Office of the Comptroller of the Currency (OCC)

Federal Bank Regulatory Agencies Release Joint Statement on Risk-Based Approach to BSA/AML Supervision

 

On July 22, the Federal Reserve Board, FDIC, Office of the Comptroller of the Currency (OCC), National Credit Union Administration (NCUA) and the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) released a joint statement outlining the agencies’ risk-based approach to examining banks’ BSA/AML compliance programs. Release.

Agencies to Propose Amending CRA Regulations to Conform to HMDA Regulation Changes, and Remove References to the Neighborhood Stabilization Program

 

On September 13, 2017, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency jointly released proposed changes to each agency’s Community Reinvestment Act’s regulations relating “Regulation C, which implements the Home Mortgage Disclosure Act[.]” FDIC Release. Federal Reserve Release. OCC Release.

OCC Addresses Questions Related to Bank Collaboration with Fintech Companies and Others

 

Recently, with increasing frequency, questions have been posed regarding the responsibilities of bank regulated entities (“Bank Entities”) with respect to their “third-party relationships,” particularly with financial technology companies.

On June 7, 2017, the Office of the Comptroller of the Currency (the “OCC”) issued a supplement (the “Supplement”) to its Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance,” issued October 30, 2013.

As an overview, the OCC stated:

OCC Bulletin 2013-29 defines a third-party relationship as any business arrangement between the bank and another entity, by contract or otherwise. Third-party relationships include activities that involve outsourced products and services; use of outside consultants, networking arrangements, merchant payment processing services, and services provided by affiliates and subsidiaries; joint ventures; and other business arrangements in which a bank has an ongoing third-party relationship or may have responsibility for the associated records. Recently, many banks have developed relationships with financial technology (fintech) companies that involve some of these activities, including performing services or delivering products to a bank’s customer base. If a fintech company performs services or delivers products on behalf of a bank or banks, the relationship meets the definition of a third-party relationship and the OCC would expect bank management to include the fintech company in the bank’s third-party risk management process. (Emphasis added.)

The OCC expects banks to perform due diligence and ongoing monitoring for all third-party relationships. The level of due diligence and ongoing monitoring, however, may differ for, and should be specific to, each third-party relationship. The level of due diligence and ongoing monitoring should be consistent with the level of risk and complexity posed by each third-party relationship. For critical activities, the OCC expects that due diligence and ongoing monitoring will be robust, comprehensive, and appropriately documented. Additionally, for activities that bank management determines to be low risk, management should follow the bank’s board-established policies and procedures for due diligence and ongoing monitoring.

The Supplement then addresses a series of FAQs that should be considered by Banking Entities. Conversely, these FAQs also provide guidance to fintech companies seeking relationships with Bank Entities and in addressing due diligence inquires. FAQs.

 

Banking Agencies Issue Joint Report to Congress Under the Economic Growth and Regulatory Paperwork Reduction Act of 1996

 

On March 21, 2017, the Office of the Comptroller of the Currency (OCC) announced that the Federal Financial Institutions Examination Council (“FFIEC“) issued a “EGRPRA Joint Report to Congress,” which details a review of rules affecting financial institutions conducted under the Economic Growth and Regulatory Paperwork Reduction Act of 1996, which requires federal banking agencies and the FFIEC to conduct a review of their rules at least every 10 years to identify outdated or unnecessary regulations. The review focused on the effect of regulations on smaller institutions, such as community banks and savings associations. The report describes joint actions planned or taken by the federal financial institutions regulators, including simplifying regulatory capital rules for community banks and savings associations, streamlining reports of condition and income, increasing the appraisal threshold for commercial real estate loans and expanding the number of institutions eligible for less frequent examination cycles. Release. Full Report.

OCC Provides Additional Details to Evaluate Charter Applications From fintech Companies

 

On March 15, 2017, the Office of the Comptroller of the Currency (“OCC“) issued a “Draft Licensing Manual Supplement for Evaluating Charter Applications from Financial Technology Companies,” which provides additional details on the evaluation of national bank charter applications from financial technology (“fintech“) companies that engage in the business of banking. The supplement explains how the OCC will apply the licensing standards and requirements in existing regulations and policies to fintech companies applying for special purpose national bank charters. The supplement also describes unique factors that the agency will consider in evaluating applications from fintech companies; expectations for promoting fair access, fair treatment and financial inclusion; and the agency’s approach to supervising those fintech companies that become national banks. Release. Manual Supplement.

House Committee on Financial Services Comments on OCC Fintech Charter

 

All 34 Republican members of the Financial Services Committee of the U.S. House of Representatives, including Chairman Jeb Hensarling (Tex. – R) and Vice Chairman Patrick McHenry (N.C. – R), in a letter dated March 10, 2017, to Comptroller of the Currency Thomas Curry, urged the Office of the Comptroller of the Currency (“OCC“) not to “rush” the decision to create special purpose national bank charters for fintech companies without giving stakeholders the opportunity to see the details of the prospective charter and the opportunity to comment, and also without giving the incoming Comptroller the opportunity to assess the charter after Comptroller Curry’s term expires in April 2017. The letter advises Comptroller Curry that if such opportunities for review, comment and assessment are not provided, “Congress will examine the OCC’s actions and, if appropriate, overturn them.” A number of banks, community bank organizations and others previously provided comments to the OCC urging the OCC to assure that there will be a level playing field for newly chartered fintech banks and existing banks.

The OCC Publishes Final Rule Adjusting Civil Money Penalties for Inflation

 

On January 27, 2017, the Office of the Comptroller of the Currency (the “OCC“) published a final rule amending its rules of practice and procedure for national banks and in adjudicatory proceedings for federal savings associations. The final rule adjusts the maximum amount of each civil money penalty within the OCC’s jurisdiction to account for inflation. The effective date of the final rule is January 27, 2017, and the adjusted maximum amounts apply to penalties assessed after January 15, 2017 for violations occurring on or after November 2, 2015. Press Release. Final Rule.

Agencies Extend Comment Period for Advance Notice of Proposed Rulemaking on Enhanced Cyber Risk Management Standards

 

On January 13, 2017, the Federal Reserve Board, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation changed, from January 17, 2017 to February 17, 2017, the deadline for comments “for the advance notice of proposed rulemaking on enhanced cyber risk management standards for large and interconnected entities under their supervision and those entities’ service providers.” Cyber standards are being contemplated in five areas: “cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness.” Federal Reserve Release. OCC Release. FDIC Release.

OCC Publishes Final Rule on Expanding Examination Cycle Eligibility

 

On January 6, 2017, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation published a final rule amending the regulations governing eligibility for the 18‑month on‑site examination cycle, which broadened the eligibility requirements to include certain qualifying banks with less than $1 billion in total assets. The final rule adopted, without change, each of the provisions of the interim final rule published on February 29, 2016. Release.