Agencies propose third-party risk management guidance
The Federal Reserve Board (Fed), Federal Deposit Insurance Corp. (FDIC), and Office of the Comptroller of the Currency (OCC) are seeking comments on a comprehensive joint proposal designed to manage risks associated with third-party relationships, including relationships with nonbank fintech firms.
The agencies said the proposal, which was issued on July 13, 2021, would assist banks in identifying and addressing the risks associated with third-party relationships and that it responds to industry feedback requesting agency alignment of third-party risk management guidance.
The proposed guidance would offer a framework based on sound risk management principles for banks to consider in developing risk management practices for all stages in the life cycle of third-party relationships, taking into account the level of risk, the complexity and size of the banking organization, and the nature of the third-party relationship. It would replace each agency’s existing guidance on this topic and would apply to all banking organizations supervised by the agencies.
Comments are due Sept. 17, 2021.
Basel Committee issues paper on crypto asset exposures
On June 10, 2021, the Basel Committee on Banking Supervision (BCBS) published a public consultation document on preliminary proposals for the prudential treatment of banks’ crypto asset exposures. The document builds on the BCBS discussion paper issued in 2019 and is part of a broader ongoing initiative among international financial regulatory bodies.
In the consultative document, the BCBS notes that the growth of crypto assets and related services has the potential to raise financial stability concerns and increase risks faced by banks. The committee says that crypto assets have exhibited a high degree of volatility and, as exposure increases, could present risks for banks, including liquidity, credit, market, and operational risks along with elevated money laundering and terrorist financing risks.
The proposal divides crypto assets into two groups. The first group fulfills a set of classification conditions and is eligible for treatment under the Basel framework with some modifications and additional guidance, including certain tokenized traditional assets and stablecoins. The second category includes assets such as bitcoins that do not fulfill the classification conditions.
Comments are due Sept. 10, 2021.
BIS working group publishes paper on CBDC technology
The Bank for International Settlements (BIS), on June 8, 2021, released a working paper, “Central Bank Digital Currency: The Quest for Minimally Invasive Technology,” on the range of proposed central bank digital currency (CBDC) architectures, how they could complement existing payment options, and what they imply for the financial system and the central bank of the future. In the paper, the BIS estimates that almost 50 central banks have already launched designs for CBDCs or prototypes.
The paper advocates for and outlines requirements for a “minimally invasive” CBDC design that “upgrades money to the needs of the 21st century without disrupting the tested two-tier architecture of the monetary system,” which involves both the private and public sectors.
The paper’s primary finding is that technological developments inspired by popular cryptocurrency systems (based on anonymity and lacking a central authority) do not meet the requirements for a retail CBDC. Rather the BIS working group found that digital banknotes that run on “intermediated” or “hybrid” CBDC architectures show “particular promise.” The paper adds, “supported with technology to facilitate record-keeping of direct claims on the central bank by private-sector entities . . . [the digital banknotes] economic design should emphasize the use of the CBDC as medium of exchange but needs to limit its appeal as a savings vehicle.”
Fed releases CECL tool
The Fed, on July 15, 2021, released a current expected credit loss (CECL) implementation tool for community banks with assets of less than $1 billion, to help them calculate their CECL allowances. The Scaled CECL Allowance for Losses Estimator (SCALE) is spreadsheet-based and was created from publicly available regulatory and industry data. The CECL methodology became effective for many larger public financial institutions beginning in 2020, and most community banks with assets under $1 billion will implement CECL in 2023.
FDIC issues proposal on real estate lending standards
The FDIC, on June 15, 2021, issued a proposal to amend the Interagency Guidelines for Real Estate Lending Policies. The purpose of the proposed rule is to align the real estate lending standards with the community bank leverage ratio (CBLR) rule, which does not require electing institutions to calculate tier 2 capital or total capital.
The proposed rule would allow “a consistent approach for calculating the ratio of loans in excess of the supervisory loan-to-value limits . . . at all FDIC-supervised institutions, using a methodology that approximates the historical methodology the FDIC has followed for calculating this measurement without requiring institutions to calculate tier 2 capital.” The FDIC also said the new rule would avoid any regulatory burden that could arise if an FDIC-supervised bank decides to switch between different capital frameworks.
The proposal also would help ensure that the FDIC’s regulation regarding supervisory loan-to-value limits is consistent with how examiners calculate credit concentrations, as outlined in a statement issued last year directing examiners to use tier 1 capital plus the appropriate allowance for credit losses as the denominator when calculating credit concentrations.
Comments are due July 26, 2021.
FDIC approves new policy statement on MDIs
The FDIC, on June 15, 2021, voted to approve an update to its policy statement on minority depository institutions (MDIs). The revised statement, which reflects public comments received on the August 2020 proposal, describes the FDIC’s actions to promote the preservation of MDIs and enhance communication between the agency and institutions that are owned and managed by minority groups.
The statement also explains how the FDIC applies examination standards in assessing the performance of MDIs. The FDIC has been working with private sector and philanthropic organizations to establish a mission-driven bank fund to support FDIC-insured MDIs and community development financial institutions (CDFIs).
FinCEN issues anti-money laundering and counterterrorism priorities
On June 30, 2021, the Financial Crimes Enforcement Network (FinCEN) issued governmentwide priorities for anti-money laundering (AML) and countering the financing of terrorism (CFT) policy. FinCEN worked closely with a wide range of financial regulators and other government agencies in producing the first-ever policy. According to the priorities, the most significant AML/CFT threats currently facing the country are corruption, cybercrime, domestic and international terrorist financing, fraud, transnational criminal organization activity, drug trafficking organization activity, human trafficking and human smuggling, and proliferation financing.
FinCEN and the federal financial institution agencies issued a separate interagency statement to provide clarity for banks and credit unions on the AML/CFT priorities. The interagency statement reiterates that the priorities do not “create an immediate change to Bank Secrecy Act (BSA) requirements or supervisory expectations for banks.” The agencies’ statement says they will revise their BSA regulations within the next six months to address how the priorities will be incorporated into banks’ BSA requirements.
The agencies add that they will not examine banks for the incorporation of the priorities into their risk-based BSA programs until the effective date of the revised regulations. The priorities list will be updated every four years, as required by the Anti-Money Laundering Act of 2020.
FFIEC updates BSA/AML examination manual
The Federal Financial Institutions Examination Council (FFIEC), on June 21, 2021, released updates to its BSA/AML examination manual. In the release, the agencies remind institutions that the updates do not establish any new requirements or increased focus on certain areas. Rather, they are intended to provide additional transparency into the exam process and emphasize a risk-based approach to BSA/AML supervision.
Updated sections in the manual include international transportation of currency or monetary instruments reporting, purchase and sale of monetary instruments recordkeeping, reports of foreign financial accounts, and regulatory requirements for special measures issued under Section 311 of the USA Patriot Act. The FFIEC agencies worked closely with FinCEN on the latest updates.
FFIEC issues new AIO exam booklet
The FFIEC, on June 30, 2021, issued a new booklet providing guidance to help examiners assess the risk profile and adequacy of an entity’s information technology architecture, infrastructure, and operations (AIO).
The new booklet, “Architecture, Infrastructure, and Operations,” which replaces the “Operations” booklet issued in July 2004, describes the principles and practices that examiners review to assess an institution’s AIO functions. Specifically, the booklet covers enterprisewide, process-oriented approaches that relate to the design of technology within the overall business structure, implementation of IT infrastructure components, and delivery of services and value for customers. It includes the following:
- Principles and practices for IT and operations as they relate to safety and soundness, consumer financial protection, and compliance with applicable laws and regulations
- Processes for addressing risk related to the design and implementation of IT systems
- Principles to help examiners evaluate the delivery of financial products and services
- Management oversight of AIO and its related components, including governance, common risk management topics, specific activities of AIO, and evolving technologies that examiners could encounter
CFPB reports on consumer reporting, debt collection, payday lending
The Consumer Financial Protection Bureau (CFPB), on June 29, 2021, issued its summer 2021 Supervisory Highlights that provide an update on recent examiner observations during supervisory activities over consumer financial products. The findings cover 2020 examinations in the areas of auto servicing, consumer reporting, debt collection, deposits, fair lending, mortgage origination, mortgage servicing, private education loan origination, payday lending, and student loan servicing.
The report highlights several findings related to consumer reporting, including consumer reporting companies failing to comply with accuracy procedures, failing to place security freezes on consumers’ reports, and failing to update and correct consumer information. The CFPB also notes issues related to debt collection, such as companies making prohibited calls to a consumer’s workplace, failure to cease communication upon written request, and deceptive means of collection.
Financial institutions should review the report to gain a better understanding of how the CFPB examines institutions for compliance with federal consumer financial laws and where the CFPB and other agencies are likely to focus in upcoming consumer examinations.