a set of “best practices” that should be considered by regulated organizations in developing, implementing and monitoring the effectiveness of their own compliance programs.

The following are selected excerpts from the Observations that we believe are the most significant. A complete copy of the Observations can be found here.

Governance and Risk Management

OCIE emphasized that effective compliance programs “start with the right tone at the top.” As a top priority of any examination, senior leaders should be committed to improving their organization’s cyber posture through working with others to understand, prioritize, communicate, and mitigate cybersecurity risks.

OCIE observes that a key element is the incorporation of a governance and risk management program that generally includes, among other things: (i) a risk assessment to identify, analyze, and prioritize cybersecurity risks to the organization; (ii) written cybersecurity policies and procedures to address those risks; and (iii) the effective implementation and enforcement of those policies and procedures.

Access Rights and Controls

OCIE observes that “access rights and controls” are used to identify and determine who are the appropriate users within an organization who should have access to organization systems based on job responsibilities. Access controls generally include: (i) understanding the location of data, including client information, throughout an organization; (ii) restricting access to systems and data to authorized users; and (iii) establishing appropriate controls to prevent and monitor for unauthorized access.

Data Loss Prevention

“Data loss prevention,” as conceived by OCIE, typically includes a set of tools and processes an organization uses to ensure that sensitive data, including client information, is not lost, misused, or accessed by unauthorized users.

Mobile Security

Mobile devices and applications may create additional and unique vulnerabilities. Examples of the mobile security measures OCIE has observed include the following elements: (i) establishing specific policies and procedures for the use of mobile devices, including managing the use of mobile devices., e.g., the compliance program addresses the special concerns that are presented when employees are permitted to use their own mobile devices in performing business functions; (ii) implementing security measures; (iii) training employees, including training employees on mobile device policies; and (iv) effective practices to protect mobile devices.

Incident Response and Resiliency

OCIE notes the importance of a compliance program including the following elements: (i) the timely detection and appropriate disclosure of material information regarding incidents; and (ii) assessing the appropriateness of corrective actions taken in response to incidents. OCIE emphasized that an important component of an incident response plan is a business continuity plan and resiliency plan that addresses how quickly the organization could recover and again safely serve clients if the operations of the organization were materially disrupted.

Vendor Management

OCIE found that practices and controls related to vendor management generally include policies and procedures related to: (i) conducting due diligence for vendor selection; (ii) monitoring and overseeing vendors, and contract terms; (iii) assessing how vendor relationships are considered as part of the organization’s ongoing risk assessment process as well as how the organization determines the appropriate level of due diligence to conduct on a vendor; and (iv) assessing how vendors protect any accessible client information.

Training and Awareness

Training and awareness are key components of cybersecurity programs. Training provides employees with information concerning cyber risks and responsibilities and heightens awareness of cyber threats.

OCIE has observed the following practices used by organizations in the area of cybersecurity training and awareness: (i) training staff to implement the organization’s cybersecurity policies and procedures and engaging the workforce to build a culture of cybersecurity readiness and operational resiliency; (ii) providing specific cybersecurity and resiliency training, including preventive measures in training, such as identifying and responding to indicators of breaches, and obtaining customer confirmation if behavior appears suspicious; (iii) monitoring to ensure employees attend training and assessing the effectiveness of training; and (iv) continuously re-evaluating and updating training programs based on cyber-threat intelligence.

Treasury Releases Final Regulations to Reform National Security Reviews for Certain Foreign Investments and Other Transactions in the United States

 

On January 13, the U.S. Department of the Treasury issued two final regulations that aim to modernize the investment review process to address national security issues posed by certain foreign investments and real estate transactions. The regulations implement the Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) and broaden the authority of the CFIUS to review even non-controlling foreign investments into U.S. businesses that are involved in critical technology, infrastructure, or personal data. Release.

 

CFTC’s Division of Market Oversight Supplements No-Action Relief to SEFs and DCMs from Certain CFTC Regulations for Correction of Errors

 

On January 8, the Commodity Futures Trading Commission (CFTC) Division of Market Oversight issued a no-action letter that provides an alternative error correction process by which swap execution facilities (SEFs) and designated contract markets (DCMs) may permit counterparties to determine that an error has occurred and correct the error, subject to ex post facto review by the SEF or DCM. The no-action letter supplements the relief provided in CFTC Letter 17-27, which provided relief from certain CFTC regulations to permit SEFs and DCMs to correct clerical or operational errors discovered after a swap has been cleared. CFTC Release.

HUD Releases Proposed Affirmatively Furthering Fair Housing Rule

 

On January 7, the Department of Housing and Urban Development (HUD) published its proposed Affirmatively Furthering Fair Housing rule (AFFH Rule). The proposed AFFH Rule would replace the AFFH Rule that was finalized in 2015 to provide a process for evaluating local jurisdictions’ compliance with the Fair Housing Act’s requirement that HUD funding be used to affirmatively further fair housing. The proposed AFFH Rule revises the 2015 definition of “affirmatively furthering fair housing”, develops metrics to compare jurisdictions and requires jurisdictions to identify steps they will take over five years to comply with AFFH Rule requirements. Comments on the proposed AFFH Rule are due 60 days after publication in the Federal Register. HUD Release. Proposed Rule.